nis_manual_setup man page on DigitalUNIX

Man page or keyword search:  
man Server   12896 pages
apropos Keyword Search (all sections)
Output format
DigitalUNIX logo
[printable version]

nis_manual_setup(7)					   nis_manual_setup(7)

NAME
       nis_manual_setup	 - Describes how to manually set up the Network Infor‐
       mation Service (NIS)

DESCRIPTION
       Setting up NIS includes configuring the following: Master server	 Slave
       servers Clients

					Note

       You  must  have	the Additional Networking Services subset installed to
       create an NIS master or slave server.

       To configure NIS with support for  enhanced  security,  and  optionally
       create  secure versions of NIS maps, carefully read the instructions in
       the Security Administration guide  before  proceeding  with  the	 setup
       described in this reference page.

SETTING UP THE MASTER SERVER
       There  can be only one master server in an NIS domain. To set up a mas‐
       ter server, log in as superuser and perform the following steps: Create
       the /var/yp/src/mail.aliases file.

	      The mail.aliases file defines networkwide mail aliases. Creating
	      this file is optional.  However, if you want to define and  dis‐
	      tribute mail aliases on your network, you must create it. If you
	      do not create a mail.aliases file, when the NIS maps are	built,
	      a	 message  telling  you that the mail.aliases file could not be
	      found is displayed on the screen.

	      For information on defining mail	aliases,  see  the  aliases(4)
	      reference page.  Create the /var/yp/src/netgroup file.

	      The  netgroup  file  defines  networkwide groups and is used for
	      permission checking when doing remote mounts, remote logins, and
	      accessing	 remote	 shells.  Creating this file is optional. How‐
	      ever, if you want to define and distribute network group	infor‐
	      mation on your network, you must create it. If you do not create
	      a netgroup file, when the NIS maps are built, a message  telling
	      you  that	 the  netgroup file could not be found is displayed on
	      the screen.

	      For information on defining network groups, see the  netgroup(4)
	      reference	 page.	 Copy into the /var/yp/src directory the local
	      /etc files that you intend to make into NIS maps	for  distribu‐
	      tion. Be sure that the information in the files is up to date.

	      When  the default set of NIS maps is created, the following file
	      names are recognized  in	the  /var/yp/src  directory:  aliases,
	      group,  hosts,  mail.aliases, netgroup, networks, passwd, proto‐
	      cols, rpc, and services. If you do not want to distribute one of
	      the  default  maps,  do not copy the local /etc file for it into
	      the /var/yp/src  directory.   If	a  file	 is  absent  from  the
	      /var/yp/src  directory,  when  the NIS maps are built, a message
	      telling you that the file could not be found is displayed on the
	      screen.	Remove	the  entry for root from the passwd file after
	      you copy it into the /var/yp/src directory.  Copy Automount  and
	      AutoFS  maps,  or other site-specific maps, into the /var/yp/src
	      directory.  For information on creating these maps, see the Net‐
	      work  Administration: Services manual.  Create the domain direc‐
	      tory by entering the following  command,	replacing  test_domain
	      with the name of your domain: # mkdir /var/yp/test_domain

					    Note

	      A NIS domain name is not the same as a BIND domain name.	If you
	      configure the system with an incorrect NIS domain name, all NIS-
	      related  operations  (such  as logging in and the ls -l command)
	      hang for several minutes, then fail.  Determine the  appropriate
	      method  for  building the NIS maps.  The available database for‐
	      mats are as follows: btree (b) -- Recommended when creating  and
	      maintaining  very large maps.  dbm/ndbm (d) -- For backward com‐
	      patibility. This is the default.	 hash  (h)  --	A  potentially
	      quicker method for managing small maps.

	      Choose  a	 method	 and  set  the NIS_SERVERARGS parameter in the
	      /etc/rc.config.common file by issuing the following  command:  #
	      /usr/sbin/rcmgr -c set NIS_SERVERARGS method

	      Replace  method with the letter (b, d, or h) that corresponds to
	      the database format.  Create the ypservers map.

	      The ypservers map is  a  list  of	 all  of  the  domain's	 slave
	      servers.	To  create  this  map,	enter the following command: #
	      /var/yp/makedbm -a method - /var/yp/test_domain/ypservers slave1
	      slave1 slave2 slave2 slaveN slaveN [Ctrl/d]

	      Replace test_domain with the name of your domain, replace method
	      with the corresponding letter for the database format as	deter‐
	      mined  in	 the  previous step, and replace slave1 through slaveN
	      with the names of the slave servers. (For each entry,  you  must
	      type the slave server's name twice, as shown.)

	      Be  sure	to include all of the slave servers in your domain. If
	      you add a slave server to your  domain,  you  must  remake  this
	      list.   Prepare  the  Makefile  to use for creating the maps you
	      want to distribute throughout the NIS domain.

	      Open the /var/yp/Makefile file in a text editor and do the  fol‐
	      lowing:  In the DOM section of the file, set the domain name you
	      have chosen. For example, if your domain name  is	 market,  edit
	      the /var/yp/Makefile file in the following way:

	      .	  .   # #  ***** DOM must be filled in with the domain name !!
	      # DOM=market .  .	 Scroll down to the METHOD section of the file
	      and   set	 the  same  database  format  you  specified  for  the
	      NIS_SERVERARGS parameter in the /etc/rc.config.common file:

	      .	 .  # by default use dbm/ndbm to  store	 and  maintain	the  #
	      databases	 other options include, "b" for "btree", # and "h" for
	      "hash".  If you're curious, see dbopen(3), # btree(3),  hash(3).
	      We  strongly  recommend  "b"  #  (for  btree)  for  large maps #
	      METHOD=method .  .

	      Replace method with the letter (b, d, or h) that corresponds  to
	      the  appropriate	database  format. (Note that all of your maps,
	      including the ypservers map, must be maintained in the same for‐
	      mat.)   If  you  are  using  the	NIS master server to serve the
	      auto.master map, the auto.home map, or both, you	must  place  a
	      number  sign (#) at the beginning of the following lines to com‐
	      ment them out:

	      all:  passwd group hosts networks rpc  services  protocols  net‐
	      group \
		    aliases

	      Then,  remove the number sign (#) from the beginning of the fol‐
	      lowing lines to enable  the  creation  of	 the  auto.master  and
	      auto.home maps:

	      #all:  passwd  group  hosts networks rpc services protocols net‐
	      group \ #	    aliases auto.home auto.master
	       .
	       .
	       .    #$(YPDBDIR)/$(DOM)/auto.home.time:	 $(DIR)/auto.home    #
	      -@if  [ -f $(DIR)/auto.home ]; then \ #		     $(SED) -e
	      "/^#/d"	 -e    s/#.*$$//    $(DIR)/auto.home	 |     \     #
	      $(MAKEDBM)  -a  $(METHOD)	 -  $(YPDBDIR)/$(DOM)/auto.home;  \  #
	      $(TOUCH)	     $(YPDBDIR)/$(DOM)/auto.home.time;	     \	     #
	      $(ECHO) "updated auto.home"; \ #		      if [ ! $(NOPUSH)
	      ]; then  \  #			   $(YPPUSH)  auto.home;  \  #
	      $(ECHO)	"pushed	  auto.home";  \  #		    else  \  #
	      :	 ;  \  #		 fi  \	#		  else	 \   #
	      $(ECHO)  "couldn't  find	$(DIR)/auto.home";  \  #	 fi  #
	      #$(YPDBDIR)/$(DOM)/auto.master.time:    $(DIR)/auto.master     #
	      -@if [ -f $(DIR)/auto.master ]; then \ #		     $(SED) -e
	      "/^#/d"	 -e    s/#.*$$//    $(DIR)/auto.master	  |    \     #
	      $(MAKEDBM)  -a  $(METHOD)	 -  $(YPDBDIR)/$(DOM)/auto.master; \ #
	      $(TOUCH)	    $(YPDBDIR)/$(DOM)/auto.master.time;	     \	     #
	      $(ECHO)	"updated  auto.master";	 \  #		      if  [  !
	      $(NOPUSH) ]; then \ #			  $(YPPUSH)  auto.mas‐
	      ter; \ #			     $(ECHO) "pushed auto.master"; \ #
	      else \ #			      : ; \ #		      fi  \  #
	      else  \ #		       $(ECHO) "couldn't find $(DIR)/auto.mas‐
	      ter";   \	  #	     fi	  .    .    .	 #auto.home:   $(YPDB‐
	      DIR)/$(DOM)/auto.home.time	 #auto.master:	       $(YPDB‐
	      DIR)/$(DOM)/auto.master.time   .	  .    .    #$(DIR)/auto.home:
	      #$(DIR)/auto.master: Save the /var/yp/Makefile file and exit the
	      text editor.  Create the NIS maps.

	      Change to the /var/yp directory and enter the make  command,  as
	      follows:	#  cd  /var/yp # make NOPUSH="Y" Decide whether to run
	      the yppasswdd daemon.

	      The yppasswdd daemon runs on the master server  and  allows  the
	      master copy of the password file to be updated remotely by using
	      the yppasswd command.  You should run the	 yppasswdd  daemon  on
	      your master server.

	      If you decide to run the yppasswdd daemon, edit the /etc/rc.con‐
	      fig.common  file	 by   issuing	the   following	  command:   #
	      /usr/sbin/rcmgr -c set NIS_PASSWDD YES

	      To  complete  setting  up the master server, see the "Setting Up
	      NIS Clients" section in this reference page.

SETTING UP SLAVE SERVERS
       Use the following procedure to set up a slave server: Create the domain
       directory by entering the following command, replacing test_domain with
       the name of your domain: # mkdir /var/yp/test_domain

	      A NIS domain name is not the same as a BIND domain name.	If you
	      configure the system with an incorrect NIS domain name, all NIS-
	      related operations (such as logging in and ls -l commands)  hang
	      for  several  minutes, then fail.	 Copy the master's maps to the
	      slave server.

	      You must copy each map from the master individually,  using  the
	      following command format:

	      /var/yp/ypxfr -a method -h nis_master -c -d nis_domain mapname

	      For example, to transfer dbm/ndbm-formatted passwd maps from the
	      master server, host1, to a slave server, type the following com‐
	      mands.  The domain in this example is shark.

	      #	  /var/yp/ypxfr	  -h   host1   -c  -d  shark  passwd.byname  #
	      /var/yp/ypxfr -h host1 -c -d shark passwd.byuid

	      The /var/yp/nis_domain directory on the master server lists  all
	      of  the  maps  that  your	 slave server can serve.  You can also
	      transfer btree and hash format maps by using the -a switch.  See
	      the  ypxfr(8)  reference	page  for  more information.  Edit the
	      /var/spool/cron/crontabs/root  file  by  adding  the   following
	      lines.  Note  that  there	 should	 be  no	 blank	lines  in  the
	      /var/spool/cron/crontabs/root file.

	      .	 .  .  # Network Information Service: SLAVE server entries  30
	      *	  *   *	  *  sh	 /var/yp/ypxfr_1perhour	 31  1,13  *  *	 *  sh
	      /var/yp/ypxfr_2perday 32 1 * * * sh /var/yp/ypxfr_1perday

	      The first line is a comment.  The second line runs the following
	      command once an hour at 30 minutes past the hour:

	      sh /var/yp/ypxfr_1perhour The third line runs the following com‐
	      mand twice per day at 01:31 and 13:31:

	      sh /var/yp/ypxfr_2perday The fourth line runs the following com‐
	      mand once per day at 01:32:

	      sh /var/yp/ypxfr_1perday

	      See  the crontab(1) reference page for more information. To com‐
	      plete setting up	a  slave  server,  see	the  "Setting  Up  NIS
	      Clients" section in this reference page.

SETTING UP NIS CLIENTS
       This  section explains how to set up an NIS client.  Because the master
       server and all slave servers are considered NIS clients, you must  also
       complete	 these	steps  to  set up these servers: Edit the /etc/rc.con‐
       fig.common file by using the /usr/sbin/rcmgr utility.  The  syntax  for
       the /usr/sbin/rcmgr command is: /usr/sbin/rcmgr -c set variable value

	      You  should  set	the  value  of	the  NIS_CONF variable and the
	      NIS_ARGS in the /etc/rc.config.common file to the following val‐
	      ues for the master server, slave servers, and clients:

	      NIS_CONF YES NIS_ARGS -S nisdomain, server1,server2,server3

	      You  must	 set  the NIS_TYPE variable to the system type: MASTER
	      for master servers, SLAVE for  slave  servers,  and  CLIENT  for
	      clients.	The servers must list themselves in the server list if
	      the system is running with the -S option.

	      For example, to set up host2 to be a client server in the domain
	      pacific, and run the ypbind daemon with the -S option, enter the
	      following commands:

	      # /usr/sbin/rcmgr -c set NIS_CONF YES # /usr/sbin/rcmgr  -c  set
	      NIS_TYPE	CLIENT	#  /usr/sbin/rcmgr -c set NIS_DOMAIN pacific #
	      /usr/sbin/rcmgr -c set NIS_ARGS \
					"-S  pacific,host2,host1,host3"	 Start
	      the NIS daemons by issuing the following command:

	      # /sbin/init.d/nis start

	      To  reconfigure  NIS  on	your system, you must kill the daemons
	      that are running and the restart them.   To  kill	 the  daemons,
	      enter the following command:

	      # /sbin/init.d/nis stop

	      Restart  the  daemons by using the "/sbin/init.d/nis start" com‐
	      mand.  Prepare the local /etc  files.   Edit  the	 /etc/svc.conf
	      file to enable NIS lookups.

	      The /etc/svc.conf file is the database service selection config‐
	      uration file that your system references to determine what  dis‐
	      tributed	database  lookup  services are running on your system,
	      which databases are being served by them, and in what  order  to
	      query  them.  When enabling NIS, you must edit the /etc/svc.conf
	      file to tell your system that you want NIS servers  queried  for
	      distributed database information. For information on editing the
	      /etc/svc.conf file, see  svc.conf(4),  svcsetup(8),  or  Network
	      Administration:  Services.   If  necessary, edit the /etc/passwd
	      file and /etc/group files to enable NIS lookups.

	      If you want your system to query an NIS server for  password  or
	      group information, or both, a plus sign followed by a colon (+:)
	      must be the last line of the /etc/passwd	file,  the  /etc/group
	      file, or both.  For example:

	      root:9Pf.mMEPUz08t:0:1:System  PRIVILEGED	 Account,,,:/:/bin/csh
	      field:OnGgTH5moq4Yw:0:1:Field Svc Account,,,:/usr/field:/bin/csh
	      operator:Ni6WK/uqs0vaE:25:28:Operator  Account,,,:/etc/operator:
	      guest:Nologin:100:31:Guest	   account:/usr/spool/uucppub‐
	      lic:/bin/date +:

					    Note

	      If  +:  is  not the last line of the file, all entries following
	      the +: are ignored.

ADDING USERS IN A DISTRIBUTED ENVIRONMENT
       In an NIS environment you can add a user account to  either  the	 local
       passwd  file  or the NIS distributed passwd file. Accounts added to the
       local passwd file are visible only to the  system  to  which  they  are
       added. Accounts added to the NIS distributed passwd file are visible to
       all NIS clients that have access to the distributed file.

   Gathering Information
       Before adding new user accounts to the passwd database, gather the fol‐
       lowing  information:  Determine	whether you want to add the account to
       the local passwd file or the the NIS distributed passwd	file.	Gather
       the  following  information  on	the users you want to add: Login names
       User identification numbers (UIDs) Group identification numbers	(GIDs)
       Real  names,  office  numbers, and telephone extensions Initial working
       directories Program to use as a shell

   Adding User Accounts to the NIS Distributed passwd File
       To add user accounts in a distributed environment, you  must  edit  the
       master  passwd  file  on the NIS master server. To do this, perform the
       following steps: Log in as superuser on the NIS master server.	Change
       to the /var/yp/src directory.  Edit the passwd database to add an entry
       for each new user.

	      The format for each entry is the	same  as  the  format  in  the
	      /etc/passwd file, which is as follows:

	      login-name:passwd	    field:UID:GID:user-	    info:initial-work‐
	      ing-directory:shell-program

	      Leave the passwd field blank.  Rebuild the passwd database.

	      Change to the /var/yp directory and enter the make  passwd  com‐
	      mand,  as	 follows:  #  cd  /var/yp # make passwd updated passwd
	      pushed passwd Use the yppasswd command to set the	 password  for
	      each  new	 user,	as  follows: # yppasswd new_user NIS password:
	      Return New password: password Retype new password: password  NIS
	      passwd changed on NIS-master

	      Your system is not secure if no password is set.

   Adding  User	 Accounts to the Local passwd File in an NIS Distributed Envi‐
       ronment
       To add a user account to only the local system in an  NIS  environment,
       you  must add the account manually. (For more information, see the Sys‐
       tem Administration manual.) These entries must appear before  the  plus
       sign and colon (+:) at the end of the file.

       A  user's  account  information	may  be partially distributed.	If the
       user's entry in the /etc/passwd file has a prepended  "+",  both	 data‐
       bases  are  read with the information from the /etc/passwd file (except
       for the UID and gid fields) overlaying the  information	from  the  NIS
       distributed user account database.

       If  the	user's	entry in the /etc/passwd file has a prepended "-", the
       user is excluded from the password database.

       See Security Administration for more information.

RELATED INFORMATION
       domainname(1),  nis_intro(7),  nissetup(8),   svc.conf(4),   ypbind(8),
       yppasswd(1), ypserv(8), ypxfr(8)

       System	Administration,	 Network  Administration:  Services,  Security
       Administration

							   nis_manual_setup(7)
[top]

List of man pages available for DigitalUNIX

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net