Populating NIS+ Tables

After the root master server has been configured, you can populate its standard NIS+ tables with name services information. This section shows you how to populate the root master server's tables with data from files or NIS maps using the nispopulate script with default settings.

The script uses:

• The domain created in the previous example (doc.com.)

• System information files or NIS maps as the source of name services

• The standard NIS+ tables: auto_master, auto_home, ethers, group, hosts, networks, passwd, protocols, services, rpc, netmasks, bootparams, netgroup, and aliases

The shadow file's contents are merged with the passwd file's to create the passwd table when files are the tables' information source. No shadow table is created.

Prerequisites to Running nispopulate to Populate Root Server Tables

Before you run the nispopulate script, be sure the following prerequisites have been met.

• View each local /etc file or NIS map from which you will load data. Make sure there are no spurious or incorrect entries. Make sure that the right data is in the correct place and format. Remove any outdated, invalid, or corrupt entries. You should also remove any incomplete or partial entries. You can always add individual entries after configuration is completed. That is easier than trying to load incomplete or damaged entries.

• The information in the files must be formatted appropriately for the table into which it will be loaded. Chapter 9, Setting Up NIS+ Tables describes the format required for a text file to be transferred into its corresponding NIS+ table.

• Make sure that domain and host names are different. Domains and hosts cannot have the same name. For example, if you have a sales domain you cannot have a machine named sales. Similarly, if you have a machine named home, do not create a domain named home. This caution also applies to subdomains. For example, if you have a machine named west, do not create a sales.west.doc.com subdomain.

• Remove all dots and underscores in host names. NIS+ uses dots (periods) to delimit between machine names and domains and between parent and subdomains, so you cannot have a machine name containing a dot. You also cannot use underscores in hostnames, since DNS does not allow it. Before running the nispopulate script, you must eliminate any dots in your host names. You can convert host name dots to hyphens. For example, you cannot have a machine named sales.alpha. You can convert that name to sales-alpha.

• If you are setting up a network for the first time, you may not have much network information stored anywhere. In that case, you first need to collect the information, then type it into the input file, which is essentially the same as an /etc file.

• For safety's sake, you should make copies of the /etc files and use the copies to populate the tables instead of the actual files. (This example uses files in a directory called /nisplusfiles, for instance.)

• Edit four of the copied NIS table files, passwd, shadow, aliases, and hosts, for security problems, particularly items that you do not want distributed across the namespace. For example, you might want to remove the following lines from the copy of your local passwd file so that they are not made available across the namespace:

  root:x:0:1:0000-Admin(0000):/:/sbin/sh daemon:x:1:3:0000-Admin(0000):/: bin:x:3:5:0000-Admin(0000):/usr/bin: sys:x:3:3:0000-Admin(0000):/: adm:x:4:4:0000-Admin(0000):/var/adm: lp:x:78:9:0000-lp(0000):/usr/spool/lp: smtp:x:0:0:mail daemon user:/: uucp:x:5:5:0000-uucp(0000):/usr/lib/uucp: nuucp:x:7:8:0000-uucp (0000):/var/spool/uucppublic:/usr/lib/uucp/uucico listen:x:22:6:Network Admin:/usr/net/nls nobody:x:60000:60000:uid no body:/: noaccess:x:60002:60002:uid no access:/:

• The domain must have already been configured and its master server must be running.

• The domain's server must have sufficient disk space to accommodate the new table information.

• You must be logged in as an NIS+ principal (a client with appropriate credentials) and have write permission to the NIS+ tables in the specified domain. In this example, you must be the user root on the machine master1.

How to Populate the NIS+ Root Master Server Tables

Before You Begin

The NIS domain name is case-sensitive, while the NIS+ domain name is not.

If populating from files, you need the following information.

• The new NIS+ domain name

• The path of the appropriately edited text files whose data will be transferred

• Your root password

If populating from NIS maps, you need:

• The new NIS+ domain name

• The NIS domain name

• The NIS server's name

• The IP address of the NIS server

• Your root password

1. Perform either substep a or b to populate the root master server tables, then continue with Step 2.

   Substep a shows you how to populate tables from files. Substep b shows you how to populate tables from NIS maps. Type these commands in a scrolling window; otherwise, the script's output might scroll off the screen.

   ---

   Note –

   The nispopulate script can fail if there is insufficient /tmp space on the system. To keep this from happening, you can set the environment variable TMPDIR to a different directory. If TMPDIR is not set to a valid directory, the script uses the /tmp directory.

   ---

   1. Type the following command to populate the tables from files.

      master1# nispopulate -F -p /nis+files -d doc.com. NIS+ domain name : doc.com. Directory Path : /nis+files Is this information correct? (type 'y' to accept, 'n' to change)

      The -F option indicates that the tables take their data from files. The -p option specifies the directory search path for the source files. (In this case, the path is /nis+files.) The -d option specifies the NIS+ domain name. (In this case, the domain name is doc.com.)

      The NIS+ principal user is root. You must perform this task as superuser in this instance because this is the first time that you are going to populate the root master server's tables. The nispopulate script adds credentials for all members of the NIS+ admin group.

   2. Type the following command to populate the tables from NIS maps.

      master1# nispopulate -Y -d doc.com. -h salesmaster -a 130.48.58.111 -y sales.doc.com. NIS+ domain name : doc.com. NIS (YP) domain : sales.doc.com. NIS (YP) server hostname : salesmaster Is this information correct? (type 'y' to accept, 'n' to change)

      The -Y option indicates that the tables take their data from NIS maps. The -d option specifies the NIS+ domain name. The -h option specifies the NIS server's machine name. (In this case, the NIS server's name is salesmaster. You have to insert the name of a real NIS server at your site to create the sample domain.) The -a option specifies the NIS server's IP address. (In this case, the address is 130.48.58.111. You have to insert the IP address of a real NIS server at your site to create the sample domain.) The -y option specifies the NIS domain name. (In this case, the domain's name is sales.doc.com.; you have to insert the NIS domain name of the real NIS domain at your site to create the sample domain.)

      The NIS+ principal user is root. You must perform this task as superuser in this instance because this is the first time that you are going to populate the root master server's tables. The nispopulate script also adds credentials for all members of the NIS+ admin group.

2. Type y (if the information returned on the screen is correct).

   Typing n causes the script to prompt you for the correct information. (See How to Change Incorrect Information When Setting Up NIS+ for what you need to do if the information is incorrect.)

   • If you performed substep a of Step a, you will see the following:

     Is this information correct? (type 'y' to accept, 'n' to change) y This script will populate the following NIS+ tables for domain doc.com. from the files in /nis+files: auto_master auto_home ethers group hosts networks passwd protocols services rpc netmasks bootparams netgroup aliases shadow **WARNING: Interrupting this script after choosing to continue may leave the tables only partially populated. This script does not do any automatic recovery or cleanup. Do you want to continue? (type 'y' to continue, 'n' to exit this script)

   • If you performed substep b of Step b, you will see the following:

     Is this information correct? (type 'y' to accept, 'n' to change) y This script will populate the following NIS+ tables for domain doc.com. from the NIS (YP) maps in domain sales: auto_master auto_home ethers group hosts networks passwd protocols services rpc netmasks bootparams netgroup aliases **WARNING: Interrupting this script after choosing to continue may leave the tables only partially populated. This script does not do any automatic recovery or cleanup. Do you want to continue? (type 'y' to continue, 'n' to exit this script)

3. Type y to continue populating the tables.

   By typing n, you can safely stop the script. If you interrupt the script after you have chosen y, while the script's running, the script stops running and can leave the tables only partially populated. The script does not do any automatic recovery or cleaning up.

   When you rerun the script, the tables are overwritten with the latest information.

   • If you are populating tables from files, you see messages like the following as the script uses hosts and passwd information to create the credentials for hosts and users:

     Do you want to continue? (type 'y' to continue, 'n' to exit this script) y populating auto_master table from file /nis+files/auto_master ... auto_master table done. populating auto_home table from file /nis+files/auto_home ... auto_home table done. Credentials have been added for the entries in the hosts and passwd table(s). Each entry was given a default network password (also known as a Secure- RPC password). This password is: nisplus Use this password when the nisclient script requests the network password. Done!

     Note and remember the Secure RPC password (nisplus, in the above example). Use this password when prompted for your network or Secure RPC password.

     The script continues until it has searched for all the files it expects and loads all the tables it can from the available files.

   • If you are populating tables from NIS maps, you will see messages like the following as the script uses hosts and passwd information to create the credentials for hosts and users:

     Do you want to continue? (type 'y' to continue, 'n' to exit this script) y populating auto_master table from sales.doc.com. NIS(YP) domain... auto_master table done. populating auto_home table from file sales.doc.com. NIS(YP) domain... auto_home table done. .... Credentials have been added for the entries in the hosts and passwd table(s). Each entry was given a default network password (also known as a Secure-RPC password). This password is: nisplus Use this password when the nisclient script requests the network password. Done!

     Note and remember the Secure RPC password (nisplus, in the above example). Use this password when prompted for your network or Secure RPC password.

     All the tables are now populated. You can ignore any parse error warnings. Such errors indicate that NIS+ found empty or unexpected values in a field of a particular NIS map. You may want to verify the data later after the script completes.

4. (Optional) Add yourself and others to the root domain's admin group.

   For example, if your login ID is topadm and your co-worker's ID is secondadmin, you enter:

   master1# nisgrpadm -a admin.doc.com. topadm.doc.com. secondadm.doc.com. Added “topadm.doc.com.” to group “admin.doc.com.”. Added “secondadm.doc.com.” to group “admin.doc.com.”.

   The admin.doc.com. argument in the nisgrpadm -a command above is the group name, which must come first. The remaining two arguments are the names of the administrators.

   ---

   Note –

   This step is necessary only if you want to add additional users to the admin group now, which is a good time to add administrators to the root server. You can also add users to the admin group after you have configured NIS+.

   ---

   You do not have to wait for the other administrators to change their default passwords to perform this step; however, they must already be listed in the passwd table before you can add them to the admin group. Members of the admin group will be unable to act as NIS+ principals until they add themselves to the domain. See How to Initialize an NIS+ User for more information on initializing users. The group cache also has to expire before the new members become active.

5. Type the following command to checkpoint the domain.

   master1# nisping -C doc.com. Checkpointing replicas serving directory doc.com. Master server is master1.doc.com. Last update occurred at date Master server is master1.doc.com. checkpoint scheduled on master1.doc.com.

   This step ensures that all the servers supporting the domain transfer the new information from their initialization (.log) files to the disk-based copies of the tables. Since you have just configured the root domain, this step affects only the root master server, as the root domain does not yet have replicas.

   ---

   Caution –

   If you do not have enough swap or disk space, the server will be unable to checkpoint properly, but it will not notify you. One way to make sure everything is correct is to list the contents of a table with the niscat command. For example, to check the contents of the rpc table, type:

   master1# niscat rpc.org_dir rpcbind rpcbind 100000 rpcbind portmap 100000 rpcbind sunrpc 100000

   If you do not have enough swap space, you will see the following error message instead of the sort of output you see above.

   can't list table: Server busy, Try Again.

   Even though it does not say so, in this context this message indicates that you do not have enough swap space. Increase the swap space and checkpoint the domain again.

   ---