Sun Microsystems, Inc.
spacerspacer
spacer www.sun.com docs.sun.com |
spacer
black dot
 
 
9.  Administering NIS (Tasks) Adding a Slave Server How to Add a Slave Server  Previous   Contents   Next 
   
 

Using NIS With C2 Security

If the $PWDIR/security/passwd.adjunct file is present, C2 security is started automatically. ($PWDIR is defined in /var/yp/Makefile.) The C2 security mode uses the passwd.adjunct file to create the passwd.adjunct NIS map. In this implementation, NIS allows you to use both the passwd.adjunct file and shadow file to manage security. The passwd.adjunct file is processed only when you type the following.

# make passwd.adjunct

The make passwd command processes the passwd map only, not the passwd.adjunct map when you run make manually in the C2 security mode.

Changing a Machine's NIS Domain

To change the NIS domain name of a machine, do the following.

How to Change a Machine's NIS Domain Name

  1. Become superuser.

  2. Edit the machine's /etc/defaultdomain file, exchanging its present contents with the new domain name for the machine.

    For example, if the current domain name is sales.doc.com, you might change it to research.doc.com.

  3. Run domainname `cat /etc/defaultdomain'

  4. Set the machine up as an NIS client, slave, or master server.

    See for Chapter 8, Setting Up and Configuring NIS Service for details.

Using NIS in Conjunction With DNS

Typically, NIS clients are configured with the nsswitch.conf file to use only NIS for machine name and address lookups. If this type of lookup fails, an NIS server can forward these lookups to DNS.

Configuring Machine Name and Address Lookup Through NIS and DNS

  1. Log into the machine and become a superuser.

  2. The two map files, hosts.byname and hosts.byaddr must include the YP_INTERDOMAIN key. To test this key, edit the Makefile and modify the following lines.

    #B=-b
    B=

    to
    B=-b
    #B=

    makedbm will now start with the --b flag when it makes the maps, and the YP_INTERDOMAIN key will be inserted into the ndbm files.

  3. Run make to rebuild maps.

    # /usr/ccs/bin/make hosts

  4. Check that all the NIS server's /etc/resolv.conf files point to valid nameservers.


    Note - If you have NIS servers that are not running Solaris, Release 2, make sure YP_INTERDOMAIN exists in the hosts maps.


  5. To enable DNS forwarding, stop each server.

    # /usr/lib/netsvc/yp/ypstop

  6. Restart each server.

    # /usr/lib/netsvc/yp/ypstart

    In this implementation of NIS, ypstart will automatically start the ypserv daemon with the --d option to forward requests to DNS.

Dealing with Mixed NIS Domains

If the master and slave servers are not both running Solaris 2, refer to the following table for how to avoid potential problems. The notation "4.0.3+" refers to the that and later releases of SunOS. makedm --b is a reference to the "-B" variable in the Makefile.

Table 9-1 NIS/DNS in Heterogeneous NIS Domains

Slave

 

Master

 

 

4.0.3+

 

Solaris

4.0.3+

Master: makedbm --b

Slave: ypxfr

Master: makedbm --b

Slave: ypxfr

Master: ypserv --d

ypxrf --b

Solaris NIS

Master: makedbm --b

Slave: ypxfr

Master: makedbm --b

Slave: ypxfr

Master: ypserv --d

Slave: ypxfr with resolv.conf or ypxfr --b

Turning Off NIS Services

If ypserv on the master is disabled, you can no longer update any of the NIS maps. If you choose to turn off NIS on a network currently running it, you can disable NIS after the next reboot by renaming the ypbind file to ypbind.orig, as follows.

% mv /usr/lib/netsvc/yp/ypbind /usr/lib/netsvc/yp/ypbind.orig

To disable NIS after the next reboot on a particular NIS slave or master, type the following on the server in question.

% mv /usr/lib/netsvc/yp/ypserv /usr/lib/netsvc/yp/ypserv.orig

To stop NIS immediately, type the following.

% /usr/lib/netsvc/yp/ypstop

The NIS service is automatically restarted after the next reboot unless the ypbind and ypserv files are renamed as described above.

 
 
 
  Previous   Contents   Next