NIS+ on solaris: Directions
2007-12-25 8:16:00
>From uunet!access.com!bill Fri May 14 08:45:39 1993
Return-Path: <uunet!access.com!bill>
Received: from uunet.UUCP by etnsed.COM (4.1/SMI-4.1)
id AA29979; Fri, 14 May 93 08:45:39 CDT
Received: from csn.org by relay2.UU.NET with SMTP
(5.61/UUNET-internet-primary) id AA09752; Fri, 14 May 93 09:33:29 -0400
Received: from access.access.com (access.com) by csn.org with SMTP id AA09100
(5.65c/IDA-1.4.4); Fri, 14 May 1993 07:33:13 -0600
Received: from melblanc.access.com (tech) by access.access.com with SMTP id AA04502
(5.65c/IDA-1.5); Fri, 14 May 1993 07:29:28 -0600
Received: from hobbes.looneytunes (hobbes) by melblanc.access.com with SMTP id AA05781
(5.65c/IDA-1.5); Fri, 14 May 1993 07:30:48 -0600
Date: Fri, 14 May 1993 07:30:48 -0600
From: Bill Hunter <uunet!access.com!bill>
Message-Id: <199305141330.AA05781@melblanc.access.com>
Subject: Re: Help!
X-Sun-Charset: US-ASCII
Status: OR
here is what i use.
print it out with enscript -2r -B --h -fCourier-Bold9 and
it will look real nice. hope it helps.
bill
LAB EXAMPLE:
host sub-host rep clientA
==== ======== === =======
root server master server replica client of
of foo.bar. of sub.foo.bar. server of sub.foo.bar.
sub.foo.bar
(A) CONFIGURE ROOT SERVER FOR foo.bar.
======================================
<host># domainname foo.bar. #set the domain name
<host># echo `domainname`>/etc/defaultdomain #add it to the file
<host># cp /etc/nsswitch.nisplus /etc/nsswitch.conf #use right conf file
<host># ps -ef | grep keyserv #get PID of keyserv
<host># kill <PID>;/usr/sbin/keyserv #kill & restart keyserv
<host># nisinit -r #initializes root server
<host># rpc.nisd -rS 0 #start daemon w/o security
<host># /usr/lib/nis/nissetup `domainname` #build empty tables
<host># nisaddcred des #create RPC keypair for server
#enter root's password
<host># /usr/lib/nis/nisupdkeys `domainname`
<host># /usr/lib/nis/nisupdkeys org_dir.`domainname`
<host># /usr/lib/nis/nisupdkeys groups_dir.`domainname`
<host># nischmod n+r,g+rcmd foo.bar org_dir groups_dir
<host>#keylogin -r #write copy of root's secretkey
#into /etc/.rootkey
<host># ps -ef | grep nisd #get rpc.nisd's PID
<host># kill <PID>;rpc.nisd -r #kill & restart w/ security
(B) Add data into domain.
=========================
#!/sbin/sh
# Simple example script to add data into domain.
for i in passwd ethers group services protocols rpc hosts
do
echo $i
cat /etc/$i | /usr/lib/nis/nisaddent $i
done
(C) Add Authorized clients.
===========================
# Simple 'for loop' to add credentials for root@machine on clients.
# Notice no trailing 'dot' on unix.$client@foo.bar
# This will prompt you for a network password for the clients
#!/sbin/sh
for client in `awk '{ print $2 }' /etc/hosts | egrep -v "(localhost|Internet)"`
#for client in moe curly shemp #alternate way of doing it
do
nisaddcred -p unix.$client@foo.bar -P $client.`domainname` des
done
# NOTE: client indicates all from above script is following example.
<client># cp /etc/nsswitch.nisplus /etc/nsswitch.conf
<client># domainname foo.bar.; echo `domainname`>/etc/defaultdomain
<client># nisinit -c -H <host> #make sure root master is in /etc/hosts
<client># keylogin -r
<client># ps -ef | grep keyserv #get PID of keyserv
<client># kill <PID>;/usr/sbin/keyserv #kill & restart keyserv
(D) Add credentials for users.
==============================
# Example: user=admin1, uid=300
<host># nisaddcred -p 300 -P admin1.`domainname` local
<host># nisaddcred -p unix.300@foo.bar -P admin1.`domainname` des
Enter Password:
(E) Create a group of admininstrators.
======================================
# Example: group=admins.`domainname`, users=admin1,admin2
# Time to live set to 1 minute so it won't be cached too long on server.
<host># nisgrpadmn -c admins.`domainname`
<host># nischttl 60 admins.groups_dir.`domainname`
<host># nisgrpadm -a admins.`domainname` admin1.`domainname` admin2.`domainname`
<host># nischgrp admins.`domainname` `domainname` org_dir.`domainname` \
groups.`domainname` cred.org_dir
<host># nischmod g+rcmd cred.org_dir
(F) Create a SubDomain.
=======================
# This example creates "sub-host" as a non-root master for the
# subdomain "sub.foo.bar.". Remember that "sub-host" MUST first
# be a client of the domain "foo.bar." which was set up in step C.
<sub-host># rpc.nisd
<sub-host># nismkdir -m sub-host sub.foo.bar.
<sub-host># /usr/lib/nis/nisupdkeys sub.foo.bar.
<sub-host># /usr/lib/nis/nissetup sub.foo.bar.
(G) Add data to SubDomain.
==========================
# Another simple "do loop" script.
#!/sbin/sh
for i in passwd ethers group services protocols rpc hosts
do
echo $i
cat /etc/$i | /usr/lib/nis/nisaddent $i sub.foo.bar.
done
(H) Create a Replica Server of a SubDomain.
===========================================
# This example creates "rep" as a replica server for the sub-domain
# "sub.foo.bar." Again, "rep" must be a client in domain foo.bar.
# that was set up in step C.
<rep># rpc.nisd
<sub-host># nismkdir -s rep sub.foo.bar.
<sub-host># nismkdir -s rep org_dir.sub.foo.bar.
<sub-host># nismkdir -s rep groups_dir.sub.foo.bar.
# Now the replica needs data. This is a one-time bulk transfer,
# done with nisping.
# After this, only out of date data will be transferred.
<sub-host># /usr/lib/nisping sub.foo.bar.
<sub-host># /usr/lib/nisping org_dir.sub.foo.bar.
<sub-host># /usr/lib/nisping groups_dir.sub.foo.bar.
# You could verify the replica by halting sub-host. Then issue
# niscat -h hosts.org_dir.sub on rep and you should see the
# /etc/hosts database for this sub-domain.
(I) Add Client Systems into SubDomain.
======================================
# Notice no trailing 'dot' on unix.$client@foo.bar
<host># nisaddcred -p unix.$clientA@foo.bar -P $clientA.sub.`domainname`\
des sub.`domainname`
<clientA># cp /etc/nsswitch.nisplus /etc/nsswitch.conf
<clientA># domainname sub.foo.bar.
<clientA># echo `domainname`>/etc/defaultdomain
<clientA># nisinit -c -H master_machine_name
<clientA># keylogin -r
Password:
<clientA># ps -ef | grep keyserv
<clientA># kill <PID>;/usr/sbin/keyserv
/'''
c-00 bill hunter bill@access.com i have a photographic memory,
\ access graphics (303)545-1167 but i'm out of film!
- 1426 pearl / boulder,co 80302
--
Haque
Comments
Got something to say?
You must be logged in to post a comment.
