Setting Up an NIS+ Server

It is much easier to perform this task with the NIS+ installation scripts than with the NIS+ command set described here. The methods described in this chapter should be used only by those administrators who are very familiar with NIS+ and who require some nonstandard features or configurations not provided by the installation scripts.

The NIS+ service is managed by the Service Management Facility (SMF). Administrative actions on this service, such as enabling, disabling, or restarting, can be performed by using the svcadm command. See NIS+ and the Service Management Facility for more information about using SMF with NIS+. For an overview of SMF, refer to Chapter 18, Managing Services (Overview), in System Administration Guide: Basic Administration. Also refer to the svcadm(1M) and svcs(1) man pages for more details.

NIS+ Standard Configuration and NIS-Compatible Configuration of an NIS+ Server

The differences between setting up an NIS-compatible and a standard NIS+ server are the same as the differences between setting up standard and NIS-compatible root master servers (see Standard Configuration and NIS-Compatible NIS+ Configuration Procedures). The server must have a properly configured /etc/resolv.conf file. In addition, the NIS+ daemon for an NIS-compatible server must be started with the -Y option (and the -B option for DNS forwarding), which allows the server to answer requests from NIS clients. For information about implementing the -Y and -B options, refer to NIS+ and the Service Management Facility.

Whenever rpc.nisd is started with either the -Y or -B option, a secondary daemon named rpc.nisd_resolv is spawned to provide name resolution.

Here is a summary of the entire configuration process:

1. Log in as superuser to the new replica server.

2. [NIS-Compatibility Only] Start the NIS+ daemon with -Y.

3. [Standard NIS+ Only] Start the NIS+ daemon.

Security Considerations When Configuring NIS+ Servers

The NIS+ security system is complex. If you are not familiar with NIS+ security, you might want to review Chapter 11, NIS+ Security Overview before starting to configure your NIS+ environment.

The security level at which you start the server determines the credentials that its clients must have. For instance, if the server is configured with security level 2 (the default), the clients in the domain it supports must have DES credentials. If you have configured the client according to the instructions in this book, the client has DES credentials in the proper domain, and you can start the server with security level 2.

Security level 0 is for administrator configuration and testing purposes only. Security level 1 is not supported. Do not use level 0 or 1 in any environment where ordinary users are doing their normal work. Operating networks should always be run at security level 2.

Prerequisites to Configuring NIS+ Servers

• The root domain must already be configured (see Chapter 5, Setting Up the NIS+ Root Domain).

• The server must have already been initialized as an NIS+ client (see Chapter 6, Configuring NIS+ Clients).

• To configure a server you must be logged in as superuser on that machine.

• For the server to run in NIS-compatibility mode and support DNS forwarding, it must have a properly configured /etc/resolv.conf file.

Information You Need to Configure an NIS+ Server

You need the superuser password of the client that you will convert into a server.

How to Configure an NIS+ Server

While it is possible to have a master or replica server serving more than one domain, doing so is not recommended.

1. Log in as superuser to the new replica server.

   The following steps assume that you rebooted the machine after you set it up as an NIS+ client, as instructed in Configuring the NIS+ Client. Rebooting starts the cache manager, which is a recommended prerequisite to the following step. If you did not reboot the machine, restart the NIS+ service now by using svcadm.

2. (Optional) Edit the /lib/svc/method/nisplus file to add the options you want.

   Use your preferred text editor.

   See NIS+ and the Service Management Facility for more information about editing the /lib/svc/method/nisplus file.

   -B

   Supports DNS forwarding

   -Y

   Starts the NIS+ daemon in NIS-compatibility mode

3. Start the NIS+ daemon.

   server# svcadm enable network/rpc/nisplus:default

   To verify that the NIS+ service is running, use the svcs command.

   server# svcs \*nisplus\* STATE STIME FMRI online Jan_12 svc:/network/rpc/nisplus:default

   This step creates a directory called /var/nis/data and a transaction log file called trans.log, which is placed in /var/nis.

   compatserver# ls -F /var/nis NIS_COLD_START data/ trans.log data.dict

   The trans.log file is a transaction log. You can examine the contents of the transaction log by using the nislog command, described in nislog Command.

   ---

   Caution –

   Do not move or rename the /var/nis or /var/nis/data directories. Do not move or rename the /var/nis/trans.log or /var/nis/data.dict files. If you are upgrading from a Solaris 2 release, the older /hostname subdirectory is automatically converted to /var/nis/data and the relevant files are converted as necessary. Do not change these new names after the conversion has occurred.

   ---

   Now this server is ready to be designated a master or replica of a domain, as described in Chapter 8, Configuring an NIS+ Non-Root Domain. This step completes this task. A task summary is provided on NIS+ Server Configuration Summary.