This section provides instructions for using the NIS+ command set to perform the following server-related tasks:
Note: Perform this task with the NIS+ installation scripts as described in Using NIS+ Setup Scripts rather than with the NIS+ command set as described here. The methods described in this section should be used only by those administrators who are very familiar with NIS+ and who require some nonstandard features or configurations not provided by the installation scripts.
See Configuration Worksheets, for worksheets that you can use to plan your NIS+ namespace.
A summary of each task is provided at the end of the section.
This section applies to any NIS+ server except the root master; that is, root replicas, nonroot masters, and nonroot replicas, whether running in NIS-compatibility mode or not.
The differences between setting up an NIS-compatible and a standard NIS+ server are the same as the differences between setting up standard and NIS-compatible root master servers (see Standard versus NIS-Compatible Setup Procedures). The NIS+ daemon for an NIS-compatible server must be started with the -Y option (and the -B option for DNS forwarding), which allows the server to answer requests from NIS clients.
Note: Whenever rpc.nisd is started with either the -Y or -B option, a secondary daemon named rpc.nisd_resolv is spawned to provide name resolution. This secondary daemon must be separately killed whenever you kill the primary rpc.nisd daemon.
Before you continue with the following procedure, you must:
Note: Security levels 0 or 1 are reserved for setup and testing purposes only. Do not use level 0 or 1 in a work environment. Operational networks should always be run at security level 2.
To set up an NIS+ server:
Perform this step only if you are setting up the server in NIS-compatibility mode; if setting up a standard NIS+ server, perform the following step instead.
This step has two parts. The first part starts the NIS+ daemon in NIS-compatibility mode. The second part makes sure that when the server is rebooted, the NIS+ daemon restarts in NIS-compatibility mode. This step also includes instructions for supporting the DNS forwarding capabilities of NIS clients.
compatserver# startsrc -s rpc.nisd -a "-Y -B"
The -Y option invokes an interface that answers NIS requests in addition to NIS+ requests. The -B option supports DNS forwarding.
This step creates a directory called /var/nis/data and a transaction log file called trans.log, which is placed in /var/nis. To verify that /var/nis/data exists, do the following:
compatserver# ls -F /var/nis NIS_COLD_START data/ trans.log data.dict
You can examine the contents of the transaction log by using the nislog command, described in Administering NIS+ Directories.
Attention: Do not rename the /var/nis directory or the /var/nis/trans.log or /var/nis/data.dict files. If any required file or directory is renamed, NIS+ will not start or operate correctly.
server# startsrc -s rpc.nisd
To verify that the NIS+ daemon is indeed running, use the ps command.
server# ps -ef | grep rpc.nisd root 1081 1 0 16:43:33 - 0:01 rpc.nisd root 1087 1004 1 16:44:09 0 0:00 grep rpc.nisd
This step creates a directory called /var/nis/data and a transaction log file called trans.log which is placed in /var/nis.
compatserver# ls -F /var/nis NIS_COLD_START data/ trans.log data.dict
The compatserver.log file is a transaction log. You can examine the contents of the transaction log by using the nislog command, described in Administering NIS+ Directories.
Attention: Do not rename the /var/nis directory or the /var/nis/trans.log or /var/nis/data.dict files. If any required file or directory is renamed, NIS+ will not start or operate correctly.
Now this server is ready to be designated a master or replica of a domain, as described in Setting Up a Nonroot Domain. This step completes this task.
This section describes how to add a replica server to an existing domain using the raw NIS+ command, whether root or nonroot.
Notes:
- If the root master server is unavailable and the NIS+ domain is being served solely by a replica, you cannot change information in the NIS+ tables. You can obtain information from a replica, but changes to the master tables can be made only when the master server is available. Also, do not run a checkpoint (nisping -C) command when the root master server is unavailable. Checkpoint inaccurately updates entries in your local tables if the master server tables are unavailable.
- If you have a domain that spans multiple subnets, have at least one replica server within each subnet so if a connection between nets is temporarily out of service, each subnet can continue to function until the connection is restored.
- An easier way to add a replica server is to use the nisserver script, as described in Setting Up NIS+ Servers.
Before continuing with the procedure, ensure the following:
The following procedure adds a replica server to an existing domain.
rootmaster# nismkdir -s rootreplica Wiz.Com. rootmaster# nismkdir -s rootreplica org_dir.Wiz.Com. rootmaster# nismkdir -s rootreplica group_dir.Wiz.Com.
When you run the nismkdir command on a directory object that already exists, it does not re-create the directory; it modifies the directory object according to the flags you provide. In this case, the -s flag assigns the domain an additional replica server. You can verify that the replica was added by examining the directory object's definition, using the niscat -o command.
Attention: Always run nismkdir on the master server. Never run nismkdir on the replica machine. Running nismkdir on a replica creates communications problems between the master and the replicas.
This step sends a message (a ping) to the new replica requesting the master server for an update. If the replica does not belong to the root domain, be sure to specify its domain name. (The following example includes the domain name only for completeness; since the example used throughout this task adds a replica to the root domain, the Wiz.Com. domain name in the example below is not necessary.)
rootmaster# nisping Wiz.Com. rootmaster# nisping org_dir.Wiz.Com. rootmaster# nisping group_dir.Wiz.Com.
You should see results similar to the following:
rootmaster# nisping Wiz.Com. Pinging replicas serving directory wiz.com. : Master server is rootmaster.wiz.com. No last update time Replica server is rootreplica.wiz.com. Last update seen was Wed Nov 18 11:24:32 1992 Pinging ... rootreplica.wiz.com.
If you have set up the domain's tables immediately after completing the domain setup, this step propagates the tables down to the replica. For more information about nisping, see Administering NIS+ Directories.
The following table shows a summary of
the steps described in this section. Table entries are
simplified. Refer to the more thorough task descriptions for options,
exceptions, and messages.
Starting Up a Nonroot Master Server: Command Summary | |
---|---|
Tasks | Commands |
Log in to the server as root user. |
server% su |
NIS-compat only:
Start daemon with -Y -B. |
server# startsrc -s rpc.nisd -a "-Y -B" server# nissetup |
NIS+-Only: Start daemon. |
server# startsrc -s rpc.nisd |
Adding a Replica: Command Summary | |
---|---|
Tasks | Commands |
Log in as root user to domain master. |
rootmaster% su |
Designate the new replica. |
nismkdir -s rootreplica Wiz.Com. nismkdir -s rootreplica org_dir.Wiz.Com. nismkdir -s rootreplica groups_dir.Wiz.Com. |
Ping the replica. |
/usr/lib/nis/nisping Wiz.Com. /usr/lib/nis/nisping org_dir.Wiz.Com. /usr/lib/nis/nisping groups_dir.Wiz.Com. |