Documentation Home
> System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP)
System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP)
Book Information
Index
Numbers and Symbols
A
B
C
D
E
F
G
H
I
K
L
M
N
O
P
R
S
T
U
V
W
X
Y
Z
Preface
Part I About Naming and Directory Services
Chapter 1 Naming and Directory Services (Overview)
What Is a Naming Service?
Solaris Naming Services
DNS
/etc Files
NIS
NIS+
FNS
LDAP Naming Services
Naming Services: A Quick Comparison
Chapter 2 The Name Service Switch (Overview)
About the Name Service Switch
Format of the nsswitch.conf File
Search Criteria
Switch Status Messages
Switch Action Options
Default Search Criteria
What if the Syntax is Wrong?
Auto_home and Auto_master
Timezone and the Switch File
Comments in nsswitch.conf Files
Keyserver and publickey Entry in the Switch File
The nsswitch.conf Template Files
The Default Switch Template Files
The nsswitch.conf File
Selecting a Different Configuration File
Modifying the name service switch
DNS and Internet Access
IPv6 and Solaris Naming Services
Ensuring Compatibility With +/- Syntax
The Switch File and Password Information
Part II DNS Setup and Administration
Chapter 3 Domain Name System (Overview)
DNS Basics
Name-to-Address Resolution
DNS Administrative Domains
in.named and DNS Name Servers
Server Configuration and Data File Names
Configuration File
Names of DNS Data Files
Domain Names
Default Domain Name
Trailing Dots in Domain Names
DNS Clients and the Resolver
The resolv.conf File
The named.conf File
DNS Hierarchy in a Local Domain
DNS Hierarchy and the Internet
Joining the Internet
Domain Names
Fully Qualified Domain Names (FQDNs)
Zones
Reverse Mapping
The in-addr.arpa Domain
Chapter 4 Administering DNS (Tasks)
Setting Up the resolv.conf File
Configuring a Network For DNS
Setting Up a DNS Client
Setting Up a DNS Server
How to Specify a Master Server
How to Specify a Slave Server
How to Specify a Cache-Only or Stub Server
How to Add DNS Compatibility and +/- Syntax
Setting up DNS Servers
Initializing the Server
Testing Your Installation
Adding Additional Servers
Modifying DNS Data Files
How to Change the SOA Serial Number
Forcing in.named to Reload DNS Data
Adding and Deleting Clients
Adding a Client
Removing a Client
Enabling a Client to Use IPv6
Creating DNS Subdomains
Planning Your Subdomains
Setting Up a Subdomain
Solaris DNS BIND 8.2.4 Implementation
DNS Forwarding
Chapter 5 DNS Administration (Reference)
Implementing DNS
A Practical Example
Example Boot Files
Example resolv.conf Files
Example named.local File
Example hosts Files
Example hosts.rev Files
Example name.ca File
Setting Up the Data Files
Resource Record Types
Setting Up Subdomains
Setting Up Subdomains—Same Zone
Setting Up Subdomains—Different Zones
The DNS Namespace Hierarchy
How DNS Affects Mail Delivery
DNS Configuration and Data Files
Names of DNS Data Files
The named.conf File
named.conf Statements
The named.ca File
Setting Up the named.ca File
Internet named.ca File
Non-Internet named.ca File
The hosts File
Setting Up the hosts File
The hosts.rev File
Setting Up the hosts.rev File
The named.local File
Setting Up the named.local File
$INCLUDE Files
Data File Resource Record Format
Standard Resource Record Format
The name Field
The ttl Field
The class Field
The record-type Field
The record-specific-data Field
Special Resource Record Characters
Control Entries
$INCLUDE
$ORIGIN()
Resource Record Types
Start-of-Authority record (SOA)
name
class
SOA
origin
person-in-charge
serial
refresh
retry
expire
ttl
Name Server (NS)
Address (A)
Host Information (HINFO)
Well-Known Services (WKS)
Canonical Name (CNAME)
Pointer Record (PTR)
Mail Exchanger (MX)
Chapter 6 DNS Troubleshooting (Reference)
Clients Can Find Machine by Name but Server Cannot
Changes Do Not Take Effect or Are Erratic
DNS Client Cannot Lookup “Short” Names
Reverse Domain Data Not Correctly Transferred to slave
Server Failed and Zone Expired Problems
rlogin, rsh, and ftp Problems
Other DNS Syntax Errors
Part III NIS Setup and Administration
Chapter 7 Network Information Service (NIS) (Overview)
NIS Introduction
NIS Architecture
NIS Machine Types
NIS Servers
NIS Clients
NIS Elements
The NIS Domain
NIS Daemons
NIS Utilities
NIS Maps
Default NIS Maps
Using NIS Maps
NIS Map Nicknames
NIS-Related Commands
NIS Binding
Server-List Mode
Broadcast Mode
Differences in NIS Solaris 2.6 NIS and Earlier NIS Versions
NSKit Discontinued
The ypupdated Daemon
/var/yp/securenets
Multihomed Machine Support
SunOS 4 Compatibility Mode
Chapter 8 Setting Up and Configuring NIS Service
Configuring NIS — Task Map
Before You Begin Configuring NIS
Planning Your NIS Domain
Identify Your NIS Servers and Clients
Preparing the Master Server
Source Files Directory
Passwd Files and Namespace Security
Preparing Source Files for Conversion to NIS Maps
Preparing the Makefile
How to Set Up the Master Server With ypinit
Master Supporting Multiple NIS Domains
Starting NIS Service on the Master Server
Starting NIS Service Automatically
Starting and Stopping NIS From the Command Line
Setting Up NIS Slave Servers
Preparing a Slave Server
Setting Up a Slave Server
Setting Up NIS Clients
Configuring a Machine to Use NIS
Chapter 9 Administering NIS (Tasks)
Password Files and Namespace Security
Administering NIS Users
Adding a New User to an NIS Domain
Setting User Passwords
Netgroups
Working With NIS Maps
Obtaining Map Information
Changing a Map's Master Server
Modifying Configuration Files
Modifying and Using the Makefile
Changing Makefile Macros/Variables
Updating and Modifying Existing Maps
Updating Maps Supplied with the Default Set
Propagating an NIS Map
Using cron for Map Transfers
Using Shell Scripts With cron and ypxfr
Directly Invoking ypxfr
Logging ypxfr Activity
Modifying Default Maps
Using makedbm to Modify a Non-Default Map
Creating New Maps from Text Files
Adding Entries to a File-Based Map
Creating Maps From Standard Input
Modifying Maps Made From Standard Input
Adding a Slave Server
Using NIS With C2 Security
Changing a Machine's NIS Domain
Using NIS in Conjunction With DNS
Dealing with Mixed NIS Domains
Turning Off NIS Services
Chapter 10 NIS Troubleshooting
NIS Binding Problems
Symptoms
NIS Problems Affecting One Client
ypbind Not Running on Client
Missing or Incorrect Domain Name
Client Not Bound to Server
No Server Available
ypwhich Displays Are Inconsistent
When Server Binding is Not Possible
ypbind Crashes
NIS Problems Affecting Many Clients
rpc.yppasswdd Considers a Non-restricted Shell Which Begins with r to be Restricted
Network or Servers are Overloaded
Server Malfunction
NIS Daemons Not Running
Servers Have Different Versions of an NIS Map
Logging ypxfr Output
Check the crontab File and ypxfr Shell Script
Check the ypservers Map
Work Around
ypserv Crashes
Part IV iPlanet Directory Server 5.1 Configuration
Chapter 11 iPlanet Directory Server 5.1 Configuration
Preparing for Configuration
Configuration Components
Configuration Choices
Choosing Unique Port Numbers
Choosing User and Group
Defining Authentication Entities
Choosing Your Directory Suffix
Choosing the Location of the Configuration Directory
Choosing the Location of the User Directory
Choosing the Administration Domain
Configuration Process Overview
Selecting an Configuration Process
Using Express and Typical Configuration
Using Express Configuration
Using Typical Configuration
Part V LDAP Naming Service Setup and Administration
Chapter 12 Introduction to the LDAP Naming Service (Overview/Reference)
Audience Assumptions
Suggested Background Reading
Additional Prerequisites
LDAP Naming Service Versus Other Naming Services
Using Fully Qualified Domain Names
Advantages of LDAP Naming Service
Disadvantages of LDAP Naming Service
New LDAP Naming Service Features for Solaris 9
Transitioning from NIS+ to LDAP
LDAP Naming Service Setup (Task Map)
Chapter 13 Basic Components and Concepts (Overview)
Default Directory Information Tree (DIT)
Default Schema
Service Search Descriptors (SSDs) and Schema Mapping
SSDs
Attribute Map
objectClass Map
Client Profiles
Client Profile Attributes
Local Client Attributes
ldap_cachemgr Daemon
LDAP Naming Service Security Model
Introduction
Transport Layer Security (TLS)
Assigning Client Credential Levels
Credential Storage
Choosing Authentication Methods
Authentication and Services
Pluggable Authentication Methods
PAM and Changing Passwords
Password Management
Chapter 14 Planning for the LDAP Naming Service
Overview
Planning the Network Model
Planning the Directory Information Tree (DIT)
Multiple Directory Servers
Data Sharing With Other Applications
Choosing the Directory Suffix
Replica Servers
Planning the Security Model
Planning Client Profiles and Default Attribute Values
Planning the Data Population
Chapter 15 iPlanet Directory Server 5.1 Setup (Tasks)
Configuring iPlanet Directory Server 5.1 Using idsconfig
Creating a Checklist Based on Your Server Installation
Attribute Indices
Schema Definitions
Using Browsing Indices
Using Service Search Descriptors to Modify Client Access to Various Services
Setting Up SSDs Using idsconfig
Running idsconfig
Populating the Directory Server Using ldapaddent
Managing Printer Entries
Adding Printers
Using lpget
Populating the Server with Additional Profiles
Chapter 16 Client Setup (Task)
Prerequisites
Initializing a Client
Using Profiles to Initialize a Client
Using Proxy Credentials
Initializing a Client Manually
Modifying a Manual Client Configuration
Un-initializing a Client
TLS Security Setup
Configuring PAM
Retrieving Naming Service Information
Using ldaplist
Listing All LDAP Containers
Listing All User Entry Attributes
Customizing the Client Environment
Modifying the nsswitch.conf File
Chapter 17 Troubleshooting
Monitoring Client Status
Verifying ldap_cachemgr is running
Checking the Current Profile Information
Verifying Basic Client/Server Communication
Checking Server Data From a Non-client Machine
Configuration Problems and Solutions
Unresolved Hostname
Unable to Reach Systems in the LDAP Domain Remotely
Login Does Not Work
Lookup Too Slow
ldapclient Cannot Bind to Server
Using ldap_cachemgr for Debugging
ldapclient Hangs During Setup
Frequently Asked Questions
Can I use LDAP naming services with Older Solaris Releases?
What are the DIT Default Locations in Solaris LDAP Naming Services?
Chapter 18 General Reference
Blank Checklists
Upgrade Information
New Automount Schema
LDAP Commands
General LDAP Tools
LDAP Tools Requiring LDAP Naming Services
An example pam.conf file for pam_ldap
IETF Schemas
RFC 2307 Network Information Service Schema
Mail Alias Schema
Directory User Agent Profile (DUAProfile) Schema
Solaris Schemas
Solaris Projects Schema
Role Based Access Control and Execution Profile Schema
Internet Print Protocol Information
Internet Print Protocol (IPP) Attributes
Internet Print Protocol (IPP) ObjectClasses
Sun Printer Attributes
Sun Printer ObjectClasses
Generic Directory Server Requirements
Default Filters Used By Naming Services
Glossary
© 2010, Oracle Corporation and/or its affiliates