Setting Up NIS+ Root Servers
Setting up the root master server is the first activity towards establishing NIS+ domain. This section shows you how to configure a root master server using the nisserver script with default settings. The root master server uses the following defaults:
-
Security level 2 (DES)--the highest level of NIS+ security
-
NIS compatibility set to OFF (instructions for setting NIS compatibility are included)
-
System information files (/etc) or NIS maps as the source of name services information
-
admin. domainname as the NIS+ group
Note -
The nisserver script modifies the name service switch file for NIS+ when it sets up a root master server. The /etc/nsswitch.conf file may be changed later. See Solaris Naming Administration Guide and Chapter 1, Setting Up the Name Service Switch for information on the name service switch.
Prerequisites to Running nisserver
Check to see that the /etc/passwd file on the machine you want to be root master server contains an entry for root.
Information You Need
You need the following:
-
The superuser password of the workstation that will become the root master server
-
The name of the new root domain. The root domain name must have at least two elements (labels) and end in a dot (for example, something.com.). The last element may be anything you want, but in order to maintain Internet compatibility, the last element must be either an Internet organizational name (as shown in Table 4-3), or a two or three character geographic identifier such as .jp. for Japan.
|
Domain |
Purpose |
|---|---|
|
com |
Commercial organizations |
|
edu |
Educational institutions |
|
gov |
Government institutions |
|
mil |
Military groups |
|
net |
Major network support centers |
|
org |
Nonprofit organizations and others |
|
int |
International organizations |
In the following example, the machine that will be designated the root master server is called master1, and doc.com. will be the new root domain.
Note -
Domains and hosts should not have the same name. For example, if you have doc.com as a root domain, you should not have a machine named doc in any of your domains. Similarly, if you have a machine named home, you do not want to create a domain named home. This caution applies to subdomains; for example, if you have a machine named west, you don't want to create a sales.west.myco.com subdomain.
Creating a Root Master Server
-
Set the superuser's
PATHvariable to include /usr/lib/nis.Either add this path to root's .cshrc or .profile file or set the variable directly.
-
Type the following command as superuser (root) to configure a root master server.
The -r option indicates that a root master server should be configure. The -d option specifies the NIS+ domain name.
master1# nisserver -r -d doc.com. This script sets up this machine "master1" as a NIS+ root master server for domain doc.com. Domain name : doc.com. NIS+ group : admin.doc.com. NIS (YP) compatibility : OFF Security level : 2=DES Is this information correct? (type 'y' to accept, 'n' to change)
"NIS+ group" refers to the group of users who are authorized to modify the information in the doc.com. domain. (Domain names always end with a period.) Modification includes deletion. admin.domainname is the default name of the group. See "Changing Incorrect Information" for instructions on how to change this name.
"NIS compatibility" refers to whether an NIS+ server accepts information requests from NIS clients. When set to OFF, the default setting, the NIS+ server will not fulfill requests from NIS clients. When set to ON, an NIS+ server will fulfill such requests. You can change the NIS-compatibility setting with this script. See "Changing Incorrect Information".
Note -This script sets machines up only at security level 2, the highest level of NIS+ security. You cannot change the security level when using this script. After the script has completed, you can change the security level with the appropriate NIS+ command. See Solaris Naming Administration Guide and the rpc.nisd man page for more information on changing security levels.
-
Type y (if the information shown on the screen is correct).
Typing n causes the script to prompt you for the correct information. (See "Changing Incorrect Information" for what you need to do if you type n.)
Is this information correct? (type 'y' to accept, 'n'' to change) y This script will set up your machine as a root master server for domain doc.com. without NIS compatibility at security level 2. Use "nisclient -r" to restore your current network service environment. Do you want to continue? (type `y' to continue, `n' to exit the script)
-
Type y to continue NIS+ configuration.
(Typing n safely stops the script.) If you interrupt the script after you have chosen y and while the script is running, the script stops running and leaves configured whatever it has created so far. The script does not do any automatic recovery or cleaning up. You can always rerun this script.
Do you want to continue? (type 'y' to continue, 'n' to exit the script y setting up domain information "doc.com." ... setting up switch information ... running nisinit ... This machine is in the doc.com. NIS+ domain. Setting up root server ... All done. starting root server at security level 0 to create credentials... running nissetup ... (creating standard directories & tables) org_dir.doc.com. created Enter login password:
The nissetup command creates the directories for each NIS+ table.
-
Type your machine's root password at the prompt and press Return.
In this case, the user typed the master1 machine's root password.
Wrote secret key into /etc/.rootkey setting NIS+ group to admin.doc.com. ... restarting root server at security level 2 ... This system is now configured as a root server for domain doc.com. You can now populate the standard NIS+ tables by using the nispopulate or /usr/lib/nis/nisaddent commands.
Your root master server is now configured and ready for you to populate the NIS+ standard tables. To continue with populating tables, skip to "Populating NIS+ Tables".
Changing Incorrect Information
If you typed n because some or all of the information returned to you was wrong in Step 3 in the above procedure, you will see the following:
Is this information correct? (type 'y' to accept, 'n' to change) n Domain name: [doc.com.] |
-
Press Return if the domain name is correct; otherwise, type the correct domain name and press Return.
In this example, Return was pressed, confirming that the desired domain name is doc.com. The script then prompts for the NIS+ group name.
Is this information correct? (type 'y' to accept, 'n' to change) n Domain name: [doc.com.] NIS+ group: [admin.doc.com.]
-
Press Return if NIS+ group is correct; otherwise, type the correct NIS+ group name and press Return.
In this example, the name was changed. The script then prompts for NIS compatibility.
NIS+ group: [admin.doc.com.] netadmin.doc.com. NIS (YP) compatibility (0=off, 1=on): [0]
-
Press Return if you do not want NIS compatibility; otherwise, type 1 and press Return.
In this example, Return was pressed, confirming that NIS compatibility status is correct. Once again, the script asks you if the information is correct.
Note -If you choose to make this server NIS compatible, you also need to edit a file and restart the rpc.nisd daemon before it will work. See "Configuring a Client as an NIS+ Server" for more information.
NIS (YP) compatibility (0=off, 1=on): [0] Domain name : doc.com. NIS+ group : netadmin.doc.com. NIS (YP) compatibility : OFF Security level : 2=DES Is this information correct? (type 'y' to accept, 'n' to change)
When the information is correct, continue with Step 3 in "Creating a Root Master Server". You can keep choosing -n until the information is correct.
Note -This script sets machines up only at security level 2. You cannot change the security level when using this script. After the script has completed, you can change the security level with the appropriate NIS+ command. See Solaris Naming Administration Guide for more information on changing security levels.
- © 2010, Oracle Corporation and/or its affiliates