Wednesday, September 12, 2007

Setup a nisplus Server and Populate its Tables

Setup a nisplus server and then populate its tables. Here's a run on my box. Some of the non-interactive portion of the run has been omitted.

# cd /etc
# cp -p /etc/nsswitch.conf /etc/nsswitch.conf.sav
# cp -p /etc/nsswitch.nisplus /etc/nsswitch.conf
# domainname esofthub.com | tee /etc/defaultdomain
# domainname
esofthub.com

For safey reasons, use copies of the /etc files. Copy those /etc files to a staging area /var/nisfiles.

# cd /var
# mkdir nisfiles; chmod 755 nisfiles
# cd /etc
# cp -p hosts rpc services netmasks networks netgroup services protocols /var/nisfiles
# cd /var/nisfiles

Create empty files. It's recommended that you don't populate the contents of the local passwd and shadow files across the namespace.

# touch passwd shadow ipnodes timezone bootparams group aliases auto_home auto_master ethers

Bourne Shell
# PATH=$PATH:/usr/lib/nis; export PATH

C Shell
# setenv PATH ${PATH}:/usr/lib/nis
# csh
# setenv PATH ${PATH}:/usr/lib/nis
# nisserver -v -r -d esofthub.com

This script sets up this machine "esoft" as an NIS+
root master server for domain esofthub.com..

Domain name : esofthub.com.
NIS+ group : admin.esofthub.com.
NIS (YP) compatibility : OFF
Security level : 2=DES

Is this information correct? (type 'y' to accept, 'n' to change) y

This script will set up your machine as a root master server for
domain esofthub.com. without NIS compatibility at security level 2.
Use "nisclient -r" to restore your current network service environment.
Do you want to continue? (type 'y' to continue, 'n' to exit this script) y
setting up domain information "esofthub.com." ...
setting up switch information ...
switch configuration file already set to use NIS+.
killing process keyserv ...
restarting process keyserv ...
killing NIS and NIS+ processes ...
killing process ypbind ...
killing process rpc.nisd ...
killing process rpc.nispasswdd ...
killing process nis_cachemgr ...
stopping nscd ...

setup NIS_GROUP environment variable ...

rm /var/nis files ...
running nisinit ...
This machine is in the "esofthub.com." NIS+ domain.
Setting up root server ...

All done.

starting root server at security level 0 to create credentials...
running nissetup to create standard directories and tables ...
org_dir.esofthub.com. created
groups_dir.esofthub.com. created
passwd.org_dir.esofthub.com. created
group.org_dir.esofthub.com. created
auto_master.org_dir.esofthub.com. created
auto_home.org_dir.esofthub.com. created
bootparams.org_dir.esofthub.com. created
cred.org_dir.esofthub.com. created
ethers.org_dir.esofthub.com. created
hosts.org_dir.esofthub.com. created
ipnodes.org_dir.esofthub.com. created
mail_aliases.org_dir.esofthub.com. created
sendmailvars.org_dir.esofthub.com. created
netmasks.org_dir.esofthub.com. created
netgroup.org_dir.esofthub.com. created
networks.org_dir.esofthub.com. created
protocols.org_dir.esofthub.com. created
rpc.org_dir.esofthub.com. created
services.org_dir.esofthub.com. created
timezone.org_dir.esofthub.com. created
client_info.org_dir.esofthub.com. created
auth_attr.org_dir.esofthub.com. created
exec_attr.org_dir.esofthub.com. created
prof_attr.org_dir.esofthub.com. created
user_attr.org_dir.esofthub.com. created
audit_user.org_dir.esofthub.com. created

adding credential for esoft.esofthub.com...

Enter login password:
nisaddcred: WARNING: password differs from login password.
Retype password:

creating NIS+ administration group: admin.esofthub.com. ...
adding principal esoft.esofthub.com. to admin.esofthub.com. ...
updating the keys for directories ...
restarting NIS+ root master server at security level 2 ...
killing process rpc.nisd ...
restarting process rpc.nisd ...
starting NIS+ password daemon ...
starting NIS+ cache manager ...
modifying the /etc/init.d/rpc file ...
starting Name Service Cache Daemon nscd ...

This system is now configured as a root server for domain esofthub.com.

You can now populate the standard NIS+ tables by using the
nispopulate script or /usr/lib/nis/nisaddent command.

# nispopulate -v -F -p /var/nisfiles -d esofthub.com

NIS+ domain name : esofthub.com.
Directory Path : /var/nisfiles

Is this information correct? (type 'y' to accept, 'n' to change) y

This script will populate the standard NIS+ tables for domain
esofthub.com. from the files in /var/nisfiles:
auto_master auto_home ethers group hosts ipnodes networks passwd protocols services rpc netmasks bootparams netgroup aliases timezone auth_attr exec_attr prof_attr user_attr audit_user shadow
**WARNING: Interrupting this script after choosing to continue
may leave the tables only partially populated. This script does
not do any automatic recovery or cleanup.
Do you want to continue? (type 'y' to continue, 'n' to exit this script) y
auto_master.org_dir.esofthub.com. OK...
populating auto_master table from file /var/nisfiles/auto_master...
adding standard key-value table auto_master...
adding /var/nisfiles/auto_master to table auto_master.org_dir.esofthub.com.

0 entries added/updated
...
...
Credentials have been added for the entries in the
hosts and ipnodes and passwd table(s). Each entry was given a default
network password (also known as a Secure-RPC password).

This password is:
nisplus

Use this password when the nisclient script requests the
network password.
...
...
Check to see if nisplus was setup
# nisls
esofthub.com.:
org_dir
groups_dir
# niscat host.org_dir
localhost localhost 127.0.0.1
localhost loghost 127.0.0.1
esoft esoft 192.168.1.19
esoft mailhost 192.168.1.19

To remove NISPLUS
Visit this link: remove NIS+ from server

5 comments:

Anonymous said...

Might be worth noting that NIS+ is on the endangered list if you weren't already aware.

esofthub said...

We still have a few folks out there who are using it...so this post was done mostly as a request. But thank you for the comment.

Anonymous said...

We are using NIS+ still and know that is becoming one of the endangered species. What is considered a good tool to convert current database without too much down time? Any suggestion?

esofthub said...

anonymous,

What are you converting your NIS+ to?
LDAP?
http://publib.boulder.ibm.com/infocenter/pseries/v5r3/index.jsp?topic=/com.ibm.aix.nisplus/doc/nisplus/migrating.htm
http://www.educause.edu/ir/library/pdf/nmd0318.pdf
http://www.informit.com/articles/article.aspx?p=101621&seqNum=5&rl=1

Anonymous said...

That's actually what I am trying to findout. Is it LDAP a good candidate to convert existing NIS+ database? How does it work? Any link that I am get more info regarding this conversion? Thank you.