3    Network Information Service

The Network Information Service (NIS, formerly Yellow Pages) is a distributed data lookup service for sharing information on a local area network (LAN). NIS allows you to coordinate the distribution of database information throughout your networked environment.

This chapter describes:

For introductory information on NIS, see nis_intro(7). For troubleshooting information, see Section 9.6 for clients and Section 9.5 for servers.

3.1    NIS Environment

In an NIS environment, systems can have the following roles:

Figure 3-1 shows a domain in which there is a master server, two slave servers, and some clients.

Figure 3-1:  NIS Configuration

By default, NIS distributes the aliases (mail.aliases), group, hosts, netgroup, networks, passwd, protocols, rpc, and services databases. (The mail.aliases and netgroup databases are created exclusively for NIS.) You can also create and distribute the enhanced security extended profile database, and site-specific customized databases, such as NFS Automount and AutoFS maps.

To configure NIS with support for enhanced security, and optionally create secure versions of NIS maps, carefully read the instructions in the Creating and Maintaining Accounts chapter of the Security guide before proceeding with the setup described in this chapter. For information on creating Automount and AutoFS maps for distribution by NIS, see Appendix A. For information on creating and distributing other site-specific NIS maps, see the Section 3.4.6.

3.2    Planning NIS

This section describes the tasks you must complete before configuring NIS.

3.2.1    Verifying That the Additional Networking Services Subset is Installed

For NIS servers, verify that the Additional Networking Services subset is installed by entering the following command: 

# setld -i | grep OSFINET

If the subset is not installed, install it by using the setld command. For more information on installing subsets, see setld(8) or the Installation Guide.

3.2.2    Preparing for the Configuration

Figure 3-2 shows the NIS Setup Worksheet, which you can use to record the information required to configure NIS. If you are viewing this manual online, you can use the print feature to print a copy of this worksheet. The following sections explain the information you need to record on the worksheet.

Figure 3-2:  NIS Setup Worksheet

Domain name

The domain name (1 to 31 alphanumeric characters). All systems in the domain must declare the same domain name.

An NIS domain is an administrative entity that consists of a master server, one or more slave servers, and numerous clients. All systems in a domain share the same set of NIS database files.

Note

An NIS domain name is not the same as a DNS domain name. Furthermore, an NIS domain name is case-sensitive. Be very careful when specifying it. If you configure the system with an incorrect NIS domain name, all NIS-related operations (such as logging in and ls -l commands) hang for several minutes, then fail.

NIS runs on each system in your network. You must decide what role each system will play within the NIS domain that you are creating. Select one host to be the master server; there can be only one master server for each domain. Select one or more hosts to be slave servers. The rest of the hosts can run as NIS clients. (The master server and all slave servers are also considered to be NIS clients.)

Once you have determined a role for each system, fill in the remainder of the worksheet as specified in the following sections.

3.2.2.1    Master Server

Database files for NIS maps

The files you want to make into NIS maps. Choose from the following list:

/var/yp/src/mail.aliases file

The mail.aliases file, which is based on the /var/adm/sendmail/aliases file, defines network-wide mail aliases. If you want to define and distribute mail aliases on your network, check Yes; otherwise, check No.

If you choose not to create a mail.aliases file, the nissetup script issues an informational message that it cannot find the mail.aliases file while it is building the NIS maps. For information on defining mail aliases, see aliases(4).

/var/yp/src/netgroup file

The netgroup file defines network-wide groups and is used for permission checking when doing remote mounts, remote logins, and remote shells. If you want to define and distribute netgroup information on your network, check Yes; otherwise, check No.

If you choose not to create a netgroup file, the nissetup script issues an informational message that it cannot find the netgroup file while it is building the NIS maps. For information on defining network groups, see netgroup(4).

Setup options

The list of setup options for master servers is as follows. Write the options you want to use in the appropriate place in the worksheet.

Slave name

The name of each slave server in the domain.

IP address

The IP address of each slave server in the domain.

3.2.2.2    Slave Server

Setup options

The list of setup options for slave servers is as follows. Write the options you want to use in the appropriate place in the worksheet.

Master name

The host name of the master server in your domain.

IP address

The IP address of the master server in your domain.

Slave name

The name of another slave server in your domain. Specify several servers.

IP address

The IP address of a slave server in your domain.

3.2.2.3    Client

Setup options

The list of setup options for clients is as follows. Write the options you want to use in the appropriate place in the worksheet.

Server name

The name of a master or slave server in your domain. Specify several servers.

3.3    Configuring NIS

Use the SysMan Menu application of the Common Desktop Environment (CDE) Application Manager to configure NIS on master servers, slave servers, and clients. To invoke the SysMan Menu application, follow the instructions in Section 1.2.1.

3.3.1    Configuring an NIS Master Server

You must configure the NIS master server before you configure the other systems. Prior to using the SysMan Menu or the nissetup script, you must log in as root and complete the following tasks:

  1. Copy into the /var/yp/src directory the local /etc files that you intend to make into NIS maps for distribution. If a file is absent from the /var/yp/src directory while it is building the default NIS maps, the nissetup script issues an informational message that it could not find that particular file and continues building the maps.

    Note

    If you copied the passwd file into the /var/yp/src directory, remove the root entry from the file.

  2. Optionally, create the /var/yp/src/mail.aliases file. If you already have a /var/adm/sendmail/aliases file on your local system, you can copy it to the /var/yp/src directory and edit it, if necessary. For information on the format of this file, see aliases(4).

  3. Optionally, create the /var/yp/src/netgroup file. For information on the format of this file, see netgroup(4).

  4. Edit the /var/yp/Makefile file.

    If you are using the NIS master server to serve the /etc/auto.master and /etc/auto.home maps for Automount or AutoFS, you must remove the comment sign (#) from the beginning of each of the following lines. These lines were added to the Makefile for use by the automount and autofsd daemons. 

       
    .
    .
    .
    #all: passwd group hosts networks rpc services protocols netgroup \
#     aliases auto.home auto.master
   
    .
    .
    .
    #$(YPDBDIR)/$(DOM)/auto.home.time: $(DIR)/auto.home
#        -@if [ -f $(DIR)/auto.home ]; then \
#               $(SED) -e "/^#/d" -e s/#.*$$// $(DIR)/auto.home | \
#               $(MAKEDBM) -a $(METHOD) - $(YPDBDIR)/$(DOM)/auto.home; \
#               $(TOUCH) $(YPDBDIR)/$(DOM)/auto.home.time; \
#               $(ECHO) "updated auto.home"; \
#               if [ ! $(NOPUSH) ]; then \
#                       $(YPPUSH) auto.home; \
#                       $(ECHO) "pushed auto.home"; \
#               else \
#                       : ; \
#               fi \
#       else \
#               $(ECHO) "couldn't find $(DIR)/auto.home"; \
#       fi
#
#$(YPDBDIR)/$(DOM)/auto.master.time: $(DIR)/auto.master
#        -@if [ -f $(DIR)/auto.master ]; then \
#              $(SED) -e "/^#/d" -e s/#.*$$// $(DIR)/auto.master | \
#               $(MAKEDBM) -a $(METHOD) - $(YPDBDIR)/$(DOM)/auto.master; \
#               $(TOUCH) $(YPDBDIR)/$(DOM)/auto.master.time; \
#               $(ECHO) "updated auto.master"; \
#               if [ ! $(NOPUSH) ]; then \
#                       $(YPPUSH) auto.master; \
#                       $(ECHO) "pushed auto.master"; \
#               else \
#                       : ; \
#               fi \
#       else \
#               $(ECHO) "couldn't find $(DIR)/auto.master"; \
#       fi
   
    .
    .
    .
    #auto.home: $(YPDBDIR)/$(DOM)/auto.home.time
#auto.master: $(YPDBDIR)/$(DOM)/auto.master.time
   
    .
    .
    .
    #$(DIR)/auto.home:
#$(DIR)/auto.master:

    Place a comment sign (#) in front of the following lines: 

    all: passwd group hosts networks rpc services protocols netgroup \
aliases

    If you are using the NIS master server to serve other site-specific maps, you must add entries for the maps to the Makefile. See Section 3.4.8.1 for information on adding entries for site-specific NIS maps, other than the /etc/auto.master and /etc/auto.home maps, to the /var/yp/Makefile file.

  5. Copy the auto.master and auto.home maps, or any other site-specific maps, to the /var/yp/src directory. For information on creating Automount or AutoFS maps, see Appendix A. For information on creating other site-specific maps, see the Section 3.4.8.1.

To continue to set up the master server, invoke the SysMan Menu as documented in Section 1.2.1 and do the following:

  1. From the SysMan Menu, select Networking-->Additional Network Services-->Configure Network Information Service (NIS). SysMan Menu invokes the nissetup script.

    Alternatively, enter the following command on a command line: 

    # /usr/bin/sysman nis

    A message reminds you that your network must be established before setting up NIS, and that in order to set up an NIS server you must have the Additional Networking Services subset installed.

  2. Enter c to continue.

  3. Press Return following the script's explanation of nissetup, and then press Return again after the script explains the three types of systems in an NIS domain.

  4. Enter and confirm your system's case-sensitive NIS domain name.

  5. Choose option 1 to indicate that you are configuring the master server.

  6. Following the nissetup script's explanation that there can be only one master server configured for each NIS domain, enter c and indicate whether or not you want to run the yppasswdd daemon. It is best to run the yppasswdd daemon on the NIS master server.

  7. Indicate whether or not you intend to use enhanced security with NIS.

  8. Indicate whether or not you want your NIS maps to be maintained as btree files.

  9. Enter the names of hosts that will be slave servers for this domain. If you enter a host name that is not listed in the master server's /etc/hosts file, the nissetup script prompts you for its IP address. 

    Enter the names of the SLAVE servers in the test_domain domain.
Press Return to terminate the list.
 
   Host name of slave server: host2
   Host name of slave server: host3
      Cannot find host3 in the file /etc/hosts.
      To add host3 to the /etc/hosts file you MUST
                know host3's Internet (IP) address.
 
  Would you like to add host3 to the /etc/hosts file
        (y/n) [y]? y
 
  What is host3's Internet (IP) address [no default] ? 
     120.105.1.28
 
  Is 120.105.1.28 correct (y/n) [no default] ? y
 
   Hostname of slave server: [Return]

    The nissetup script displays the list of servers that you entered. You can redo the list to correct errors or continue with the setup procedure.

    The nissetup script then creates the default NIS maps, displaying messages similar to the following as it does: 

    Creating default NIS maps.  Please wait...
updated passwd
updated group
updated hosts
updated networks
updated rpc
updated services
updated protocols
updated netgroup
Finished creating default NIS maps.

  10. Indicate whether or not you want to use the -s security option.

    If you choose to run NIS with the -s option, the ypbind process runs in a secure mode. It is best to use this option.

  11. Indicate whether or not you want to use the -S security option.

    It is best to use this option. If you choose to run NIS with the -S option, you must enter the names of up to four NIS servers.

    If you enter the name of a server that is not listed in the system's /etc/hosts file, the nissetup script prompts you for its IP address. When you are done entering the list of servers, press Return on a blank Server n name field and enter c to continue configuring NIS on your system.

  12. Indicate whether or not you want to allow ypset requests on your system.

    It is best to disallow all ypset requests. Press Return to accept the default, and confirm your choice.

  13. Indicate whether or not you want your system to use all of the NIS databases served by the master server.

    It is best to use all of the NIS databases.

    If you choose to use all of the NIS databases, the nissetup script edits the /etc/svc.conf file to include the string yp for each database. It also edits the /etc/passwd and /etc/group files to include a plus sign followed by a colon (+:) at the end of each file. This enables your system to use NIS for each database listed. This symbol enables the files to be distributed by NIS. Continue with step 16.

    If you choose not to use all of the NIS databases, enter n and continue with the next step.

  14. Indicate whether or not you want to add a plus sign followed by a colon (+:) to the end of the local /etc/passwd or /etc/group files.

    For your system to use the NIS-served passwd database, group database, or both, +: must be the last line in the file or files you want served by NIS. This applies to the passwd and group databases only.

    Note

    The service order selection for the passwd and group databases is handled by the Security Integration Architecture (SIA). If BSD is selected for passwd and group information in the /etc/sia/matrix.conf file, only the +: is required for your system to search NIS.

  15. Indicate whether or not you want the nissetup script to invoke the svcsetup script.

    If you answer yes, the nissetup script invokes the svcsetup script, which allows you to modify the database services selection file (the svc.conf file). See Section 3.3.4 for information on modifying the svc.conf file.

    If you answer no, the nissetup script continues. You must edit the svc.conf file later if you want your system to use NIS to obtain database information other than passwd and group information.

  16. Indicate whether or not to start the NIS daemons automatically.

    If you answer yes, nissetup starts the daemons.

    If you answer no, use the following command to start the daemons manually after nissetup exits and returns you to the system prompt (#): 

    # /sbin/init.d/nis start

3.3.2    Configuring a Slave Server

To configure a slave server, invoke the SysMan Menu as documented in Section 1.2.1 and do the following:

  1. From the SysMan Menu, select Networking-->Additional Network Services-->Configure Network Information Service (NIS). SysMan Menu invokes the nissetup script.

    Alternatively, enter the following command on a command line: 

    # /usr/bin/sysman nis

  2. A message reminds you that your network must be established before setting up NIS, and that in order to set up an NIS server you must have the Additional Networking Services subset installed. Enter c to continue.

  3. Press Return following the script's explanation of nissetup, and then press Return again after the script explains the three types of systems in an NIS domain.

  4. Enter and confirm your system's case-sensitive NIS domain name.

  5. Choose option 2 to indicate that you are configuring a slave server.

  6. Enter c to continue following the nissetup script's explanation that the master server's list must include each slave server, and that the master server must be established in order for maps to be copied to the slave server.

  7. Enter the name of the master server for your domain.

  8. Indicate whether or not you intend to use enhanced security with NIS.

  9. Indicate whether or not you want your NIS maps to be maintained as btree files.

    After you indicate your choice, the script copies the default NIS maps from the master NIS server.

  10. Indicate whether or not you want to use the -s security option.

    If you choose to run NIS with the -s option, the ypbind process runs in a secure mode. It is best to use this option.

  11. Indicate whether or not you want to use the -S security option.

    It is best to use this option. If you choose to run NIS with the -S option, you must enter the names of up to four NIS servers.

    If you enter the name of a server that is not listed in the system's /etc/hosts file, the nissetup script prompts you for its IP address. When you are done entering the list of servers, press Return in a blank Server n name field and enter c to continue configuring NIS on your system.

  12. Indicate whether or not you want to allow ypset requests on your system.

    It is best to disallow all ypset requests. Press Return to accept the default and confirm your choice.

  13. Indicate whether or not you want your system to use all of the NIS databases served by the master server.

    It is best to use all of the NIS databases.

    If you choose to use all of the NIS databases, the nissetup script edits the /etc/svc.conf file to include the string yp for each database. It also edits the /etc/passwd and /etc/group files to include a plus sign followed by a colon (+:) at the end of each file. This enables your system to use NIS for each database listed. This symbol enables the file to be distributed by NIS. Continue with step 16.

    If you choose not to use all of the NIS databases, enter n and continue with the next step.

  14. Indicate whether or not you want to add +: to the end of the local /etc/passwd or /etc/group files.

    For your system to use the NIS-served passwd database, group database, or both, +: must be the last line in the file or files you want NIS to serve. This applies to the passwd and group databases only.

    Note

    The service order selection for the passwd and group databases is handled by the Security Integration Architecture (SIA). If BSD is selected for passwd and group information in the /etc/sia/matrix.conf file, the +: is required only for your system to search NIS.

  15. Indicate whether or not you want the nissetup script to invoke the svcsetup script.

    If you answer yes, the nissetup script invokes the svcsetup script, which allows you to modify the database services selection file (the svc.conf file). See Section 3.3.4 for information on modifying the svc.conf file.

    If you answer no, the nissetup script continues. You must edit the svc.conf file later if you want your system to use NIS to obtain database information other than passwd and group information.

  16. Indicate whether or not to start the NIS daemons automatically.

    If you answer yes, nissetup starts the daemons.

    If you answer no, use the following command to start the daemons manually after nissetup exits and returns you to the system prompt (#): 

    # /sbin/init.d/nis start

3.3.3    Configuring an NIS Client

To configure an NIS client, invoke the SysMan Menu as documented in Section 1.2.1 and do the following:

  1. From the SysMan Menu, select Networking-->Additional Network Services-->Configure Network Information Service (NIS). SysMan Menu invokes the nissetup script.

    Alternatively, enter the following command on a command line: 

    # /usr/bin/sysman nis

  2. A message reminds you that your network must be established before setting up NIS, and that in order to set up an NIS server you must have the Additional Networking Services subset installed. Enter c to continue.

  3. Press Return following the script's explanation of nissetup, and then press Return again after the script explains the three types of systems in an NIS domain.

  4. Enter and confirm your system's case-sensitive NIS domain name.

  5. Press Return to accept the default that you are configuring a client.

  6. Enter c to continue following the nissetup script's warning that at least one server must be configured for this domain.

  7. Indicate whether or not you want to use the -s security option.

    If you choose to run NIS with the -s option, the ypbind process runs in a secure mode. It is best to use this option.

  8. Indicate whether or not you want to use the -S security option.

    It is best to use this option. If you choose to run NIS with the -S option, you must enter the names of up to four NIS servers.

    If you enter the name of a server that is not listed in the system's /etc/hosts file, the nissetup script prompts you for its IP address. When you are done entering the list of servers, press Return in a blank Server n name field and enter c to continue configuring NIS on your system.

  9. Indicate whether or not you want to allow ypset requests on your system.

    It is best to disallow all ypset requests. Press Return to accept the default, and confirm your choice.

  10. Indicate whether or not you want your system to use all of the NIS databases served by the master server.

    It is best to use all of the NIS databases.

    If you choose to use all of the NIS databases, the nissetup script edits the /etc/svc.conf file to include the string yp for each database. It also edits the /etc/passwd and /etc/group files to include a plus sign followed by a colon (+:) at the end of each file. This enables your system to use NIS for each database listed. This symbol enables the file to be distributed by NIS. Continue with step 13.

    If you choose not to use all of the NIS databases, enter n and continue with the next step.

  11. Indicate whether or not you want to add +: to the end of the local /etc/passwd or /etc/group files.

    For your system to use the NIS served passwd database, group database, or both, +: must be the last line in the file or files you want served by NIS. This applies to the passwd and group databases only.

    Note

    The service order selection for the passwd and group databases is handled by the Security Integration Architecture (SIA). If BSD is selected for password and group information in the /etc/sia/matrix.conf file, the +: is required only for your system to search NIS.

  12. Indicate whether or not you want the nissetup script to invoke the svcsetup script.

    If you answer yes, the nissetup script invokes the svcsetup script, which allows you to modify the database services selection file (the svc.conf file). See Section 3.3.4 for information on modifying the svc.conf file.

    If you answer no, the nissetup script continues. You must edit the svc.conf file later if you want your system to use NIS to distribute database information other than password and group information.

  13. Indicate whether or not to start the NIS daemons automatically.

    If you answer yes, nissetup starts the daemons.

    If you answer no, use the following command to start the daemon manually after nissetup exits and returns you to the system prompt (#): 

    # /sbin/init.d/nis start

3.3.4    Modifying the svc.conf File with svcsetup

If you choose not to use NIS for all of the default databases, you can edit the /etc/svc.conf file with the svcsetup script. If you answer yes when nissetup asks if you want to run svcsetup, it invokes the svcsetup script. Use the following procedure to edit the /etc/svc.conf file:

  1. Press Return to choose the m option from the Configuration Menu.

  2. Enter the numbers from the Change Menu that correspond to the databases whose entries you want to modify.

  3. Enter the number that corresponds to the order in which you want to query the services on your system.

    If you choose the default (2), the local /etc files are searched first for the requested information. If the information is not found locally, then an NIS server is queried. This choice is valid for all of the databases that NIS serves.

    To have NIS serve hosts information if your system is also having hosts information served by DNS, choose either option 5 (local,bind,yp) or option 6 (bind,local,yp) for the hosts database. Note that options 3 (local,bind), 4 (bind,local), 5, and 6 are valid for the hosts database only.

3.3.5    Modifying or Removing an NIS Configuration

If you configure NIS and run the nissetup script, you can modify or remove the NIS configuration.

If you choose to modify the NIS configuration, the nissetup script proceeds as described in Section 3.3.1 to Section 3.3.3, resulting in a new configuration.

If you choose to remove the NIS configuration, the nissetup script prompts you to verify your choice, then removes the NIS information from the following files:

3.4    Managing an NIS Server

This section describes how to perform the following NIS server tasks:

3.4.1    Adding an NIS Slave Server to a Domain

Adding a slave server to a domain enables the slave server to receive updated NIS maps from the master server and serve them to NIS clients in a domain.

To add an NIS slave server to a domain, do the following:

  1. Set up the system as a slave server. See Section 3.3.2 for information on setting up a slave server.

  2. Log in to the NIS master server as root.

  3. Change to the /var/yp directory by using the cd command.

  4. Undo the ypservers map and direct the output to a file by using the following command: 

    # makedbm -u domainname/ypservers > filename

  5. Edit the file and add the host name of the slave server.

  6. Build a new ypservers map by using the makedbm command as follows: 

    # makedbm filename ypservers

    You can combine steps 4, 5, and 6 into one command line. See the example at the end of this procedure.

  7. Move the ypservers.dir and ypservers.pag map files to the domain subdirectory.

  8. Distribute the updated ypservers map to the slave servers by using the yppush command.

  9. Edit the NIS master server's master hosts file and add an entry for the slave server, if it is not already in the hosts file. Then update the map by entering the make command. The make command also distributes the updated map.

See makedbm(8) for more information on building maps.

The following example (illustrating steps 3 through 9) shows how to add slave server host8 to domain market: 

# cd /var/yp
# /var/yp/makedbm -u market/ypservers ; echo host8\  [1]
 |/var/yp/makedbm - tmpmap
# mv tmpmap.dir market/ypservers.dir  [2]
# mv tmpmap.pag market/ypservers.pag
# yppush ypservers  [3]
# vi /var/yp/src/hosts  [4]
   
.
.
.
# make hosts  [5]

  1. Represents the combination of steps 4, 5, and 6 in the preceding procedure. The output from the makedbm command with the -u option is displayed and the new server name, host8, is echoed on standard output to add it to the file. Then, the output is piped back into the makedbm command to build a new map named tmpmap.

    Note

    You can type these lines as one command even if the command wraps on your screen, or you can use the backslash escape character (\), as shown.

    [Return to example]

  2. Moves the tmpmap.dir and tmpmap.pag map files to the domain market subdirectory and renames them as ypservers map files. [Return to example]

  3. Distributes the updated map to the slave servers. [Return to example]

  4. Adds a new host to the hosts NIS map on the master server. [Return to example]

  5. Updates the map and distributes the updated map to the slave servers. [Return to example]

Section B.1 contains a sample script you can copy that performs the steps involved in adding a slave server to a domain. You still have to set up the slave server and edit the master server's hosts file, adding a slave server entry, if necessary.

3.4.2    Removing an NIS Slave Server from the Domain

Removing a slave server from a domain means that the system will no longer receives updated NIS maps from the master server and serve them to NIS clients in a domain.

To remove an NIS slave server from the domain, do the following:

  1. Log in to the NIS slave server.

    If the system will be an NIS client, configure it as an NIS client by using nissetup. See Section 3.3.3 for more information.

    If the system will no longer use NIS, disable NIS in the /etc/rc.config.common file by using the following command: 

    # /usr/sbin/rcmgr -c set NIS_CONF NO

  2. Log in to the NIS master server as root.

  3. Change to the /var/yp directory by using the cd command.

  4. Undo the ypservers map and direct the output to a file by using the following command: 

    # makedbm -u ypservers > filename

  5. Edit the file and remove the host name of the slave server.

  6. Build a new map by using the makedbm command as follows: 

    # makedbm filename ypservers

    You can combine steps 4, 5, and 6 into one command line. See the example following this procedure.

  7. Move the ypservers.dir and ypservers.pag map files to the domain subdirectory.

  8. Distribute the updated ypservers map to the slave servers by using the yppush command.

See makedbm(8) for more information on building maps.

The following example (illustrating steps 4 through 8) shows how to remove slave server host4 from domain market: 

# cd /var/yp
# /var/yp/makedbm -u market/ypservers |\  [1]
 grep -v host4 | /var/yp/makedbm - tmpmap
# mv tmpmap.dir market/ypservers.dir  [2]
# mv tmpmap.pag market/ypservers.pag
# yppush ypservers  [3]

  1. Represents the combination of steps 4, 5, and 6 in the preceding procedure. The output from the makedbm command with the -u option is piped into grep with the -v option to display all lines except the one containing the slave server name (host4). Then, the output is piped back into the makedbm command to build a new map named tmpmap.

    Note

    You can type these lines as one command even if the command wraps on your screen, or you can use the backslash escape character (\), as shown.

    [Return to example]

  2. Moves the tmpmap.pag and tmpmap.dir map files to the domain market subdirectory and renames them as ypservers map files. [Return to example]

  3. Distributes the updated map to the slave servers. [Return to example]

Section B.2 contains a sample script you can copy that performs the steps involved in removing a slave server from a domain. You still have to reconfigure the slave server as an NIS client or as a system that does not use NIS.

3.4.3    Adding a New User to an NIS Domain

Adding a new user to an NIS domain adds the user's account information to the passwd map and allows the user to participate in the NIS environment. A user has only one password on all systems that use NIS for their passwd map.

To add a new user to an NIS domain, invoke the SysMan Menu on the NIS master server, as documented in Section 1.2.1, and do the following:

  1. From the SysMan Menu, select Accounts-->Manage NIS Users to display the Manage NIS Users dialog box.

    Alternatively, enter the following command on a command line: 

    # /usr/bin/sysman nis_users

  2. Select Add to display the Add a User dialog box.

  3. Enter the user name, user ID, and password for the new user.

  4. Select a primary group for the user:

    1. Select Choose to open the Primary Group dialog box.

    2. Select one group from the list of groups. Then, select OK to close the Primary Group dialog box.

  5. Enter a secondary group for the user, if necessary.

  6. Select a shell for the user.

    1. Select Choose to open the Shells dialog box.

    2. Select a shell from the pull-down menu. Then, select OK to close the Primary Group dialog box.

  7. Deselect the Create Home Directory check box if you do not want the system to create a home directory for the user. By default, the system creates a directory for the user in the /usr/users directory.

    If you choose to allow the system to create the user's home directory, you can specify an alternate location for the directory in the Home Directory field.

  8. Enter comments for the account, if necessary. For example, at a college, you could use this field to indicate that a new account is temporary for a visiting professor.

  9. Deselect the Lock Account check box to unlock the account. Unlocking the account gives the user permission to log in and use the account.

  10. Select OK to create the user's account. You are informed that the account has been created. Select OK to dismiss the confirmation message and to close the Add a User dialog box.

  11. Select Exit to close the Manage NIS Users dialog box.

  12. Create the user's home directory if you did not allow the utility to create it for you. Then, set up the user's environment. See the System Administration manual for more information.

You can also modify and delete NIS user accounts with the SysMan Menu. See the online help for more information.

If you prefer, you can use the dxaccounts or useradd utilities to administer NIS users. See the online help and useradd(8) for more information.

3.4.4    Adding a New Group to an NIS Domain

Adding a group to an NIS domain adds the group and all of its registered users to the group map. To add a new group to an NIS domain, invoke the SysMan Menu on the NIS master server, as documented in Section 1.2.1, and do the following:

  1. From the SysMan Menu, select Accounts-->Manage NIS Groups to display the Manage NIS Groups dialog box.

    Alternatively, enter the following command on a command line: 

    # /usr/bin/sysman nis_groups

  2. Select Add to display the Add a Group dialog box.

  3. Enter the group name and group ID for the new group.

  4. Select one or more users who will be in the group from the Members list.

  5. Select OK to create the group. You are informed that the group has been created. Select OK to dismiss the confirmation message and to close the Add a Group dialog box.

  6. Select Exit to close the Manage NIS Groups dialog box.

You can also modify and delete NIS groups with the SysMan Menu. See the online help for more information.

If you prefer, you can use the dxaccounts or groupadd utilities to administer NIS groups. See the online help and groupadd(8) for more information.

3.4.5    Updating an NIS Map

Updating an NIS map involves making changes to an NIS map's master file, updating the Makefile file (if the map is not listed), and building and distributing the new map. Entries for the following standard maps are included in the Makefile file:

The master files are located in the /var/yp/src directory on the NIS master server.

To update an NIS map, do the following:

  1. Log in to the NIS master server as root.

  2. Change to the /var/yp directory by using the cd command.

  3. Modify the Makefile file, if no entry exists in the /var/yp/Makefile file for the map you want to update.

    See Section 3.4.8 for information on modifying the Makefile file.

  4. Change to the /var/yp/src directory by using the cd command.

  5. Edit the master file of the map you want to update and make your changes.

  6. Change to the /var/yp directory by using the cd command.

  7. Update and distribute the map by using the make command as follows: 

    # make map_name

The following example (illustrating steps 4 through 7) shows how to update the hosts map: 

# cd var/yp/src  [1]
# vi hosts  [2]
   
.
.
.
# cd /var/yp  [3]
# make hosts  [4]

  1. Changes to the /var/yp/src directory. [Return to example]

  2. Opens the /var/yp/src/hosts file for editing. [Return to example]

  3. Changes to the /var/yp directory. [Return to example]

  4. Updates the map and distributes it to the slave servers. [Return to example]

3.4.6    Adding an NIS Map to a Domain

Adding an NIS map to a domain allows the database information to be distributed throughout an NIS domain. You can create and distribute maps for any information you want to distribute.

To add an NIS map to a domain, do the following:

  1. Log in to the NIS master server as root.

  2. Create a master file for your new map.

    A master file is an ASCII text file containing individual entries. Each entry has fields separated by spaces. Some of these fields are used to build a key to each entry. Review some of the master files in the /var/yp/src directory to better understand the structure of a master file.

  3. If you are using NIS to distribute NFS Automount or AutoFS maps, create a file named auto.master in the /var/yp/src directory. If the file exists, add an entry for the map you want to distribute.

    See Section 4.1.2 and Appendix A for more information on the auto.master map.

  4. Edit /var/yp/Makefile file to include the new map in the default set of maps.

    See Section 3.4.8 for information on modifying the Makefile file.

  5. Change to the /var/yp directory by using the cd command.

  6. Update the map by using the make command as follows: 

    # make map_name

The following example adds the phonelist map to a domain: 

# vi /var/yp/src/phonelist  [1]
   
.
.
.
# vi /var/yp/Makefile  [2]
   
.
.
.
# cd /var/yp  [3]
# make phonelist  [4]

  1. Creates a phonelist master file on the master server. [Return to example]

  2. Opens the Makefile file for editing. [Return to example]

  3. Changes to the /var/yp directory. [Return to example]

  4. Updates the map and distributes the updated map to the slave servers. [Return to example]

3.4.7    Removing an NIS Map from a Domain

Removing an NIS map from a domain prevents the database information from being distributed throughout an NIS domain.

To remove an NIS map from a domain, do the following:

  1. Log in to the NIS master server as root.

  2. If you are using NIS to distribute NFS Automount or AutoFS maps, delete the entry for the map you no longer want distributed from the auto.master file in the /var/yp/src directory.

    See Section 4.1.2 and Appendix A for more information on the auto.master map.

  3. Edit the /var/yp/Makefile file to remove the map from the default set of maps.

    See Section 3.4.8 for information on modifying the Makefile file.

3.4.8    Modifying the /var/yp/Makefile File

Modifying the Makefile file means adding or deleting database entries in the /var/yp/Makefile file on the NIS master server. By adding a database entry to the Makefile file, you indicate that you want a map produced for the specific database when you use the make command. By deleting a database entry, you indicate that you do not want a map produced for the specific database.

As you edit the /var/yp/Makefile file, remember the following:

3.4.8.1    Adding an Entry

To add an entry to the Makefile file, do the following:

  1. Log in to the NIS master server as root.

  2. Edit the /var/yp/Makefile file and add the database name to the line beginning with all:. Next, add a line with the following format to the end of the file: 

    database_name:database_name.time
 

    Finally, add an entry with the following format to the middle of the file: 

    database_name.time: various_commands

    To simplify the creation of this entry, copy the auto.home.time: entry in the file and make the necessary database name changes.

  3. If you are using NIS to distribute NFS Automount or AutoFS maps, uncomment any line that contains the auto.master string by deleting the comment character (#) that precedes it.

The following example shows the phonelist database added to the /var/yp/Makefile file. There is a tab character preceding the netgroup database name in the all: line. 

all: passwd group hosts networks rpc services protocols \
        netgroup aliases phonelist
   
.
.
.
$(YPDBDIR)/$(DOM)/phonelist.time: $(DIR)/phonelist
 	     -@if [-f $(DIR)/phonelist ]; then \
	           $(SED) -e "/^#/d" -e s/#.*$$// $(DIR)/phonelist | \
	           $(MAKEDBM) -a $(METHOD) - $(YPDBDIR)/$(DOM)/phonelist; \
	           $(TOUCH) $(YPDBDIR)/$(DOM)/phonelist.time; \
	           $(ECHO) "updated phonelist"; \
	           if [ ! $(NOPUSH) ]; then \
	                   $(YPPUSH) phonelist; \
	                   $(ECHO) "pushed phonelist"; \
	           else \
	                   : ; \
	           fi \
	else \
	           $(ECHO) "couldn't find $(DIR)/phonelist"; \
	fi   
.
.
.
phonelist: phonelist.time

3.4.8.2    Deleting an Entry

To delete an entry from the Makefile file, do the following:

  1. Log in to the NIS master server as root.

  2. Edit the /var/yp/Makefile file, delete the database name from the line beginning with all:, and delete the line beginning with the database name (database_name:).

    Instead of deleting the database line, you can comment out the line by adding a comment character (#) to the beginning of the line.

3.4.9    Restricting Access to NIS Data

By default, the ypserv and ypxfrd daemons provide NIS information to anyone with network access to an NIS server who makes a request. However, you can restrict NIS database access to only those hosts in subnets you specify by completing the following steps:

  1. Log in to the NIS server as root.

  2. Create a /var/yp/securenets file.

  3. Edit the /var/yp/securenets file and add an entry for each subnet from which the NIS server is to accept NIS requests. The format of each file entry is as follows: 

    subnet_mask subnet_ip_address

    For example: 

    255.255.0.0  128.30.0.0  [1]
255.255.255.0 128.211.10.0  [2]
255.255.255.255 128.211.5.6  [3]

    1. Allows IP addresses that are within the subnet 128.30 range to access the NIS files. The network mask is 255.255.0.0 and the corresponding network address is 128.30.0.0. [Return to example]

    2. Allows IP addresses that are within the subnet 128.211.10 range to access the NIS files. [Return to example]

    3. Allows one host with the IP address 128.211.5.6 to access the NIS files. [Return to example]

  4. Save the file.

If the file does not exist or contains no entries, the server accepts any NIS request.

If the file exists and contains entries, the ypserv and ypxfrd daemons read the /var/yp/securenets file during initialization. When an NIS request is received, the requester's IP address is compared to the subnets in the /var/yp/securenets file. If it matches, the request is processed. If it does not match, NIS silently discards the request. No message is logged (because malicious users could use these messages to fill up a system's disk).

On the system making the NIS request, NIS commands such as ypcat terminate with no error message. If a user is trying to log in to a system, the login times out after many retries.

Note

If the /var/yp/securenets file is modified, you must kill and restart the ypserv and ypxfrd daemons.

You can also use a /var/yp/securenets file to restrict access to NIS data on a slave server. However, the NIS slave server's IP address must be in the authorization range of entries in the /var/yp/securenets file of the NIS master.

3.5    Managing an NIS Client

This section describes how to perform the following NIS client management tasks:

3.5.1    Changing an NIS Password

To change a user's password in the NIS passwd map, use the yppasswd command. If you receive an error message, ask the system administrator on the master server to verify that the rpc.yppasswdd daemon on the NIS master server is running.

If you try to change an NIS-distributed password with the passwd command, you receive the following error message: 

Not in passwd file.

The root password is local and not in the NIS file. To change the root password, use the passwd command.

See yppasswd(1) and rpc.yppasswdd(8) for further information.

3.5.2    Obtaining NIS Map Information

NIS map information includes the following:

To obtain NIS map information, issue one of the commands listed in Table 3-1.

Table 3-1:  NIS Map Information Commands

Command Action
ypcat Prints values from an NIS database
ypwhich Prints the name of the host that is the current NIS server or map master
ypmatch Prints the values of one or more keys from an NIS map

Use the -x option with any of the commands shown in Table 3-1 to list all the map nicknames.

See ypcat(1), ypwhich(1), and ypmatch(1) for more information about these commands.

The following command lists all available maps and their master servers: 

# ypwhich -m

The following command lists all values in the hosts map: 

# ypcat hosts

The following command lists all occurrences in the hosts map that have the key apple: 

# ypmatch apple hosts

The following command lists all occurrences in the hosts map that have the name jones associated with them. The name jones is not a key in this map. 

# ypcat hosts | grep jones