How to Set Up a Network Configuration Server

1. Become superuser and change to the root directory of the prospective network configuration server.

2. Turn on the in.tftpd daemon by creating the directory /tftpboot:

   # mkdir /tftpboot

   This command configures the machine as a TFTP, bootparams, and RARP server.

3. Create a symbolic link to the directory.

   # ln -s /tftpboot/. /tftpboot/tftpboot

4. Enable the tftp line in inetd.conf.

   Check that the /etc/inetd.conf entry reads as follows:

   tftp dgram udp wait root /usr/sbin/in.tftpd in.tftpd -s /tftpboot

   This line prevents inettftpd() from retrieving any file other than the file that is located in /tftpboot.

5. Edit the hosts database, and add the host names and IP addresses for every client on the network.

6. Edit the ethers database, and create entries for every host on the network to run in network client mode.

7. Edit the bootparams database.

   See "bootparams Database". Use the wildcard entry or create an entry for every host that runs in network client mode.

8. On a command line, type the following command.

   # pkill -HUP inetd

Information for setting up install servers and boot servers is found in Solaris 9 Installation Guide.

Configuring Network Clients

Network clients receive their configuration information from network configuration servers. Therefore, before you configure a host as a network client you must ensure that at least one network configuration server is set up for the network.

How to Configure Hosts for Network Client Mode

Do the following on each host to be configured in network client mode:

1. Become superuser.

2. Check the directory for the existence of an /etc/nodename file. If such a file exists, delete it.

   Eliminating /etc/nodename causes the system to use the hostconfig program to obtain the host name, domain name, and router addresses from the network configuration server. See "Network Configuration Procedures".

3. Create the file /etc/hostname.interface, if this file does not exist.

   Ensure that the file is empty. An empty /etc/hostname.interface file causes the system to acquire the IP address from the network configuration server. If you are using IPv6, see "IPv6 Network Interface Configuration File".

4. Ensure that the /etc/inet/hosts file contains only the host name and IP address of the loopback network interface.

   For more information, see "Loopback Address". The file should not contain the IP address and host name for the local machine (primary network interface). If you are using IPv6, see "/etc/inet/ipnodes File".

5. Check for the existence of an /etc/defaultdomain file. If such a file exists, delete it.

   The hostconfig program sets the domain name automatically. If you are overriding the domain name that is set by hostconfig, type the substitute domain name in the file /etc/defaultdomain.

6. Ensure that the search paths in the client's /etc/nsswitch.conf reflect the name service requirements for your network.

How to Specify a Router for the Network Client

1. If only one router is on the network and the network configuration server is to specify its name automatically, ensure that no /etc/defaultrouter file exists on the network client.

2. To override the name of the default router that is provided by the network configuration server, do the following:

   1. Create /etc/defaultrouter on the network client.

   2. Type the host name and IP address of the machine you have designated as the default router.

   3. Add the host name and IP address of the designated default router to the network client's /etc/inet/hosts.

3. If you have multiple routers on the network, create /etc/defaultrouter on the network client, but leave this file empty.

Creating /etc/defaultrouter and leaving this file empty causes one of the two dynamic routing protocols to run: ICMP Router Discovery Protocol (RDISC), or Routing Information Protocol (RIP). The system first runs the program in.rdisc, which looks for routers that are running the router discovery protocol. If in.rdisc finds one such router, in.rdisc continues to run and monitors the routers that are running the RDISC protocol.

If the system discovers that routers are not responding to the RDISC protocol, the system uses RIP and runs the in.routed daemon to monitor the routers.

Configuring Standard TCP/IP Services

Services such as telnet, ftp, and rlogin are started by the inetd daemon, which runs automatically at boot time. Refer to the inetd(1M) and inetd.conf(4) man pages.

In addition to the service definitions in the /etc/inetd.conf file, you can configure inetd by using the /etc/default/inetd file. For example, you can configure the logging of all incoming connections. You can also configure the use of the TCP Wrappers facility for access control.

How to Log the IP Addresses of All Incoming TCP Connections

1. Become superuser.

2. Turn logging on by editing the /etc/default/inetd file by adding the following line:

   ENABLE_CONNECTION_LOGGING=YES

   ---

   Note - If the previous line already exists with a comment symbol, then you can just delete the comment symbol.

   ---

3. Kill the inetd daemon.

4. Restart the inetd daemon.

See System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP) and System Administration Guide: Naming and Directory Services (FNS and NIS+) for further information on name services.

How to Use TCP Wrappers to Control Access to TCP Services

1. Become superuser.

2. Turn TCP Wrappers on by editing the /etc/default/inetd file by adding the following line.

   ENABLE_TCPWRAPPERS=YES

   ---

   Note - If the previous line already exists with a comment symbol, then you can just delete the comment symbol.

   ---

3. Kill the inetd daemon.

4. Restart the inetd daemon.

5. Configure the TCP Wrappers access control policy as described in the hosts_access(4) man page.