SUMMARY: NIS+ on solaris: Directions

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I had over 30 requests for the document from Bill. Well, folks, here it is.

>From uunet!access.com!bill Fri May 14 08:45:39 1993
Return-Path: <uunet!access.com!bill>
Received: from uunet.UUCP by etnsed.COM (4.1/SMI-4.1)
        id AA29979; Fri, 14 May 93 08:45:39 CDT
Received: from csn.org by relay2.UU.NET with SMTP
        (5.61/UUNET-internet-primary) id AA09752; Fri, 14 May 93 09:33:29 -0400
Received: from access.access.com (access.com) by csn.org with SMTP id AA09100
  (5.65c/IDA-1.4.4); Fri, 14 May 1993 07:33:13 -0600
Received: from melblanc.access.com (tech) by access.access.com with SMTP id AA04502
  (5.65c/IDA-1.5); Fri, 14 May 1993 07:29:28 -0600
Received: from hobbes.looneytunes (hobbes) by melblanc.access.com with SMTP id AA05781
  (5.65c/IDA-1.5); Fri, 14 May 1993 07:30:48 -0600
Date: Fri, 14 May 1993 07:30:48 -0600
From: Bill Hunter <uunet!access.com!bill>
Message-Id: <199305141330.AA05781@melblanc.access.com>
To: ahaque@etnsed.COM
Subject: Re: Help!
Cc: xhaque@etnsed.COM
X-Sun-Charset: US-ASCII
Status: OR

here is what i use.

print it out with enscript -2r -B --h -fCourier-Bold9 and
it will look real nice. hope it helps.

bill

                                                LAB EXAMPLE:

        host sub-host rep clientA
        ==== ======== === =======
        root server master server replica client of
        of foo.bar. of sub.foo.bar. server of sub.foo.bar.
                                                        sub.foo.bar

(A) CONFIGURE ROOT SERVER FOR foo.bar.
======================================
<host># domainname foo.bar. #set the domain name

<host># echo `domainname`>/etc/defaultdomain #add it to the file

<host># cp /etc/nsswitch.nisplus /etc/nsswitch.conf #use right conf file

<host># ps -ef | grep keyserv #get PID of keyserv

<host># kill <PID>;/usr/sbin/keyserv #kill & restart keyserv

<host># nisinit -r #initializes root server

<host># rpc.nisd -rS 0 #start daemon w/o security

<host># /usr/lib/nis/nissetup `domainname` #build empty tables

<host># nisaddcred des #create RPC keypair for server
                                                        #enter root's password

<host># /usr/lib/nis/nisupdkeys `domainname`

<host># /usr/lib/nis/nisupdkeys org_dir.`domainname`

<host># /usr/lib/nis/nisupdkeys groups_dir.`domainname`

<host># nischmod n+r,g+rcmd foo.bar org_dir groups_dir

<host>#keylogin -r #write copy of root's secretkey
                                                        #into /etc/.rootkey

<host># ps -ef | grep nisd #get rpc.nisd's PID

<host># kill <PID>;rpc.nisd -r #kill & restart w/ security

(B) Add data into domain.
=========================
#!/sbin/sh
# Simple example script to add data into domain.

for i in passwd ethers group services protocols rpc hosts
do
        echo $i
        cat /etc/$i | /usr/lib/nis/nisaddent $i
done

(C) Add Authorized clients.
===========================
# Simple 'for loop' to add credentials for root@machine on clients.
# Notice no trailing 'dot' on unix.$client@foo.bar
# This will prompt you for a network password for the clients

#!/sbin/sh
for client in `awk '{ print $2 }' /etc/hosts | egrep -v "(localhost|Internet)"`
#for client in moe curly shemp #alternate way of doing it
do
        nisaddcred -p unix.$client@foo.bar -P $client.`domainname` des
done

# NOTE: client indicates all from above script is following example.

<client># cp /etc/nsswitch.nisplus /etc/nsswitch.conf

<client># domainname foo.bar.; echo `domainname`>/etc/defaultdomain

<client># nisinit -c -H <host> #make sure root master is in /etc/hosts

<client># keylogin -r

<client># ps -ef | grep keyserv #get PID of keyserv

<client># kill <PID>;/usr/sbin/keyserv #kill & restart keyserv

(D) Add credentials for users.
==============================
# Example: user=admin1, uid=300

<host># nisaddcred -p 300 -P admin1.`domainname` local

<host># nisaddcred -p unix.300@foo.bar -P admin1.`domainname` des

Enter Password:

(E) Create a group of admininstrators.
======================================
# Example: group=admins.`domainname`, users=admin1,admin2
# Time to live set to 1 minute so it won't be cached too long on server.

<host># nisgrpadmn -c admins.`domainname`

<host># nischttl 60 admins.groups_dir.`domainname`

<host># nisgrpadm -a admins.`domainname` admin1.`domainname` admin2.`domainname`

<host># nischgrp admins.`domainname` `domainname` org_dir.`domainname` \
        groups.`domainname` cred.org_dir

<host># nischmod g+rcmd cred.org_dir

(F) Create a SubDomain.
=======================
# This example creates "sub-host" as a non-root master for the
# subdomain "sub.foo.bar.". Remember that "sub-host" MUST first
# be a client of the domain "foo.bar." which was set up in step C.

<sub-host># rpc.nisd
<sub-host># nismkdir -m sub-host sub.foo.bar.
<sub-host># /usr/lib/nis/nisupdkeys sub.foo.bar.
<sub-host># /usr/lib/nis/nissetup sub.foo.bar.

(G) Add data to SubDomain.
==========================
# Another simple "do loop" script.

#!/sbin/sh
for i in passwd ethers group services protocols rpc hosts
do
        echo $i
        cat /etc/$i | /usr/lib/nis/nisaddent $i sub.foo.bar.
done

(H) Create a Replica Server of a SubDomain.
===========================================
# This example creates "rep" as a replica server for the sub-domain
# "sub.foo.bar." Again, "rep" must be a client in domain foo.bar.
# that was set up in step C.

<rep># rpc.nisd

<sub-host># nismkdir -s rep sub.foo.bar.

<sub-host># nismkdir -s rep org_dir.sub.foo.bar.

<sub-host># nismkdir -s rep groups_dir.sub.foo.bar.

# Now the replica needs data. This is a one-time bulk transfer,
# done with nisping.
# After this, only out of date data will be transferred.

<sub-host># /usr/lib/nisping sub.foo.bar.

<sub-host># /usr/lib/nisping org_dir.sub.foo.bar.

<sub-host># /usr/lib/nisping groups_dir.sub.foo.bar.

# You could verify the replica by halting sub-host. Then issue
# niscat -h hosts.org_dir.sub on rep and you should see the
# /etc/hosts database for this sub-domain.

(I) Add Client Systems into SubDomain.
======================================
# Notice no trailing 'dot' on unix.$client@foo.bar
<host># nisaddcred -p unix.$clientA@foo.bar -P $clientA.sub.`domainname`\
des sub.`domainname`

<clientA># cp /etc/nsswitch.nisplus /etc/nsswitch.conf

<clientA># domainname sub.foo.bar.

<clientA># echo `domainname`>/etc/defaultdomain

<clientA># nisinit -c -H master_machine_name

<clientA># keylogin -r

Password:

<clientA># ps -ef | grep keyserv

<clientA># kill <PID>;/usr/sbin/keyserv

/'''
c-00 bill hunter bill@access.com i have a photographic memory,
   \ access graphics (303)545-1167 but i'm out of film!
  - 1426 pearl / boulder,co 80302

-- 
Haque

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:07:51 CDT