Part I Naming Service Setup
This part describes how to use the nsswitch.conf file to specify how different name services work together.
-
Chapter 1, "Setting Up the Name Service Switch"
Chapter 1 Setting Up the Name Service Switch
This section describes the name service switch and provides step-by-step instructions for configuring it.
Name Service Switch
The name service switch controls how a client workstation or application obtains network information. The name service switch is often referred to as the switch. The switch determines which naming services, and in what order, an application uses to obtain naming information. The switch is a file called nsswitch.conf, which is stored in each machine's /etc directory.
The nsswitch.conf File
Each workstation has a nsswitch.conf file in its /etc directory. Each line of that file identifies a particular type of network information, such as host, password, and group, followed by one or more sources, such as NIS+ tables, NIS maps, the DNS hosts table, or local /etc, where the client is to look for that information. For additional information on the nsswitch.conf file, see Solaris Naming Administration Guide.
An /etc/nsswitch.conf file is automatically loaded into every workstation's /etc directory by the Solaris 8 release software, along with the following alternate (template) versions:
These alternate template files contain the default switch configurations used by the NIS+ and NIS services, local files, and LDAP. No default file is provided for DNS, but you can edit any of these files to use DNS (see "Enabling a Machine to Use DNS"). When the Solaris operating environment is first installed on a workstation, the installer selects the workstation's default name service: NIS+, NIS, local files, or LDAP. During installation, the corresponding template file is copied to /etc/nsswitch.conf. For example, for a workstation client using NIS+, the installation process copies nsswitch.nisplus to nsswitch.conf.
If your network is connected to the Internet and you want users to be able to access Internet hosts using DNS, you must now enable DNS forwarding, as described in "Enabling a Machine to Use DNS".
Unless you have an unusual namespace, the default template file as copied to nsswitch.conf (with or without DNS, as described above) should be sufficient for normal operation.
Default NIS+ Version of Switch File
The NIS+ version of the switch file supplied with Solaris 7 release is named nsswitch.nisplus.
Example 1-1 Default nsswitch.nisplus File
# # /etc/nsswitch.nisplus: # # An example file that could be copied over to /etc/nsswitch.conf; # it uses NIS+ (NIS Version 3) in conjunction with files. # # "hosts:" and "services:" in this file are used only if the # /etc/netconfig file has a "-" for nametoaddr_libs of "inet" # transports. # the following two lines obviate the "+" entry in /etc/passwd # and /etc/group. passwd: files nisplus group: files nisplus # consult /etc "files" only if nisplus is down. hosts: nisplus [NOTFOUND=return] files # Uncomment the following line, and comment out the above, to use # both DNS and NIS+. You must also set up the /etc/resolv.conf # file for DNS name server lookup. See resolv.conf(4). # hosts: nisplus dns [NOTFOUND=return] files services: nisplus [NOTFOUND=return] files networks: nisplus [NOTFOUND=return] files protocols: nisplus [NOTFOUND=return] files rpc: nisplus [NOTFOUND=return] files ethers: nisplus [NOTFOUND=return] files netmasks: nisplus [NOTFOUND=return] files bootparams: nisplus [NOTFOUND=return] files publickey: nisplus netgroup: nisplus automount: files nisplus aliases: files nisplus sendmailvars: files nisplus |
Default NIS Version of Switch File
The NIS version of the switch file supplied with Solaris 7 release is named nsswitch.nis.
Example 1-2 Default nsswitch.nis File
# # /etc/nsswitch.nis: # # An example file that could be copied over to /etc/nsswitch.conf; it # uses NIS (YP) in conjunction with files. # # "hosts:" and "services:" in this file are used only if the # /etc/netconfig file has a "-" for nametoaddr_libs of "inet" transports. # the following two lines obviate the "+" entry in /etc/passwd and /etc/group. passwd: files nis group: files nis # consult /etc "files" only if nis is down. hosts: nis [NOTFOUND=return] files networks: nis [NOTFOUND=return] files protocols: nis [NOTFOUND=return] files rpc: nis [NOTFOUND=return] files ethers: nis [NOTFOUND=return] files netmasks: nis [NOTFOUND=return] files bootparams: nis [NOTFOUND=return] files publickey: nis [NOTFOUND=return] files netgroup: nis automount: files nis aliases: files nis # for efficient getservbyname() avoid nis services: files nis sendmailvars: files |
Default Files Version of Switch File
The local files version of the switch file supplied with Solaris 7 release is named nsswitch.files.
Example 1-3 Default nsswitch.files File
# # /etc/nsswitch.files: # # An example file that could be copied over to /etc/nsswitch.conf; it # does not use any naming service. # # "hosts:" and "services:" in this file are used only if the # /etc/netconfig file has a "-" for nametoaddr_libs of "inet" transports. passwd: files group: files hosts: files networks: files protocols: files rpc: files ethers: files netmasks: files bootparams: files publickey: files # At present there isn't a 'files' backend for netgroup; the system will # figure it out pretty quickly, and won't use netgroups at all. netgroup: files automount: files aliases: files services: files sendmailvars: files |
Default LDAP Version of Switch File
The LDAP version of the switch file supplied with Solaris operating environment is named nsswitch.ldap.
Example 1-4 LDAP Switch File Template
# # /etc/nsswitch.ldap: # # An example file that could be copied over to /etc/nsswitch.conf; it # uses LDAP in conjunction with files. # # "hosts:" and "services:" in this file are used only if the # /etc/netconfig file has a "-" for nametoaddr_libs of "inet" transports. # the following two lines obviate the "+" entry in /etc/passwd and /etc/group. passwd: files ldap group: files ldap hosts: ldap [NOTFOUND=return] files networks: ldap [NOTFOUND=return] files protocols: ldap [NOTFOUND=return] files rpc: ldap [NOTFOUND=return] files ethers: ldap [NOTFOUND=return] files netmasks: ldap [NOTFOUND=return] files bootparams: ldap [NOTFOUND=return] files publickey: ldap [NOTFOUND=return] files netgroup: ldap automount: files ldap aliases: files ldap # for efficient getservbyname() avoid ldap services: files ldap sendmailvars: files |
Selecting a Different Configuration File
When you change a workstation's naming service, you need to change that machine's switch file to one appropriate for the new service. For example, if you change a workstation's name service from NIS to NIS+, you need to install a switch file appropriate for NIS+. You change switch files by copying the appropriate template file to nsswitch.conf.
If you are installing NIS+ on a workstation using the NIS+ installation scripts, the NIS+ template script is copied to nsswitch.conf for you. In this case, you do not have to configure the switch file unless you want to customize it.
Before proceeding to change switch files, make sure the sources listed in the file are properly set up. In other words, if you are going to select the NIS+ version, the client must eventually have access to NIS+ service; if you are going to select the local files version, those files must be properly set up on the client.
Security Considerations
You must perform this operation as superuser.
Setting Up the Name Service Switch
Table 1-1 Task Map: Setting Up the Name Service Switch|
Task |
Description |
For Instructions, Go To |
|
|---|---|---|---|
|
Setting Up the Name Service Switch |
Set up a configuration file for NIS+ or NIS. and reboot the workstation | ||
How to Select a Different Configuration File
To change to a switch file, follow these steps:
-
Log in to the client as superuser.
-
Copy the alternate file appropriate for the machine's name service over the nsswitch.conf file.
NIS+ Version (done automatically for you by NIS+ scripts)
client1# cd /etc client1# cp nsswitch.nisplus nsswitch.conf
NIS Version
client1# cd /etc client1# cp nsswitch.nis nsswitch.conf
Local /etc Files Version
client1# cd /etc client1# cp nsswitch.files nsswitch.conf
-
Reboot the workstation.
The nscd name service cache daemon caches switch information. Some library routines do not periodically check the nsswitch.conf file to see whether it has been changed. You must reboot the workstation to make sure that the daemon and those routines have the latest information in the file.
Enabling a Machine to Use DNS
This section describes how to set up the name service switch configuration file for the NIS+ or local files name services so that a machine can also use the Domain Name System (DNS). DNS forwarding is inherent in the NIS name service. You do not have to (and should not) add a DNS entry to the hosts line of switch file of a machine using the NIS service. The steps described below apply only to those machines using local /etc files or NIS+.
Prerequisites
The machine must have a properly configured /etc/resolv.conf file (as described in "The Resolver").
Security Considerations
You must perform this operation as superuser.
Enabling a Machine to Use DNS-Task Map
Table 1-2 Enabling a Machine to Use DNS|
Task |
Description |
For Instructions, Go To |
|
|---|---|---|---|
|
Enabling a Machine to Use DNS |
Modify the /etc/nsswitch.conf file and enable an NIS+ client to use DNS | ||
How to Enable an NIS+ Client to Use DNS
-
Log in as superuser.
-
Open the /etc/nsswitch.conf file.
-
Specify DNS as a source of hosts information.
DNS can be the only source or an additional source for the hosts information. Locate the hosts line and use DNS in one of the ways shown below:
hosts: files dns
or
hosts: nisplus dns [NOTFOUND=return] files
or
hosts: dns nisplus [NOTFOUND=return] files
Do not use the above syntax for NIS clients, since they will be forced to search for unresolved names twice in DNS.
-
Save the file and reboot the workstation.
Because the nscd daemon caches this information, which it reads at start up, you must reboot the workstation now.
Adding Compatibility With +/- Syntax
This task describes how to add compatibility with the +/- syntax used in /etc/passwd, /etc/shadow, and /etc/group files when you are using either NIS or NIS+ as your primary naming service.
Adding Compatibility With +/- Syntax-Task Map
Table 1-3 Adding Compatibility With +/- Syntax|
Task |
Description |
For Instructions, Go To |
|
|---|---|---|---|
|
Adding Compatibility With +/- Syntax |
Modify the /etc/passwd, /etc/shadow, and /etc/group files to add DNS compatibility with +/- syntax. | ||
Security Considerations
You must perform this operation as superuser.
Note -
Users working on a client machine being served by a NIS+ server running in NIS compatibility mode cannot run ypcat on the netgroup table. Doing so will give you results that indicate the table is empty, even if it has entries.
How to Add DNS Compatibility With +/- Syntax
-
Log in as superuser.
-
Open the /etc/nsswitch.conf file.
-
Change the passwd and groups sources to compat.
-
For use with NIS, enter:
passwd: compat group: compat
-
For NIS+, enter:
passwd: compat passwd_compat: nisplus group: compat group_compat: nisplus
This provides the same syntax as in the Solaris 1.x release: it looks up /etc files and NIS maps as indicated by the +/- entries in the files.
-
-
Add -+ or -+ netgroup to /etc/passwd, /etc/shadow, and /etc/group files.
Caution - If you fail to add the -+ or -+ netgroup entries to /etc/shadow and /etc/passwd, you will not be able to log in.
-
Save the file and reboot the workstation.
Because some library routines do not periodically check the nsswitch.conf file to see whether it has been changed, you must reboot the workstation to make sure those routines have the latest information in the file.
Enabling a Machine to Use IPv6 Addresses
The nsswitch.conf file controls search criteria for IPv6 addresses. IPv6 increases the IP address size from 32 bits to 128 bits to support more levels of addressing hierarchy and provide a greater number of addressable nodes. For more information about IPv6, its configuration and implementation see "Overview of IPv6" in System Administration Guide, Volume 3 and "Transitioning From IPv4 to IPv6" in System Administration Guide, Volume 3.
The /etc/inet/ipnodes file stores both IPv4 and IPv6 addresses. The /etc/inet/ipnodes file uses the same format convention as the /etc/hosts file.
Enabling a Machine to Use IPv6-Task Map
Table 1-4 Enabling a Machine to Use IPv6|
Task |
Description |
For Instructions, Go To |
|
|---|---|---|---|
|
Enabling a Machine to Use IPv6 |
Modify the /etc/nsswitch.conf file and enable an NIS+ client to use IPv6 | "How to Enable an NIS+ Client to Use IPv6" | |
How to Enable an NIS+ Client to Use IPv6
-
Log in as superuser.
-
Edit the /etc/nsswitch.conf file.
-
Add the new ipnodes source and specify the name service (such as ldap).
ipnodes: ldap [NOTFOUND=return] files
ipnodes defaults to files. During the transition from IPv4 to IPv6, where all name services are not aware of IPv6 addresses, you should accept the files default. Otherwise, unnecessary delays (such as boot timing delays) might result during the resolution of addresses.
-
Save the file and reboot the workstation.
Because the nscd daemon caches this information, which it reads at start up, you must reboot the workstation now.
- © 2010, Oracle Corporation and/or its affiliates