Documentation Home
> System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP)
System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP)
Book Information
Index
Numbers and Symbols
A
B
C
D
E
F
G
H
I
K
L
M
N
O
P
R
S
T
U
V
W
X
Y
Z
Preface
Part I About Naming and Directory Services
Chapter 1 Naming and Directory Services (Overview)
What Is a Naming Service?
Solaris Naming Services
Description of the DNS Naming Service
Description of the /etc Files Naming Service
Description of the NIS Naming Service
Description of the NIS+ Naming Service
Description of the FNS Naming Service
Description of the LDAP Naming Services
Naming Services: A Quick Comparison
Chapter 2 The Name Service Switch (Overview)
About the Name Service Switch
Format of the nsswitch.conf File
Search Criteria
Switch Status Messages
Switch Action Options
Default Search Criteria
What if the Syntax is Wrong?
Auto_home and Auto_master
Timezone and the Switch File
Comments in nsswitch.conf Files
Keyserver and publickey Entry in the Switch File
The nsswitch.conf Template Files
The Default Switch Template Files
The nsswitch.conf File
Selecting a Different Configuration File
How to Modify the Name Service Switch
DNS and Internet Access
IPv6 and Solaris Naming Services
Ensuring Compatibility With +/- Syntax
The Switch File and Password Information
Part II DNS Setup and Administration
Chapter 3 Domain Name System (Overview)
DNS Basics
Name-to-Address Resolution
DNS Administrative Domains
in.named and DNS Name Servers
Server Configuration and Data File Names
Configuration File
Names of DNS Data Files
Domain Names
Default Domain Name
Trailing Dots in Domain Names
DNS Clients and the Resolver
The resolv.conf File
The named.conf File
DNS Hierarchy in a Local Domain
DNS Hierarchy and the Internet
Joining the Internet
Domain Names in the DNS Namespace
Fully Qualified Domain Names (FQDNs)
Zones and DNS
Reverse Mapping
The in-addr.arpa Domain
Chapter 4 Administering DNS (Tasks)
Setting Up the resolv.conf File
Configuring a Network For DNS
How to Set Up a DNS Client
How to Set Up a DNS Server
How to Specify a Master Server
How to Specify a Slave Server
How to Specify a Cache-Only or Stub Server
DNS Compatibility and +/- Syntax
Setting Up DNS Servers
How to Initialize the Server
How to Test Your Installation
How to Add Additional Servers
Modifying DNS Data Files
How to Change the SOA Serial Number
How to Force in.named to Reload DNS Data
Adding and Deleting Clients
How to Add a Client
How to Remove a Client
Enabling a Client to Use IPv6
How to Enable a Client to Use IPv6
Creating DNS Subdomains
Planning Your Subdomains
How to Set Up a Subdomain
Solaris DNS BIND 8.3.3 Implementation
How to Migrate from BIND 4.9.x to BIND 8.3.3
DNS Forwarding
How to Enable DNS Forwarding Capabilities on an NIS+ Client
How to Enable DNS Forwarding Capabilities on an Older NIS Client
Chapter 5 DNS Administration (Reference)
Implementing DNS: A Practical Example
Example Configuration Files
Example resolv.conf Files
Example named.local File
Example hosts Files
Example hosts.rev Files
Example named.ca File
Setting Up the Data Files
Setting Up Subdomains
Setting Up Subdomains: Same Zone
Setting Up Subdomains: Different Zones
The DNS Namespace Hierarchy
Domains and Subdomains
How DNS Affects Mail Delivery
DNS Configuration and Data Files
Names of DNS Data Files
The named.conf File
named.conf Statements
The named.ca File
Setting Up the named.ca File
Internet named.ca File
Non-Internet named.ca File
The hosts File
Setting Up the hosts File
The hosts.rev File
Setting Up the hosts.rev File
The named.local File
Setting Up the named.local File
The $INCLUDE File
Data File Resource Record Format
Standard Resource Record Format
The name Field
The ttl Field
The class Field
The record-type Field
The record-specific-data Field
Special Resource Record Characters
Control Entries
The $INCLUDE Entry
The $ORIGIN() Entry
Resource Record Types
Start-of-Authority record (SOA)
The name Field
The class Field
The SOA Field
The origin Field
The person-in-charge Field
The serial Field
The refresh Field
The retry Field
The expire Field
The ttl Field
Name Server (NS)
Address (A)
Host Information (HINFO)
Well-Known Services (WKS)
Canonical Name (CNAME)
Pointer Record (PTR)
Mail Exchanger (MX)
Chapter 6 DNS Troubleshooting (Reference)
Clients Can Find Machine by Name but Server Cannot
Changes Do Not Take Effect or Are Erratic
DNS Client Cannot Lookup “Short” Names
Reverse Domain Data Not Correctly Transferred to slave
Server Failed and Zone Expired Problems
rlogin, rsh, and ftp Problems
Other DNS Syntax Errors
Part III NIS Setup and Administration
Chapter 7 Network Information Service (NIS) (Overview)
NIS Introduction
NIS Architecture
NIS Machine Types
NIS Servers
NIS Clients
NIS Elements
The NIS Domain
NIS Daemons
NIS Utilities
NIS Maps
Default NIS Maps
Using NIS Maps
NIS Map Nicknames
NIS-Related Commands
NIS Binding
Server-List Mode
Broadcast Mode
Differences in NIS Solaris 2.6 NIS and Earlier NIS Versions
NSKit Discontinued
The ypupdated Daemon
The /var/yp/securenets File
Multihomed Machine Support
SunOS 4 Compatibility Mode
Chapter 8 Setting Up and Configuring NIS Service
Configuring NIS — Task Map
Before You Begin Configuring NIS
Planning Your NIS Domain
Identify Your NIS Servers and Clients
Preparing the Master Server
Source Files Directory
Passwd Files and Namespace Security
Preparing Source Files for Conversion to NIS Maps
Preparing the Makefile
Setting Up the Master Server With ypinit
Master Supporting Multiple NIS Domains
Starting NIS Service on the Master Server
Starting NIS Service Automatically
Starting and Stopping NIS From the Command Line
Setting Up NIS Slave Servers
Preparing a Slave Server
Setting Up a Slave Server
Setting Up NIS Clients
Chapter 9 Administering NIS (Tasks)
Password Files and Namespace Security
Administering NIS Users
How to Add a New NIS User to an NIS Domain
Setting User Passwords
NIS Netgroups
Working With NIS Maps
Obtaining Map Information
Changing a Map's Master Server
Modifying Configuration Files
Modifying and Using the Makefile
Working With the Makefile
Changing Makefile Macros/Variables
Modifying Makefile Entries
Updating and Modifying Existing Maps
How to Update Maps Supplied With the Default Set
Propagating an NIS Map
Using cron for Map Transfers
Using Shell Scripts With cron and ypxfr
Directly Invoking ypxfr
Logging ypxfr Activity
Modifying Default Maps
Using makedbm to Modify a Non-Default Map
Creating New Maps from Text Files
Adding Entries to a File-Based Map
Creating Maps From Standard Input
Modifying Maps Made From Standard Input
Adding a Slave Server
Using NIS With C2 Security
Changing a Machine's NIS Domain
Using NIS in Conjunction With DNS
Dealing with Mixed NIS Domains
Turning Off NIS Services
Chapter 10 NIS Troubleshooting
NIS Binding Problems
Symptoms
NIS Problems Affecting One Client
ypbind Not Running on Client
Missing or Incorrect Domain Name
Client Not Bound to Server
No Server Available
ypwhich Displays Are Inconsistent
When Server Binding is Not Possible
ypbind Crashes
NIS Problems Affecting Many Clients
rpc.yppasswdd Considers a Non-Restricted Shell That Begins With r to be Restricted
Network or Servers Are Overloaded
Server Malfunction
NIS Daemons Not Running
Servers Have Different Versions of an NIS Map
Logging ypxfr Output
Check the crontab File and ypxfr Shell Script
Check the ypservers Map
Work Around
ypserv Crashes
Part IV Configuring Sun ONE Directory Server
Chapter 11 Sun ONE Directory Server Configuration
Preparing for Configuration
Configuration Components
Configuration Choices
Choosing Unique Port Numbers
Choosing User and Group
Defining Authentication Entities
Choosing Your Directory Suffix
Choosing the Location of the Configuration Directory
Choosing the Location of the User Directory
Choosing the Administration Domain
Configuration Process Overview
Selecting a Directory Server Configuration Method
Configuring the Servers
Sun ONE Directory Server Configuration Worksheet
Configuration Process for Sun ONE Directory Server 5.1
Part V LDAP Naming Services Setup and Administration
Chapter 12 Introduction to LDAP Naming Services (Overview/Reference)
Audience Assumptions
Suggested Background Reading
Additional Prerequisite
LDAP Naming Services Compared to Other Naming Services
Advantages of LDAP Naming Services
Restrictions of LDAP Naming Services
LDAP Naming Services Setup (Task Map)
Chapter 13 Basic Components and Concepts (Overview)
LDAP Data Interchange Format (LDIF)
Using Fully Qualified Domain Names
Default Directory Information Tree (DIT)
Default Schema
Service Search Descriptors (SSDs) and Schema Mapping
Description of SSDs
Attribute Map
objectClass Map
Client Profiles
Client Profile Attributes
Local Client Attributes
ldap_cachemgr Daemon
LDAP Naming Services Security Model
Introduction
Transport Layer Security (TLS)
Assigning Client Credential Levels
Credential Storage
Choosing Authentication Methods
Authentication and Services
Pluggable Authentication Methods
PAM and Changing Passwords
Using Sun ONE Directory Server With digest-MD5
Password Management
Chapter 14 Planning Requirements for LDAP Naming Services (Tasks)
Planning Overview
Planning the Network Model
Planning the Directory Information Tree (DIT)
Multiple Directory Servers
Data Sharing With Other Applications
Choosing the Directory Suffix
Replica Servers
Planning the Security Model
Planning Client Profiles and Default Attribute Values
Planning the Data Population
Chapter 15 Setting Up Sun ONE Directory Server (Tasks)
Configuring Sun ONE Directory Server Using idsconfig
Creating a Checklist Based on Your Server Installation
Attribute Indexes
Schema Definitions
Using Browsing Indexes
Using Service Search Descriptors to Modify Client Access to Various Services
Setting Up SSDs Using idsconfig
Running idsconfig
Populating the Directory Server Using ldapaddent
Managing Printer Entries
Adding Printers
Using lpget
Populating the Directory Server With Additional Profiles
Configuring the Directory Server to Enable Password Management
Chapter 16 Setting Up Clients (Tasks)
Prerequisites to Client Setup
Initializing a Client
Using Profiles to Initialize a Client
Using Proxy Credentials
Initializing a Client Manually
Modifying a Manual Client Configuration
Uninitializing a Client
Setting Up TLS Security
Configuring PAM
Using pam_ldap Without Password Management Support
Configuring pam_ldap for Password Management Support
Retrieving LDAP Naming Services Information
Listing All LDAP Containers
Listing All User Entry Attributes
Customizing the Client Environment
Modifying the nsswitch.conf File
Enabling DNS
Chapter 17 LDAP Troubleshooting (Reference)
Monitoring Client Status
Verifying ldap_cachemgr Is Running
Checking the Current Profile Information
Verifying Basic Client-Server Communication
Checking Server Data From a Non-Client Machine
Configuration Problems and Solutions
Unresolved Hostname
Unable to Reach Systems in the LDAP Domain Remotely
Login Does Not Work
Lookup Too Slow
ldapclient Cannot Bind to Server
Using ldap_cachemgr for Debugging
ldapclient Hangs During Setup
Chapter 18 LDAP General Reference (Reference)
Blank Checklists
Upgrade Information
New automount Schema
LDAP Commands
General LDAP Tools
LDAP Tools Requiring LDAP Naming Services
Example pam.conf File for pam_ldap
Example pam_conf file for pam_ldap Configured for Password Management
IETF Schemas
RFC 2307 Network Information Service Schema
Mail Alias Schema
Directory User Agent Profile (DUAProfile) Schema
Solaris Schemas
Solaris Projects Schema
Role-Based Access Control and Execution Profile Schema
Internet Print Protocol Information
Internet Print Protocol (IPP) Attributes
Internet Print Protocol (IPP) ObjectClasses
Sun Printer Attributes
Sun Printer ObjectClasses
Generic Directory Server Requirements
Default Filters Used by LDAP Naming Services
Chapter 19 Transitioning From NIS to LDAP (Overview/Tasks)
NIS-to-LDAP Service Overview
N2L Audience Assumptions
When Not to Use the N2L Service
Effects of the N2L Service on Users
NIS-to-LDAP Transition Terminology
N2L Commands and Files
Supported Standard Mappings
Transitioning From NIS to LDAP (Task Map)
Prerequisites for the NIS-to-LDAP Transition
Setting Up the N2L Service
Examples of Custom Maps
Example 1–Moving Host Entries
Example 2–Implementing a Custom Map
N2L Best Practices With Sun ONE Directory Server
Creating Virtual List View Indexes With Sun ONE Directory Server
VLVs for Standard Maps
VLVs for Custom and Nonstandard Maps
Avoiding Server Timeouts With Sun ONE Directory Server
Avoiding Buffer Overruns With Sun ONE Directory Server
N2L Restrictions
N2L Troubleshooting
Common LDAP Error Messages
N2L Issues
Debugging the NISLDAPmapping File
N2L Server Timeout Issue
N2L Lock File Issue
N2L Deadlock Issue
Reverting to NIS
Chapter 20 Transitioning From NIS+ to LDAP
NIS+ to LDAP Overview
Configuration Files
Creating Attributes and Object Classes
Getting Started
/etc/default/rpc.nisd File
General Configuration
Configuration Data From LDAP
Server Selection
Authentication and Security
Default Location in LDAP and NIS+
Timeout/Size Limits and Referral Action for LDAP Communication
Error Actions
General LDAP Operation Control
/var/nis/NIS+LDAPmapping File
nisplusLDAPdatabaseIdMapping Attribute
nisplusLDAPentryTtl Attribute
nisplusLDAPobjectDN Attribute
nisplusLDAPattributeFromColumn Attribute
nisplusLDAPcolumnFromAttribute Attribute
NIS+ to LDAP Migration Scenarios
Merging NIS+ and LDAP Data
Masters and Replicas
Replication Timestamps
The Directory Server
Configuring the Sun ONE Directory Server
Assigning Server Address and Port Number
Security and Authentication
Using SSL
Performance and Indexing
Mapping NIS+ Objects Other Than Table Entries
NIS+ Entry Owner, Group, Access, and TTL
Principal Names and Netnames
client_info and timezone Tables
client_info Attributes and Object Class
timezone Attributes and Object Class
Adding New Object Mappings
Adding Entry Objects
Storing Configuration Information in LDAP
Appendix A System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP) Updates
Solaris 9 12/03 Updates
Glossary
© 2010, Oracle Corporation and/or its affiliates