How to Implement NIS on Solaris[/caption]How to Implement NIS on Solaris
Preamble
This document is intended to give idea about sample implementation of NIS. In the document will be used commands and files as they are in SUN Solaris 10. For your flavour of UNIX or Linux refer to the documentation.
Implementation
1. We should set in the beginning the domain name of our new NIS domain. Here will be used domain name “example”, for your configuration, consult your infrastructure manager and documentation. With command domainname we can set the domain, but until next reboot, so better edit file /etc/defaultdomain and put in to the file the name of your domain. Be careful to set the same name as you enter in domainname command.
# domainname example # domainname > /etc/defaultdomain
2. It’s very wise to define dedicated repository for NIS files instead of using original files of the machine. This can help in case of problems with NIS server and avoid potential risk, based on usage of the same root password on all NIS clients. And in some circumstances it’s good to have local users like sys, adm, mail, so we should exclude them from passwd file. For this purpose we will set up directory, named nisfiles and /etc look a fine container for the directory.
# mkdir /etc/nisfiles
3. Here is the example list of files to be copied in our NIS repository: auto_home auto_master bootparams ethers group hosts ipnodes netgroup netmasks networks passwd protocols rpc services shadow user_attr publickey timezone
4. Next step is to go in directory /var/yp and edit Makefile. Change the line DIR =/etc to be DIR =/etc/nisfiles and if need the line started with all: to define services will be served by NIS. The actual creation of map files can be done via command make or ypinit –m
# ypinit -m In order for NIS to operate sucessfully, we have to construct a list of the NIS servers. Please continue to add the names for YP servers in order of preference, one per line. When you are done with the list, type a <control D> or a return on a line by itself. next host to add: sol1 next host to add: ^D The current list of yp servers looks like this: sol1 Is this correct? [y/n: y] Installing the YP database will require that you answer a few questions. Questions will all be asked at the beginning of the procedure. Do you want this procedure to quit on non-fatal errors? [y/n: n] OK, please remember to go back and redo manually whatever fails. If you don't, some part of the system (perhaps the yp itself) won't work. The yp domain directory is /var/yp/example There will be no further questions. The remainder of the procedure should take 5 to 10 minutes. Building /var/yp/example/ypservers... Running /var/yp /Makefile... updated passwd updated group updated hosts updated ipnodes updated networks updated rpc updated services updated protocols /var/yp/example/mail.aliases: 12 aliases, longest 10 bytes, 138 bytes total /usr/lib/netsvc/yp/mkalias /var/yp/`domainname`/mail.aliases /var/yp/`domainname`/mail.byaddr; updated aliases updated publickey updated netid /usr/sbin/makedbm /etc/nisfiles/netmasks /var/yp/`domainname`/netmasks.byaddr; updated netmasks updated timezone updated auto.master updated auto.home updated ageing updated auth_attr updated exec_attr updated prof_attr updated user_attr updated audit_user updated bootparams updated ethers updated netgroup sol1 has been set up as a yp master server without any errors. If there are running slave yp servers, run yppush now for any data bases which have been changed. If there are no running slaves, run ypinit on those hosts which are to be slave servers.
5. Edit /var/yp/securenets to add networks, to be served by server. Record should look like”
255.255.255.0 10.0.1.0
6. It’s time to start (restart) our NIS server and check if it running
# svcadm restart nis/server # svcs -av|grep nis disabled - 7:25:29 - svc:/network/rpc/nisplus:default disabled - 7:25:30 - svc:/system/patch-finish:delete online - 8:16:53 96 svc:/network/nis/xfr:default online - 8:16:54 97 svc:/network/nis/passwd:default online - 8:16:54 99 svc:/network/nis/update:default online - 8:31:58 102 svc:/network/nis/client:default online - 8:36:49 103 svc:/network/nis/server:default # ps -efl|grep yp 0 S daemon 149 1 0 40 20 ? 1075 ? 07:25:42 ? 0:00 /usr/lib/crypto/kcfd 0 S root 2404 1 0 40 20 ? 1289 ? 08:36:49 ? 0:00 /usr/lib/netsvc/yp/ypserv 0 S root 1429 1 0 40 20 ? 1302 ? 08:16:54 ? 0:00 /usr/lib/netsvc/yp/ypxfrd 0 S root 1443 1 0 40 20 ? 468 ? 08:16:54 ? 0:00 /usr/lib/netsvc/yp/rpc.ypupdated 0 S root 1436 1 0 40 20 ? 1288 ? 08:16:54 ? 0:00 /usr/lib/netsvc/yp/rpc.yppasswdd -m 0 S root 2390 1 0 40 20 ? 526 ? 08:31:58 ? 0:00 /usr/lib/netsvc/yp/ypbind
7. Then we should set your server as client. This is usual situation and only in special circumstances you should set one machine only as NIS server, but not client. When you configure other servers as clients do not forget to set /etc/defaultdomain and nsswitch.conf files
# ypinit -c In order for NIS to operate sucessfully, we have to construct a list of the NIS servers. Please continue to add the names for YP servers in order of preference, one per line. When you are done with the list, type a <control D> or a return on a line by itself. next host to add: sol1 next host to add: ^D The current list of yp servers looks like this: sol1 Is this correct? [y/n: y]
8. And now is time to check if everything works fine. There is in /etc/nisfiles/hosts record for host m1, but not in /etc/inet/hosts:
# getent hosts m1 10.0.1.51 m1 # ypcat hosts 127.0.0.1 localhost 10.0.1.10 sol1 loghost 10.0.1.53 m3 10.0.1.52 m2 10.0.1.51 m1
No comments:
Post a Comment