SUMMARY: Re: NIS+ AND NIS CHOICES

From: Jasjit K. Singh (singhjk@frc.com)
Date: Fri Sep 02 1994 - 02:43:24 CDT


Original posting:

>
>
> Dear Sun Managers:
>
> We have a SunOS 4.1.3 11 sun4m machine as the NIS master. Two of the Solaris 2.3
>machines that act as the subnet servers are to be made the replicas for the NIS
>master.
>
> What are your suggestions?
>
> 1) Run NIS+ on the master and the replicas
> 2) Run NIS on the master and NIS+ in compatibility mode on the replicas
> 3) .....
>

-------------------------------------------------------------------------------

Thanks for all those who responded :

Torsten Metzner <tom@uni-paderborn.de>
jun@crick.ssctr.bcm.tmc.edu (Jun Wu)
Danny Barron <dbarron@csci0.uark.edu>
epl@Kodak.COM (Gene Loriot (epl@kodak.com))
pburyk@leis.leis.bellcore.com (Patrick Buryk)
Dan Stromberg - OAC-DCS <strombrg@bingy.acs.uci.edu>
Joe Konczal <konczal@mail-gw.ncsl.nist.gov>

and saved me the hassle of breaking the machines and then finding the problems.
Torsten Metzner and Joe Konczal's responses have made up my mind to go with NIS
master and NIS slaves. Will wait till Solaris 2.4 and then think about NIS+.
Thanks!!

RESPONSES:
==========
-------------------------------------------------------------------------------

From: jun@crick.ssctr.bcm.tmc.edu (Jun Wu)

Run 4.1.3 as NIS master server, and Solaris 2.3 as NIS slave server. You can
use NSKIT from Sun to make Solaris 2.3 machine run NIS. Don't mess with
NIS+ until it's stable. We are stuck with it now and it is the most
ugly program I've ever seen from Sun.

Jun

--
       o o o o o o . . .    ____===_T__ ____========_T__ ____=========_T__
     o      _____          || Jun Wu  | |System Support| |jun@bcm.tmc.edu|
   .][__n_n_|DD[  ====____  |~{Nb>|~} | |Baylor College| | uunet!bcm!jun | |
  >(________|__|_[________]_|_________|_|_of Medicine__|_|_713-798-8356__|_|
 __/oo OOOOO oo`  ooo  ooo  'o^o   o^o` 'o^o        o^o` 'o^o         o^o`

--------------------------------------------------------------------------------

From: Torsten Metzner <tom@uni-paderborn.de>

I think you mean slave servers if you speak about NIS. If you don't need NIS+, then use NIS, because it is more stable. But read my notes to (2), because there are a lot of problems with a SunOS4.1.3 master server and Solaris2.3 slave servers. In my opinion, it's not possible to have a NIS master server and a NIS+ replica Server ( more exakt a NIS+ slave server ) for the same domain. But there exist a NISkit for Solaris2.3. But be careful there are a lot of problems with the NISkit and a Solaris 2.3 Slave Server if the master server is a 4.1.3 machine. Two weeks ago, two of our SunOS4.1.3 Slave Servers were changed by Solaris 2.3 slave servers ( SS20 and SS1000 ) and we got a lot of problems. (1) SunOS4.1.3 clients couldn't resolve names in the nets wich were served by the Solaris machines. There exist an unoffical patch for this problem. The patch number is: T101363-06 More exakt: NISkit needs patch 101363-03, but then DNS forwarding doesn't work on SunOS4.1.3 clients, so you need patch T101363-06. Great, isn't it. (2) In the SS1000 net, we got three more problems. (i) Bug Id: 1167591 Category: bincompat Subcategory: lib Release summary: s1093 Synopsis: niskit with various revisions of patches creates defunct processes Integrated in releases: Patch id: Description: ypserv causes defunct processes to be created on every call to ypserv, until the process table fills up with processes, and the machine stops. This condition occurs when 101316-42,45,46 AND 101484-03 are loaded together, using niskit 1.0 or 1.1 RESULT TABLE WITH NISKIT 1.0 101484 not loaded 101484-03 101316-36 WORKS WORKS 101316-42 WORKS FAILS 101316-45 WORKS FAILS 101316-46 WORKS FAILS After loading a machine with a configuration of patches which fail, the following can be reproduced. p4m-30a# repeat 10 ypcat hosts > /dev/null & p4m-30a# ps -ef UID PID PPID C STIME TTY TIME COMD root 0 0 80 12:44:04 ? 0:01 sched root 1 0 74 12:44:09 ? 0:01 /etc/init - root 2 0 2 12:44:09 ? 0:00 pageout root 3 0 15 12:44:09 ? 0:00 fsflush root 197 1 27 12:45:13 ? 0:00 /usr/lib/saf/sac -t 300 root 198 1 53 12:45:13 console 0:00 /usr/lib/saf/ttymon -g -h -p p4m-30a console login: -T sun -d /dev/console -l root 200 197 36 12:45:15 ? 0:00 /usr/lib/saf/ttymon root 95 1 80 12:44:37 ? 0:03 /usr/sbin/rpcbind root 122 1 80 12:44:50 ? 0:01 /usr/sbin/inetd -s root 87 1 6 12:44:35 ? 0:00 /usr/sbin/in.rdisc -s root 97 1 7 12:44:38 ? 0:00 /usr/sbin/keyserv root 102 1 80 12:44:39 ? 0:01 /usr/lib/netsvc/yp/ypbind root 104 1 33 12:44:39 ? 0:00 /usr/sbin/kerbd root 113 1 62 12:44:42 ? 0:01 /usr/lib/netsvc/yp/ypserv root 129 1 32 12:44:51 ? 0:00 /usr/lib/autofs/automountd root 133 1 40 12:44:52 ? 0:00 /usr/lib/nfs/statd root 135 1 80 12:44:52 ? 0:01 /usr/lib/nfs/lockd root 146 1 40 12:44:55 ? 0:00 /usr/sbin/syslogd root 169 1 71 12:45:08 ? 0:00 /usr/lib/lpsched root 159 1 24 12:45:04 ? 0:00 /usr/sbin/cron root 154 122 77 12:44:58 ? 0:01 in.rlogind sdw 156 154 80 12:45:00 pts/0 0:01 -sh root 177 169 22 12:45:09 ? 0:00 lpNet root 178 1 17 12:45:10 ? 0:00 /usr/lib/sendmail -bd -q1h root 206 204 80 12:45:40 pts/0 0:00 csh root 231 206 26 12:46:12 pts/0 0:00 ps -ef root 204 156 48 12:45:31 pts/0 0:00 sh root 209 113 5 0:00 <defunct> root 211 113 6 0:00 <defunct> root 213 113 6 0:00 <defunct> root 215 113 7 0:00 <defunct> root 217 113 6 0:00 <defunct> root 219 113 6 0:00 <defunct> root 224 113 7 0:00 <defunct> root 222 113 6 0:00 <defunct> root 226 113 6 0:00 <defunct> root 228 113 7 0:00 <defunct> To Reproduce: - Install desktop at Solaris 2.3 (SUNWCall) - Install patches 101484-03 and 101318-45 - Install NISKit 1.0 - Configure as NIS master or slave - Force server to bind to self (Easy if on it's own test domain) - Reboot - Login and query NIS - Watch for the defunct processes parented by ypserv Work around: Back out the patches installed and go to a previous revision level. Get a beta copy of niskit 1.1 and run it. Both the workarounds require that the customer has already broken their machine to discover the problem. History: Submitter: steve.d.white@uk Date: 05/24/94 Dispatch Operator: bugtraq Date: 05/24/94 Evaluator: sperbeck Date: 05/24/94 Closeout Operator: jrt Date: 05/26/94 (ii) The automounter becomes very very slow. Sometimes you need more then two minutes to rlogin in another host. (iii) Sometimes ( very often ), mostly if you display some X-Applikation from a remote host, the XNEWS-Server hangs for more then 4 minutes and then everything works well again. NISkit 1.1 ( it's also unofficial ) solves the problems (i) - (iii) but be careful, because NISkit1.1 sais: DISCLAIMER: ----------- THIS IS BETA SOFTWARE. THAT MEANS THAT YOU SHOULDN'T BE SURPRISED WHEN THERE ARE PROBLEMS. IF THE CORRECT WORKING OF THIS SOFTWARE IS CRITICAL TO YOUR FUTURE, YOU SHOULDN'T EVEN CONSIDER USING IT. and we got a new problem. After three days without any problems Solaris2.3 strikes back. No client in the SS1000 net could find his NIS-Server ( the SS1000 ). We haven't solve this problem yet. For this reason another SS10 ( SunOS4.1.3 ) in this net becomes a slave server, so that the people in this net ( Me, too ) can work. You see there are a lot of problems with a Solaris2.3 Slave Server. If you can avoid it you should do it and use a SunOS4.1.3 Slave Server instead. Hope this helps, Torsten. ------------------------------------------------------------------------------- My address : Torsten Metzner E-Mail: tom@uni-paderborn.de Rechnerbetreuung Mathematik Tel.: +49 5251 603898 or Universitaet-GH Paderborn Tel.: +49 5251 602634 FB 17 - Mathematik Fax : +49 5251 603836 Warburger Str. 100 33098 Paderborn Germany

------------------------------------------------------------------------------- From: Danny Barron <dbarron@csci0.uark.edu>

I wasn't the one at our site who set up NIS+ (at least most of it), but I did do our initial setup with NIS. I can say that NIS+ offers greater security, but at the risk of also greater pains in setup (both initial and setup of user accts etc). NIS+ DOES work if you do everything right and cross your fingers. If you have the time to trial and error a time or two, I'd suggest NIS+ (for it's greater stability and security (from my experiences)). Danny Barron

----------------------------------------------------------------------------------

From: epl@Kodak.COM (Gene Loriot (epl@kodak.com))

We run only Solaris 2.3/NIS+; and have one NIS+ replica in each name space. This works fine. A word of caution: less is better...DO NOT have any more than one replica server in any one name space, and if you have a subnet that is well attached (good, and reliable network connection) I might try not having a replica server in that space. -- #### ###### Gene Loriot E-mail: epl@Kodak.COM ### ######## Eastman Kodak Company Voice: (716) 724-6962 ## ########## Customer Equipment Services Fax: (716) 724-9860 # ### KODAK ## 343 State Street ## ########## Mail Code: 00708 ### ######## Rochester, New York 14650-0708 #### ###### U. S. A. [On a clear DISK you can SEEK forever]

-------------------------------------------------------------------------------------

From: pburyk@leis.leis.bellcore.com (Patrick Buryk)

Jasjit - As long as you're running a 4.1.3 "NIS" master, why not use "NIS" on your Solaris slaves? You can purchase the "NIS Naming Services Transition Kit" from Sun that will allow you to load up NIS (not NIS+) on your Solaris master and slave servers, so you can keep things status quo, until you're ready to migrate to NIS+. I've done this at two other client sites and it has performed as well as it did under 4.1.3.

Patrick Buryk Bellcore (908) 699-4089

---------------------------------------------------------------------------------------

From: Dan Stromberg - OAC-DCS <strombrg@bingy.acs.uci.edu>

NIS+ with NIS+ replicas, or NIS with NIS slaves.

You can have NIS clients of an NIS+ server (compat mode), but I believe you cannot do NIS slaves of an NIS+ master, nor an NIS+ replica of an NIS master.

----------------------------------------------------------------------------------------

From: Joe Konczal <konczal@mail-gw.ncsl.nist.gov>

Avoid using NIS+ if possible. I will be switching back to NIS.

I have heard that the Sun is no longer working on the enormous task of debugging NIS+, and that plain old NIS, not NIS+, will be shipped with Solaris 2.4. Also, you can buy NIS for Solaris 2.x for less than $100.00. I don't know yet if the NIS from Solaris 1.x will run on Solaris 2.x in compatibility mode.

I upgraded from Solaris 1.1 to Solaris 2.3 last week. Most of my 40 to 50 PC-NFS 5.0 clients are still working, using NIS+ in NIS compatibility mode, but two users have reported problems with DNS lookups through NIS+. Fortunately, I still have another SunOS 4.1 NIS server which serves them well.

-- Joseph C. Konczal Computer Scientist National Institute of Standards and Technology Gaithersburg, Maryland 20899 phone: (301) 975-3285 email: jkonczal@nist.gov

--------------------------------------------------------------------------------------



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:09:09 CDT