 |
Index for
Section 7 |
|
 |
Alphabetical
listing for N |
|
 |
Bottom of
page |
|
nis_manual_setup(7)
NAME
nis_manual_setup - Describes how to manually set up the Network Information
Service (NIS)
DESCRIPTION
Setting up NIS includes configuring the following:
· Master server
· Slave servers
· Clients
Note
You must have the Additional Networking Services subset installed to
create an NIS master or slave server.
To configure NIS with support for enhanced security, and optionally create
secure versions of NIS maps, carefully read the instructions in the
Security Administration guide before proceeding with the setup described in
this reference page.
SETTING UP THE MASTER SERVER
There can be only one master server in an NIS domain. To set up a master
server, log in as superuser and perform the following steps:
1. Create the /var/yp/src/mail.aliases file.
The mail.aliases file defines networkwide mail aliases. Creating this
file is optional. However, if you want to define and distribute mail
aliases on your network, you must create it. If you do not create a
mail.aliases file, when the NIS maps are built, a message telling you
that the mail.aliases file could not be found is displayed on the
screen.
For information on defining mail aliases, see the aliases(4) reference
page.
2. Create the /var/yp/src/netgroup file.
The netgroup file defines networkwide groups and is used for
permission checking when doing remote mounts, remote logins, and
accessing remote shells. Creating this file is optional. However, if
you want to define and distribute network group information on your
network, you must create it. If you do not create a netgroup file,
when the NIS maps are built, a message telling you that the netgroup
file could not be found is displayed on the screen.
For information on defining network groups, see the netgroup(4)
reference page.
3. Copy into the /var/yp/src directory the local /etc files that you
intend to make into NIS maps for distribution. Be sure that the
information in the files is up to date.
When the default set of NIS maps is created, the following file names
are recognized in the /var/yp/src directory: aliases, group, hosts,
mail.aliases, netgroup, networks, passwd, protocols, rpc, and
services. If you do not want to distribute one of the default maps, do
not copy the local /etc file for it into the /var/yp/src directory.
If a file is absent from the /var/yp/src directory, when the NIS maps
are built, a message telling you that the file could not be found is
displayed on the screen.
4. Remove the entry for root from the passwd file after you copy it into
the /var/yp/src directory.
5. Copy Automount and AutoFS maps, or other site-specific maps, into the
/var/yp/src directory. For information on creating these maps, see
the Network Administration: Services manual.
6. Create the domain directory by entering the following command,
replacing test_domain with the name of your domain:
# mkdir /var/yp/test_domain
Note
A NIS domain name is not the same as a BIND domain name. If you
configure the system with an incorrect NIS domain name, all NIS-
related operations (such as logging in and the ls -l command) hang
for several minutes, then fail.
7. Determine the appropriate method for building the NIS maps. The
available database formats are as follows:
· btree (b) -- Recommended when creating and maintaining very large
maps.
· dbm/ndbm (d) -- For backward compatibility. This is the default.
· hash (h) -- A potentially quicker method for managing small maps.
Choose a method and set the NIS_SERVERARGS parameter in the
/etc/rc.config.common file by issuing the following command:
# /usr/sbin/rcmgr -c set NIS_SERVERARGS method
Replace method with the letter (b, d, or h) that corresponds to the
database format.
8. Create the ypservers map.
The ypservers map is a list of all of the domain's slave servers. To
create this map, enter the following command:
# /var/yp/makedbm -a method - /var/yp/test_domain/ypservers
slave1 slave1
slave2 slave2
slaveN slaveN
[Ctrl/d]
Replace test_domain with the name of your domain, replace method with
the corresponding letter for the database format as determined in the
previous step, and replace slave1 through slaveN with the names of the
slave servers. (For each entry, you must type the slave server's name
twice, as shown.)
Be sure to include all of the slave servers in your domain. If you add
a slave server to your domain, you must remake this list.
9. Prepare the Makefile to use for creating the maps you want to
distribute throughout the NIS domain.
Open the /var/yp/Makefile file in a text editor and do the following:
a. In the DOM section of the file, set the domain name you have
chosen. For example, if your domain name is market, edit the
/var/yp/Makefile file in the following way:
.
.
#
# ***** DOM must be filled in with the domain name !!
#
DOM=market
.
.
b. Scroll down to the METHOD section of the file and set the same
database format you specified for the NIS_SERVERARGS parameter in
the /etc/rc.config.common file:
.
.
# by default use dbm/ndbm to store and maintain the
# databases other options include, "b" for "btree",
# and "h" for "hash". If you're curious, see dbopen(3),
# btree(3), hash(3). We strongly recommend "b"
# (for btree) for large maps
#
METHOD=method
.
.
Replace method with the letter (b, d, or h) that corresponds to
the appropriate database format. (Note that all of your maps,
including the ypservers map, must be maintained in the same
format.)
c. If you are using the NIS master server to serve the auto.master
map, the auto.home map, or both, you must place a number sign (#)
at the beginning of the following lines to comment them out:
all: passwd group hosts networks rpc services protocols netgroup \
aliases
Then, remove the number sign (#) from the beginning of the
following lines to enable the creation of the auto.master and
auto.home maps:
#all: passwd group hosts networks rpc services protocols netgroup \
# aliases auto.home auto.master
.
.
.
#$(YPDBDIR)/$(DOM)/auto.home.time: $(DIR)/auto.home
# -@if [ -f $(DIR)/auto.home ]; then \
# $(SED) -e "/^#/d" -e s/#.*$$// $(DIR)/auto.home | \
# $(MAKEDBM) -a $(METHOD) - $(YPDBDIR)/$(DOM)/auto.home; \
# $(TOUCH) $(YPDBDIR)/$(DOM)/auto.home.time; \
# $(ECHO) "updated auto.home"; \
# if [ ! $(NOPUSH) ]; then \
# $(YPPUSH) auto.home; \
# $(ECHO) "pushed auto.home"; \
# else \
# : ; \
# fi \
# else \
# $(ECHO) "couldn't find $(DIR)/auto.home"; \
# fi
#
#$(YPDBDIR)/$(DOM)/auto.master.time: $(DIR)/auto.master
# -@if [ -f $(DIR)/auto.master ]; then \
# $(SED) -e "/^#/d" -e s/#.*$$// $(DIR)/auto.master | \
# $(MAKEDBM) -a $(METHOD) - $(YPDBDIR)/$(DOM)/auto.master; \
# $(TOUCH) $(YPDBDIR)/$(DOM)/auto.master.time; \
# $(ECHO) "updated auto.master"; \
# if [ ! $(NOPUSH) ]; then \
# $(YPPUSH) auto.master; \
# $(ECHO) "pushed auto.master"; \
# else \
# : ; \
# fi \
# else \
# $(ECHO) "couldn't find $(DIR)/auto.master"; \
# fi
.
.
.
#auto.home: $(YPDBDIR)/$(DOM)/auto.home.time
#auto.master: $(YPDBDIR)/$(DOM)/auto.master.time
.
.
.
#$(DIR)/auto.home:
#$(DIR)/auto.master:
d. Save the /var/yp/Makefile file and exit the text editor.
10. Create the NIS maps.
Change to the /var/yp directory and enter the make command, as
follows:
# cd /var/yp
# make NOPUSH="Y"
11. Decide whether to run the yppasswdd daemon.
The yppasswdd daemon runs on the master server and allows the master
copy of the password file to be updated remotely by using the yppasswd
command. You should run the yppasswdd daemon on your master server.
If you decide to run the yppasswdd daemon, edit the
/etc/rc.config.common file by issuing the following command:
# /usr/sbin/rcmgr -c set NIS_PASSWDD YES
To complete setting up the master server, see the "Setting Up NIS
Clients" section in this reference page.
SETTING UP SLAVE SERVERS
Use the following procedure to set up a slave server:
1. Create the domain directory by entering the following command,
replacing test_domain with the name of your domain:
# mkdir /var/yp/test_domain
A NIS domain name is not the same as a BIND domain name. If you
configure the system with an incorrect NIS domain name, all NIS-
related operations (such as logging in and ls -l commands) hang for
several minutes, then fail.
2. Copy the master's maps to the slave server.
You must copy each map from the master individually, using the
following command format:
/var/yp/ypxfr -a method -h nis_master -c -d nis_domain mapname
For example, to transfer dbm/ndbm-formatted passwd maps from the
master server, host1, to a slave server, type the following commands.
The domain in this example is shark.
# /var/yp/ypxfr -h host1 -c -d shark passwd.byname
# /var/yp/ypxfr -h host1 -c -d shark passwd.byuid
The /var/yp/nis_domain directory on the master server lists all of the
maps that your slave server can serve. You can also transfer btree
and hash format maps by using the -a switch. See the ypxfr(8)
reference page for more information.
3. Edit the /var/spool/cron/crontabs/root file by adding the following
lines. Note that there should be no blank lines in the
/var/spool/cron/crontabs/root file.
.
.
.
# Network Information Service: SLAVE server entries
30 * * * * sh /var/yp/ypxfr_1perhour
31 1,13 * * * sh /var/yp/ypxfr_2perday
32 1 * * * sh /var/yp/ypxfr_1perday
· The first line is a comment.
· The second line runs the following command once an hour at 30
minutes past the hour:
sh /var/yp/ypxfr_1perhour
· The third line runs the following command twice per day at 01:31
and 13:31:
sh /var/yp/ypxfr_2perday
· The fourth line runs the following command once per day at 01:32:
sh /var/yp/ypxfr_1perday
See the crontab(1) reference page for more information. To complete
setting up a slave server, see the "Setting Up NIS Clients" section in
this reference page.
SETTING UP NIS CLIENTS
This section explains how to set up an NIS client. Because the master
server and all slave servers are considered NIS clients, you must also
complete these steps to set up these servers:
1. Edit the /etc/rc.config.common file by using the /usr/sbin/rcmgr
utility. The syntax for the /usr/sbin/rcmgr command is:
/usr/sbin/rcmgr -c set variable value
You should set the value of the NIS_CONF variable and the NIS_ARGS in
the /etc/rc.config.common file to the following values for the master
server, slave servers, and clients:
NIS_CONF YES
NIS_ARGS -S nisdomain, server1,server2,server3
You must set the NIS_TYPE variable to the system type: MASTER for
master servers, SLAVE for slave servers, and CLIENT for clients. The
servers must list themselves in the server list if the system is
running with the -S option.
For example, to set up host2 to be a client server in the domain
pacific, and run the ypbind daemon with the -S option, enter the
following commands:
# /usr/sbin/rcmgr -c set NIS_CONF YES
# /usr/sbin/rcmgr -c set NIS_TYPE CLIENT
# /usr/sbin/rcmgr -c set NIS_DOMAIN pacific
# /usr/sbin/rcmgr -c set NIS_ARGS \
"-S pacific,host2,host1,host3"
2. Start the NIS daemons by issuing the following command:
# /sbin/init.d/nis start
To reconfigure NIS on your system, you must kill the daemons that are
running and the restart them. To kill the daemons, enter the
following command:
# /sbin/init.d/nis stop
Restart the daemons by using the "/sbin/init.d/nis start" command.
3. Prepare the local /etc files.
· Edit the /etc/svc.conf file to enable NIS lookups.
The /etc/svc.conf file is the database service selection
configuration file that your system references to determine what
distributed database lookup services are running on your system,
which databases are being served by them, and in what order to
query them. When enabling NIS, you must edit the /etc/svc.conf
file to tell your system that you want NIS servers queried for
distributed database information. For information on editing the
/etc/svc.conf file, see svc.conf(4), svcsetup(8), or Network
Administration: Services.
· If necessary, edit the /etc/passwd file and /etc/group files to
enable NIS lookups.
If you want your system to query an NIS server for password or
group information, or both, a plus sign followed by a colon (+:)
must be the last line of the /etc/passwd file, the /etc/group
file, or both. For example:
root:9Pf.mMEPUz08t:0:1:System PRIVILEGED Account,,,:/:/bin/csh
field:OnGgTH5moq4Yw:0:1:Field Svc Account,,,:/usr/field:/bin/csh
operator:Ni6WK/uqs0vaE:25:28:Operator Account,,,:/etc/operator:
guest:Nologin:100:31:Guest account:/usr/spool/uucppublic:/bin/date
+:
Note
If +: is not the last line of the file, all entries following
the +: are ignored.
ADDING USERS IN A DISTRIBUTED ENVIRONMENT
In an NIS environment you can add a user account to either the local passwd
file or the NIS distributed passwd file. Accounts added to the local passwd
file are visible only to the system to which they are added. Accounts added
to the NIS distributed passwd file are visible to all NIS clients that have
access to the distributed file.
Gathering Information
Before adding new user accounts to the passwd database, gather the
following information:
· Determine whether you want to add the account to the local passwd file
or the the NIS distributed passwd file.
· Gather the following information on the users you want to add:
-- Login names
-- User identification numbers (UIDs)
-- Group identification numbers (GIDs)
-- Real names, office numbers, and telephone extensions
-- Initial working directories
-- Program to use as a shell
Adding User Accounts to the NIS Distributed passwd File
To add user accounts in a distributed environment, you must edit the master
passwd file on the NIS master server. To do this, perform the following
steps:
1. Log in as superuser on the NIS master server.
2. Change to the /var/yp/src directory.
3. Edit the passwd database to add an entry for each new user.
The format for each entry is the same as the format in the /etc/passwd
file, which is as follows:
login-name:passwd field:UID:GID:user-
info:initial-working-directory:shell-program
Leave the passwd field blank.
4. Rebuild the passwd database.
Change to the /var/yp directory and enter the make passwd command, as
follows:
# cd /var/yp
# make passwd
updated passwd
pushed passwd
5. Use the yppasswd command to set the password for each new user, as
follows:
# yppasswd new_user
NIS password:
Return
New password: password
Retype new password: password
NIS passwd changed on NIS-master
Your system is not secure if no password is set.
Adding User Accounts to the Local passwd File in an NIS Distributed
Environment
To add a user account to only the local system in an NIS environment, you
must add the account manually. (For more information, see the System
Administration manual.) These entries must appear before the plus sign and
colon (+:) at the end of the file.
A user's account information may be partially distributed. If the user's
entry in the /etc/passwd file has a prepended "+", both databases are read
with the information from the /etc/passwd file (except for the UID and gid
fields) overlaying the information from the NIS distributed user account
database.
If the user's entry in the /etc/passwd file has a prepended "-", the user
is excluded from the password database.
See Security Administration for more information.
RELATED INFORMATION
domainname(1), nis_intro(7), nissetup(8), svc.conf(4), ypbind(8),
yppasswd(1), ypserv(8), ypxfr(8)
System Administration, Network Administration: Services, Security
Administration
|
Index for
Section 7 |
|
|
Alphabetical
listing for N |
|
 |
Top of
page |
|