Configuring the Network Infomation Service (NIS) (part5)
You should have at least one NIS slave server to provide backup if the NIS master server becomes unavailable. To configure an NIS slave server, complete the following steps on the system that you want to designate as the slave server:
- Edit the /etc/inet/hosts file to ensure that the NIS master and all NIS slave servers have been defined.
- Execute the domainname command to set the local NIS domain.
# domainname domainname
For example:
# domainname classroom.Central.Sun.COM
- Create or populate the /etc/defaultdomain file with the domain name.
- Initialize the system as an NIS client by performing the command:
# ypinit -c
- When the system prompts for a list of NIS servers, enter the NIS master host followed by the name of the local host and all other NIS slave servers on the local network.
- Copy the /etc/nsswitch.nis file to the /etc/nsswitch.conf file. If necessary, modify the file.
- On the NIS master, ensure that the ypserv process is running by performing the command:
# pgrep -fl ypserv
If it is not running, refer to the previous section on how to start NIS daemons on the master.
- Return to the proposed NIS slave system, and enter the ypstart command to start the ypbind daemon.
# svcadm enable svc:/network/nis/client:default
- Initialize the system as an NIS slave by performing the command:
# ypinit -s master
where master is the name of the NIS master.
Note: If you did not add the name of the NIS slave server when you initially configured the NIS master server using the ypinit command, enter the ypinit -m command once more on the NIS master server. In the process of updating the NIS master, the script prompts you for confirmation when it is about to destroy the existing domain database. Confirm by entering y. - Before starting the ypserv daemon on the slave server, stop the client with the command:
# svcadm disable svc:/network/nis/client:default
- When the NIS server is started, it also starts the ypbind client daemon.
# svcadm enable svc:/network/nis/server:default
- To test NIS client functionality on the newly configured NIS slave server, perform the command:
# ypwhich -m
The output shows a list of maps together with the NIS master server for each map.
Because database files change with time, you must update your NIS maps. To update the NIS maps (on the master server), complete the following steps:
- Update the text files in your source directory (typically, /etc, unless it was changed in the Makefile file).
- Change to the /var/yp directory.
# cd /var/yp
- Refresh the NIS database maps using the make utility.
# /usr/ccs/bin/make
If the NIS master is running the rpc.yppasswdd daemon, any client system can update the NIS password map by using the yppasswd or passwd commands, as shown in the image.
To update the password map complete the following steps:
- Run the rpc.yppasswdd daemon on the NIS master server
# /usr/lib/netsvc/yp/rpc.yppasswdd /$PWDIR/passwd -m passwd
When users change their NIS passwords, the rpc.yppasswdd daemon updates the NIS master’s /$PWDIR/passwd file and passwd map. The passwd map is then pushed to all slave servers.
- Enter the passwd command on any NIS client.
$ passwd Changing NIS password for user1 on server1. Old password: New password: Retype new password: NIS entry changed on server1
The following steps manually update the NIS timezone map on the master server and propagate all maps to the slave servers:
- Edit the source file on the NIS master.
# vi /etc/timezone
- Remake and push the NIS maps to the slave servers.
# cd /var/yp; /usr/ccs/bin/make
- If the push from the master server fails, the following command runs on the slave server and manually “pulls” only the timezone map from the master server.
# /usr/lib/netsvc/yp/ypxfr timezone.byname
- To pull all of the maps from the master server at once, perform the command:
# ypinit -s nis_master
- If the push from the master server fails, the following command runs on the slave server and manually “pulls” only the timezone map from the master server.
Sometimes maps fail to propagate, and you must manually use the ypxfr command to retrieve new map information. To automate the updating and propagating of NIS maps on slave servers, you can install shell scripts to run as cron jobs. Because maps have different rates of change, scheduling a map transfer by using the crontab command enables you to set specific propagation intervals for individual maps.
The Solaris OS provides several template scripts in the /usr/lib/netsvc/yp directory that you can use and modify to meet your local site requirements. These scripts are useful when slave servers are down during NIS map propagations.
The image shows you how to update passwd maps using slave servers with scripts. When slave servers are down, they might not receive the update unless you run a “safety valve” script.
Using the ypxfr_1perhour Script
The following text lists the contents of the ypxfr_1perhour script that, if run hourly using the cron daemon, ensures that the NIS slave server’s passwd map is never more than one hour out of date.
#! /bin/sh # # Copyr 1990 Sun Microsystems, Inc. #ident “@(#)ypxfr_1perhour.sh 1.2 00/05/01 SMI” # # ypxfr_1perhour.sh - Do hourly NIS map check/updates # PATH=/bin:/usr/bin:/usr/lib/netsvc/yp:$PATH export PATH # set -xv ypxfr passwd.byname ypxfr passwd.byuid
Using the ypxfr_1perday Script
The following output details the contents of the ypxfr_1perday script. If run daily using the cron daemon, the script ensures that the NIS slave server’s NIS maps for the group, protocols, networks, services, and ypservers keys are never more than one day out of date.
#! /bin/sh # # Copyr 1990 Sun Microsystems, Inc. #ident “@(#)ypxfr_1perday.sh 1.2 00/05/01 SMI” # # ypxfr_1perday.sh - Do daily NIS map check/updates # PATH=/bin:/usr/bin:/usr/lib/netsvc/yp:$PATH export PATH # set -xv ypxfr group.byname ypxfr group.bygid ypxfr protocols.byname ypxfr protocols.bynumber ypxfr networks.byname ypxfr networks.byaddr ypxfr services.byname ypxfr ypservers
Using the ypxfr_2perday Script
The following output details the contents of the ypxfr_2perday script. If run twice daily using the cron daemon, the script ensures that the NIS slave server’s NIS maps for the hosts, ethers, netgroups keys, and mail aliases are never more than 12 hours out of date.
#! /bin/sh # # Copyr 1990 Sun Microsystems, Inc. #ident “@(#)ypxfr_2perday.sh 1.2 00/05/01 SMI” # # ypxfr_2perday.sh - Do twice-daily NIS map check/updates # PATH=/bin:/usr/bin:/usr/lib/netsvc/yp:$PATH export PATH # set -xv ypxfr hosts.byname ypxfr hosts.byaddr ypxfr ethers.byaddr ypxfr ethers.byname ypxfr netgroup ypxfr netgroup.byuser ypxfr netgroup.byhost ypxfr mail.aliases