[ Previous | Next | Table of Contents | Index | Library Home | Legal | Search ]

Network Information Services (NIS and NIS+) Guide

NIS Maintenance

The Network Information Service (NIS) environment requires adjustments from time to time. In large or complex networks, the NIS environment may change many times a day. This section discusses how to maintain NIS.


All the tasks discussed in this section assume that NIS is installed and configured on your network. See Configuring NIS.

NIS Security

The /var/yp/securenets file limits access when using NIS, as described in the following section.


Both the ypserv and the ypxfrd use the /var/yp/securenets file and, if present, only respond to Internet Protocol (IP) addresses in the range given. This file is read-only when the daemons (both ypserv and ypxfrd) start. To cause a change in /var/yp/securenets to take effect, you must kill and restart the daemon (see Starting and Stopping NIS Daemons). The format of the file is as follows:

netmask netaddr
e.g. 128.311.10.0

The second line the netmask address is and the network address is 128.311.10.0. This setup will only allow the ypserv daemon to respond to those IP addresses within the subnet 128.311.10.0 range.

Changing an NIS Map

Changing the NIS maps to reflect updated system information can be a common maintenance task. System information, such as a new user account or a changed password, can require constant updating. Whenever you need to modify an NIS map, do so on the master server, and then propagate the changes to the slave servers. Modifying maps on slave servers can break the NIS service algorithm, which can result in unreliable map data. The only exception to this rule is when users change their password with the yppasswd command. (See Changing NIS Passwords for more information.)

To change an NIS map, use the Web-based System Manager on the master server. Alternatively, you can use one of the following procedures on the master server.

  1. If you have modified several text files and want to confirm that all NIS maps are updated, issue the make command without parameters to automatically evaluate every input file on the NIS master server. If the file has been modified since the latest NIS map for that file was built, the NIS map is automatically rebuilt.
  2. If the file /var/yp/securenets exists, the server only provides NIS services to hosts within the IP range specified.

Changing NIS Passwords

Users can change their password using any of three methods. If the user is logged on to the master server, and you use the /etc/passwd file on the master server to build the passwd map, the user can:

All of these methods change the user's entry in the /etc/passwd file. You must rebuild the passwd map manually (see Changing an NIS Map). If the yppasswdd daemon is running on the master server, users can change their password from any host in the domain by entering the command:


This command changes the user's password in the passwd map itself, as well as the /etc/passwd file, and thus requires no intervention by the system administrator. (For more information on the yppasswdd daemon, see Configuring the NIS Master Server).

Adding a New NIS Slave Server

If your network configuration grows or changes, you may want to add additional slave servers to support the new configuration. Adding a new slave server involves modifying the ypservers map. The procedure for modifying the ypservers map differs from other maps because no text file is used as input for this map. Instead, the makedbm utility is used to create the modified ypservers maps.

To add a new slave server to your network, do the following on the master server:

  1. Change to the /var/yp directory by entering:

    cd /var/yp

    Note: If the file /var/yp/securenets exists, the server only provides NIS services to hosts within the IP range specified.
  2. Enter the command:

    (makedbm -u domain/ypservers ; echo new_server) | 
    makedbm - tmpservers

    where domain specifies the name of this NIS domain, and new_server specifies the name of the slaver server host that you are adding to the ypservers map. This command lists the contents of the current ypservers map, and appends the name of the new slave server, and then creates a new map called tmpservers.

  3. Verify that the new map contains the names of all the slave servers by entering the command:

    makedbm -u tmpservers
  4. Replace the old ypservers map files with the new ones by entering the following two commands:

    mv tmpservers.pag domain/ypservers.pag
    mv tmpservers.dir domain/ypservers.dir

    where domain specifies the name of this NIS domain.

  5. Finally, follow the instructions in Configuring an NIS Slave Server.

Adding a New NIS User

To add a new NIS user, use the Web-based System Manager on the master server. Alternatively, you can use one of the following procedures on the master server.

Creating Nonstandard NIS Maps

As discussed in NIS Maps, maps are databases that have a special format. The default, or standard, maps are built out of standard system text files. However, NIS maps are flexible in that you can build into a map any information that has a key and a value.

The following example shows how to create a nonstandard map called udir.nam that lists the home directories of users in this domain. You will use the /etc/passwd file as input file for the udir.nam map. (If you use a different file to create the passwd map, use that file instead of /etc/passwd.) The keys for the map are the user names, and their home directories are the corresponding values. To create this new map, enter the following two commands on the master server:

cd /var/yp
awk '{FS=":" ; OFS="\t" ; print $1,$6}' /etc/passwd | \
    makedbm - domain/udir.nam

where domain specifies this NIS domain, and ` is the single forward quote. The awk command extracts from the /etc/passwd file the first and sixth fields. It passes this information to the makedbm command that builds the udir.nam map. You can now propagate and use this map just like any other map. For example, enter the following command to see a list of all the home directories specified in the /etc/passwd file.

ypcat udir.nam

This example used the awk command to filter out the unwanted fields from the /etc/passwd file. However, you can use any system utility or programming language to create the map input. In fact, you can create the map input manually. For example, to create the udir.nam map, you could have entered the command:

makedbm - domain/udir.nam
john /u/john
mary /u/mary
sam /u/sam

Whatever method you use to create the map input file, you probably want to update the map periodically. To do so, you can add stanzas to the /var/yp/Makefile file so that your nonstandard map can be updated as any other map (see Changing an NIS Map). For detailed information on customizing the /var/yp/Makefile, see the make Command Overview in AIX 5L Version 5.1 General Programming Concepts: Writing and Debugging Programs.

Note: When you add a new map after the initial set of maps have been pushed to a slave server, you must make the new maps with the NOPUSH option set to 1. For example, use the following command to make newmap map.

make NOPUSH=1 newmap

If you do not use the NOPUSH option, the make command suspends. (This only applies if the new map does not already exist on the slave server.) Next, use the ypxfr command on each slave server for each new map you created (see Propagating an NIS Map).

Propagating an NIS Map

This procedure explains how to propagate a new or changed map from the master server to one or more slave servers.


The NIS slave servers must be authorized to copy files remotely (using the rcp remote copy command) from the NIS master server.


To propagate NIS maps from the master server to slave servers, use the Web-based System Manager or use one of the following procedures.

All of these methods use the ypserver database to generate a list of slave servers in your domain. The master server then sends a transfer database request to the ypserv daemon on each of the slave servers. The ypserv daemon on the slave server executes a copy of the ypxfr -C command and then passes a summary of the information it needs to identify the database and call back the initiating command.

Automating Map Propagation

You may need to propagate some maps more frequently than others. For example, the passwd map can change many times a day and must be propagated more frequently than the protocols or services maps, which may not change for months at a time. Rather than propagate each map manually, you may want to automate the propagation of maps with the cron daemon. To do so, use the following procedure. (You will need to perform these instructions on each slave server.)

  1. Group the maps together according to how often you want to propagate them. The system provides three example shell scripts that organize the maps into three groups:


    For example, the /usr/sbin/ypxfr_1perhour shell script contains ypxfr commands for several maps that change frequently and should, therefore, be propagated frequently. The other two shell scripts are for maps that change less frequently. Use an editor to modify these shell scripts to meet the needs of your network.

  2. Next, configure the cron daemon to execute these scripts at the appropriate times. As the root user, enter the command:

    crontab -l > cron.tmp

    This records the current crontab settings in the file cron.tmp.

  3. Edit the cron.tmp file and add entries for each of the scripts listed above. For example, you might add the entries:

    00 * * * * /usr/sbin/ypxfr_1perhour      # run every hour
    00 00 * * * /usr/sbin/ypxfr_2perday      # run at midnight
    00 12 * * * /usr/sbin/ypxfr_2perday      # run at noon
    00 1 * * * /usr/sbin/ypxfr_1perday       # run at 1 A.M.

    To minimize the performance impact on the master server, alter the exact time of execution of the shell scripts on each server. For example, if the first slave server has the above entries, the second slave server might run its shell scripts five minutes later by having the entries:

    5 * * * * /usr/sbin/ypxfr_1perhour      # run every hour
    5 00 * * * /usr/sbin/ypxfr_2perday      # run at 12:05 A.M.
    5 12 * * * /usr/sbin/ypxfr_2perday      # run at 12:05 P.M.
    5 1 * * * /usr/sbin/ypxfr_1perday       # run at 1:05 A.M.
  4. Save the file and exit the editor.
  5. Enter the command:

    crontab cron.tmp

    This defines the crontab settings to what the cron.tmp file contains. (For more information on defining crontab settings, see the crontab command.)

Logging Map Propagation

Transfers and transfer attempts are logged in the /var/yp/ypxfr.log file on slave servers. If the file exists, logging results are appended to it.

To start logging, enter the command:

touch /var/yp/ypxfr.log

To stop logging, either enter the command:

mv /var/yp/ypxfr.log /var/yp/ypxfr.log.old

or, enter the command:

rm /var/yp/ypxfr.log

Moving the Master Server to a Different Host

Once you have NIS configured on your network, your security, performance, or other needs may change. You may want to move the master server configuration to a different host, perhaps one that is more secure or offers greater performance. To do so, use the following procedure:

  1. Copy all the map input files (not the map files themselves) from the old master server host to the new master server host. In the case of the ypservers map, there is no input file to copy. To create a temporary ypservers map input file, do the following on the old master server host:
    1. Change to the /var/yp directory by entering:

      cd /var/yp
    2. Enter the command:

      makedbm -u domain/ypservers > tmpservers

      where domain specifies the name of this NIS domain. This sends the contents of the current ypservers map to a file called tmpservers.

    3. Edit the tmpservers file, and change the name of the master server from the old master server host to the new master server host. For example, if the tmpservers file contains the line:

      YP_MASTER_NAME old_master

      change this line to:

      YP_MASTER_NAME new_master
    4. Save the file and exit the editor.
    5. Copy the tmpservers file to the /var/yp directory on the new master server host.
  2. Configure the new master server host by following the instructions in Configuring the NIS Master Server.
  3. On the new master server host, enter:

    cd /var/yp

    Then, enter the commands:

    makedbm - tmpservers < tmpservers
    mv tmpservers.pag domain/ypservers.pag
    mv tmpservers.dir domain/ypservers.dir
  4. On each of the slave servers, enter the smit ypxfr fast path. Specify ypservers in the Name of the MAP to be transferred field, and specify the hostname of the new master server host in the HOSTNAME of the master server field.
  5. Exit SMIT to retrieve the updated ypservers map from the new master server host.
  6. Propagate the rest of the newly rebuilt maps by following the instructions in Propagating an NIS Map.

[ Previous | Next | Table of Contents | Index | Library Home | Legal | Search ]