 |
» |
|
|
|
An NIS master server holds the source files for all the NIS
maps in the domain. Any changes to the NIS maps must be made on
the NIS master server. The NIS master server delivers information
to NIS clients and supplies the NIS slave servers with up-to-date
maps. An NIS master server must also be an NIS client. This section explains how to perform the following tasks.
Only the first five tasks are required to get your NIS master server
up and running. Create
the Master passwd File | |
Copy the /etc/passwd file from each host in your NIS domain to the /etc directory on the host that will be the master
server. Name each copy /etc/passwd.hostname, where hostname is the name of the host it came from. Concatenate all the passwd files together, including the master server’s passwd file, into a temporary passwd file, as follows: cd /etc
cat passwd passwd.hostname1 passwd.hostname2... > passwd.temp |
Issue the following command to sort the temporary passwd file by user name: sort -o /etc/passwd.temp -t: -k1,1 /etc/passwd.temp |
Examine /etc/passwd.temp for duplicate user names. If you find multiple
entries for the same user, edit the file to remove redundant ones.
Make sure each user in your network has a unique user name. Issue the following command to sort the temporary passwd file by user ID: sort -o /etc/passwd.temp -t: -k3n,3 /etc/passwd.temp |
Examine /etc/passwd.temp for duplicate user IDs. If you find multiple entries
with the same user ID, edit the file to change the user IDs so that
no two users have the same user ID. Move /etc/passwd.temp (the sorted, edited file) to /etc/passwd. This file will be used to generate the passwd map for your NIS domain. Remove all the /etc/passwd.hostname files from the master server.
| | | |  | NOTE: NIS does not require that the passwd file be sorted in any particular way. Sorting
the passwd file simply makes it easier to find duplicate
entries. | | | | |
For more information, type man 4 passwd or man 1 sort at the HP-UX prompt. Create
the Master group File | |
Copy the /etc/group file from each host in your NIS domain to the /etc directory on the host that will be the master
server. Name each copy /etc/group.hostname, where hostname is the name of the host it came from. Concatenate all the group files together, including the master server’s group file, into a temporary group file, as follows: cd /etc
cat group group.hostname1 group.hostname2... > group.temp |
Issue the following command to sort the temporary group file by group name: sort -o /etc/group.temp -t: -k1,1 /etc/group.temp |
Examine /etc/group.temp for duplicate group names. If a group name appears
more than once, merge the groups with the same name into one group
and remove the duplicate entries. Issue the following command to sort the temporary group file by group ID: sort -o /etc/group.temp -t: -k3n,3 /etc/group.temp |
Examine /etc/group.temp for duplicate group IDs. If you find multiple
entries with the same group ID, edit the file to change the group
IDs so that no two groups have the same group ID. Move /etc/group.temp (the sorted, edited file) to /etc/group. This file will be used to generate the group map for your NIS domain. Remove the /etc/group.hostname files from the master server.
| | | | | NOTE: NIS does not require that the group file be sorted in any particular way. Sorting
the group file simply makes it easier to find duplicate
entries. | | | | |
For more information, type man 4 group or man 1 sort at the HP-UX prompt. Create
the Master hosts File | |
Copy the /etc/hosts file from each host in your NIS domain to the /etc directory on the host that will be the master
server. Name each copy /etc/hosts.hostname, where hostname is the name of the host it came from. Concatenate all the hosts files together, including the master server’s hosts file, into a temporary hosts file, as follows: cd /etc
cat hosts hosts.hostname1 hosts.hostname2... > hosts.temp |
Issue the following command to sort the temporary hosts file so that duplicate IP addresses are on adjacent
lines: sort -o /etc/hosts.temp /etc/hosts.temp |
Examine /etc/hosts.temp for duplicate IP addresses. If the same IP address
appears in multiple entries, remove all the entries but one. If
you need to map an IP address to multiple host names, include them
as aliases in a single entry. Issue the following command to sort the temporary hosts file by host name: sort -o /etc/hosts.temp -b -k2,2 /etc/hosts.temp |
Examine /etc/hosts.temp for duplicate host names. A host name may be mapped
to multiple IP addresses only if the IP addresses belong
to different LAN cards on the same host. If a host name appears
in multiple entries, mapped to IP addresses on different hosts,
remove all the entries but one. Examine /etc/hosts.temp for duplicate aliases. No alias should appear
in more than one entry. Move /etc/hosts.temp (the sorted, edited file) to /etc/hosts. This file will be used to generate the hosts map for your NIS domain. Remove the /etc/hosts.hostname files from the master server.
| | | | | NOTE: NIS does not require that the hosts file be sorted in any particular way. Sorting
the hosts file simply makes it easier to find duplicate
entries. | | | | |
For more information, type man 4 hosts or man 1 sort at the HP-UX prompt. Enable
NIS Master Server Capability | |
Log in as root to the host that will be the master server. On the host that will be the master server, ensure
that the $PATH environment variable includes the following directory
paths: Issue the following command to set the NIS domain
name: /usr/bin/domainname domainname |
If your host uses short file names, make sure the first 14
characters of domainname uniquely identify your domain among the other
NIS domains in your network. In the /etc/rc.config.d/namesvrs file, set the NIS_DOMAIN variable to the domain name: In the /etc/rc.config.d/namesvrs file, set the NIS_MASTER_SERVER and NIS_CLIENT variables to 1, as follows: NIS_MASTER_SERVER=1
NIS_CLIENT=1 |
If the host that will be the master server is already a slave
server for another domain, set the NIS_MASTER_SERVER variable to 1 and the NIS_SLAVE_SERVER variable to 0. If the host is an NIS+ server or client, set the NISPLUS_SERVER and NISPLUS_CLIENT flags to 0. Issue the following command to create the NIS maps
for the domain: The ypinit script will prompt you for the names of your slave servers.
Enter the names of your slave servers in response to the prompt. Issue the following commands to run the NIS startup
scripts: /sbin/init.d/nis.server start
/sbin/init.d/nis.client start |
The master server is now running as both an NIS master server
and an NIS client. Next, you must configure the slave servers you
listed when you ran the ypinit script. See “Configuring
and Administering an NIS Slave Server”. For more information, see the following man pages: domainname(1), ypinit(1M), and ypfiles(4). Verify
Your NIS Master Server Configuration | |
Log into the master server and issue
the following command:
The ypwhich -m command lists all the NIS maps available to the
local client and gives the name of the master server that serves
each map. In this case, the local host is both the client and the
master server. Your display should look something like this, where mastername is the name of your local host: # /usr/bin/ypwhich -m
vhe_list mastername
servi.bynp mastername
services.byname mastername
rpc.byname mastername
protocols.bynumber mastername
protocols.byname mastername
rpc.bynumber mastername
passwd.byuid mastername
passwd.byname mastername
networks.byname mastername
networks.byaddr mastername
netgroup.byuser mastername
netgroup.byhost mastername
netgroup mastername
hosts.byname mastername
hosts.byaddr mastername
group.byname mastername
group.bygid mastername
publickey.byname mastername
netid.byname mastername
mail.byaddr mastername
mail.aliases mastername
auto.master mastername
ypservers mastername |
If you do not see a similar display, see Chapter 8 “Troubleshooting
NFS Services”. Type man 1 ypwhich for more information on the ypwhich command. Configure
the NIS Master Server to Use a Private passwd File | |
| | | |  | CAUTION: Do not use this procedure if your NIS master server
is also a mail server. If the NIS master server uses only a subset
of the information in the NIS passwd map, it cannot resolve mail addresses, and mail
messages will fail. | | | | |
Log in as root to the NIS master server. Copy the /etc/passwd file to /etc/passwd.yp. Using a text editor, remove users from the /etc/passwd file who should not be allowed access to the NIS
master server. Do not include a plus sign (+) in this file. Use a text editor to edit the /var/yp/Makefile file. Change the following line to the following: In the /etc/rc.config.d/namesvrs file, modify the YPPASSWDD_OPTIONS variable. Change the following line YPPASSWDD_OPTIONS=”/etc/passwd -m passwd PWFILE=/etc/passwd” |
to the following: YPPASSWDD_OPTIONS=”/etc/passwd.yp -m passwd PWFILE=/etc/passwd.yp” |
Issue the following commands to regenerate the NIS passwd maps from /etc/passwd.yp: cd /var/yp
/usr/ccs/bin/make passwd |
This command generates both the passwd.byname and the passwd.byuid maps and pushes them to the slave servers. If your slave servers are not up and running yet, run make with the NOPUSH flag set to 1: cd /var/yp
/usr/ccs/bin/make NOPUSH=1 passwd |
This procedure creates a restricted /etc/passwd file that is used only by the NIS master server.
The unrestricted /etc/passwd.yp file is used to generate the NIS passwd maps, which are used by the rest of the hosts
in the NIS domain. For more information, see the following man pages: passwd(4), make(1), ypmake(1M), and ypinit(1M). Restrict
Client and Slave Server Access to the Master Server | |
On the NIS master server, create a
file called /var/yp/securenets, if it does not already exist. Add lines to the file with the following syntax: The IP_address is the internet address of an NIS client, NIS
slave server, or subnet that may request NIS information or transfer
NIS maps from the NIS master server. The address_mask indicates which bits in the IP_address field are important. If a bit is set in the address_mask field, the corresponding bit in the source address
of any incoming NIS requests must match the same bit in the IP_address field. Issue the following commands to kill and restart
the ypserv process: /sbin/init.d/nis.server stop
/sbin/init.d/nis.server start |
If a client or slave host has multiple network interface cards,
add a line to the securenets file for the IP address of each card. Type man 4 securenets at the HP-UX prompt for more information. Examples
from /var/yp/securenetsThe following line from a /var/yp/securenets file allows only the NIS client at IP address
10.11.12.13 to request information from the NIS master server. Because
every bit is set in the address mask, the source IP address on the
NIS request must match exactly, or the master server will not return
the requested information. 255.255.255.255 10.11.12.13 |
The following line from a /var/yp/securenets file allows any host on the network 10.11.12.0
to request NIS information or transfer NIS maps from the master
server. The last 8 bits of the IP address are ignored, because the
last 8 bits of the address mask are set to 0. Any host whose IP
address begins 10.11.12 will be allowed access to the master server. 255.255.255.0 10.11.12.13 |
Check
the Contents of an NIS Map | |
Issue the following command to verify
that an NIS map contains the data you expect it to contain: /usr/bin/ypcat -k mapname |
The -k option lists the key for each item in the map
as well as the data associated with the key. For example, in the netgroup map, the netgroup name is the key. Without the -k option, ypcat would list all the data associated with each netgroup
name, but not the netgroup name itself. For more information on the ypcat command, type man 1 ypcat at the HP-UX prompt. Modify
an NIS Map | |
Log in as root to the NIS master server. Make your changes to the source file for the NIS
map. For example, if you want to change the NIS hosts map, make your changes to the /etc/hosts file. Issue the following commands to generate the map
and push it to the slave servers: cd /var/yp
/usr/ccs/bin/make mapname |
If your slave servers are not up and running yet, run the make command with the NOPUSH flag set to 1: cd /var/yp
/usr/ccs/bin/make NOPUSH=1 mapname |
This procedure works for all NIS maps except the ypservers map, which has no source file. For instructions
on modifying the ypservers map, see “Add
a Slave Server to Your NIS Domain” or “Remove
a Slave Server from Your NIS Domain”. If you make changes to the passwd, group, or hosts maps, regenerate the netid.byname map. The netid.byname map is a mapping of users to groups, where each
user is followed by a list of all the groups to which the user belongs.
The netid.byname map is generated from the /etc/passwd and /etc/group files. For more information, see the following man pages: make(1), ypmake(1M), yppush(1M), and ypxfr(1M). Add
an AutoFS Map to the NIS Domain | |
Log in as root to the NIS master server. In the /usr/sbin/ypinit script, use a text editor to add the AutoFS map
to the MASTER_MAPS list, as follows: MASTER_MAPS=”group.bygid group.byname \
hosts.byaddr hosts.byname netgroup netgroup.byhost \
netgroup.byuser networks.byaddr networks.byname passwd.byname \
passwd.byuid protocols.byname protocols.bynumber rpc.bynumber \
services.byname vhe_list publickey.byname netid.byname mail.byaddr \
mail.aliases auto.master rpc.byname servi.bynp auto.mapname” |
In the /var/yp/Makefile file, add the AutoFS map to the list of maps that
begins with all:, as follows: all: passwd group hosts networks rpc services protocols \
netgroup aliases publickey netid vhe_list auto.master \
auto.mapname |
In the /var/yp/Makefile file, copy the statement that begins $(YPDBDIR)/$(DOM)/auto_master.time to the space below it. Change all occurrences
of auto.master or auto_master to the name of the map you are adding. Note that
some occurrences must be auto_mapname (the name of the ASCII file), and some must be auto.mapname (the name of the NIS database). |
$ (YPDBDIR)/$(DOM)/auto_master.time: $(DIR)/auto_master
@(sed -e ”s/^[ | ]*//g” -e ”/^#/d” -e s/#.*$$// <
$(DIR)/auto_master $(CHKPIPE)) |
$(MAKEDBM) - $(YPDBDIR) /$(DOM)/auto.master;
@touch $(YPDBDIR)/$(DOM)/auto_master.time;
@echo ”updated auto.master”;
@if [ ! $(NOPUSH) ]; then $(YPPUSH) -d $(DOM) auto.master; fi
@if [ ! $(NOPUSH) ]; then echo ”pushed auto.master”; fi
$ (YPDBDIR)/$(DOM)/auto_mapmame.time: $(DIR)/auto_mapname
@(sed -e ”s/^[ | ]*//g” -e ”/^#/d” -e s/#.*$$// <
$(DIR)/auto_mapname $(CHKPIPE)) |
$(MAKEDBM) - $(YPDBDIR) /$(DOM)/auto.mapname;
@touch $(YPDBDIR)/$(DOM)/auto_mapname.time;
@echo ”updated auto.mapname”;
@if [ ! $(NOPUSH) ]; then $(YPPUSH) -d $(DOM) auto.mapname; fi
@if [ ! $(NOPUSH) ]; then echo ”pushed auto.mapname”; fi |
In the /var/yp/Makefile file, copy the statement that begins auto.master: to the space below it. Change auto.master to auto.mapname, and change both occurrences of auto_master.time to auto_mapname.time. auto.master:
@if [ $(NOPUSH) ]; then $(MAKE) $(MFLAGS) -k \
$(YPDBDIR)/$(DOM)/auto_master.time DOM=$(DOM) DIR=$(DIR); \
else $(MAKE) $(MFLAGS) -k $(YPDBDIR)/$(DOM)/auto_master.time \
DOM=$(DOM) DIR=$(DIR) NOPUSH=$(NOPUSH);fi
auto.mapname:
@if [ $(NOPUSH) ]; then $(MAKE) $(MFLAGS) -k \
$(YPDBDIR)/$(DOM)/auto_mapname.time DOM=$(DOM) DIR=$(DIR); \
else $(MAKE) $(MFLAGS) -k $(YPDBDIR)/$(DOM)/auto_mapname.time \
DOM=$(DOM) DIR=$(DIR) NOPUSH=$(NOPUSH);fi |
Issue the following commands to generate the map: cd /var/yp
/usr/ccs/bin/make NOPUSH=1 auto.mapname |
If you have slave servers configured in your domain,
log into each slave server and issue the following command to copy
the new map to the slave server: /usr/sbin/ypxfr auto.mapname |
For more information, see the man page for ypinit(1M), make(1), ypmake(1M), or ypxfr(1M). Remove
an AutoFS Map from Your NIS Domain | |
Log in as root to the NIS master server. In the /usr/sbin/ypinit script, use a text editor to remove the map name
from the MASTER_MAPS list. In the /var/yp/Makefile file, remove the map from the list of maps that
begins with all:. In the /var/yp/Makefile file, remove the statement that begins $(YPDBDIR)/$(DOM)/auto_mapname.time. For example, if you were removing the auto.home map, you would remove the following lines: $ (YPDBDIR)/$(DOM)/auto_home.time: $(DIR)/auto_home
@(sed -e ”s/^[ | ]*//g” -e ”/^#/d” -e s/#.*$$// <
$(DIR)/auto_home $(CHKPIPE)) |
$(MAKEDBM) - $(YPDBDIR) /$(DOM)/auto.home;
@touch $(YPDBDIR)/$(DOM)/auto_home.time;
@echo ”updated auto.home”;
@if [ ! $(NOPUSH) ]; then $(YPPUSH) -d $(DOM) auto.home; fi
@if [ ! $(NOPUSH) ]; then echo ”pushed auto.home”; fi |
In the /var/yp/Makefile file, remove the statement that begins auto.mapname:. For example, if you were removing the auto.home map, you would remove the following lines: auto.home:
@if [ $(NOPUSH) ]; then $(MAKE) $(MFLAGS) -k \
$(YPDBDIR)/$(DOM)/auto_home.time DOM=$(DOM) DIR=$(DIR); \
else $(MAKE) $(MFLAGS) -k $(YPDBDIR)/$(DOM)/auto_home.time \
DOM=$(DOM) DIR=$(DIR) NOPUSH=$(NOPUSH);fi |
On the master and on each of the slave servers,
remove the map files, mapname.dir and mapname.pag from the directory where your maps are stored.
The directory is called /var/yp/domainname, where domainname is the name of your NIS domain. For example, if
you were removing the auto.home map from the Finance domain, you would issue the following commands
on the master server and on each of the slave servers: cd /var/yp/Finance
rm auto.home.dir auto.home.pag |
For more information, see the man pages ypinit(1M), make(1), ypmake(1M), and ypfiles(4). Add
a Slave Server to Your NIS Domain | |
Log in as root to the NIS master server. Issue the following command, where domainname is the name of the domain to which you want to
add the slave server: Issue the following command to create an editable
ASCII text file from the ypservers map: /usr/sbin/makedbm -u ypservers > tempfile |
Use a text editor to add the name of the new server
to the ASCII file, tempfile. Issue the following command to regenerate the ypservers map from the ASCII file: /usr/sbin/makedbm tempfile ypservers |
Log in as root to the new slave server and configure
it as an NIS slave server. See “Configuring
and Administering an NIS Slave Server”.
For more information, see the man page for makedbm(1M) or ypfiles(4). Remove
a Slave Server from Your NIS Domain | |
Log in as root to the NIS master server. Issue the following commands to create an editable
ASCII text file from the ypservers map: cd /var/yp/domainname
/usr/sbin/makedbm -u ypservers > tempfile |
Use a text editor to remove the name of the slave
server from the ASCII file, tempfile. Issue the following command to regenerate the ypservers map from the ASCII file: /usr/sbin/makedbm tempfile ypservers |
Log in as root to the slave server. Remove all the map files from the map directory,
and remove the map directory. The directory is called /var/yp/domainname, where domainname is the name of your NIS domain. For example, if
you were removing a slave server from the Finance domain, you would issue the following commands: cd /var/yp/Finance
rm *
cd ..
rmdir Finance |
If the slave is not a slave server in any other
NIS domain, use a text editor to set the NIS_SLAVE_SERVER variable to 0 in the /etc/rc.config.d/namesvrs file. If the slave is not a server in any other NIS domain,
issue the following command to turn off NIS server capability: /sbin/init.d/nis.server stop |
For more information, see the man pages makedbm(1M) and ypfiles(4). Query
BIND for Host Information After Querying NIS | |
This section tells you how to set up server-side
hostname fallback, which causes your NIS servers to
query BIND for host information after querying NIS. A server will
search the NIS hosts database first, but if the hosts database does not contain the requested information,
the server will query the BIND name service. The server will return
the host information to the clients through NIS. Configure your NIS servers as BIND name servers, or install
an /etc/resolve.conf file on each server that allows it to query a BIND
name server. See Installing and Administering Internet Services for
more information. On the NIS master server, in the /var/yp/Makefile file, set the B variable to -b, as follows: Issue the following command on the master server
to change the modification time on /etc/hosts so that make will regenerate the hosts database: /usr/bin/touch /etc/hosts |
Issue the following commands to regenerate the NIS
maps on the master server and push them to the NIS slave servers: cd /var/yp
/usr/ccs/bin/make |
On all the NIS servers in your domain, change the hosts line in the /etc/nsswitch.conf file to the following:
Hewlett-Packard recommends that you use the Name Service Switch
on your NIS clients instead of server-side hostname fallback. However,
if your NIS clients are PCs that do not have a feature like the
Name Service Switch, use the server-side hostname fallback described
in this section if you want to force BIND lookups after NIS lookups.
See Chapter 6 “Configuring
the Name Service Switch”. Use
NIS With Short File Names | |
Make sure the first 14 characters of your domain name uniquely identify
your domain among the other NIS domains in your network. If you plan to use NIS to manage your AutoFS maps,
keep AutoFS map names to 10 characters or fewer. Log in as root to the NIS master server. In the /var/yp/Makefile file, uncomment all the lines between START OF EXAMPLE and END OF EXAMPLE. (Remove the sharp sign [#] from the beginning
of each line.) Do not uncomment the START OF EXAMPLE and END OF EXAMPLE lines. In the /var/yp/Makefile file, delete everything after the END OF EXAMPLE line.
This procedure causes your NIS master server to use HP’s
proprietary ypmake script instead of the Makefile. The Makefile does not support short filenames, but ypmake does. Type man ypmake (1M) at the HP-UX prompt for more information. Configure
an HP-UX Master Server in a Domain with Sun Systems | |
Log in as root to the host that will be the master server. If you have customized your HP Makefile, move it
to /var/yp/Makefile.hp. Copy your Sun Makefile into the /var/yp directory on the HP system. If your Sun Makefile is not called Makefile, use a text editor to set the MAKEFILE_NAME variable to the name of your Sun Makefile in the /usr/sbin/ypinit script. If you have customized your HP Makefile, add those
changes into your Sun Makefile. In the /usr/sbin/ypinit script on the HP host that will be the master
server, add the netmasks.byaddr, bootparams, ethers.byaddr, and ethers.byname maps to the MASTER_MAPS variable. On one of your Sun systems, locate or create an /etc/ethers file, an /etc/bootparams file, and an /etc/netmasks file that contain all the information required
by the Sun systems in your NIS domain. Copy the /etc/ethers, /etc/bootparams, and /etc/netmasks files to the HP host that will be the master server. Follow the instructions in “Enable
NIS Master Server Capability”.
|
Printable version
