11 Naming Services Overview 11-25 Copyright 2000 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services September 2000, Revision A.1 6. If you decide to use the NIS for name service resolution, what template file would you use to create the name service switch file? /etc/nsswitch.nis 7. What does it mean if the following entry exists in the name service switch file? hosts: nis [NOTFOUND=return] files Assuming that the NIS name service is running, the syntax for this entry means that only the NIS hosts table is searched. If a NIS server has no map entry for a host lookup, the system would not reference the local files. Remove the [NOTFOUND=return] entry if you want to search the NIS hosts table and the local hosts file. 8. Is the following an appropriate entry to the /etc/nsswitch.conf file? Why or why not? groups: dns files nis This entry does not make sense because dns only applies to the hosts entry in the name service switch file. 11 11-26 Solaris™ 8 Operating Environment System Administration II Copyright 2000 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services September 2000, Revision A.1 Check Your Progress Before continuing on to the next module, check that you are able to accomplish or answer the following: ❑ Describe the concept of a naming service ❑ List the available naming services ❑ Compare the functionality of naming services ❑ Describe the name service switch process and determine which configuration is appropriate for your network 12-1 Copyright 2000 Sun Microsystems, Inc. All RightsReserved. Enterprise Services September 2000, Revision A.1 NIS 12 Objectives Upon completion of this module, you should be able to: ● Describe the NIS components, master server, slave server, and client, and the NIS processes ● Configure an NIS master, slave, and client ● List the steps to add a new NIS map ● Use commands to update and propagate an NIS map Additional Resources Additional resources – The following references provide additional details on the topics discussed in this module: ● Solaris Naming Administration Guide, Sun Part Number 806-1387-10 ● Solaris Naming Setup and Configuration Guide, Sun Part Number 806-1386-10 12 12-2 Solaris™ 8 Operating Environment System Administration II Copyright 2000 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services September 2000, Revision A.1 Introduction to NIS Concepts NIS enables the creation of server systems that act as central repositories for several of the administrative files found on UNIX systems. The benefits of NIS include: ● Centralized administration of files ● Better scaling of file administration as networks grow As Figure 12-1 illustrates, NIS is organized into named administrative domains. Within each domain exists one NIS master server, zero or more slave servers, and one or more clients. Figure 12-1 NIS Domains NIS Master Server Within each domain, the NIS master server: ● Contains the original /etc ASCII files used to build the NIS maps ● Contains the NIS maps generated from the ASCII files ● Provides a single point of control for the entire NIS domain ● Is easy to set up Maps Master server Client Slave server ClientClient Client Push Make ASCII Maps 12 NIS 12-3 Copyright 2000 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services September 2000, Revision A.1 NIS Slave Servers Within each domain, the NIS slave servers: ● Do not contain the original /etc ASCII files (which are used to build the NIS maps) ● Contain copies of the NIS maps copied from the NIS master server ● Provide a backup repository for NIS map information ● Provide redundancy in case of server failures ● Provide load sharing on large networks NIS Clients Within each domain, the NIS clients: ● Do not contain the original /etc ASCII files (which are used to build the NIS maps) ● Do not contain any NIS maps ● Bind to the master server or a slave server to obtain access to the administrative file information contained in that server’s NIS maps ● Dynamically rebind to another server in case of server failure ● Make all appropriate system calls aware of NIS Note – All hosts in the NIS environment are clients, including the NIS master and slaves. 12 12-4 Solaris™ 8 Operating Environment System Administration II Copyright 2000 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services September 2000, Revision A.1 NIS Processes The two main processes involved in the running of an NIS domain are: ● ypserv – Runs on master and slave servers ● ypbind – Runs on master and slave servers, as well as client systems There are three daemons that used in an NIS domain on the master server: ● rpc.yppasswdd ● ypxfrd ● rpc.ypupdated Figure 12-2 illustrates a domain with these NIS processes and daemons. Figure 12-2 NIS Processes and Daemons ypserv ypbind ypbind ypbind ypbind ypserv ypbind rpc.yppasswdd ypxfrd rpc.ypupdated ypbind Maps Master server Client Slave server ClientClient Client Push Make ASCII Maps 12 NIS 12-5 Copyright 2000 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services September 2000, Revision A.1 The ypserv Daemon The ypserv daemon is a utility that: ● Runs on master and slave servers ● Answers ypbind requests from clients ● Responds to client information requests The ypbind Daemon The ypbind daemon is a process that: ● Runs on all NIS systems, servers as well as clients ● Makes initial client-to-server binding requests ● Stores binding information in the /var/yp/binding/ domainname directory ● Rebinds to another server if the connection is lost with the initial server ● Requests NIS map information at the library-call level The rpc.yppasswdd Daemon The rpc.yppasswdd daemon is a process that: ● Allows users to change their passwords ● Updates the /etc/passwd and /etc/shadow files on the master server ● Updates the NIS password map ● Provides or “pushes” the NIS password map to all slave servers 12 12-6 Solaris™ 8 Operating Environment System Administration II Copyright 2000 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services September 2000, Revision A.1 The ypxfrd Daemon The ypxfrd daemon is a process that: ● Runs on the NIS master server only ● Responds to slave requests (using ypxfr) to pull the maps from the master ● Transfers NIS maps at high speed The rpc.ypupdated Daemon The rpc.ypupdated daemon is a process that: ● Runs on the NIS master server only ● Updates the publickey map if secure RPC is enabled 12 NIS 12-7 Copyright 2000 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services September 2000, Revision A.1 The Structure of NIS Maps NIS maps are located in the /var/yp/ domainname directory (where domainname is the name of the NIS domain). There are two files (.pag and .dir file) for each map in this directory. NIS Maps Filenames The syntax for the NIS maps is: map . key .pag or map . key .dir where: ● map – The base name of the map (hosts, passwd, and so on) ● key – The map’s sort key (byname, byaddr, and so on) ● pag – The map’s data ● dir – An index to the .pag file if the .pag file is large The .dir file can be empty if the .pag file is small. 12 12-8 Solaris™ 8 Operating Environment System Administration II Copyright 2000 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services September 2000, Revision A.1 Map Contents and Sort Keys The contents of each map is a key and value pair. The key represents the data used to perform the lookup in the map while the value represents the data returned upon a successful lookup. Maps can be duplicated in the /var/yp/ domainname directory; they represent the results of the sorting of the map’s data based on different keys. For example, the map /var/yp/ domainname /hosts.byaddr.pag contains the data for the hosts map indexed by host IP addresses. Similarly, the /var/yp/ domainname /hosts.byname.pag map contains the same host data using the host name as the lookup key. For the domain name training, the following would be a list of the NIS map files for the hosts map: ● /var/yp/training/hosts.byname.pag ● /var/yp/training/hosts.byname.dir ● /var/yp/training/hosts.byaddr.pag ● /var/yp/training/hosts.byaddr.dir Commands to Read Maps You can use two commands to read maps: ● ypcat [ -k ] map – This command is similar to the cat file command ● ypmatch [ -k ] value map – This command is similar to the grep value file command [...]... 12- 18 Solaris 8 Operating Environment System Administration II Copyright 2000 Sun Microsystems, Inc All Rights Reserved Enterprise Services September 2000, Revision A.1 12 Configuring the NIS Client Typically, you configure all systems within a NIS domain as clients: 1 Copy the /etc/nsswitch.nis file to /etc/nsswitch.conf and modify it if necessary 2 Edit the /etc/hosts file... the previous section on how to start NIS daemons on the master 8 Return to the proposed NIS slave system and run ypstart # /usr/lib/netsvc/yp/ypstart 12-20 Solaris 8 Operating Environment System Administration II Copyright 2000 Sun Microsystems, Inc All Rights Reserved Enterprise Services September 2000, Revision A.1 12 9 Initialize the system as an NIS slave with the following command: # ypinit -s... of date #! /bin/sh # # @(#)ypxfr_1perhour.sh 1.9 92/12/ 18 Copyright 1999 Sun Microsystems, # Inc # # ypxfr_1perhour.sh - Do hourly NIS map check/updates # PATH=/bin:/usr/bin:/usr/lib/netsvc/yp:$PATH export PATH # set -xv ypxfr passwd.byname ypxfr passwd.byuid 12-26 Solaris 8 Operating Environment System Administration II Copyright 2000 Sun Microsystems, Inc All Rights Reserved Enterprise Services September... 12-10 Solaris 8 Operating Environment System Administration II Copyright 2000 Sun Microsystems, Inc All Rights Reserved Enterprise Services September 2000, Revision A.1 12 The ypinit Command and the NIS Makefile The NIS maps are generated by the NIS configuration binary, /usr/sbin/ypinit, and the make command The ypinit command reads the /var/yp/Makefile for source file locations and converts ASCII source... on page 12-12 shows the important files on the NIS master NIS 12-11 Copyright 2000 Sun Microsystems, Inc All Rights Reserved Enterprise Services September 2000, Revision A.1 12 Figure 12-3 12-12 Important Files on the NIS Master Solaris 8 Operating Environment System Administration II Copyright 2000 Sun Microsystems, Inc All Rights Reserved Enterprise Services September 2000, Revision A.1 12 Configuring... once using the following command: # ypinit -s nis_master 12-22 Solaris 8 Operating Environment System Administration II Copyright 2000 Sun Microsystems, Inc All Rights Reserved Enterprise Services September 2000, Revision A.1 12 Updating the NIS Password Map If the NIS master is running the rpc.yppasswdd daemon, you can update any client system to the NIS password map by using the yppasswd or passwd... 12-23 Copyright 2000 Sun Microsystems, Inc All Rights Reserved Enterprise Services September 2000, Revision A.1 12 q Run the passwd command on any NIS client % passwd Changing NIS password for user1 on server1 Old password: New password: Retype new password: NIS entry changed on server1 12-24 Solaris 8 Operating Environment System Administration II Copyright 2000 Sun Microsystems, Inc All Rights Reserved... Caution – Installations that select Core, End User, or Developer software configuration clusters do not have all of the necessary files in the /usr/lib/netsvc/yp to allow a host to function as an NIS server Solaris 8 Operating Environment System Administration II Copyright 2000 Sun Microsystems, Inc All Rights Reserved Enterprise Services September 2000, Revision A.1 12 Accessing and Testing the NIS Service... allowing for hierarchical building of complex code structures When making NIS maps, you should keep the target and dependency relationship is fairly simple 12- 28 Solaris 8 Operating Environment System Administration II Copyright 2000 Sun Microsystems, Inc All Rights Reserved Enterprise Services September 2000, Revision A.1 12 First Section of Makefile The NIS Makefile is located in the /var/yp directory... are indented by tabs (This is required.) Instructions that begin with a leading dash (–), occurring before the leading @ sign, do not have error messages echoed to the terminal Solaris 8 Operating Environment System Administration II Copyright 2000 Sun Microsystems, Inc All Rights Reserved Enterprise Services September 2000, Revision A.1 . module: ● Solaris Naming Administration Guide, Sun Part Number 80 6-1 387 -10 ● Solaris Naming Setup and Configuration Guide, Sun Part Number 80 6-1 386 -10 12 12-2 Solaris 8 Operating Environment System Administration. .dir file can be empty if the .pag file is small. 12 12 -8 Solaris 8 Operating Environment System Administration II Copyright 2000 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services. of a client. (You should first save a copy of the original Makefile.) 12 12-10 Solaris 8 Operating Environment System Administration II Copyright 2000 Sun Microsystems, Inc. All Rights Reserved.