Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
 NFS Services Administrator's Guide: HP-UX 11i version 2 > Chapter 4 Configuring and Administering NIS

Configuring and Administering an NIS Slave Server
» 

Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

An NIS slave server provides information to NIS clients, taking some load off the NIS master server and substituting for the master server when it is down. The NIS maps are created on the NIS master server and then transferred from the master server to the slave servers. Changes to NIS maps must be made on the NIS master server, which then pushes the changed maps to the NIS slave servers.

An NIS slave server must also be an NIS client.

The NIS master server must be configured and running before you start your slave servers.

This section explains how to perform the following tasks:

Edit the Slave Server’s passwd File

  • Remove all users from the /etc/passwd file except the root user and the system entries required for your system to boot. By convention, system entries usually have user IDs less than 100, so you can remove all entries with user IDs of 100 or greater.

  • The Name Service Switch configuration file provided for NIS (/etc/nsswitch.nis) causes your host to check its local /etc/passwd file and then continue to the NIS passwd map if the requested information is not in the local file. However, in previous releases, you had to add a plus sign (+) to the /etc/passwd file to cause your host to check the NIS passwd database.

    If you want your host to behave as it did before HP-UX release 10.30, add the following entry as the last line in the /etc/passwd file:

    +::-2:60001:::

    Also, make sure your /etc/nsswitch.conf file specifies compat as the name service for passwd. See Chapter 6 “Configuring the Name Service Switch”.

    The plus sign (+) causes processes to consult NIS for any user information not found in the local /etc/passwd file.

    The -2 in the user ID field restricts the access of people who may attempt to log in using “+” as a valid user name when NIS is not running. Anyone who successfully logs in as “+” will be granted only the access permissions of user nobody.

    CAUTION: Do not put an asterisk (*) in the password field on HP systems. On Sun systems, an asterisk in the password field prevents people from logging in as “+” when NIS is not running. However, on HP systems, the asterisk prevents all users from logging in when NIS is running.

The changes you make to the /etc/passwd file on an NIS slave server are the same changes you make on an NIS client. Following is an example /etc/passwd file on an NIS slave server:

root:0AnhFBmriKvHA:0:3::/:/bin/ksh
daemon:*:1:5::/:/bin/sh 
bin:*:2:2::/bin:/bin/sh
adm:*:4:4::/usr/adm:/bin/sh
uucp:*:5:3::/usr/spool/uucppublic:/usr/lib/uucp/uucico
lp:*:9:7::/usr/spool/lp:/bin/sh
hpdb:*:27:1:ALLBASE:/:/bin/sh
+::-2:60001:::

For more information, type man 4 passwd at the HP-UX prompt.

Edit the Slave Server group File

  • Remove all groups from the /etc/group file except the group entries required for your system to boot.

  • The Name Service Switch configuration file provided for NIS (/etc/nsswitch.nis) causes your host to check its local /etc/group file and then continue to the NIS group map if the requested information is not in the local file. However, in previous releases, you had to add a plus sign (+) to the /etc/group file to cause your host to check the NIS group database.

    If you want your host to behave as it did before HP-UX release 10.30, add the following entry as the last line in the /etc/group file:

    +:*:*

    Also, make sure your /etc/nsswitch.conf file specifies compat as the name service for group. See Chapter 6 “Configuring the Name Service Switch”.

    The plus sign (+) causes processes to consult NIS for any group information not found in the local /etc/group file. The asterisk (*) in the password field prevents people from using the plus sign as a valid group name if NIS is not running.

The changes you make to the /etc/group file on an NIS slave server are the same changes you make on an NIS client. Following is an example /etc/group file on an NIS slave server:

root::0:rootl,sam
other::1:
bin::2:
sys::3:
adm::4:
daemon::5:
mail::6:
lp::7:
+:*:*

For more information, type man 4 group at the HP-UX prompt.

Enable NIS Slave Server Capability

  1. Make sure the NIS master server is already configured and running NIS.

  2. Log in as root to the host that will be the slave server.

  3. On the host that will be the slave server, ensure that the $PATH environment variable includes the following directory paths:

    • /var/yp

    • /usr/lib/netsvc/yp

    • /usr/ccs/bin

  4. Issue the following command to set the NIS domain name:

    /usr/bin/domainname domainname

    where domainname is the same as the domain name on the NIS master server.

  5. In the /etc/rc.config.d/namesvrs file, set the NIS_DOMAIN variable to the domain name:

    NIS_DOMAIN=domainname

  6. In the /etc/rc.config.d/namesvrs file, set the NIS_SLAVE_SERVER and NIS_CLIENT variables to 1, as follows:

    NIS_SLAVE_SERVER=1
    NIS_CLIENT=1

    If the slave server is a master server in another NIS domain, set the NIS_MASTER_SERVER variable to 1 and the NIS_SLAVE_SERVER variable to 0. The yppasswdd daemon, which is required on the master server, is started only if NIS_MASTER_SERVER=1.

    If the slave server is an NIS+ server or client, set the NISPLUS_SERVER and NISPLUS_CLIENT variables to 0.

  7. Issue the following command to set up the NIS slave server and copy the NIS maps from the master server:

    /usr/sbin/ypinit -s NIS_server_name [DOM=domainname]

    The NIS_server_name is the name of the master server or a slave server that has a complete set of up-to-date maps for the domain. If the slave server will serve a domain different from the one set by the domainname command, specify the domainname after the NIS_server_name.

  8. Issue the following commands to run the NIS startup scripts:

    /sbin/init.d/nis.server start
    /sbin/init.d/nis.client start

In order to receive map updates from the NIS master server, you must add the new slave server to the ypservers map on the master server. See “Add a Slave Server to Your NIS Domain” .

For more information, see the following man pages: domainname(1), ypinit(1M), and ypfiles(4).

Verify Your NIS Slave Server Configuration

  1. Log in as root to the slave server.

  2. In the /etc/rc.config.d/namesvrs file, add -ypset to the YPBIND_OPTIONS variable:

    YPBIND_OPTIONS=”-ypset”

  3. Issue the following commands to restart ypbind (the NIS client process) on the slave server:

    /sbin/init.d/nis.client stop
    /sbin/init.d/nis.client start

  4. Issue the following command to force the NIS client process on the slave server to bind to the server process on the same host:

    /usr/sbin/ypset slave_server_name

  5. Issue the following command to check whether the NIS slave server is working:

    /usr/bin/ypwhich

    The ypwhich command should return the host name of the slave server. If the ypwhich command does not return the name of the slave server, see Chapter 8 “Troubleshooting NFS Services”.

  6. In the /etc/rc.config.d/namesvrs file, remove -ypset from the YPBIND_OPTIONS variable:

    YPBIND_OPTIONS=””

  7. Issue the following commands to restart ypbind (the NIS client process) on the slave server:

    /sbin/init.d/nis.client stop
    /sbin/init.d/nis.client start

For more information, see the following man pages: ypbind(1M), ypset(1M), and ypwhich(1).

Schedule Regular Map Transfers from the NIS Master Server

  1. Log in as root to the slave server.

  2. Copy the ypxfr_1perday, ypxfr_2perday, and ypxfr_1perhour scripts from the /usr/newconfig/var/yp directory to the /var/yp directory:

    cp /usr/newconfig/var/yp/ypxfr_1perday /var/yp
    cp /usr/newconfig/var/yp/ypxfr_2perday /var/yp
    cp /usr/newconfig/var/yp/ypxfr_1perhour /var/yp

  3. Create a crontab file that invokes these files at regular times. Following is an example crontab file:

    0 21 * * * /var/yp/ypxfr_1perday
    30 5,19 * * * /var/yp/ypxfr_2perday
    15 * * * * /var/yp/ypxfr_1perhour

    This file runs the ypxfr_1perday script at 9:00 PM every night. It runs the ypxfr_2perday script at 5:30 AM and 7:30 PM every day. It runs the ypxfr_1perhour at 15 minutes past every hour.

  4. Issue the following command to enter the file into crontab,

    crontab filename

    where filename is the crontab file you just created.

If you have created customized NIS maps for your domain, you will have to add them to the appropriate scripts. You can also use the scripts provided as templates for creating your own scripts.

In some domains, transferring the passwd maps once per hour generates too much network traffic. If you find this is the case, schedule transfers of the passwd maps for less frequent intervals.

If you have multiple slave servers, schedule map transfers for different times on different servers, so all the servers are not performing transfers at the same time.

For more information, see the following man pages: cron(1M), crontab(1), and ypxfr(1M).

Restrict Access to the Slave Server

  1. On the NIS slave server, create a file called /var/yp/securenets, if it does not already exist.

  2. Add lines to the file with the following syntax:

    address_mask   IP_address

    The IP_address is the internet address of an NIS client, NIS slave server, or subnet that may request NIS information or transfer NIS maps from the NIS master server.

    The address_mask indicates which bits in the IP_address field are important. If a bit is set in the address_mask field, the corresponding bit in the source address of any incoming NIS requests must match the same bit in the IP_address field.

  3. Issue the following commands to kill and restart the ypserv process:

    /sbin/init.d/nis.server stop
    /sbin/init.d/nis.server start

If a client or slave host has multiple network interface cards, add a line to the securenets file for the IP address of each card.

Type man 4 securenets at the HP-UX prompt for more information.

Examples from /var/yp/securenets

The following line from a /var/yp/securenets file allows only the NIS client at IP address 10.11.12.13 to request information from the NIS slave server. Because every bit is set in the address mask, the source IP address on the NIS request must match exactly, or the slave server will not return the requested information.

255.255.255.255    10.11.12.13

The following line from a /var/yp/securenets file allows any host on the network 10.11.12.0 to request NIS information or transfer NIS maps from the slave server. The last 8 bits of the IP address are ignored, because the last 8 bits of the address mask are set to 0. Any host whose IP address begins 10.11.12 will be allowed access to the slave server.

255.255.255.0    10.11.12.13


Configuring and Administering an NIS Master Server
  		 


Configuring and Administering an NIS Client  
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 2004 Hewlett-Packard Development Company, L.P.