Introducing the Name Service Switch File Actions For each status code, two actions are possible, as shown in Table 14-5 Table 14-5 Status Code Actions Action Meaning of Action return Stop looking for the information continue Try the next source, if there is one When the action is not explicitly specified, the default action is to continue the search using the next specified information source, as follows: q SUCCESS = return q UNAVAIL = continue q NOTFOUND = continue q TRYAGAIN = continue For example: ipnodes: files In this example, the /etc/inet/ipnodes file is searched for the first entry that matches the requested host name If no matches are found, an appropriate error is returned, and no further information sources are searched Another example: passwd: files nis In this example, the appropriate files in the /etc directory are searched for the corresponding password entry If the entry is not found, the NIS maps are searched for the entry If no entry is found in the NIS maps, an appropriate error is returned, and no further information sources are searched Using Name Services Copyright 2002 Sun Microsystems, Inc All Rights Reserved Enterprise Services, Revision A 14-15 Introducing the Name Service Switch File Another example: hosts: nis [NOTFOUND=return] files In this example, the NIS maps are searched for the entry If the source (NIS) is not running, the system returns the status UNAVAIL, and continues to search the /etc/inet/hosts file If the entry returns the status NOTFOUND, an appropriate error is returned, and the search is terminated without searching the /etc/inet/hosts file 14-16 Advanced System Administration for the Solaris™ Operating Environment Copyright 2002 Sun Microsystems, Inc All Rights Reserved Enterprise Services, Revision A Configuring the Name Service Cache Daemon (nscd) Configuring the Name Service Cache Daemon (nscd) To properly use the name service cache daemon (nscd), you must be able to perform the following: q Describe the purpose of the name service cache daemon q Configure the name service cache daemon q Stop and start the name service cache daemon The nscd Daemon The nscd daemon is a process that provides a cache for the most common name service requests The nscd daemon starts during multiuser boot The /etc/nscd.conf configuration file controls the behavior of the nscd daemon The nscd daemon provides caching for the passwd, group, hosts, ipnodes, exec_attr, prof_attr, and user_attr databases Solaris OE system calls automatically reference the nscd cache if the nscd cache holds the type of data needed Standardized calls retrieve the cached data The calls take the form of getXbyY, such as gethostbyname, gethostbyaddr, and so on The data in each cache has a separately defined, time-to-live Modifying the local database (/etc/hosts, for example) causes the corresponding cache to become invalidated upon the next call to the nscd daemon Using Name Services Copyright 2002 Sun Microsystems, Inc All Rights Reserved Enterprise Services, Revision A 14-17 Configuring the Name Service Cache Daemon (nscd) Configuring the nscd Daemon The /etc/nscd.conf file contains the configuration information for the nscd daemon Each line specifies either an attribute and a value, or an attribute, a cache name, and a value An example of an attribute and a value is: logfile /var/adm/nscd.log An example of an attribute, a cache name, and a value is: enable-cache hosts no # cat /etc/nscd.conf # # Copyright (c) 1994-2001 by Sun Microsystems, Inc # All rights reserved # #ident "@(#)nscd.conf 1.6 01/01/26 SMI" # # # # # Currently supported cache names: passwd, group, hosts, ipnodes exec_attr, prof_attr, user_attr # # logfile enable-cache /var/adm/nscd.log hosts no debug-level positive-time-to-live negative-time-to-live suggested-size keep-hot-count old-data-ok check-files passwd passwd passwd passwd passwd passwd 600 211 20 no yes positive-time-to-live negative-time-to-live suggested-size keep-hot-count old-data-ok check-files group group group group group group 3600 211 20 no yes positive-time-to-live negative-time-to-live hosts hosts 600 14-18 Advanced System Administration for the Solaris™ Operating Environment Copyright 2002 Sun Microsystems, Inc All Rights Reserved Enterprise Services, Revision A Configuring the Name Service Cache Daemon (nscd) suggested-size keep-hot-count old-data-ok check-files hosts hosts hosts hosts 211 20 no yes positive-time-to-live negative-time-to-live suggested-size keep-hot-count old-data-ok check-files ipnodes ipnodes ipnodes ipnodes ipnodes ipnodes 3600 211 20 no yes positive-time-to-live negative-time-to-live suggested-size keep-hot-count old-data-ok check-files exec_attr exec_attr exec_attr exec_attr exec_attr exec_attr 3600 300 211 20 no yes positive-time-to-live negative-time-to-live suggested-size keep-hot-count old-data-ok check-files prof_attr prof_attr prof_attr prof_attr prof_attr prof_attr 3600 211 20 no yes positive-time-to-live negative-time-to-live suggested-size keep-hot-count old-data-ok check-files user_attr user_attr user_attr user_attr user_attr user_attr 3600 211 20 no yes Using Name Services Copyright 2002 Sun Microsystems, Inc All Rights Reserved Enterprise Services, Revision A 14-19 Configuring the Name Service Cache Daemon (nscd) Stopping and Starting the nscd Daemon Proper updates to the name service databases notify the nscd daemon to update its cache, as needed However, the nscd daemon’s cache might become out of date due to various abnormal circumstances or due to hand-editing files A common way to force the nscd daemon to update its cache is to stop and start the daemon The preferred method for stopping and starting the nscd daemon is by using the /etc/init.d/nscd script Stopping the nscd Daemon The nscd daemon stops automatically when the system changes to: q Run level using the /etc/rc1.d/K40nscd script q Run level S using the /etc/rcS.d/K40nscd script q Run level using the /etc/rc0.d/K40nscd script You can also manually stop the nscd daemon as follows: # /etc/init.d/nscd stop Starting the nscd Daemon The nscd daemon starts automatically when the system changes to run level using the /etc/rc2.d/S76nscd script You can also manually start the nscd daemon as follows: # /etc/init.d/nscd start 14-20 Advanced System Administration for the Solaris™ Operating Environment Copyright 2002 Sun Microsystems, Inc All Rights Reserved Enterprise Services, Revision A Retrieving Name Service Information Retrieving Name Service Information There are many tools available for acquiring information stored within the various name service information sources Selecting the correct tool can reduce troubleshooting time when isolating name service malfunctions The getent command provides a generic retrieval interface to search many name service databases The getent Command As a system administrator, you can query name service information sources with tools, such as the ypcat, nslookup, niscat, and ldaplist commands You can use the ypcat command to query the NIS namespace You can use the nslookup command to query the DNS namespace However, when trying to isolate a problem, using one of these tools can return different results than standard system search operations, because the nsswitch.conf file is not referenced by these commands The getent command has these advantages: q The primary advantage is that the command searches the information sources in the order in which they are configured in the name service switch file q A secondary advantage is that by using the name service switch file, the defined status message codes and actions are tested as they are currently configured Therefore, if a return action is improperly placed in the name service switch file, the getent command will find the problem, whereas the specific commands used to test the name service information sources (such as ypcat or nslookup) will not find the problem because they directly use the name service database without referencing the nsswitch.conf file Using Name Services Copyright 2002 Sun Microsystems, Inc All Rights Reserved Enterprise Services, Revision A 14-21 Retrieving Name Service Information Using the getent Command The getent command retrieves a list of entries from the administrative database specified by database The sources for the database are specified in the /etc/nsswitch.conf file The syntax is: getent database [key] where: database The name of the database to be examined This name can be passwd, group, hosts, ipnodes, services, protocols, ethers, networks, or netmasks key A value that corresponds to an entry in a database The key must be in a format appropriate for searching on the respective database For example, it can be a username or numeric user ID (UID) for passwd, or a host name or IP address for hosts For the following examples, the /etc/nsswitch.conf file is configured to search files and then to search NIS # getent passwd lp lp:x:71:8:LinePrinter Admin:/usr/spool/lp: # getent group 10 staff::10: # getent hosts sys44 192.168.30.44 sys44 loghost The previous example assumes that the /etc/nsswitch.conf file is configured to search files and then to search NIS If the /etc/nsswitch.conf file is configured to search NIS and then to search files, the output of the final search would be: # getent hosts sys44 192.168.30.44 sys44 Notice the absence of loghost in this output The loghost alias is a feature of the sys44 entry in the /etc/inet/hosts file but not the NIS map Therefore, when the /etc/nsswitch.conf file search order is altered, the getent command looks up the entry in the NIS map before consulting the /etc/inet/hosts file 14-22 Advanced System Administration for the Solaris™ Operating Environment Copyright 2002 Sun Microsystems, Inc All Rights Reserved Enterprise Services, Revision A Exercise: Reviewing Name Services Exercise: Reviewing Name Services In this lab, you evaluate your understanding of the name services concepts presented in this module Preparation If necessary, refer to your lecture notes to answer these exercise questions Tasks Answer the following questions: List the name services that can be configured in the /etc/nsswitch.conf file _ _ Which name service is selected by default during the installation of the Solaris OE? _ What are the two main services provided by DNS? _ _ What types of information are stored within the NIS+ namespace? _ _ Which file is referred to as the name service switch file, and why? _ _ If you decide to use the LDAP for name service resolution, which template file would you use to create the name service switch file? _ _ Using Name Services Copyright 2002 Sun Microsystems, Inc All Rights Reserved Enterprise Services, Revision A 14-23 Exercise: Reviewing Name Services How is the following entry in the name service switch file interpreted? hosts: nis [NOTFOUND=return] files _ _ Is the following an appropriate entry to the /etc/nsswitch.conf file? Why or why not? groups: dns files nis _ _ 14-24 Advanced System Administration for the Solaris™ Operating Environment Copyright 2002 Sun Microsystems, Inc All Rights Reserved Enterprise Services, Revision A Building Custom NIS Maps Editing the NIS Makefile File The NIS Makefile file is located in the /var/yp directory and is composed of four main sections: q The first section contains macro definitions q The second section contains the first target, all q The third section defines the final target and dependencies q The fourth section contains entries for each of the dependencies Configuring the Sections of Makefile The first section of the Makefile file contains the following macro definitions: #B=-b B= DIR =/etc INETDIR=/etc/inet RBACDIR=/etc/security PWDIR =/etc DOM = ‘domainname‘ NOPUSH = "" ALIASES = /etc/mail/aliases YPDIR=/usr/lib/netsvc/yp SBINDIR=/usr/sbin YPDBDIR=/var/yp YPPUSH=$(YPDIR)/yppush MAKEDBM=$(SBINDIR)/makedbm MULTI=$(YPDIR)/multi REVNETGROUP=$(SBINDIR)/revnetgroup STDETHERS=$(YPDIR)/stdethers STDHOSTS=$(YPDIR)/stdhosts MKNETID=$(SBINDIR)/mknetid MKALIAS=$(YPDIR)/mkalias 16-34 Advanced System Administration for the Solaris™ Operating Environment Copyright 2002 Sun Microsystems, Inc All Rights Reserved Enterprise Services, Revision A Building Custom NIS Maps The second section of the Makefile file contains the first target, all all: passwd group hosts ipnodes ethers networks rpc services protocols \ netgroup bootparams aliases publickey netid netmasks c2secure \ timezone auto.master auto.home \ auth.attr exec.attr prof.attr user.attr audit.user The all target has several dependencies, each of which represents one of the NIS maps to be built This feature enables the entire set of NIS maps to be built by typing: # cd /var/yp; /usr/ccs/bin/make The all target is not considered to be built until each of its targets is first built Each of the targets for all depends on another target When adding custom maps to NIS, the name of the new map to be built should be added to the all target list (auto.direct in the following example) all: passwd group hosts ipnodes ethers networks rpc services protocols \ netgroup bootparams aliases publickey netid netmasks c2secure \ timezone auto.master auto.home auto.direct\ auth.attr exec.attr prof.attr user.attr audit.user Note – The fourth section is covered before the third section, because the fourth section continues the dependency thread introduced by the all target Configuring the Network Information Service (NIS) Copyright 2002 Sun Microsystems, Inc All Rights Reserved Enterprise Services, Revision A 16-35 Building Custom NIS Maps The entry in the fourth section of the Makefile file for each of the dependencies in the all target is: passwd: passwd.time group: group.time project: project.time hosts: hosts.time ipnodes: ipnodes.time ethers: ethers.time networks: networks.time rpc: rpc.time services: services.time protocols: protocols.time netgroup: netgroup.time bootparams: bootparams.time aliases: aliases.time publickey: publickey.time netid: netid.time passwd.adjunct: passwd.adjunct.time group.adjunct: group.adjunct.time netmasks: netmasks.time timezone: timezone.time auto.master: auto.master.time auto.home: auto.home.time auth.attr:auth.attr.time exec.attr:exec.attr.time prof.attr:prof.attr.time user.attr:user.attr.time audit.user:audit.user.time $(DIR)/netid: $(DIR)/timezone: $(DIR)/auto_master: $(DIR)/auto_home: $(PWDIR)/shadow: $(DIR)/auth_attr: $(DIR)/exec_attr: $(DIR)/prof_attr: $(DIR)/user_attr: $(DIR)/audit_user: 16-36 Advanced System Administration for the Solaris™ Operating Environment Copyright 2002 Sun Microsystems, Inc All Rights Reserved Enterprise Services, Revision A Building Custom NIS Maps Using the previous example of an auto.direct map, add a new map to the NIS domain by appending the appropriate entries to the end of this “second level” target and dependency pair auto.direct: auto.direct.time $(DIR)/auto_direct: After you modify the auto.direct map, the final lines from the fourth section of the Makefile file would look like: auto.master: auto.master.time auto.home: auto.home.time auto.direct: auto.direct.time auth.attr:auth.attr.time exec.attr:exec.attr.time prof.attr:prof.attr.time user.attr:user.attr.time audit.user:audit.user.time $(DIR)/netid: $(DIR)/timezone: $(DIR)/auto_master: $(DIR)/auto_home: $(DIR)/auto_direct: $(PWDIR)/shadow: The target is the auto.direct map, which depends on the auto.direct.time target The third section of the Makefile file defines the final target and dependencies, as well as instructions on how to build each map in the domain Edit the Makefile file by adding the following lines to build a new auto_direct map: auto.direct.time: $(DIR)/auto_direct -@if [ -f $(DIR)/auto_direct ]; then \ sed -e "/^#/d" -e s/#.*$$// $(DIR)/auto_direct \ | $(MAKEDBM) - $(YPDBDIR)/$(DOM)/auto.direct; \ touch auto.direct.time; \ echo "updated auto.direct"; \ if [ ! $(NOPUSH) ]; then \ Configuring the Network Information Service (NIS) Copyright 2002 Sun Microsystems, Inc All Rights Reserved Enterprise Services, Revision A 16-37 Building Custom NIS Maps $(YPPUSH) auto.direct; \ echo "pushed auto.direct"; \ else \ : ; \ fi \ else \ echo "couldn't find $(DIR)/auto_direct"; \ fi Caution – You can copy and paste lines from a section to another map; however, the proper use of tabs and spaces in the Makefile file is critical Look up the make command in the online manual pages for the correct usage of tabs and spaces Some points to consider are: q q You can use make macros in the instructions q Instructions that begin with the at (@) sign are not echoed to the terminal screen Removing the @ sign is useful for debugging new instructions q 16-38 You must indent subsequent lines of make instructions by using tabs Instructions that begin with a leading dash (–) before the @ sign not echo error messages to the terminal screen Advanced System Administration for the Solaris™ Operating Environment Copyright 2002 Sun Microsystems, Inc All Rights Reserved Enterprise Services, Revision A Troubleshooting NIS Troubleshooting NIS If only one or two clients are experiencing symptoms that indicate NIS binding difficulty, the problems are probably on those clients If many NIS clients are failing to bind properly, the problem probably exists on one or more of the NIS servers Troubleshooting NIS Server Failure Messages This section addresses some common errors associated with NIS server configuration No Server Available If your domain name is set correctly, the ypbind daemon is running, and you get messages indicating that the client cannot communicate with a server, it can indicate a number of different problems: q Does the client have a /var/yp/binding/domainname/ypservers file containing a list of servers to which it can bind? If not, enter the ypinit -c command, and specify the servers that this client should bind to, in the order of preference q If the client has a /var/yp/binding/domainname/ypservers file, does it have enough servers listed in it if a couple of servers should become unavailable? If not, add additional servers to the list by using the ypinit -c command q If none of the servers listed in the client’s ypservers file are available, the client searches for an operating server by using broadcast mode If there is a functioning server on the client’s subnet, the client will find it If there are no functioning servers on the client’s subnet, you can solve the problem in several ways: q If the client does not have a server on the subnet or have a route to one, install a new slave server on that subnet q Make sure that your routers are configured to pass broadcast packets so that the client can use broadcast to find a server on another subnet Use the netstat -r command to verify the route q If there should be a working route to a server on another network, check to see if either the in.rdisc or in.routed daemons are running If neither daemon is running, run the command /etc/init.d/inetinit start to start them Configuring the Network Information Service (NIS) Copyright 2002 Sun Microsystems, Inc All Rights Reserved Enterprise Services, Revision A 16-39 Troubleshooting NIS Note – For reasons of security and administrative control, specify the servers that a client should bind to in the client’s ypservers file rather than have the client search for servers through broadcasting Broadcasting slows down the network, as well as the client, and prevents you from balancing server load by listing different servers for different clients q Do the servers listed in a clients ypservers file have entries in the /etc/inet/hosts file? If not, add the servers to the NIS maps hosts input file, and rebuild your maps by using the ypinit -c or ypinit -s commands q Is the /etc/nsswitch.conf file set up to consult the client’s local hosts file in addition to NIS? The ypwhich Command Displays Are Inconsistent When you use the ypwhich command several times on the same client, the resulting output varies because the NIS server changes, which is normal The binding of the NIS client to the NIS server changes over time when the network or the NIS servers are busy Whenever possible, the network becomes stable at a point where all clients get an acceptable response time from the NIS servers As long as your client machine gets NIS service, it does not matter where the service comes from For example, an NIS server machine can get its own NIS services from another NIS server on the network Network or Servers Are Overloaded NIS can hang if the network or NIS servers are so overloaded that the ypserv daemon cannot get a response back to the client ypbind process within the time-out period Under these circumstances, every client on the network experiences the same or similar problems In most cases, the condition is temporary The messages usually go away when the NIS server reboots and restarts the ypserv daemon, or when the load on the NIS servers or network itself decreases Server Malfunction Make sure the servers are up and running If you are not physically near the servers, use the ping NIS_server command 16-40 Advanced System Administration for the Solaris™ Operating Environment Copyright 2002 Sun Microsystems, Inc All Rights Reserved Enterprise Services, Revision A Troubleshooting NIS NIS Daemons Not Running If the servers are up and running and you can find a client machine behaving normally, perform the ypwhich command on the client, as follows: # ypwhich If the ypwhich command does not respond, kill the ypwhich command # pkill ypwhich Log in as the root user on the NIS server, and check if the NIS daemons are running by performing the command: # ps -e | grep yp Note – Do not use the -f option with the ps command, because this option attempts to translate user IDs into names, which causes more name service lookup requests that might not succeed If either the ypbind or ypserv daemons are not running, stop and then restart the NIS services by performing the command: # /usr/lib/netsvc/yp/ypstop # /usr/lib/netsvc/yp/ypstart If both the ypserv and ypbind processes are running on the NIS server, and the ypwhich command does not respond, the ypserv process has probably You must restart the process Log in as root on the server, and kill the ypserv process # pkill ypserv Start the ypserv process by restarting the NIS services Perform the commands: # /usr/lib/netsvc/yp/ypstop # /usr/lib/netsvc/yp/ypstart Configuring the Network Information Service (NIS) Copyright 2002 Sun Microsystems, Inc All Rights Reserved Enterprise Services, Revision A 16-41 Troubleshooting NIS Troubleshooting NIS Client Failure Messages This section addresses some common errors associated with NIS client configuration Missing or Incorrect Domain Name One client has problems, the other clients are operating normally, but ypbind is running on the problem client The client might not be set to the correct domain On the client, perform the domainname command to see which domain name is set # domainname suned.Sun.COM Compare the output with the actual domain name in the /var/yp directory on the NIS master server The actual NIS domain is shown as a subdirectory in the /var/yp directory and reported with the domainname command on the master server # domainname suned.sun.com If the domain name returned by running the domainname command on a client is not the same as the server domain name listed as a directory in the /var/yp directory, the domain name specified in the client’s /etc/defaultdomain file is incorrect Log in as superuser, and correct the client’s domain name in the client’s /etc/defaultdomain file to ensure that the domain name is correct every time the machine boots Then reboot the machine Note – The domain name is case sensitive 16-42 Advanced System Administration for the Solaris™ Operating Environment Copyright 2002 Sun Microsystems, Inc All Rights Reserved Enterprise Services, Revision A Troubleshooting NIS Client Not Bound to Server If your domain name is set correctly, the ypbind daemon is running, and commands still hang, then make sure that the client is bound to a server by running the ypwhich command # ypwhich NIS_server The server to which this client is currently bound can be the NIS master server or any NIS slave server that answers the ypbind broadcast If you have just started the ypbind daemon, then enter the ypwhich command several times (typically, the first ypwhich command entry reports that the domain is not bound and the second command entry succeeds) Configuring the Network Information Service (NIS) Copyright 2002 Sun Microsystems, Inc All Rights Reserved Enterprise Services, Revision A 16-43 Performing the Exercises Performing the Exercises You have the option to complete any one of three versions of a lab To decide which to choose, consult the following descriptions of the levels: q q Level – This version of the lab provides more guidance Although each step describes what you should do, you must determine which commands (and options) to input q 16-44 Level – This version of the lab provides the least amount of guidance Each bulleted paragraph provides a task description, but you must determine your own way of accomplishing each task Level – This version of the lab is the easiest to accomplish because each step provides exactly what you should input to the system This level also includes the task solutions for all three levels Advanced System Administration for the Solaris™ Operating Environment Copyright 2002 Sun Microsystems, Inc All Rights Reserved Enterprise Services, Revision A Exercise: Configuring NIS (Level 1) Exercise: Configuring NIS (Level 1) Perform the following tasks: q Configure the following: q An NIS master server q An NIS slave server q An NIS client q Test the dynamic rebind feature q Add a custom map to NIS Preparation Choose two partners for this lab, and determine which systems to configure as the NIS master server, the NIS slave server, and the NIS client NIS_master: NIS_slave: _ NIS_client: _ domainname: _ On all systems, verify that the entries for all three hosts exist in the /etc/hosts file Refer to your lecture notes as necessary to perform the steps listed Configuring the Network Information Service (NIS) Copyright 2002 Sun Microsystems, Inc All Rights Reserved Enterprise Services, Revision A 16-45 Exercise: Configuring NIS (Level 1) Tasks Perform the following tasks: q q On the system to be the NIS master server, share the /export/home directory by using NFS Create three user accounts and set passwords for these users Configure the /etc/passwd file and the automount indirect map to allow the users to mount their home directories from the NIS master Use the ypinit -m command to initialize the NIS master Configure the /etc/nsswitch.conf file for NIS, and start the NIS server daemons q Create and configure an NIS slave server Set the NIS domain name to be the same as in the NIS master Use the ypinit -c command to configure the system as an NIS client Configure the /etc/nsswitch.conf file for NIS, and start the NIS client daemons Use the ypinit -s command to configure the system as an NIS slave server Stop and restart the NIS daemons Verify the list of servers found in the ypservers map q Create and configure an NIS client system Set the NIS domain name to be the same as in the NIS master Use the ypinit -c command to configure the system as an NIS client Configure the /etc/nsswitch.conf file for NIS, and start the NIS client daemons Test the configuration with the ypwhich command q Test the dynamic rebind feature by stopping the NIS services on the NIS master server Monitor the NIS client with the ypwhich command, and observe when the client binds to the slave server Start the NIS services on the NIS master q Make the appropriate changes in the /var/yp/Makefile file to support a new automount direct map called auto_direct Create the direct map in the /etc file Configure the direct map and NFS shares to allow all three systems to automatically mount the man pages from the NIS master server q 16-46 Create and configure an NIS master server Select an NIS domain name to use for your group of three systems Set the domain name, and record its name in the /etc/defaultdomain file Enter the touch command to create any files in the /etc directory that are required by the target all in the Makefile file Edit the automount master map and indirect map to comment out “+” entries Test if the new users can log in on all three systems Verify that their home directories automatically mount Verify that the man pages are available through the automount service on all three systems Advanced System Administration for the Solaris™ Operating Environment Copyright 2002 Sun Microsystems, Inc All Rights Reserved Enterprise Services, Revision A Exercise: Configuring NIS (Level 2) Exercise: Configuring NIS (Level 2) Perform the following tasks: q Configure the following q An NIS master server q An NIS slave server q An NIS client q Test the dynamic rebind feature q Add a custom map to NIS Preparation Choose two partners for this lab, and determine which systems to configure as the NIS master server, the NIS slave server, and the NIS client NIS_master: NIS_slave: _ NIS_client: _ domainname: _ On all systems, verify that entries for all three hosts exist in the /etc/hosts file Refer to your lecture notes as necessary to perform the steps listed Configuring the Network Information Service (NIS) Copyright 2002 Sun Microsystems, Inc All Rights Reserved Enterprise Services, Revision A 16-47 Exercise: Configuring NIS (Level 2) Task Summary Perform the following tasks: q q On the system to be the NIS master server, share the /export/home directory by using NFS Create three user accounts and set passwords for these users Configure the /etc/passwd file and the automount indirect map to allow the users to mount their home directories from the NIS master Use the ypinit -m command to initialize the NIS master Configure the /etc/nsswitch.conf file for NIS, and start the NIS server daemons q Create and configure an NIS slave server Set the NIS domain name to be the same as in the NIS master Use the ypinit -c command to configure the system as an NIS client Configure the /etc/nsswitch.conf file for NIS and start the NIS client daemons Use the ypinit -s command to configure the system as an NIS slave server Stop and restart the NIS daemons Verify the list of servers found in the ypservers map q Create and configure an NIS client system Set the NIS domain name to be the same as in the NIS master Use the ypinit -c command to configure the system as an NIS client Configure the /etc/nsswitch.conf file for NIS, and start the NIS client daemons Test the configuration with the ypwhich command q Test the dynamic rebind feature by stopping the NIS services on the NIS master server Monitor the NIS client with the ypwhich command, and observe when the client binds to the slave server Start the NIS services on the NIS master q Make the appropriate changes in the /var/yp/Makefile file to support a new automount direct map called auto_direct Create the direct map in the /etc file Configure the direct map and NFS shares to allow all three systems to automatically mount the man pages from the NIS master server q 16-48 Create and configure an NIS master server Select an NIS domain name to use for your group of three systems Set the domain name, and record its name in the /etc/defaultdomain file Enter the touch command to create any files in the /etc directory that are required by the target all in the Makefile file Edit the automount master map and indirect map to comment out “+” entries Test if the new users can log in on all three systems Verify that their home directories automatically mount Verify that the man pages are available through the automount service on all three systems Advanced System Administration for the Solaris™ Operating Environment Copyright 2002 Sun Microsystems, Inc All Rights Reserved Enterprise Services, Revision A ... hosts localhost 127 .0.0.1 sysprint 1 92 .1 68. 30.70 sys44 1 92 .1 68. 30.44 sys43 1 92 .1 68. 30.43 sys 42 1 92 .1 68. 30. 42 sys41 1 92 .1 68. 30.41 q localhost sysprint sys44 loghost sys43 sys 42 sys41 ypmatch [... training.sun.com domain, as well as the sun.com domain # cat /etc/resolv.conf nameserver 1 92 .1 68. 10.11 nameserver 1 92 .1 68 .20 .88 search suned.sun.com training.sun.com sun.com Note – Using the domain directive... service, as shown in Figure 15 -2 Press F2 to continue Figure 15 -2 Name Service Window 15 -2 Advanced System Administration for the Solaris? ?? Operating Environment Copyright 20 02 Sun Microsystems, Inc