 |
» |
|
|
|
An NIS client gets its configuration information from an NIS
master server or an NIS slave server. When an NIS client is started,
it sends out a broadcast message requesting a server. Any server
on the client’s network that holds the NIS maps for the
client’s domain may respond to the message. The NIS client “binds” to
the first server to respond to its broadcast message, and that server
answers all the client’s queries for information. This section explains how to perform the following tasks.
Only the first five tasks are necessary for getting your NIS client
up and running. Edit
the NIS Client passwd File | |
Remove all users from the /etc/passwd file except the root user and the system entries
required for your system to boot. By convention, system entries
usually have user IDs less than 100, so you can remove all entries
with user IDs of 100 or greater.
The changes you make to the /etc/passwd file on an NIS client are the same changes you
make on an NIS slave server. Following is an example /etc/passwd file on an NIS client: root:0AnhFBmriKvHA:0:3: :/:/bin/ksh
daemon:*:1:5::/:/bin/sh
bin:*:2:2::/bin:/bin/sh
adm:*:4:4::/usr/adm:/bin/sh
uucp:*:5:3::/usr/spool/uucppublic:/usr/lib/uucp/uucico
lp:*:9:7::/usr/spool/lp:/bin/sh
hpdb:*:27:1:ALLBASE:/:/bin/sh
+::-2:60001::: |
For more information, type man 4 passwd at the HP-UX prompt. Edit
the NIS Client group File | |
Remove all groups from the /etc/group file except the group entries required for your
system to boot. The Name Service Switch configuration file provided
for NIS (/etc/nsswitch.nis) causes your host to check its local /etc/group file and then continue to the NIS group map if the requested information is not in the
local file. However, in previous releases, you had to add a plus
sign (+) to the /etc/group file to cause your host to check the NIS group database. If you want your host to behave as it did before HP-UX release
10.30, add the following entry as the last line in the /etc/group file: Also, make sure your /etc/nsswitch.conf file specifies compat as the name service for group. See Chapter 6 “Configuring
the Name Service Switch”. The plus sign (+) causes processes to consult NIS for any group information
not found in the local /etc/group file. The asterisk (*) in the password field prevents people from using
the plus sign as a valid group name if NIS is not running.
The changes you make to the /etc/group file on an NIS client are the same changes you
make on an NIS slave server. Following is an example /etc/group file on an NIS client: root::0:rootl,sam
other::1:
bin::2:
sys::3:
adm::4:
daemon::5:
mail::6:
lp::7:
+:*:* |
For more information, type man 4 group at the HP-UX prompt. Enable
NIS Client Capability | |
Make sure at least one NIS master or slave server is running
on the client’s subnetwork. Log in as root to the NIS client. On the NIS client, ensure that the $PATH environment variable includes the following directory
paths: Issue the following command to set the NIS domain
name: /usr/bin/domainname domainname |
where domainname is a domain served by an NIS server on the client’s
subnetwork. In the /etc/rc.config.d/namesvrs file, set the NIS_DOMAIN variable to the domain name: In the /etc/rc.config.d/namesvrs file, set the NIS_CLIENT variable to 1, as follows: If the host was previously an NIS+ client, set the NISPLUS_CLIENT variable to 0. Copy the /etc/nsswitch.nis file to /etc/nsswitch.conf: cp /etc/nsswitch.nis /etc/nsswitch.conf |
If you have plus and minus signs in your /etc/passwd or /etc/group files, they will be ignored. If you want your
host to use the plus and minus signs in your files as signals to
consult NIS, modify the passwd and group lines in /etc/nsswitch.conf to specify compat, as follows: passwd: compat
group: compat |
Reboot the client host to ensure that long-running
processes read the new /etc/nsswitch.conf file. Rebooting the client will also cause the
NIS client startup script to execute, because the NIS_CLIENT variable is set to 1. To start the NIS client processes without rebooting the host,
issue the following command to run the NIS startup script: /sbin/init.d/nis.client start |
For more information, see the following man pages: domainname(1), ypbind(1M), and nsswitch.conf(4). Verify
Your NIS Client Configuration | |
Log into the NIS client and issue
the following command:
The ypwhich -m command lists all the NIS maps available to the
client and gives the name of the master server that serves each
map. Your display should look something like this, where mastername is the name of the master server for your domain: # /usr/bin/ypwhich -m
vhe_list mastername
servi.bynp mastername
services.byname mastername
rpc.byname mastername
protocols.bynumber mastername
protocols.byname mastername
rpc.bynumber mastername
passwd.byuid mastername
passwd.byname mastername
networks.byname mastername
networks.byaddr mastername
netgroup.byuser mastername
netgroup.byhost mastername
netgroup mastername
hosts.byname mastername
hosts.byaddr mastername
group.byname mastername
group.bygid mastername
publickey.byname mastername
netid.byname mastername
mail.byaddr mastername
mail.aliases mastername
auto.master mastername
ypservers mastername |
If you do not see a similar display, see Chapter 8 “Troubleshooting
NFS Services”. Type man 1 ypwhich for more information on the ypwhich command. Tell
Users How to Use yppasswd | |
Tell all the users in your NIS domain
that they must use /usr/bin/yppasswd or passwd -r nis instead of the passwd command when they want to change their login passwords. Tell users that, when they want to change their
login passwords, they should do so just before they leave for the
day. This will allow time for the updated NIS maps on the master
server to be pushed to the slave servers.
The yppasswd command is a link to the passwd -r nis command. It changes the /etc/passwd file on the NIS master server, regenerates the NIS passwd maps from the updated /etc/passwd file, and then pushes the NIS passwd maps to the slave servers. For more information, see the following man pages: yppasswd(1), yppasswdd(1M), passwd(1), ypxfr(1M), and yppush(1M). Prevent
a Client from Binding to Unknown Servers | |
On the NIS client, create a file called /var/yp/secureservers, if it does not already exist. Add lines to the file with the following syntax: The IP_address is the internet address of an NIS server or the subnet
of an NIS server from which the client will accept NIS information. The address_mask indicates which bits in the IP_address field are important. If a bit is set in the address_mask field, the corresponding bit in the address of
any NIS server must match the same bit in the IP_address field. Issue the following commands to kill and restart
the ypbind process: /sbin/init.d/nis.client stop
/sbin/init.d/nis.client start |
If an NIS server host has multiple network interface cards,
add a line to the secureservers file for the IP address of each card. If you start ypbind with the -ypset option and issue the ypset command to bind to a specific server, the /var/yp/secureservers file is ignored, and the client may bind to any
server. Type man 1M ypbind at the HP-UX prompt for more information. Examples
from /var/yp/secureserversThe following line from a /var/yp/secureservers file allows the NIS client to bind only to the
server at IP address 20.21.22.23. Because every bit is set in the
address mask, the IP address of the NIS server must match the IP_address field exactly, or the client will not bind to
it. 255.255.255.255 20.21.22.23 |
The following line from a /var/yp/secureservers file allows the client to bind to any NIS server
on the network 20.21.22.0. The last 8 bits of the server’s
IP address are ignored, because the last 8 bits of the address mask
are set to 0. The client may bind to any server whose IP address begins
20.21.22. 255.255.255.0 20.21.22.23 |
Bind
an NIS Client to a Server on a Different Subnet | |
Hewlett-Packard recommends that you configure a server on
each subnet where you have NIS clients; however, if you cannot do
that, follow these steps to force an NIS client to bind to a server
on a different subnet: Log in as root to the NIS client. Add the -ypset option to the YPBIND_OPTIONS variable in the /etc/rc.config.d/namesvrs file, as follows: In the /etc/rc.config.d/namesvrs file, set the YPSET_ADDR variable to the IP address of an NIS server, as
in the following example: YPSET_ADDR=”15.13.115.168” |
Issue the following commands to restart the NIS
client: /sbin/init.d/nis.client stop
/sbin/init.d/nis.client start |
If the server you specify in the ypset command is unavailable when your client boots
up, your client will broadcast a request for a server to its local
network. If no server exists on the local network, the client will hang. For more information, type man 1M ypset or man 1M ypbind. |
Printable version
