This document is intended to give idea about sample implementation of NIS. In the document will be used commands and files as they are in SUN Solaris 10. For your flavour of UNIX or Linux refer to the documentation.
Implementation
1. We should set in the beginning the domain name of our new NIS domain. Here will be used domain name “example”, for your configuration, consult your infrastructure manager and documentation. With command domainname we can set the domain, but until next reboot, so better edit file /etc/defaultdomain and put in to the file the name of your domain. Be careful to set the same name as you enter in domainname command. # domainname example# domainname > /etc/defaultdomain
2. It’s very wise to define dedicated repository for NIS files instead of using original files of the machine. This can help in case of problems with NIS server and avoid potential risk, based on usage of the same root password on all NIS clients. And in some circumstances it’s good to have local users like sys, adm, mail, so we should exclude them from passwd file. For this purpose we will set up directory, named nisfiles and /etc look a fine container for the directory. # mkdir /etc/nisfiles
3. Here is the example list of files to be copied in our NIS repository: auto_home auto_master bootparams ethers group hosts ipnodes netgroup netmasks networks passwd protocols rpc services shadow user_attr publickey timezone
4. Next step is to go in directory /var/yp and edit Makefile. Change the line DIR =/etc to be DIR =/etc/nisfiles and if need the line started with all: to define services will be served by NIS. The actual creation of map files can be done via command make or ypinit –m # ypinit -mIn order for NIS to operate sucessfully, we have to construct a list of theNIS servers. Please continue to add the names for YP servers in order ofpreference, one per line. When you are done with the list, type a
5. Edit /var/yp/securenets to add networks, to be served by server. Record should look like” 255.255.255.0 10.0.1.0
6. It’s time to start (restart) our NIS server and check if it running # svcadm restart nis/server# svcs -avgrep nisdisabled - 7:25:29 - svc:/network/rpc/nisplus:defaultdisabled - 7:25:30 - svc:/system/patch-finish:deleteonline - 8:16:53 96 svc:/network/nis/xfr:defaultonline - 8:16:54 97 svc:/network/nis/passwd:defaultonline - 8:16:54 99 svc:/network/nis/update:defaultonline - 8:31:58 102 svc:/network/nis/client:defaultonline - 8:36:49 103 svc:/network/nis/server:default# ps -eflgrep yp 0 S daemon 149 1 0 40 20 ? 1075 ? 07:25:42 ? 0:00 /usr/lib/crypto/kcfd 0 S root 2404 1 0 40 20 ? 1289 ? 08:36:49 ? 0:00 /usr/lib/netsvc/yp/ypserv 0 S root 1429 1 0 40 20 ? 1302 ? 08:16:54 ? 0:00 /usr/lib/netsvc/yp/ypxfrd 0 S root 1443 1 0 40 20 ? 468 ? 08:16:54 ? 0:00 /usr/lib/netsvc/yp/rpc.ypupdated 0 S root 1436 1 0 40 20 ? 1288 ? 08:16:54 ? 0:00 /usr/lib/netsvc/yp/rpc.yppasswdd -m 0 S root 2390 1 0 40 20 ? 526 ? 08:31:58 ? 0:00 /usr/lib/netsvc/yp/ypbind
7. Then we should set your server as client. This is usual situation and only in special circumstances you should set one machine only as NIS server, but not client. When you configure other servers as clients do not forget to set /etc/defaultdomain and nsswitch.conf files # ypinit -cIn order for NIS to operate sucessfully, we have to construct a list of theNIS servers. Please continue to add the names for YP servers in order ofpreference, one per line. When you are done with the list, type a
8. And now is time to check if everything works fine. There is in /etc/nisfiles/hosts record for host m1, but not in /etc/inet/hosts: # getent hosts m110.0.1.51 m1# ypcat hosts127.0.0.1 localhost10.0.1.10 sol1 loghost10.0.1.53 m310.0.1.52 m210.0.1.51 m1
Conclusion
Of course this short document do not cover all aspects and details of NIS, so it is strictly recommended to read and understand the documentation for your OS and special notes, related to NIS client and server.
No comments:
Post a Comment