Chapter 9: Configuring the Network Information Service (NIS)
Table of contents
Chapter 9
Configuring the Network Information Service (NIS)
������NIS (Network Information Service) is a networked system
administration service that supplements NFS (Network File System).
The primary purpose of NIS is to ensure the consistency of
system administration information in a heterogeneous network
environment.
It does so by designating a single host as the
master of all the files and databases containing this
information.
It provides a method to distribute the information
to all other hosts on the network.
This chapter presents background information on NIS, suggests
guidelines for planning an NIS configuration, and explains
configuration and administration procedures.
Novice and
experienced network administrators alike should read the entire
chapter; although you may be familiar with NIS functionality,
the section
``How NIS works''
includes details on
features unique to the SCO implementation.
The term ``Network Information Service'' now refers
to the service formerly known as Sun ``Yellow Pages''
or ``YP.''
The functionality remains the same; only the name has changed.
Nonetheless, many NIS utilities retain the ``yp-'' prefix, for
example, ypmake and ypserv.
See also:
How NIS works
���NIS uses a client-server architecture to
distribute information from the
following files on the master server by default:
-
/etc/passwd
-
/etc/group
-
/etc/hosts
-
/etc/ethers
-
/etc/networks
-
/etc/netgroup
-
/etc/protocols
-
/etc/services
NIS can also manage /usr/lib/mail/aliases if
your system uses sendmail.
In addition, other frequently used files (such as telephone
lists and automount maps) may be selected for NIS
administration.
When NIS is initialized on the master server, information from
these files is compiled into a series of databases called
maps. The maps are then propagated to other servers
(slave and copy-only servers) on the network,
where they are
translated back into ASCII files.
When it is
necessary to update information in these files, the ASCII
files are edited on the master server and the maps are modified and
repropagated using NIS commands.
In the SCO implementation of NIS, master and slave
servers perform all lookups of NIS-managed information
locally on servers.
Copy-only servers and NIS clients use remote servers.
SCO clients can request NIS maps from servers
to satisfy lookup requests for password and group information.
This is only supported for commands that have
been built using the libsocket library.
All SCO-supplied commands, such as
ls(C),
can read NIS password and group maps when run on a
client.
When a new map is received on a slave or copy-only server, it is
converted to the corresponding ASCII file(s) that is
then available locally to requesting processes.
SCO NIS servers
can also satisfy lookup requests from clients running
other than SCO systems.
See also:
NIS domain
���An NIS domain defines the group of computers sharing
configuration information.
An NIS domain consists of a single host serving as the master
server of the domain and all of the nonmaster NIS servers
and NIS clients who rely on that
master for their configuration information.
While an NIS domain may consist of a list of hosts identical to
those contained in an Internet, MMDF,
or sendmail domain, an NIS domain is distinct from
these others in purpose.
All NIS servers and clients within an NIS domain
store a common domain name.
This name is established during NIS initialization of the server
or client.
�The domain name can also be set or displayed using the
domainname(NC)
command.
This domain name is used for authentication within NIS
and is used to name the directory within which each host
stores the NIS maps for that domain.
For example, maps for the literature domain are in the
/etc/yp/literature directory.
NIS maps
��The configuration information managed with NIS is typically
stored in ASCII files when NIS is not in use.
NIS master servers convert the information into NIS
maps for storage and transfer by NIS programs.
Each NIS map is an ndbm database.
An ndbm database consists of a pair
of files that are created by calls to the
ndbm(NS)
library package.
One file contains a directory (that is, a bitmap of indices accessed
by a hash table); the other file contains data.
Because of the non-ASCII file structure imposed by ndbm,
you must use NIS tools (such as ypxfr and yppush)
to transfer maps from one machine to another.
The use of maps to manage data permits NIS
to add a timestamp and the identity of the source
(that is, the name of the host serving as the master).
A host uses the timestamp to determine if the contents of the map
it is receiving are newer than data it already has.
The identity of the master allows a nonmaster server to request
an immediate update.
NIS maps are created when an NIS master server is initialized
or as needed using NIS commands.
When an NIS master server
is being initialized, the initialization process creates the
maps listed in the file /etc/yp/YP_MAP_X_LATE.
These maps are propagated to nonmaster servers when these
servers enter multiuser mode for the first time after
being initialized as NIS servers.
Additional maps can be created on the master server at any
time using the procedures described in
``Creating NIS maps''.
Understanding YP_MAP_X_LATE
��The /etc/yp/YP_MAP_X_LATE file contains
a complete listing of active NIS maps.
The most common entries are hosts, group,
passwd, and ypservers, although all standard
and nonstandard maps (that is, created by you) must be listed
here if you wish NIS to serve them.
The format of this file is described on the
ypmapxlate(NF)
manual page.
The maps listed in
YP_MAP_X_LATE get created when NIS is
initialized by executing
ypinit(NADM)
or mkdev nis.
You must list all the maps you need in
YP_MAP_X_LATE
before your system is initialized.
If you add new maps after
initialization, they need not be listed in
YP_MAP_X_LATE to be made functional; however,
because NIS consults YP_MAP_X_LATE when
propagating maps, new maps must be listed here for them to be
propagated using
yppush(NADM),
ypxfr(NADM),
or other NIS utilities.
For this reason, we recommend that you keep
YP_MAP_X_LATE
up-to-date on your master server.
Although slave and copy-only servers do not propagate maps and
hence do not consult YP_MAP_X_LATE,
we recommend that you keep this file current on nonmaster
servers to simplify NIS administration.
YP_MAP_X_LATE also contains NIS
aliases for NIS maps;
aliases may be used by all NIS servers.
If you have a system on your network that cannot handle long
map names (that is, longer than 14 characters),
you can add an alias to YP_MAP_X_LATE,
showing a shortened alias for the map. If you have additional aliases
to include in YP_MAP_X_LATE, add them before
configuring NIS.
Propagating an NIS map
���Propagating a map means moving it from place to place,
generally from the NIS master server to an NIS
slave or copy-only server. Initially, the map is moved at system startup.
Maps are not propagated to clients because clients request map information
from servers rather than storing the maps themselves.
After you initialize an NIS nonmaster server,
ypxfr(NADM)
transfers updated maps from the master server.
The ypxfr command can be run in the following ways:
In all cases, ypxfr checks for a file in
/etc/yp/map2ascii with the same name as the transferred map.
If this file exists, it is executed as the last step of the
ypxfr process.
These map2ascii files translate the new map into
its ASCII counterpart and install it in its proper place.
map2ascii routines are supplied
for the most commonly used maps.
You can write other routines and place them
in the directory for use on other maps.
You can capture
ypxfr's transfer attempts and results in the logfile
/usr/adm/nislog.
If this file exists, results are appended to it.
You are responsible for limiting the size of this file.
To turn off logging, remove or rename this file.
Refer to the
ypxfr(NADM)
manual page for more information about the logfile.
Methods for transferring updated maps are described in the
following sections.
Using cron to propagate maps
�Maps have differing rates of change; for instance, protocols.byname
might not change for a long time, but passwd.byname
might change several times a day in a large organization.
You can set up root's
crontab(C)
entries to run ypxfr
periodically at a rate appropriate for any map in an NIS database.
The ypxfr program contacts the master server
and transfers the map only if the master's
copy is more recent than the local copy.
To avoid a crontab entry for each map,
group several maps into a shell script
that can be run from a single crontab script file.
Each shell script should contain maps with approximately the
same characteristics.
The following suggested groupings,
mnemonically named,
can be found in /etc/yp: ypxfr1phr (hourly),
ypxfr1pdy (once daily), and ypxfr2pdy (twice
daily).
If the rates of change are inappropriate for a particular environment,
you can easily modify or replace these shell scripts.
The following crontab entries will call the scripts:
0 * * * * /etc/yp/ypxfr1phr
0 0 * * * /etc/yp/ypxfr1pdy
0 0,12 * * * /etc/yp/ypxfr2pdy
Run the same shell scripts at each NIS
slave and copy-only server in the domain;
do not run them from the master server.
Alter the time of execution from one
server to another to prevent the checking from
impeding the master server.
To transfer the map from a particular
server, rather than the master server, use the -h
option to ypxfr from within the shell script.
You can check
and transfer maps having unique change characteristics by explicit
invocations of ypxfr within crontab.
See also:
Using the interactive approach to propagate maps
��To use the interactive approach, run ypxfr as a command.
Typically, this is done only in exceptional situations:
for example, when setting up a temporary NIS server to create a
test environment, when transferring a new NIS map,
or when quickly updating an NIS server that was out of service.
Using yppush on the master server to propagate maps
����The ypxfr command is also invoked by ypserv
when the
yppush(NADM)
command is run on the NIS master server.
yppush enumerates the NIS map ypservers
to generate a list of NIS servers in the domain and
sends a ``Transfer Map'' request to each named NIS server.
The ypserv command spawns a copy of ypxfr,
invoking it with the -C flag, and passes it the information
needed to identify the map and call back the initiating yppush
process with a summary status.
NOTE:
yppush requires that a version of a given NIS map
already be present on the nonmaster systems before it can be
transferred.
Therefore, yppush cannot be used to propagate
new maps; rather, ypxfr must be run on each nonmaster
machine to request the new map.
See also:
NIS servers and clients
����Three kinds of machine have NIS databases in an SCO system:
master servers, slave servers, and
copy-only servers. NIS clients
do not maintain an NIS database; they obtain
NIS information by making requests to remote master
or slave servers.
The master server updates the databases of slave and copy-only servers.
Copy-only servers, slave servers, and clients differ in the following ways:
-
Slave servers can satisfy requests to transfer maps if the
master server becomes unavailable; copy-only servers cannot.
-
In a heterogeneous
environment, slave servers can accept NIS requests from any
client, even from those not running SCO systems; copy-only
servers cannot accept NIS requests.
-
Copy-only servers must poll a master server or slave server
to update their maps, while slave servers' maps are
updated by the master server when the master server changes its maps.
-
Copy-only servers only keep stripped maps and
ASCII versions of NIS maps.
Slave servers keep full copies of both NIS maps and
their ASCII versions. Clients keep neither
NIS maps nor their ASCII versions.
-
Clients can request NIS maps over the network;
copy-only servers cannot make NIS requests but must
obtain their information locally.
NOTE:
NIS clients running on other than SCO systems can make
requests of SCO NIS master and slave servers.
��Database changes in an NIS domain are propagated from the master
server to other servers.
If you create or change NIS databases on slave or copy-only
servers instead of on the master server,
all modifications you make are temporary
and are overwritten when the master server updates them.
Therefore, make all database creations and modifications
on the master server machine only.
NIS binding
�����The action of associating a server with a particular host is called
binding that host in the NIS domain.
Hosts must be
bound for NIS services to be provided.
Binding is accomplished at system startup when the ypbind
�daemon broadcasts for a server to satisfy a process request.
The ypbind daemon remembers information that lets
clients' processes on a single node communicate with the
ypserv daemon,
�the NIS database lookup server.
Requests are usually to
transfer a map, display its contents, or to display information
about the NIS domain. Its primary function is to look up
information in its local database of NIS maps.
Unless the host system crashes or the network administrator
intervenes, bindings remain constant in an NIS domain.
NIS services are implemented by the following daemons:
- ypxfrd
-
�satisfies requests from slave or copy-only servers to transfer maps.
In SCO NIS, maps are transferred only when the identity of
the master has been verified by the slave or copy-only server.
- yppasswdd
-
�satisfies requests to change passwords of NIS-managed accounts
and communicates with the master server to update password
information.
This service is not available to servers in Secure
Mode (see the
``Special NIS password change''
and
``Security limitations on configuration''
sections of this chapter for more information).
yppasswdd must
be run only on the master server.
A heterogeneous environment differs from an SCO environment
with regard to binding:
-
SCO environment
-
All hosts are servers that contain both NIS maps and
ASCII files derived from them.
One exception to
this is that copy-only servers store complete ASCII files but
only stripped NIS maps.
-
Lookups are resolved locally on master or slave servers.
-
Clients can resolve some lookups across the network using
NIS requests.
-
All hosts are bound to themselves by default.
That is, the local ypbind binds to the
local ypserv, which in turn satisfies all NIS
requests originating on that machine.
-
Heterogeneous environment
-
Client hosts possess neither NIS maps nor ASCII
files derived from them.
-
Lookups are resolved across the network through NIS requests.
-
The client's ypbind broadcasts a request for service
and binds to the first responding ypserv process.
Applications running on clients may hang when a server
is unavailable to answer NIS requests.
They will resume when the server is again able to respond.
If an NIS client or server requests information from a
server that has crashed or is being rebooted,
the client or server will send out broadcasts to find
another NIS server to which to bind.
See also:
About managing users
���������Two types of account exist on an NIS network:
those that are distributed (and must be
administered from the master machine) and those that are
local (and must be administered from the local
computer). Distributed accounts allow users to access any
machine on the NIS network, while local accounts allow
users access to the local host machine only:
- distributed
-
Provides account information that is uniform on each machine in
an NIS domain.
Changes made to distributed accounts are automatically propagated
through NIS maps to
other NIS nodes.
You can easily manage distributed accounts from a
central node, the master server.
- local
-
Provides account information that can be unique to a particular
machine.
Because they are not affected by maps that are propagated between
servers, local accounts allow you to exempt certain users from
NIS management.
In addition, changes that you make to local accounts do not
affect NIS.
NOTE:
When NIS is installed, preexisting accounts become local
accounts by default, on both master and slave machines.
NIS password information is maintained by the following files in the
/etc directory:
�
- passwd.yp
-
Contains entries for distributed accounts.
After entries are added using the Account Manager,
��The passwd map is created from this file.
�
- passwd.local
-
Contains entries for local accounts.
Entries are created by
default when NIS is initialized on a system or added later
using the Account Manager.
� - passwd
-
Contains entries for all active accounts, local and distributed.
On the master server, passwd contains all entries
from passwd.yp and passwd.local.
On slave
and copy-only servers, it contains entries from passwd.local
and ASCII translations of the passwd map
received from the master.
Entries in passwd.local take precedence over entries
in passwd.yp.
That is, if the two files include a
user with the same name, the information in passwd.local
is incorporated into passwd and the corresponding
information in passwd.yp (and the passwd map)
is overridden.
On clients, you can use NIS maps to augment local
password information in the /etc/passwd file.
See
``Using NIS maps in the password file''
for more details.
�
- ptmp
-
Is a locking file used by yppasswd (see
``Special NIS password change''
later on in this chapter).
NIS group permissions information is maintained by the following
files in the /etc directory:
��������
- group.yp
-
Contains entries for distributed groups.
After entries are
added manually, the
group map is created from this file.
Each NIS
�domain has a unique group.yp file existing only on the
master server.
�
- group.local
-
Contains entries for local groups.
Entries are created by
default when NIS is initialized on a system or added later
manually.
� - group
-
Contains entries for all active groups, local and distributed.
On the master server, group contains all entries
from group.yp and group.local.
On slave
and copy-only servers, it contains entries from group.local
and ASCII translations of the group map
received from the master.
Entries in group.local take precedence over entries
in group.yp.
That is, if the two files include a
group with the same name, the information in group.local
is incorporated into group and the corresponding
information in group.yp (and the group map)
is overridden.
On clients, you can use NIS maps to augment local
group information in the /etc/group file.
See
``Using NIS maps in the group file''
for more details.
�If you want to create local user accounts on an NIS server,
do so before you configure NIS.
Refer to
Chapter 1, ``Administering user accounts'' in the System Administration Guide
for more information on
creating user accounts.
For information regarding account
creation after initializing NIS, refer to
``Administering NIS users and groups''.
NOTE:
Unless distributed users have access to home directories
on each machine they access, their login attempts will fail.
For more information, see
``Distributing home directories''.
���
You can manipulate NIS account files directly from the
command line or scripts using the
useradd(ADM),
userdel(ADM),
and
usermod(ADM)
commands.
About netgroups
���The /etc/netgroup file
defines network-wide groups used for permission
checking when fielding requests for remote mounts, remote logins, and remote
shells. For remote mounts, the information in netgroup is
used to classify machines; for remote logins and remote
shells, it is used to classify users.
NIS clients can use netgroups to include the map
entries for the members of a netgroup in the password file,
/etc/passwd.
See
``Using NIS maps in the password file''
for more details.
Each line of the netgroup
file defines a group and has the format
groupname member_1 member_2
where member is either another group name or a triple (in the
following format, parenthesis included):
(hostname,username,domainname)
Any of these three fields can be empty, in which case it
signifies a wildcard.
Thus the entry
universal (,,)
defines a group to which everyone belongs.
The domainname field
must either be the local domain name or
empty for the netgroup entry to be used.
This field does not
limit the netgroup or provide security.
The
domainname field
refers to the domain in which the triple is valid, not
the domain containing the trusted host.
A gateway machine should be listed under all possible host names
by which it may be recognized:
wan (volga,,) (volga-cities,,)
Field names that begin with something other than a letter,
digit, or dash (such as `-') work in precisely the
opposite way:
justmachines (amazon,-,sun)
justpeople(-,babbage,sun)
The machine amazon belongs to the group
justmachines in
the domain sun, but no users belong to it. Similarly, the
user babbage belongs to the group
justpeople in the domain
sun, but no machines belong to it.
The triple
(,,domain)
allows all users and machines
trusted access and has the same effect as the triple
(,,)
To correctly restrict access to a specific set of members,
use the hostname and username
fields of the triple.
Network groups are contained in the Network Information Service
and are accessed through these files:
/etc/yp/domainname/netgroup.dir
/etc/yp/domainname/netgroup.pag
/etc/yp/domainname/netgrp.usr.dir
/etc/yp/domainname/netgrp.usr.pag
/etc/yp/domainname/netgrp.hst.dir
/etc/yp/domainname/netgrp.hst.pag
These files can be created from /etc/netgroup using
makedbm(NADM).
See also:
Using NIS maps in the password file
��You can incorporate NIS maps in a client's
/etc/passwd file to supplement entries that are
valid only locally.
User entries can be added from the NIS password map
by starting them with the token ``+''.
NIS entries for users have the following format:
+[username]:[password]:::[comment]:[directory]:[program]
The fields have the same meaning as for ordinary
passwd(F)
file entries except that there are no entries for the user or
group IDs. That is, the UID and GID
from the NIS
entry are always used; they cannot be defined locally.
Entries in the password, comment,
directory, or program field override the
corresponding value obtained from the NIS server.
The following entry inserts the entire NIS password
file:
+:
Netgroup entries are added by specifying them as:
+@netgroup:
Any host information about a netgroup is ignored.
NOTE:
You must specify all local entries before NIS map entries.
Any local entries that are specified after NIS map
entries are ignored.
You can prevent users and members of netgroups from logging in by
starting their passwd entries with ``-'' instead
of ``+'':
-username:
-@netgroup:
The following example passwd file is used in conjunction
with the
shadow(F)
file to include and exclude certain users and netgroups:
root:x:0:10:super user:/:/bin/sh
fran:x:121:100:Fran Sisco:/u/fran/:/bin/ksh
-renee:
-@marketing:
+diego::::::
+:::::/u/guest:/bin/rksh
+@developers:
This example, though simple, implies several things:
-
Local users root and fran can log in even
when the system is standalone.
-
root and fran cannot use their NIS
passwords on this client; they are local users.
-
renee is prevented from logging in even if she is
also a member of the netgroup developers.
-
All members of the netgroup marketing are forbidden to log in
unless they are also members of developers.
fran can log in even if she is a member of
marketing.
-
diego and all members
of the network group developers can log in using their
NIS passwords provided that they are not
also members of marketing.
-
Members of the netgroup
developers are restricted to using
rksh(C)
in the directory /u/guest by the entry
+:::::/u/guest:/bin/rksh that precedes the entry
defining their inclusion.
NOTE:
Applications that read passwd stop as soon as they
find a matching entry. For this reason, if you want to ban a
member of a netgroup or allow access to a member of a banned
netgroup, you must place the entry for the user before the netgroup.
See also:
Using NIS maps in the group file
��You can incorporate NIS maps in a client's
/etc/group file to supplement entries that are
valid only locally.
Group entries can be added from the
NIS group map by starting them with the token
``+''. NIS entries for groups have the following
format:
+[groupname]:[password]::[users]
The fields have the same meaning as for ordinary
group(F)
file entries except that there are no entries for the
group ID. The group ID from the
NIS entry is always used.
An entry in the password field is ignored as group
passwords are not supported.
If specified, a comma-separated list of users
is added to the list obtained from the NIS server.
The following entry inserts the entire NIS group
file:
+:::
You can exclude groups by starting their group
entries with ``-'' instead of ``+'':
-groupname:
The following example group file defines a group
local, adds members to the group giant, and
includes all NIS groups except transport:
local::100:fran,stan
+giant:::bill,tina,alan,hetty
-transport:
+:::
NOTE:
Applications that read group stop as soon as they
find a matching entry. An entry for a locally defined group
overrides the NIS entry for a group with the same name.
See also:
NIS interaction with security modes
����The installation of the NIS Runtime System compromises
C2 security and reduces your ability to maintain a secure
system. With NIS installed, it is relatively easy
to change the master machine and change
all the passwords on all systems in the network.
Also, passwords (in encrypted form) are stored in text files
and can be read by anyone with the correct privileges.
If you are concerned with security, NIS may not be an
appropriate service for your system.
See also:
Security limitations on configuration
��To preserve the integrity of trusted databases,
NIS may not modify certain sensitive files within a C2 Secure system.
Although SCO NIS operates on a system with any of the
security defaults (High, Improved, Traditional, and Low), the
password and group databases are updated by NIS only in
the security defaults that use
/etc/passwd and /etc/group
as the master databases.
This condition is true if Traditional
or Low security (Unsecure Mode) is chosen at installation time.
If High or Improved security (Secure Mode) is chosen,
the Trusted Computing Base (TCB) manages
/etc/passwd and /etc/group and does not allow
NIS to update these files.
Only copy-only NIS servers and clients can be
initialized in Secure Mode settings on SCO systems.
These servers may receive maps, but they cannot propagate them.
In addition, if a copy-only
server in Secure Mode receives a password or group map, it
cannot translate these maps into
/etc/passwd or /etc/group ASCII files.
Clients that include NIS maps in their
/etc/passwd or /etc/group files
circumvent TCB and are not C2
Secure.
Table 9-1, ``Security configurations for SCO NIS servers and clients'',
lists the security configurations permitted for each
type of SCO NIS server and client.
�
Table 9-1 Security configurations for SCO NIS servers and clients
-------------------------------------------------------------------
SCO NIS server
or client type Permitted security settings
-------------------------------------------------------------------
master or Unsecure Mode only (Traditional or Low)
slave
copy-only or Secure Mode (High or Improved) or
client Unsecure Mode (Traditional or Low)
These security precautions help prevent unauthorized NIS password
and group information from reaching SCO hosts.
However, the
same security precautions may not be available for
client implementations running on systems other than SCO.
Consult your documentation for
NIS client implementations if you are concerned with security.
See also:
Map integration restrictions in Secure Mode
�If your copy-only server is configured with one of the Secure
Mode defaults, its map2ascii files will prevent any
passwd or group maps from being integrated,
regardless of their source.
WARNING:
Do not attempt to circumvent C2 security restrictions
by removing security checks from the map2ascii files.
Doing so may cause unpredictable behavior and is therefore an
unsupported modification.
Special NIS password change
����When you change a password using the
passwd(C)
command when NIS is not enabled on your system,
the entry given in the system password database
file is changed.
When NIS is enabled, you also use
passwd to change your password.
The passwd command is then a link to the
yppasswd(NC)
command.
(The original
/bin/passwd file is stored at /usr/lib/nisrt/bin/passwd
and a link to /bin/yppasswd is made.)
To enable NIS password service,
you must start up the server daemon,
yppasswdd(NADM),
on the machine serving as the master
for the NIS password file.
If the file /etc/ptmp exists, you will receive the following
message when you try to change a password:
yppasswd: password file busy - try again
The file /etc/ptmp is a lock file that indicates a
previous invocation of
yppasswd still exists.
This file can be removed to unlock the password file.
See the
yppasswd(NC)
manual page for a list of error codes.
NIS logfiles
����������The Account Manager,
yppasswdd(NADM),
yppasswd(NC),
ypxfrd(NADM),
and
ypxfr(NADM)
all use the file
/usr/adm/nislog as a logfile.
If the logfile /usr/adm/nislog exists when
ypxfr is executed, results are appended to this logfile.
If the same logfile exists when the daemon ypserv starts up,
log information will be written to this file when ypserv error
conditions arise.
The user is responsible for limiting the logfile.
To turn off logging, remove the logfile.
Enabling an NIS server
��Many of the tasks associated with
ypinit(NADM)
can also be performed after initialization during routine
maintenance and troubleshooting.
Refer to:
-
``Modifying server attributes''
concerning server administration
-
``Modifying the NIS domain name''
concerning modifications to the NIS domain name
-
``Modifying the list of NIS servers''
concerning modifications to the list of NIS servers
-
``Modifying the map list''
concerning modifications to /etc/yp/YP_MAP_X_LATE
-
``Modifying map attributes''
concerning modifications in NIS map propagation
-
``Modifying existing maps''
concerning modifications to text files under NIS control
-
``Managing distributed user accounts''
concerning NIS user administration
-
``Modifying group attributes on servers''
concerning NIS group administration
See also:
Planning an NIS configuration
��When planning an NIS configuration, you must gauge your
network administration needs with regard to domain structure,
server disposition, security concerns, and the physical structure
of the network.
Your configuration will also be affected if the
network is heterogeneous, that is, if it includes
hosts running operating systems other than SCO systems.
The following sections explain these considerations in more
detail.
�Selecting domains
���For most NIS installations, a single domain is sufficient
to satisfy users' needs. However, if your site has multiple
networks, you must create separate domains for each network
because NIS domains cannot cross network boundaries.
A possible network division might be into
accounting, marketing, and manufacturing domains.
In such an environment, it is recommended that there be one
master and at least one slave server for each domain.
NOTE:
Multiple networks can share a single domain if there is
a single shared machine with a network interface for each
network.
�
Selecting servers
��Two factors are important in selecting master and slave servers:
uptime and synchronization.
The master server should be a host that
is stable and available for NIS requests.
This suggests that a
machine be dedicated as a master server and that there be at
least one slave server for each master in a domain should the
master become unavailable.
The master and slave servers should have CPUs of
comparable power to those of the machines to which they will propagate maps.
This is particularly important in heterogeneous environments where a
number of NIS clients running on other operating systems
may seek to bind with the most available server.
Because it is essential that current map
information be uniformly available across the network, availability
and equivalent speed of servers ensure that the propagation of map
information is synchronized.
In an NIS environment comprised of SCO machines exclusively, slave
servers can be used as a backup to the master server and to
improve the ability to service map update requests
from copy-only servers.
In a heterogeneous environment, slave
servers should be added as needed to keep up with requests from
clients running on other operating systems.
The physical structure of the network may influence the
distribution of slave servers.
For example, if you have a
network that includes a bridge, you will probably
want at least two slave servers on either side.
This is because
NIS requests are delayed when crossing bridges. The result is that a
server on the same side of a bridge as the requesting host will
satisfy a request sooner than one on the far side, even if the
closer server is heavily loaded.
Having two slave servers on the requesting side of the bridge removes
a virtual reliance on one server that may be heavily loaded.
�
Security
��Although NIS is designed to administer password and group
authorization files, such administration is incompatible with C2
security.
SCO NIS maintains C2 security in
an NIS environment by
enforcing the following restrictions:
-
Only copy-only servers may be initialized on Secure Mode
machines.
-
Copy-only servers in Secure Mode may not use password and group
maps for authentication.
This means that master and slave servers are not afforded C2
protection.
NOTE:
SCO NIS clients cannot be C2 Secure
because they integrate password and group maps.
In a heterogeneous environment, SCO copy-only servers under C2
protection continue to refuse password and group maps from
master or slave servers running on other operating systems.
However, an SCO master or
slave server (by definition in Unsecure Mode) may be able to
propagate maps to C2-protected clients on other operating systems.
Consult your client's documentation to address your security
concerns.
Refer also to
``NIS interaction with security modes''.
See also:
Setting up an NIS server
����A number of items must be verified, and perhaps modified, in
preparation of enabling an NIS server:
-
Your network must be configured and operating properly before
initializing NIS.
-
Make sure the fully qualified hostname is set by
running the hostname command.
You should see the hostname and the
default network domain name, for example,
missouri.sco.com.
Usually, the network domain name and hostname
are set up by the system startup script.
CAUTION:
If your hostname and network domain name are not correct, you
may have configuration problems with your network.
However,
changing the hostname and the default network name at this point
may also force you to reconfigure other network services, such as
sendmail, MMDF, and SCO LAN Manager.
Refer to
Chapter 1, ``Configuring network connections'' in Configuring Network Connections
for more information on network configuration.
Verify the following:
See also:
Editing YP_MAP_X_LATE
��An NIS server reads the file
/etc/yp/YP_MAP_X_LATE
to obtain the list of files to service.
Edit the file /etc/yp/YP_MAP_X_LATE
to remove names of files you do not wish NIS to
service and add those you do.
The file
/etc/yp/YP_MAP_X_LATE
supports a facility for mapping map names that are longer than
operating system length limits into alias names; the maps are
then allowed to reside on the system under the alias name but still
be known to NIS programs by a universal map name.
You must assign an NIS alias to a map if a map name
exceeds the filename length limit allowed by your operating system (often
14 characters; however, DTFS, EAFS, and HTFS
filesystems have a filename limit of 255 characters).
For more information on aliasing map names see
ypmapxlate(NF).
Verify that the files listed in
/etc/yp/YP_MAP_X_LATE
are complete and
current on your master server.
All files listed in
/etc/yp/YP_MAP_X_LATE
must be available to the master server.
See also:
Checking the NIS domain name
�������Ensure that the NIS domain name is set to NULL
by entering domainname at your prompt.
If the screen returns anything other than NULL,
enter domainname "".
ypinit and mkdev nis do not enter the appropriate
command in the NIS startup script unless your domain
name is set to NULL.
domainname(NC)
sets or displays the name of the current NIS domain.
See also:
Adding NIS to your PATH variables
�For the root account, add the following entry to the
PATH variable of the /.profile file (if
you are running the Bourne or Korn shell) or /.cshrc
file (if you are running the C shell):
/etc/yp
Initializing NIS
��You can initialize your system as an NIS:
You must be in single-user mode during initialization.
CAUTION:
When initializing NIS servers within an NIS domain,
you must initialize and reboot the designated master server
for the NIS domain before initializing any other
NIS servers in the NIS domain.
Failure to follow this requirement could result in incorrect maps
on various servers.
Initializing a master server
����The following steps explain how to initialize a master NIS server:
-
Log in as root and
shut the system down by using the
System Shutdown Manager
as described in the
SCO OpenServer Handbook.
You see messages as the system services stop.
Press <Enter> at the Safe to Power Off message.
-
The following prompt appears:
Type <Ctrl>D to proceed with normal startup,
(or give root password for system maintenance)
-
Type the root password, then press <Enter>.
-
Enter either of the following commands at your operating system prompt:
��
mkdev nis
or
/etc/yp/ypinit
The functionality and the options for ypinit
and mkdev nis are identical.
-
NIS prompts you to choose the host type:
You must specify whether this host is to be a master, slave server,
copy-only server or NIS client. Please enter the server type:[mscCq]
Enter m to indicate that the local host is to be the
NIS master server.
If you want to stop the initialization, enter q.
-
If you attempt to configure a master or slave server on a host
in Secure Mode (that is, at High or Improved security default),
�you see the following message:
ypinit: ERROR: Invalid configuration.
The security settings of this system are incompatible with the
NIS configuration requested. Please refer to your Release and
Installation Notes for further details.
Initialization Aborted.
Refer to
``NIS interaction with security modes''
for security restrictions.
-
If NIS has been previously initialized on your system, you see
the following:
NIS has been initialized previously on this machine
Please verify that you would like to re-initialize NIS
Do you wish to re-initialize NIS? (y/n/q)
Enter y to continue.
-
You then see:
The local host's domain name hasn't been set. Please set it.
Please enter the domain name or q to quit:
Enter the NIS domain name; you need an NIS domain name to
retrieve data from an NIS database.
You will be asked:
Is "domainname" correct? [y/n/q]
Enter y if correct. If you enter n, you
will be asked to reenter the domain name. If you enter
q, NIS initialization aborts.
You see this prompt:
Installing the NIS database will require that you answer
a few questions. Questions will all be asked at the beginning
of the procedure.
-
If an NIS database already exists on your machine, you see:
Can we destroy the existing /etc/yp/<domainname> and its contents?
[y/n/q: n]
If you see this message, enter
y to continue, which tells NIS to rebuild the previous
NIS database with current information.
If you enter the default n or q, NIS
initialization aborts, and you must
manually remove the old NIS databases.
-
If the /etc/passwd.local file does not exist on the machine,
you see the following message:
NIS stores local logins in /etc/passwd.local, which currently
doesn't exist on this machine. The /etc/passwd.local file must be
created before continuing.
Is it okay to copy /etc/passwd to /etc/passwd.local? [y/n/q: n]
Enter y to continue. See
``About managing users''
for details on these files.
If you enter the default n, you must
manually create the /etc/passwd.local file,
then start the initialization procedure again.
-
If the /etc/group.local file does not exist on your machine,
you see:
NIS stores local groups in /etc/group.local, which currently
doesn't exist on this machine. The /etc/group.local file must be
created before continuing.
Is it okay to copy /etc/group to /etc/group.local? [y/n/q: n]
Enter y to continue. See
``About managing users''
for details on these files.
If you enter the default n, you must manually create the
/etc/group.local file,
then start the initialization procedure again.
-
Next, verify that the YP_MAP_X_LATE
file contains correct information.
You see:
The YP_MAP_X_LATE file contains the following:
list of mapnames
Is this correct? [y/n/q: n]
If the list is not correct, enter the default n.
Edit YP_MAP_X_LATE to contain the correct entries,
and start the initialization procedure again.
Refer to the
ypmapxlate(NF)
manual page for more information.
If the list is correct, enter y to continue.
-
You see the following prompt:
The NIS network password file resides in /etc/passwd.yp on master
servers only.
Since this node is being set up as a
master server, /etc/passwd.yp must be created.
Is it okay to create /etc/passwd.yp? [y/n/q: n]
Enter y to continue.
If you enter n, you must manually
create the /etc/passwd.yp file, then start the initialization
procedure again.
-
You see the following prompt:
The NIS network password file resides in /etc/group.yp
on master servers only.
Since this node is being set up as a master
server, /etc/group.yp must be created.
Is it okay to copy /etc/group to /etc/group.yp? [y/n/q: n]
Enter y to continue.
If you enter n, you must manually
create the /etc/group.yp file, then start the initialization
procedure again.
-
You then see:
You must specify whether ypbind is to be run with the secure
option (-s), the ypset option (-ypset), allowing anyone to
change your binding, or the ypsetme option (-ypsetme) which
only allows requests with host-name's IP address
to change host-name's binding, or with no options.
Please see ypserv(NADM) for more information
1) ypbind -s
2) ypbind -ypset
3) ypbind -ypsetme
4) ypbind
Please enter your choice (1-4,q):
Enter the response appropriate to your security concerns:
- Option 1
-
Recommended for most heterogeneous environments, where other
versions of NIS are also in use.
- Option 2
-
Recommended when the server is on a different subnet and
you want others to be able to change your bindings.
- Option 3
-
Recommended when the server is on a different subnet and
only requests with host-name's IP address
should be able to change your bindings.
- Option 4
-
Recommended in an SCO NIS environment where
the server is on the same subnet.
For further information, consult the
ypserv(NADM)
manual page, which includes information about ypbind.
See also
ypset(NADM).
-
You then see:
At this point, we have to construct a list of the hosts that
will be running NIS (NIS server hosts). The local host
is in this list of NIS server hosts. Please continue to add the
names for the other hosts, one per line. When you are done with
the list, type a <Ctrl>D.
Enter all of the master and slave server names,
including all server machines running other operating systems.
The machine name and the Internet Protocol (IP) domain name
are acceptable host names; the NIS domain name is not.
Press <Enter> after each host name.
After entering the last host name,
press <Ctrl>D to continue, and enter y to
verify that the host names are correct.
NIS then creates and updates the maps.
-
You then see:
Should administration accounts such as "root"
be distributed? [y/n/q: n]
Enter n to prevent administration accounts from being distributed,
unless there is strong reason to do so. See
``Administering NIS users and groups''
for more information.
NOTE:
When you initialize NIS, all of the UNIX system files that have
the same names as NIS files are backed up in parallel subdirectories
under /usr/lib/nisrt.
When you initialize the NIS server,
NIS changes some system files.
For example, NIS saves the
system file /bin/passwd
to /usr/lib/nisrt/bin/passwd and then replaces
/bin/passwd with a link to the file /etc/yppasswd.
When the initialization procedure is complete, you see
a series of messages resembling the following display:
There will be no further questions.
The remainder of the procedure should take 5 to 10 minutes.
-
If NIS has been previously initialized on your system, you
see:
The backup directory /usr/lib/nisrt already exists
Do you wish to continue with the SCO NIS Runtime
System Initialization?
Enter y to continue; NIS then backs up system
passwd files.
If you enter n or q,
NIS installation aborts.
You then see a series of messages similar to:
Backing up system passwd files . . .
Building /etc/yp/domain_name/ypservers . . .
Running /etc/yp/ypmake . . .
<list of updated files>
host_name has been set up as a NIS master server without any errors.
This display of updated maps should correspond to the maps listed in
/etc/yp/YP_MAP_X_LATE.
Your master server is now initialized.
-
You will see:
If there are running slave servers, run yppush now for any
data bases that have been changed. If there are no running
slaves, run ypinit on those hosts that are to be slave servers.
See the reference manual pages for
yppush(NADM)
and
ypinit(NADM)
if you have questions about these procedures.
-
Shut the system down and reboot it by using the
System Shutdown Manager
as described in the
SCO OpenServer Handbook.
Remember to select Reboot after shutdown when using the manager.
The first time an NIS slave server enters
multiuser mode after NIS has been initialized on the slave server,
its startup script calls ypxfr to
transfer maps from the master server.
Subsequent system
startups do not transfer maps automatically.
Initializing a slave server
����The following steps explain how to initialize a slave NIS server:
-
Log in as root and enter the following command to shut
down the system:
/etc/shutdown -g0 -y
You see messages as the system services stop.
Press <Enter> at the Safe to Power Off message.
-
The following prompt appears:
Type <Ctrl>D to proceed with normal startup,
(or give root password for system maintenance)
-
Type the root password, then press <Enter>.
-
Enter either of the following commands at your operating system prompt:
��
mkdev nis
or
/etc/yp/ypinit
The functionality and the options for ypinit
and mkdev nis are identical.
-
NIS prompts you to choose the host type:
You must specify whether this host is to be a master, slave server,
copy-only server or NIS client. Please enter the server type:[mscCq]
Enter s to indicate that you are setting up a slave server.
If you want to stop the initialization, enter q.
-
If you attempt to configure a master or slave server on a host
in Secure Mode (that is, at High or Improved security default),
you see the following message:
ypinit: ERROR: Invalid configuration.
The security settings of this system are incompatible with the
NIS configuration requested. Please refer to your Release and
Installation Notes for further details.
Initialization Aborted.
Refer to
``NIS interaction with security modes''
for security restrictions.
-
If NIS has been previously initialized on your system, you see
the following:
NIS has been initialized previously on this machine
Please verify that you would like to re-initialize NIS
Do you wish to re-initialize NIS? (y/n/q)
Enter y to continue.
-
You then see:
The local host's domain name hasn't been set. Please set it.
Please enter the domain name or q to quit:
Enter the NIS domain name; you need an NIS domain name to
retrieve data from an NIS database.
You will be asked:
Is "domainname" correct? [y/n/q]
Enter y if correct. If you enter n, you
will be asked to reenter the domain name. If you enter
q, NIS initialization aborts.
-
NIS prompts you
to enter a host name.
You see:
You must specify a host name to act as the NIS master
during map transfer [q to quit]:
Enter the name of a master server with an up-to-date and stable
database.
You see this prompt:
Installing the NIS database will require that you answer
a few questions. Questions will all be asked at the beginning
of the procedure.
-
If an NIS database already exists on your machine, you see:
Can we destroy the existing /etc/yp/<domainname> and its contents?
[y/n/q: n]
If you see this message, enter
y to continue, which tells NIS to rebuild the previous
NIS database with current information.
If you enter the default n or q, NIS
initialization aborts, and you must
manually remove the old NIS databases.
-
If the /etc/passwd.local file does not exist on the machine,
you see the following message:
NIS stores local logins in /etc/passwd.local, which currently
doesn't exist on this machine. The /etc/passwd.local file must be
created before continuing.
Is it okay to copy /etc/passwd to /etc/passwd.local? [y/n/q: n]
Enter y to continue. See
``About managing users''
for details on these files.
If you enter the default n, you must
manually create the /etc/passwd.local file,
then start the initialization procedure again.
-
If the /etc/group.local file does not exist on your machine,
you see:
NIS stores local groups in /etc/group.local, which currently
doesn't exist on this machine. The /etc/group.local file must be
created before continuing.
Is it okay to copy /etc/group to /etc/group.local? [y/n/q: n]
Enter y to continue. See
``About managing users''
for details on these files.
If you enter the default n, you must manually create the
/etc/group.local file,
then start the initialization procedure again.
-
Next, verify that the YP_MAP_X_LATE
file contains correct information.
You see:
The YP_MAP_X_LATE file contains the following:
list of mapnames
Is this correct? [y/n/q: n]
If the list is not correct, enter the default n.
Edit YP_MAP_X_LATE to contain the correct entries,
and start the initialization procedure again.
Refer to the
ypmapxlate(NF)
manual page for more information.
If the list is correct, enter y to continue.
-
You then see:
You must specify whether ypbind is to be run with the secure
option (-s), the ypset option (-ypset), allowing anyone to
change your binding, or the ypsetme option (-ypsetme) which
only allows requests with host-name's IP address
to change host-name's binding, or with no options.
Please see ypserv(NADM) for more information
1) ypbind -s
2) ypbind -ypset
3) ypbind -ypsetme
4) ypbind
Please enter your choice (1-4,q):
Enter the response appropriate to your security concerns.
- Option 1
-
Recommended for most heterogeneous environments, where other
versions of NIS are also in use.
- Option 2
-
Recommended when the server is on a different subnet and
you want others to be able to change your bindings.
- Option 3
-
Recommended when the server is on a different subnet and
only requests with host-name's IP address
should be able to change your bindings.
- Option 4
-
Recommended in an SCO NIS environment where
the server is on the same subnet.
For further information, consult the
ypserv(NADM)
manual page, which includes information about ypbind.
See also
ypset(NADM).
-
When the initialization procedure is complete, you see
a series of messages resembling the following display:
There will be no further questions. The remainder of the
procedure should take a few minutes to set up the NIS server.
The NIS maps will be transferred from master_server when
server_name goes to run level 2.
-
If NIS has been previously initialized on your system, you
see:
The backup directory /usr/lib/nisrt already exists
Do you wish to continue with the SCO NIS Runtime
System Initialization?
Enter y to continue; NIS then backs up system
passwd files.
If you enter n or q,
NIS installation aborts.
You then see:
Backing up system passwd files . . .
server_name's NIS data base has been set up without any errors.
Your slave server is now initialized.
-
Shut the system down and reboot it by using the
System Shutdown Manager
as described in the
SCO OpenServer Handbook.
Remember to select Reboot after shutdown when using the manager.
The first time an NIS slave or copy-only server enters
multiuser mode, its startup script calls ypxfr to
transfer maps from the master server.
Subsequent system
startups do not transfer maps automatically.
Initializing a copy-only server
����The following steps explain how to initialize a copy-only NIS server.
-
Log in as root and enter the following command to shut
down the system:
/etc/shutdown -g0 -y
You see messages as the system services stop.
Press <Enter> at the Safe to Power Off message.
-
The following prompt appears:
Type <Ctrl>D to proceed with normal startup,
(or give root password for system maintenance)
-
Type the root password, then press <Enter>.
-
Enter either of the following commands at your operating system prompt:
��
mkdev nis
or
/etc/yp/ypinit
The functionality and the options for ypinit
and mkdev nis are identical.
-
NIS prompts you to choose the host type:
You must specify whether this host is to be a master, slave server,
copy-only server or NIS client. Please enter the server type:[mscCq]
Enter c to indicate that you are setting up a copy-only server.
If you want to stop the initialization, enter q.
-
If you are initializing a copy-only server in Secure Mode, you
see:
Due to the restrictions of running NIS under the current security
setting of this system, this server will accept, but not integrate
sensitive maps received through NIS. Please refer to your Release
and Installation Notes for further details.
Hit return to continue.
-
If NIS has been previously initialized on your system, you see
the following:
NIS has been initialized previously on this machine
Please verify that you would like to re-initialize NIS
Do you wish to re-initialize NIS? (y/n/q)
Enter y to continue.
-
You then see:
The local host's domain name hasn't been set. Please set it.
Please enter the domain name or q to quit:
Enter the NIS domain name; you need an NIS domain name to
retrieve data from an NIS database.
You will be asked:
Is "domainname" correct? [y/n/q]
Enter y if correct. If you enter n, you
will be asked to reenter the domain name. If you enter
q, NIS initialization aborts.
-
NIS prompts you
to enter a host name.
You see:
You must specify a host name to act as the NIS master
during map transfer [q to quit]:
Enter the name of a master server with an up-to-date and stable
database.
You see this prompt:
Installing the NIS database will require that you answer
a few questions. Questions will all be asked at the beginning
of the procedure.
-
If an NIS database already exists on your machine, you see:
Can we destroy the existing /etc/yp/<domainname> and its contents?
[y/n/q: n]
If you see this message, enter
y to continue, which tells NIS to rebuild the previous
NIS database with current information.
If you enter the default n or q, NIS
initialization aborts, and you must
manually remove the old NIS databases.
-
(Skip this step if you are initializing a copy-only server in Secure Mode.)
If the /etc/passwd.local file does not exist on the machine,
you see the following message:
NIS stores local logins in /etc/passwd.local, which currently
doesn't exist on this machine. The /etc/passwd.local file must be
created before continuing.
Is it okay to copy /etc/passwd to /etc/passwd.local? [y/n/q: n]
Enter y to continue. See
``About managing users''
for details on these files.
If you enter the default n, you must
manually create the /etc/passwd.local file,
then start the initialization procedure again.
-
(Skip this step if you are initializing a copy-only server in Secure Mode.)
If the /etc/group.local file does not exist on your machine,
you see:
NIS stores local groups in /etc/group.local, which currently
doesn't exist on this machine. The /etc/group.local file must be
created before continuing.
Is it okay to copy /etc/group to /etc/group.local? [y/n/q: n]
Enter y to continue. See
``About managing users''
for details on these files.
If you enter the default n, you must manually create the
/etc/group.local file,
then start the initialization procedure again.
-
Next, verify that the YP_MAP_X_LATE
file contains correct information.
You see:
The YP_MAP_X_LATE file contains the following:
list of mapnames
Is this correct? [y/n/q: n]
If the list is not correct, enter the default n.
Edit YP_MAP_X_LATE to contain the correct entries,
and start the initialization procedure again.
Refer to the
ypmapxlate(NF)
manual page for more information.
If the list is correct, enter y to continue.
-
You then see:
You must specify whether ypbind is to be run with the secure
option (-s), the ypset option (-ypset), allowing anyone to
change your binding, or the ypsetme option (-ypsetme) which
only allows requests with host-name's IP address
to change host-name's binding, or with no options.
Please see ypserv(NADM) for more information
1) ypbind -s
2) ypbind -ypset
3) ypbind -ypsetme
4) ypbind
Please enter your choice (1-4,q):
Enter the response appropriate to your security concerns.
- Option 1
-
Recommended for most heterogeneous environments, where other
versions of NIS are also in use.
- Option 2
-
Recommended when the server is on a different subnet, and
you want others to be able to change your bindings.
- Option 3
-
Recommended when the server is on a different subnet, and
only requests with host-name's IP address
should be able to change your bindings.
- Option 4
-
Recommended in an SCO NIS environment where
the server is on the same subnet.
For further information, consult the
ypserv(NADM)
manual page, which includes information about ypbind.
See also
ypset(NADM).
-
When the initialization procedure is complete, you see
a series of messages resembling the following display when
initializing a copy-only server:
There will be no further questions. The remainder of the
procedure should take a few minutes to set up the NIS server.
The NIS maps will be transferred from master_server when
server_name goes to run level 2.
-
If NIS has been previously initialized on your system, you
see:
The backup directory /usr/lib/nisrt already exists
Do you wish to continue with the SCO NIS Runtime
System Initialization?
Enter y to continue; NIS then backs up system
passwd files.
If you enter n or q,
NIS installation aborts.
You then see:
Backing up system passwd files . . .
server_name's NIS data base has been set up without any errors.
Your copy-only server is now initialized.
-
Shut the system down and reboot it by using the
System Shutdown Manager
as described in the
SCO OpenServer Handbook.
Remember to select Reboot after shutdown when using the manager.
Enter <Ctrl>D when prompted to return to multiuser mode.
The first time an NIS slave or copy-only server enters
multiuser mode, its startup script calls ypxfr to
transfer maps from the master server.
Subsequent system
startups do not transfer maps automatically.
Initializing an NIS Client
����The following steps explain how to initialize an NIS client.
-
Log in as root and enter the following command to shut
down the system:
/etc/shutdown -g0 -y
You see messages as the system services stop.
Press <Enter> at the Safe to Power Off message.
-
The following prompt appears:
Type <Ctrl>D to proceed with normal startup,
(or give root password for system maintenance)
-
Type the root password, then press <Enter>.
-
Enter either of the following commands at your operating system prompt:
��
mkdev nis
or
/etc/yp/ypinit
The functionality and the options for ypinit
and mkdev nis are identical.
-
NIS prompts you to choose the host type:
You must specify whether this host is to be a master, slave server,
copy-only server or NIS client. Please enter the server type:[mscCq]
Enter C to indicate that you are setting up an NIS client.
If you want to stop the initialization, enter q.
-
If NIS has been previously initialized on your system, you see
the following:
NIS has been initialized previously on this machine
Please verify that you would like to re-initialize NIS
Do you wish to re-initialize NIS? (y/n/q)
Enter y to continue.
-
You then see:
The local host's domain name hasn't been set. Please set it.
Please enter the domain name or q to quit:
Enter the NIS domain name; you need an NIS domain name to
retrieve data from an NIS database.
You will be asked:
Is "domainname" correct? [y/n/q]
Enter y if correct. If you enter n, you
will be asked to reenter the domain name. If you enter
q, NIS initialization aborts.
-
You then see:
You must specify whether ypbind is to be run with the secure
option (-s), the ypset option (-ypset), allowing anyone to
change your binding, or the ypsetme option (-ypsetme) which
only allows requests with host-name's IP address
to change host-name's binding, or with no options.
Please see ypserv(NADM) for more information
1) ypbind -s
2) ypbind -ypset
3) ypbind -ypsetme
4) ypbind
Please enter your choice (1-4,q):
Enter the response appropriate to your security concerns.
- Option 1
-
Recommended for most heterogeneous environments, where other
versions of NIS are also in use.
- Option 2
-
Recommended when the server is on a different subnet, and
you want others to be able to change your bindings.
- Option 3
-
Recommended when the server is on a different subnet, and
only requests with host-name's IP address
should be able to change your bindings.
- Option 4
-
Recommended for a SCO NIS environment where
the server is on the same subnet.
For further information, consult the
ypserv(NADM)
manual page, which includes information about ypbind.
See also
ypset(NADM).
-
You then see:
server_name's NIS data base has been set up without any errors.
Your NIS client is now initialized.
-
To enable all distributed user accounts edit the file /etc/passwd
and add +: as the last line of the file. Similarly,
add +::: as the last line of the file /etc/group.
-
Shut the system down and reboot it by using the
System Shutdown Manager
as described in the
SCO OpenServer Handbook.
Remember to select Reboot after shutdown when using the manager.
NOTE:
As a side effect of initializing an NIS client, the entry
``NIS_ENABLED=Y'' is made automatically
in the file /etc/default/security.
If you do not require an NIS client to be able
to read password and group maps,
change the entry to ``NIS_ENABLED=N''
before rebooting the system.
Reinitializing a server
�If it becomes necessary to reinitialize a server, reexecute the
ypinit command on that server.
Situations under which it might be necessary to reinitialize a
server include a bad configuration wherein a slave or copy-only
server or a client was initialized before the master server.
See also:
Starting and stopping NIS
�����NIS will start automatically when the
system is brought up in multiuser mode
(run level 2) and TCP/IP is started. The
/etc/tcp startup script will invoke the
NIS startup script /etc/nis, which has been
initialized with the correct NIS configuration
by ypinit.
You can also start NIS from the command line
by logging in as root and entering:
/etc/nis start
The first time you start a copy-only server, it will display
messages similar to the following as it
transfers maps from the NIS master:
Transferring proto.nam . . .
map2ascii conversion for proto.nam map succeeded
Some map conversions, specifically for the passwd
and group maps, will fail in Secure Mode.
To stop NIS on a machine, log in as root and enter:
/etc/nis stop
When you stop NIS on a server, clients bound to
the server will hang if this was the only server
serving the domain. NIS is shut down automatically
when the system is taken to run level 0, 1, or 6.
See also:
Administering an NIS domain
���Administration of an NIS domain may involve but does not require:
See also:
Modifying server attributes
��The following sections explain how to modify NIS server
attributes.
In general, when modifying an attribute on an NIS server,
the other servers should be updated with the change by executing
a ypmake command. Refer to the appropriate section for
more details.
See also:
Propagating maps
��When a new NIS map is created on the master server in
an NIS domain, the new map must be propagated, or
``pushed'', to
all NIS servers in that domain.
NIS maps can be pushed to the servers
with either the
yppush(NADM)
or the
ypmake(NADM)
command.
To create an NIS map on the master server
and to push this map to all the servers
in an NIS domain, follow these steps:
-
Log in as root on the master server.
-
Change to the /etc/yp directory.
-
Enter:
ypmake mapname
To only push a map's changes to the other
NIS servers, without creating a new NIS map,
use the yppush command as follows:
-
Log in as root on the master server.
-
Change to the /etc/yp directory.
yppush mapname
See also:
Modifying the remote binding mode
��The command
ypbind -ypset
executed on the local machine says that a
ypset(NADM)
command issued from any machine may change the
binding on the local machine.
This option poses
serious security risks and should only be used
for debugging the network from a remote machine.
See also:
Modifying the local binding mode
��The command
ypbind -ypsetme
executed on the local machine says that a
ypset(NADM)
command may be used to set the binding of the local machine only
if the ypset command is issued from the local machine.
See also:
Modifying the NIS domain name
���An NIS domain name can be changed using the
domainname(NC)
command.
If you change the name of an NIS domain, you must change it on all
machines in that domain.
This means that the domainname command must
be run on each machine in the domain.
To change the domain name with the domainname command,
become root and enter
domainname new_domain
on each machine in that domain.
Note that the new domain name
is in effect only until the next machine boot.
To permanently change an NIS domain name,
edit
the file /etc/nis on each machine in the new domain
and set the variable YPDOMAIN to the new domain name.
The new domain takes effect when you reboot the system.
See also:
Modifying the list of NIS servers
���At times you may need to add or remove a slave or copy-only server
from NIS service.
For example, if you need to remove from the network a machine that was an
NIS server, you must remove the machine from NIS service before
removing it from the network.
If the machine removed was a slave server, you would probably want to add a
slave server to replace it.
Circumstances may also require removing from the network the machine
serving as the NIS master server.
In this case, you would need to change
the NIS master server.
See also:
Adding an NIS server to the server list
�����After you initialize NIS, follow this procedure to
add servers to your NIS network at any time:
-
Log into the master server in multiuser mode.
-
Edit the ypservers map to add the name of the
new server(s) and
propagate it to other servers as described in
``Modifying existing maps''.
The ASCII file for the ypservers map is located at
/etc/yp/ypservers.
-
Log into the new server in system maintenance mode.
If the SCO NIS package is not yet
installed, you must first install it using the
Software Manager; refer to
Chapter 4, ``Installing and managing software components'' in the SCO OpenServer Handbook
for more information.
-
Initialize NIS on the new server following the instructions in
``Enabling an NIS server''.
When you bring the
new server to multiuser mode, it automatically requests that
all current maps be transferred to itself.
Removing an NIS server from the server list
�����To remove a slave or copy-only server from an NIS domain:
-
Remove the NIS package from the server using the
Software Manager.
-
Edit the ypservers map on the master server and
propagate it to other servers.
CAUTION:
Do not use the following procedure to remove a master server.
If you do, you must reconfigure your NIS network.
Rather, refer to
``Changing the master NIS server''.
When SCO NIS is removed from a system, the
/etc/passwd.local file is removed.
The
/etc/passwd file, which under NIS included both
distributed and local accounts, becomes the authoritative
password file.
This means that distributed NIS accounts
become regular user accounts when NIS is removed.
If you want to restrict users with distributed NIS
accounts from using the old server,
you must remove their accounts before returning the
old server to multiuser mode.
NOTE:
Although you can prevent NIS maps from
reaching a server by killing its NIS daemon processes, the
master still attempts to reach the server during map
propagation, adding an unnecessary burden to the system.
For this reason, you should remove NIS from the server.
Follow these steps to remove a server:
-
Log into the old server in system maintenance mode.
-
Run the Software Manager (or custom) to remove
the Base Network Information System (NIS) package. You
can expose this package by expanding the following selections:
SCO OpenServer Enterprise System
SCO OpenServer Enterprise System Connectivity
SCO NFS
-
If necessary, modify or retire previously distributed accounts;
refer to
``Adding and modifying user accounts'' in the System Administration Guide
or
``Removing or retiring a user account'' in the System Administration Guide
for more information.
-
If necessary, remove root's crontab entries
for NIS map transfers.
-
Reboot the system and return to multiuser mode.
If kernel parameters were adjusted when NIS was removed, you
are also prompted to relink the kernel.
-
Log into the master server in multiuser mode.
-
Edit the ypservers map
to remove the old server's name and propagate the changed map
to other servers. See
``Modifying existing maps''
for the procedure for editing and propagating an existing map.
The ASCII file for the ypservers map is located at
/etc/yp/ypservers.
Changing the master NIS server
�������You may need to change your master server, for example,
if you rearrange server configuration or the master
server host is removed from service.
Any server in the NIS
domain can become the new master server because each one has
all active maps.
However, because the old NIS master's name
is contained in the existing map, you can neither
use an existing copy at the new master nor send a copy there
with ypxfr.
Rather, you must re-create these maps by running ypmake
(or make) on the new master server to associate the
new server listing with each map.
The old master server must be running NIS to complete this
procedure.
This is because nonmaster servers consult their
own copies of maps, which include the name of the old master
server, when they receive a map transfer request
originating from yppush on the master.
New maps with the
new master server listing must come from the old master server
for the maps to be incorporated on slave and copy-only servers.
Therefore, if the old master is not available when you change master
servers, you must rebuild your entire NIS system from scratch.
CAUTION:
Changing master servers is a major reconfiguration of your
network and should not be undertaken unless absolutely
necessary.
Make sure you understand the procedure thoroughly
and back up your network configuration files before you begin.
The procedures described here assume that the new master
is running SCO NIS.
Other implementations of NIS
configure servers in a different way; consult the
documentation for your version of NIS before changing master
servers.
To change NIS master servers, follow these steps:
-
Log into the new master server in multiuser mode.
-
Copy the /etc/passwd.yp file from the old master.
If this file is not available, you must re-create
distributed accounts manually.
If you have modified the /etc/yp/ypmake or
/etc/yp/Makefile file, you must also copy it from
the old master.
-
Run the following commands to rebuild the maps:
cd /etc/yp
rm *.time
ypmake NOPUSH=1
By removing the timestamp files, you force the maps to be
rebuilt regardless of prior modifications.
The
NOPUSH option to ypmake prevents
maps from being pushed to other servers until you have completed
this entire procedure.
-
If the map only exists as a ndbm database, you can remake
it on the new master by unassembling an existing copy from any NIS
server and running the unassembled version back through
makedbm.
For example, enter:
cd /etc/yp
ypcat -k mymap | ./makedbm - domain_name/mymap
-
Log into the old master server.
-
Copy the new maps from the new master server with the following
command:
/etc/yp/ypxfr -h new_master -f mapname
This command must be run on the old master for every current NIS map.
The -h option forces ypxfr to transfer the
map from the new master; the -f
option forces the transfer even if the contents of
the old and new maps are the same.
-
Propagate the new maps from the old master server by running the following
command on the old master server:
/etc/yp/yppush mapname
This command must be run on the old master for every current NIS map.
When this is completed, all nonmaster servers will have
received maps that include the new master listing.
-
If you are removing the old master server from NIS service,
edit the ypservers map on the new master server
following the instructions in
``Removing an NIS server from the server list''.
You can automate the map transfer procedure on the old master
server using shell scripts and other tools.
For example, the
following shell script automatically completes steps 6 and 7:
\:
MAPS=`oawk '{print $1 ; }' /etc/yp/YP_MAP_X_LATE`
for map in $MAPS; do
echo moving $map
ypxfr -h new_master -f $map
yppush $map
done
Make sure your /etc/yp/YP_MAP_X_LATE file is current
before running this command; for more information, refer to
``NIS maps''.
See also:
Creating NIS maps
���NIS creates some maps by default.
The NIS administrator may create additional maps to be serviced by NIS.
Both default and additional maps may need to be modified.
The following sections provide information on
creating and modifying maps.
New and updated maps must be propagated from the master server to
slave and copy-only servers.
The propagation of maps is described in
``Administering NIS maps''.
See also:
Modifying existing maps
�������To modify an existing map:
-
Edit the ASCII source file for the map.
-
Run the ypmake command on the map
to remake the map from the ASCII source file
and propagate it to slave servers.
All map databases and their ASCII source files should reside
on the master server.
If the ASCII source file becomes unavailable, you can remake it
from the NIS map by entering the following:
cd /etc/yp
./makedbm -u mapname > /etc/mapname
Following is an example for modifying the hosts map from its
ASCII source file /etc/hosts.
-
Log into the master server.
-
Edit the /etc/hosts file.
-
Issue the following commands to rebuild and propagate the map:
cd /etc/yp
./ypmake hosts
Use ypmake without arguments to modify and propagate
all maps automatically.
WARNING:
Run ypmake or make only on the master server;
unpredictable behavior in the NIS map set may result if they
are run on slave or copy-only servers.
See also:
Creating new maps
���To create a new NIS map:
-
On the master server, enter:
cd /etc/yp
-
Create an ASCII file
containing the contents of the desired map.
The ASCII file format must consist of key-value pairs with
space separating the key from its value as in:
key1 value1
key2 value2
key3 value3
-
Create the NIS map for this file using the makedbm command.
For an ASCII file called mymap.asc:
./makedbm mymap.asc domain_name/mymap
The result is a map called /etc/yp/domain_name/mymap.
-
Add the new map name to the YP_MAP_X_LATE file
on all servers in the NIS domain.
-
Create a new map2ascii routine and copy it to all servers on
which you wish the new map
to be converted to ASCII format after it is propagated.
A map2ascii routine is required on any copy-only servers.
-
Propagate the map to slave servers in the NIS domain using
the yppush command.
For the example map mymap, enter:
yppush mymap
See also:
Administering NIS maps
���This section concerns the propagation of maps from the master
to the slave and copy-only servers.
This section does not cover the modification of the content of
existing maps or the creation of new maps.
For that information, see
``Creating NIS maps''.
Propagation of NIS maps depends on the following:
-
Keeping the list of maps current by modifying the list when
maps are added or deleted.
This list is the
/etc/yp/YP_MAP_X_LATE file.
-
Modifying map attributes as necessary to ensure correct propagation.
-
Manually propagating maps either by having a nonmaster retrieve
maps from the master or by having the master distribute maps to slave servers.
See also:
Modifying the map list
����The file /etc/yp/YP_MAP_X_LATE must contain the comprehensive list
of NIS maps within an NIS domain.
This file should exist on every NIS server in the domain
and be current.
Whenever a new map is created, the map name should be added to this file
on every server in the domain.
Whenever a map is removed, the map name should be removed from this file
on every server in the domain.
To edit the file /etc/yp/YP_MAP_X_LATE, you must have
root permissions. Map names in this file appear in the form:
long_map_name short_map_name
For example:
passwd.byname passwd.nam
See also:
Modifying map attributes
��Attributes include the following:
-
Choosing to have more than one machine within a domain act as a master
server, with each master having an exclusive set of maps over which it
is master.
This is possible but discouraged.
-
Viewing the timestamp on maps.
-
Modifying map names and aliases.
-
Synchronizing servers.
See also:
Viewing timestamp
���Each NIS map includes a timestamp that indicates when the
map was built.
Viewing this timestamp can be valuable when
troubleshooting.
This timestamp is used by NIS programs such as ypxfr
on a copy-only server
to compare its map versions with those on a master.
If the master version has a newer timestamp, the
newer version is retrieved.
It may be useful to view this timestamp to ensure synchronization of
maps.
This timestamp is readable as a string whose value is the standard
UNIX system timestamp (seconds since 1970).
If this value on a map on a copy-only server is less than that
on the map on the master server, the master is newer and
hasn't been transferred.
If the value on the copy-only server
is larger than the master, it may reveal that a bogus master
exists somewhere that is updating nonmaster servers.
To view the timestamp, enter:
ypmatch YP_LAST_MODIFIED mapname
The date is displayed as:
YP_LAST_MODIFIED : 0736625147
See also:
Modifying map names and aliases
���Because of file naming conventions, names of existing NIS maps
may conflict with names you want to use for another map or another file.
To avoid conflicts, you can assign an alias.
If this does not work,
use a different name for the newer file to avoid having to change
the name of an existing map.
If you must change the name of an existing map, follow this
procedure:
-
Create and propagate a map with the new name.
-
Add the new name to the YP_MAP_X_LATE file on all NIS servers.
-
If you are not going to use the old name for a different NIS
map, remove the old name from the YP_MAP_X_LATE
file on all NIS servers
and remove the old map from all NIS servers.
If you are going to use the old name for a different NIS map,
remove the old map from the master server; create and propagate
the new map,
using the old name.
You will
not need to add the name to the YP_MAP_X_LATE files on all NIS
servers because it is already there.
NOTE:
If you change a map name or map alias, you must change it
in all YP_MAP_X_LATE files.
See also:
Synchronizing servers
��If you recall from
``Using cron to propagate maps'',
you can run
ypxfr from a crontab file to update maps on a regular schedule.
This should be set up to ensure that all NIS servers within
an NIS domain are synchronized (using the same map, the most
current one).
The schedule with which a map is updated will depend
on how frequently the map is expected to change.
If the frequency of updates to a map changes, change the frequency
with which the map is updated by the crontab file.
The example
files provided are set up to group updates in the same time
frequency.
To change the frequency with which a map is updated,
move its ypxfr entry to a crontab file with a frequency closer
to that needed or create a new crontab file if an existing
one does not fit.
For example, the following crontab entry will update
a map once a day:
0 0 * * * /etc/yp/ypxfr1pdy
To have cron update the map
twice a day instead of once a day, change the map's
crontab entry to read as follows:
0 0,12 * * * /etc/yp/ypxfr2pdy
See also:
Retrieving maps from the master server
�To ensure that all NIS servers in the same NIS domain are using
the same set of maps, slave or copy-only servers should retrieve maps
from the master server as follows:
-
Whenever a slave or copy-only server is initialized.
-
Whenever a slave or copy-only server returns online after being unavailable.
-
Copy-only servers only: when polling of the master shows updated maps available.
-
Copy-only servers only: whenever new maps are added to the master server
because the master cannot push new maps to copy-only servers.
To retrieve maps, run the ypxfr command.
See also:
Distributing maps to nonmaster servers
��To ensure that all NIS servers in the same NIS domain are using
the same set of maps, distribute (propagate) maps to nonmaster
servers whenever you change an existing map or add a new map at
the master server.
Use yppush at the master to distribute maps to slave servers.
A master cannot push a map to a copy-only server.
Copy-only servers
poll the master at set intervals for map updates and acquire those
maps that have changed since the copy-only server last polled.
See also:
Administering NIS logfiles
����Administration of NIS logfiles consists of enabling and disabling
NIS logging, displaying logfiles, and clearing logfiles.
To enable NIS logging, create the file /usr/adm/nislog.
To disable NIS logging, remove the file
/usr/adm/nislog or move
it to another location (that is, change its name).
To display NIS logfiles, use a text editor, such as
vi(C),
or use the
more(C)
command to view the contents of the logfile
/usr/adm/nislog.
To clear the NIS logfile:
cat /dev/null > /usr/adm/nislog
Administering NIS users and groups
����������Once you have initialized an NIS domain,
most user account administration within the domain can be
performed using the Account Manager.
You can:
Although it is possible to create new user accounts anywhere in
an NIS domain (if you have user equivalence and auth
permissions), we recommend that distributed NIS user account
administration be performed on the NIS master server
only. This will ensure that account permissions are distributed
properly.
You must be in multiuser mode (init state 2) with NIS daemons
running before creating or modifying user accounts.
NOTE:
On an NIS client machine or slave server, the
Account Manager allows access to
attributes that cannot actually be changed
for the distributed user account.
This is not a fatal problem, as the client will display an error box
with error information, and administration can proceed normally after
the error box is dismissed.
WARNING:
Do not make administrative accounts (for example, root,
MMDF, or UUCP) distributed.
Doing so may seriously compromise the security of your network.
By default, only non-administrative accounts
will become distributed NIS accounts when NIS
is initialized by either ypinit or mkdev nis.
ypinit will ask the user whether administrative accounts
should be distributed. If the user chooses to do so,
the ADMACCTS variable in /etc/yp/Makefile
and /etc/yp/ypmake will be set to -a.
See also:
Managing distributed user accounts
������Use the Account Manager to create new user accounts on the
NIS master server; refer to
``Adding and modifying user accounts'' in the System Administration Guide
for more information on the Account Manager.
To distribute a user account using NIS or to change a
local account to a distributed account:
-
In the Account Manager, choose Open Host from
the Host menu to select the NIS master server.
-
Select Add new user or Modify from the
Users menu.
-
In the Add or Modify menu, select
Change distribution.
-
Select NIS from the list of distribution methods, and
click on the Distributed button.
To change a distributed to a local account, use the same
procedure, but click on the Not Distributed button in the
Change distribution menu.
Distributed user accounts can be removed or deactivated using the
same procedure as conventional accounts.
NOTE:
If an NIS user is changed to be a local user on the
NIS master,
that user will be set to be both local and distributed. You
should delete the user account from /etc/passwd.yp first,
then run the ypmake command.
Modifying group attributes on servers
��������Use the Account Manager to create new group accounts on the
NIS master server; refer to
``Managing groups'' in the System Administration Guide
for more information on the Account Manager.
To distribute a group account using NIS or to change a
local account to a distributed account:
-
In the Account Manager, use the Host Selection facility
to log in to the NIS master server.
-
Select Add new group or Modify from the
Groups menu.
-
In the Add or Modify menu, select
Change distribution.
-
Select NIS from the list of distribution methods, and
click on the Distributed button.
To change a distributed to a local account, use the same
procedure, but click on the Not Distributed button in the
Change distribution menu.
Distributed group accounts can be removed or deactivated using the
same procedure as for conventional accounts.
Creating netgroups
����To create a netgroup, follow these steps:
-
On the master server, edit the file /etc/netgroup and add the
netgroup (see
``About netgroups''
for the format of this entry).
-
Change to the /etc/yp directory and execute the command:
ypmake netgroup
This will create the new netgroup and push the changes out to the
other NIS servers in the domain.
See also:
Distributing home directories
���Distributed user accounts must have corresponding distributed
home directories. You can make distributed home directories
available with one of the following procedures:
-
configure automount to automatically mount a
distributed user's home directory via NFS wherever he or she
logs in. For more information, see
``Distributing home directories with automount''.
-
NFS-mount user home directories from a home directory server
by ensuring that /etc/default/filesys is the same on all
client hosts in your NIS domain.
-
manually create user home directories on each machine in your
NIS domain.
When home directory automounting has been configured, you can
manage distributed directories with the Account Manager. To do
so, select Change Home Directory from the Add new user
or Modify menu, then select or change the host that is
serving the distributed home directory.
Troubleshooting NIS
����
The following utilities are available for troubleshooting NIS.
See their reference manual pages for complete information.
������
-----------------------------------------------------------------
Utility Function
-----------------------------------------------------------------
ypcat(NC) displays the contents of an NIS map.
ypmatch(NC) prints the value for one or more specified keys
in an NIS map.
yppoll(NADM) asks any NIS server for information about a map
that it holds internally.
ypwhich(NADM) tells you which NIS server an NIS client is
currently using for NIS, or which NIS server is
master of a named map.
rpcinfo(NADM) displays RPC information from a specified RPC
server. Use rpcinfo to check whether portmapper,
ypbind, and (for NIS servers) ypserv are running.
If exporting filesystems, the mountd service
should be registered.
ping(ADMN) reports roundtrip time and packet loss
statistics. Use ping to ensure a network
connection can be made between hosts.
The
Account Manager
is used to administer distributed and local NIS
accounts.
NIS logging
��NIS processes will log information messages
and errors to the /etc/yp/nislog file if the file exists.
For more information, see
``Administering NIS logfiles''.
NIS server problems
���When utilities using the network hang, this may mean that NIS
is unable to contact the server. The following message
on the system console means that the ypbind process is no longer
able to contact the NIS server:
yp: server not responding for name "domainname"; still trying.
To check whether the server is up and running, enter from the client:
rpcinfo -p server_name
It should display a list of programs, versions, protocols,
and port numbers similar to:
program vers proto port
100000 2 tcp 111 portmapper
100000 2 udp 111 portmapper
100002 1 udp 1027 rusersd
100002 2 udp 1027 rusersd
100008 1 udp 1028 walld
100007 2 tcp 1025 ypbind
100007 2 udp 1031 ypbind
100007 1 tcp 1025 ypbind
100007 1 udp 1031 ypbind
100005 1 udp 1127 mountd
100005 1 tcp 1049 mountd
100003 2 udp 2049 nfs
100024 1 udp 1128 status
100024 1 tcp 1050 status
100021 2 tcp 1051 nlockmgr
100021 1 udp 621 nlockmgr
100021 3 udp 621 nlockmgr
100021 1 tcp 621 nlockmgr
100021 3 tcp 621 nlockmgr
100004 2 udp 778 ypserv
100004 2 tcp 779 ypserv
100004 1 udp 778 ypserv
100004 1 tcp 779 ypserv
The portmapper, ypbind, and ypserv programs
must be running on the server, or NIS cannot work correctly.
You can also use rpcinfo to check whether a specific server
program such as ypserv is running:
rpcinfo -u server_name ypserv
This should return something similar to:
program 100004 version 1 ready and waiting
program 100004 version 2 ready and waiting
If these steps fail, run rpcinfo -p on the
server's console to verify that the required programs are registered.
If they are not running, restart NIS on the server. Check
/etc/yp/nislog and /usr/adm/syslog for error messages.
When the required programs are up and running, check whether
a network connection can be made between the client and server. See
``Network problems''
for this procedure.
If the NIS server is responding, but the problem is not solved,
check to make sure the local domain is set properly. See
``Domain name problems''.
Domain name problems
���If the domain name is not set properly, network utilities
will hang waiting for ypbind to bind to an invalid domain.
To check if the NIS domain name is set, use the
domainname command:
domainname
This should display the NIS domain name. If the domain
name is missing or incorrect,
check the YPDOMAIN variable in /etc/nis
to make sure it is set to the correct domain.
To check if NIS is bound to the correct server, use
the ypwhich command:
ypwhich
This should return the name of the NIS server. If
this hangs or fails, the local machine is unable
to bind to the remote NIS server. Use the rpcinfo
command to check whether the ypbind program is running
on the local machine:
rpcinfo -u server_name ypbind
Network problems
��Use the ping command to check that the network is
up and functional:
ping -c 1 server_name
It should display something similar to:
PING server_name (server_address): 56 data bytes
64 bytes from server_name (server_address): icmp_seq=0 ttl=255 time=10 ms
--- server_name ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 0/5/10 ms
If the ping command hangs, fails, or returns a
message similar to 0 packets transmitted, the network is down.
See
Chapter 13, ``Troubleshooting system-level problems'' in the SCO OpenServer Handbook
and
``Troubleshooting TCP/IP''.
See also:
For more about NIS
To obtain more information about NIS
files and commands, consult the following reference manual pages:
----------------------------------------------------------------------
Manual page Information provided
----------------------------------------------------------------------
makedbm(NADM) make NIS ndbm file utility
map2ascii(NADM) NIS database conversion routines
ypinit(NADM) initialize NIS servers and clients
ypmake(NADM) make NIS databases
yppasswdd(NADM) server for modifying NIS password file
yppoll(NADM) query NIS server for NIS map version
yppush(NADM) propagate NIS map from master server to slaves
ypserv(NADM) NIS server, binder, and transfer processes
ypset(NADM) point ypbind at a particular server
ypshad2pwd(NADM) install and update the /etc/passwd.yp passwd file
ypwhich(NADM) which host is NIS server or map master
ypxfr(NADM) transfer NIS map from server to here
netgroup(NF) list of network groups
ypfiles(NF) description of NIS database and directory structure
ypmapxlate(NF) translation table for NIS map names
domainname(NC) set or display current NIS domain
ypcat(NC) print values of an NIS database
ypmatch(NC) print values of one or more keys of NIS database
yppasswd(NC) change login password in NIS
Additional information on NIS may be found in the following book:
Managing NFS and NIS; Stern, Hal (1991);
O'Reilly & Associates, Inc., Sebastopol CA. ISBN: 0-937175-75-7.