Manual Page Result
0
Command: nis_manual_setup | Section: 7 | Source: Digital UNIX | File: nis_manual_setup.7.gz
nis_manual_setup(7) Miscellaneous Information Manual nis_manual_setup(7)
NAME
nis_manual_setup - Describes how to manually set up the Network Infor-
mation Service (NIS)
DESCRIPTION
Setting up NIS includes configuring the following: Master server Slave
servers Clients
Note
You must have the Additional Networking Services subset installed to
create an NIS master or slave server.
C2 security (C2 class of trust as defined in the Trusted Computer Sys-
tem Evaluation Criteria (TCSEC)) enables you to create secure and non-
secure versions of the NIS maps. DIGITAL UNIX provides secure and non-
secure versions of the passwd file. For more information, see the Se-
curity manual and the makedbm(8) reference page.
Setting Up the Master Server
There can be only one master server in an NIS domain. To set up a mas-
ter server, log in as superuser and perform the following steps: Create
the /var/yp/src/mail.aliases file.
The mail.aliases file defines networkwide mail aliases. Creat-
ing this file is optional. However, if you want to define and
distribute mail aliases on your network, you must create it. If
you do not create a mail.aliases file, when the NIS maps are
built, a message telling you that the mail.aliases file could
not be found is displayed on the screen.
For information on defining mail aliases, see the aliases(4)
reference page. Create the /var/yp/src/netgroup file.
The netgroup file defines networkwide groups and is used for
permission checking when doing remote mounts, remote logins, and
accessing remote shells. Creating this file is optional. How-
ever, if you want to define and distribute network group infor-
mation on your network, you must create it. If you do not cre-
ate a netgroup file, when the NIS maps are built, a message
telling you that the netgroup file could not be found is dis-
played on the screen.
For information on defining network groups, see the netgroup(4)
reference page. Copy into the /var/yp/src directory the local
/etc files that you intend to make into NIS maps for distribu-
tion. Be sure that the information in the files is up to date.
When the default set of NIS maps is created, the following file
names are recognized in the /var/yp/src directory: aliases,
group, hosts, mail.aliases, netgroup, networks, passwd, proto-
cols, rpc, and services. If you do not want to distribute one
of the default maps, do not copy the local /etc file for it into
the /var/yp/src directory. If a file is absent from the
/var/yp/src directory, when the NIS maps are built, a message
telling you that the file could not be found is displayed on the
screen. Remove the entry for root from the passwd file after
you copy it into the /var/yp/src directory. Copy automount
maps, or other site-specific maps, into the /var/yp/src direc-
tory. For information on creating automount maps and other
site-specific maps, see the Network Administration manual. Cre-
ate the domain directory by entering the following command, re-
placing test_domain with the name of your domain: # mkdir
/var/yp/test_domain
Note
A NIS domain name is not the same as a BIND domain name. If you
configure the system with an incorrect NIS domain name, all NIS-
related operations (such as logging in and the ls -l command)
hang for several minutes, then fail.
Edit the /var/yp/Makefile file, if necessary.
If you are using the NIS master server to serve the auto.master
map, the auto.home map, or both, you must remove the number sign
(#) from the beginning of the following lines: #all: passwd
group hosts networks rpc services protocols netgroup \ #
aliases auto.home auto.master . . . #$(YPDB-
DIR)/$(DOM)/auto.home.time: $(DIR)/auto.home # -@if [ -f
$(DIR)/auto.home ]; then \ # $(SED) -e "/^#/d" -e
s/#.*$$// $(DIR)/auto.home | \ # $(MAKEDBM) -
$(YPDBDIR)/$(DOM)/auto.home; \ # $(TOUCH) $(YPDB-
DIR)/$(DOM)/auto.home.time; \ # $(ECHO) "updated
auto.home"; \ # if [ ! $(NOPUSH) ]; then \ #
$(YPPUSH) auto.home; \ # $(ECHO) "pushed
auto.home"; \ # else \ # : ; \
# fi \ # else \ # $(ECHO)
"couldn't find $(DIR)/auto.home"; \ # fi # #$(YPDB-
DIR)/$(DOM)/auto.master.time: $(DIR)/auto.master # -@if [
-f $(DIR)/auto.master ]; then \ # $(SED) -e "/^#/d"
-e s/#.*$$// $(DIR)/auto.master | \ # $(MAKEDBM) -
$(YPDBDIR)/$(DOM)/auto.master; \ # $(TOUCH) $(YPDB-
DIR)/$(DOM)/auto.master.time; \ # $(ECHO) "updated
auto.master"; \ # if [ ! $(NOPUSH) ]; then \ #
$(YPPUSH) auto.master; \ # $(ECHO) "pushed
auto.master"; \ # else \ # : ; \ #
fi \ # else \ # $(ECHO) "couldn't find
$(DIR)/auto.master"; \ # fi . . . #auto.home: $(YPDB-
DIR)/$(DOM)/auto.home.time #auto.master: $(YPDB-
DIR)/$(DOM)/auto.master.time . . . #$(DIR)/auto.home:
#$(DIR)/auto.master:
Place a number sign (#) at the beginning of the following lines:
all: passwd group hosts networks rpc services protocols net-
group \
aliases Create the ypservers map.
The ypservers map is a list of all of the domain's slave
servers. To create this map, enter the following command, re-
placing test_domain with the name of your domain and replacing
slave1, slave2, to slaven with the names of the slave servers: #
/var/yp/makedbm - /var/yp/test_domain/ypservers slave1 slave2
slaven
Be sure to include on this list all of the slave servers in your
domain. If you add a slave server to your domain, you must re-
make this list. Create the NIS maps.
To create the NIS maps that are distributed throughout the do-
main, edit the /var/yp/Makefile file to add the domain name you
have chosen.
For example, if your domain name is test_domain, edit the
/var/yp/Makefile file in the following way: . . . # # *****
DOM must be filled in with the domain name !! # DOM=test_domain
. . .
Then change to the /var/yp/nis_domain directory (test_domain in
this example) and enter the following commands: # cd test_domain
# make -f /var/yp/Makefile NOPUSH="Y" Decide whether to run the
yppasswdd daemon.
The yppasswdd daemon runs on the master server and allows the
master copy of the password file to be updated remotely by using
the yppasswd command. Digital recommends that you run the yp-
passwdd daemon.
If you decide to run the yppasswdd daemon, edit the /etc/rc.con-
fig file by issuing the following command: # /usr/sbin/rcmgr set
NIS_PASSWDD YES To complete setting up the master server, see
the Setting Up NIS Clients section in this reference page.
Setting Up Slave Servers
Use the following procedure to set up a slave server: Create the domain
directory by entering the following command, replacing test_domain with
the name of your domain: # mkdir /var/yp/test_domain
Note
A NIS domain name is not the same as a BIND domain name. If you
configure the system with an incorrect NIS domain name, all NIS-
related operations (such as logging in and ls -l commands) hang
for several minutes, then fail.
Copy the master's maps to the slave server.
You must copy each map from the master individually, using the
following command format:
/var/yp/ypxfr -h nis_master -c -d nis_domain mapname
For example, to transfer the passwd maps from the master server,
host1, to a slave server, type the following commands. The do-
main in this example is test_domain.
# /var/yp/ypxfr -h host1 -c -d test_domain passwd.byname #
/var/yp/ypxfr -h host1 -c -d test_domain passwd.byuid The
/var/yp/nis_domain directory on the master server lists all of
the maps that your slave server can serve. Edit the
/var/spool/cron/crontabs/root file by adding the following
lines. Note that there should be no blank lines in the
/var/spool/cron/crontabs/root file. . . . # Network Informa-
tion Service: SLAVE server entries 30 * * * * sh
/var/yp/ypxfr_1perhour 31 1,13 * * * sh /var/yp/ypxfr_2perday 32
1 * * * sh /var/yp/ypxfr_1perday The first line is a comment.
The second line runs the following command once an hour at 30
minutes past the hour: sh /var/yp/ypxfr_1perhour The third line
runs the following command twice per day at 01:31 and 13:31: sh
/var/yp/ypxfr_2perday The fourth line runs the following command
once per day at 01:32: sh /var/yp/ypxfr_1perday
See the crontab(1) reference page for more information. To com-
plete setting up a slave server, see the Setting Up NIS Clients
section in this reference page.
Setting Up NIS Clients
This section explains how to set up an NIS client. Because the master
server and all slave servers are considered NIS clients, you must also
complete these steps to set up these servers: Prepare the local /etc
files.
If you want your system to query an NIS server for password or
group information, or both, a plus sign followed by a colon (+:)
must be the last line of the /etc/passwd file, the /etc/group
file, or both. For example: root:9Pf.mMEPUz08t:0:1:System PRIV-
ILEGED Account,,,:/:/bin/csh field:OnGgTH5moq4Yw:0:1:Field Svc
Account,,,:/usr/field:/bin/csh operator:Ni6WK/uqs0vaE:25:28:Op-
erator Account,,,:/etc/operator: guest:Nologin:100:31:Guest ac-
count:/usr/spool/uucppublic:/bin/date +:
Note
If +: is not the last line of the file, all entries following
the +: are ignored.
Edit the /etc/rc.config file by using the /usr/sbin/rcmgr util-
ity. The syntax for the /usr/sbin/rcmgr command is:
/usr/sbin/rcmgr set variable value Digital recommends that you
set the value of the NIS_CONF variable and the NIS_ARGS in the
/etc/rc.config file to the following values for the master
server, slave servers, and clients:
NIS_CONF YES NIS_ARGS -S nisdomain, server1,server2,server3 You
must set the NIS_TYPE variable to the system type: MASTER for
master servers, SLAVE for slave servers, and CLIENT for clients.
The servers must list themselves in the server list if the sys-
tem is running with the -S option.
For example, to set up host2 to be a client server in the domain
test_domain, and run the ypbind daemon with the -S option, enter
the following commands:
# /usr/sbin/rcmgr set NIS_CONF YES # /usr/sbin/rcmgr set
NIS_TYPE CLIENT # /usr/sbin/rcmgr set NIS_DOMAIN test_domain #
/usr/sbin/rcmgr set NIS_ARGS "-S test_domain,host2,host1,host3"
Start the NIS daemons by issuing the following command:
# /sbin/init.d/nis start To reconfigure NIS on your system, you
must kill the daemons that are running and the restart them. To
kill the daemons, enter the following command:
# /sbin/init.d/nis stop Restart the daemons by using the
"/sbin/init.d/nis start" command.
Post-Setup Procedures
You must edit the /etc/svc.conf file after you configure NIS on your
system. The /etc/svc.conf file is the database service selection con-
figuration file that your system references to determine what distrib-
uted database lookup services are running on your system, which data-
bases are being served by them, and in what order to query them. After
configuring NIS, you must edit the /etc/svc.conf file to tell your sys-
tem that you want NIS servers queried for distributed database informa-
tion. For information on editing the /etc/svc.conf file, see the Net-
work Administration manual.
Adding Users in a Distributed Environment
In an NIS environment you can add a user account to either the local
passwd file or the NIS distributed passwd file. Accounts added to the
local passwd file are visible only to the system to which they are
added. Accounts added to the NIS distributed passwd file are visible to
all NIS clients that have access to the distributed file.
Gathering Information
Before adding new user accounts to the passwd database, gather the fol-
lowing information: Determine whether you want to add the account to
the local passwd file or the the NIS distributed passwd file. Gather
the following information on the users you want to add: Login names
User identification numbers (UIDs) Group identification numbers (GIDs)
Real names, office numbers, and telephone extensions Initial working
directories Program to use as a shell
Adding User Accounts to the NIS Distributed passwd File
To add user accounts in a distributed environment, you must edit the
master passwd file on the NIS master server. To do this, perform the
following steps: Log in as superuser on the NIS master server. Change
to the /var/yp/src directory. Edit the passwd database to add an entry
for each new user.
The format for each entry is the same as the format in the
/etc/passwd file, which is as follows:
login-name:passwd field:UID:GID:user-info:initial-working-direc-
tory:shell-program
Leave the passwd field blank. Rebuild the passwd database.
Change to the /var/yp directory and enter the make passwd com-
mand, as follows: # cd /var/yp # make passwd updated passwd
pushed passwd Use the yppasswd command to set the password for
each new user, as follows: # yppasswd new_user NIS password: New
password: password Retype new password: password NIS passwd
changed on NIS-master
Your system is not secure if no password is set.
Adding User Accounts to the Local passwd File in an NIS Distributed Envi-
ronment
To add a user account to only the local system in an NIS environment,
you must add the account manually. (For more information, see the Sys-
tem Administration manual.) These entries must appear before to the
plus sign and colon (+:) at the end of the file.
A user's account information may be partially distributed. If the
user's entry in the /etc/passwd file has a prepended "+", both data-
bases are read with the information from the /etc/passwd file (except
for the UID and gid fields) overlaying the information from the NIS
distributed user account database.
If the user's entry in the /etc/passwd file has a prepended "-", both
databases are read with the information from the NIS distributed user
account database overlaying the information from the /etc/passwd file
(except for the UID and gid fields). See Security for more informa-
tion.
RELATED INFORMATION
domainname(1), nis_intro(7), nissetup(8), svc.conf(4), ypbind(8), yp-
passwd(1), ypserv(8), ypxfr(8)
System Administration, Network Administration, Security delim off
nis_manual_setup(7)