Professional Documents
Culture Documents
Introduction To NIS: Suzanne Widup
Introduction To NIS: Suzanne Widup
Suzanne Widup
Class Objectives
• Obtain familiarity with NIS daemons and
architecture
• Build an NIS master, slave and client
• Be able to make changes to maps and
distribute them
• Understand how NIS is used in DSI
Unit 1: What is NIS?
• A major problem in running a distributed computing
environment is maintaining separate copies of common
configuration files (i.e., passwd, hosts, group, etc.)
• Shared storage requires uids and gids in sync across multiple
hosts.
• Network Information System (NIS) addresses this by having
one copy of the files shared among all members of the NIS
domain.
• NIS was originally called Yellow Pages, and the daemons are
still prefaced with “yp”, but the name was changed to NIS due
to legal concerns.
How Does NIS Share Info?
• Changes are made
to the master’s NIS Master
Where maps are built and
maps.
changes are made to them
information.
locally locally locally locally locally locally
The NIS Master
• Responsible for map maintenance and
distribution of maps to it’s slave servers.
• This host has the original copies of the
maps, and this is where you make changes
to the maps.
• Files live under /var/yp, with the source
files in /var/yp/src
NIS Slaves
• Slave servers keep a read-only copy of the maps.
• Preferably, at least one slave per subnet, because
clients will do a broadcast to find a server to bind
with, and that cannot cross subnets.
• The preferred binding is to slaves for performance
reasons, and reliability concerns.
NIS Clients
• Don’t contain copies of the maps, these servers will
query the slave server when they need to look
something up.
• If there is no slave server on the subnet of the client,
the system will have to be set up with a -ypsetme
option in the startup scripts to tell it where to bind.
• This means that if that slave server fails, the client
will need to be manually told who to bind with,
unless there is a ypservers file.
The Maps
• A map is an NIS data file.
• When a client needs information that would normally be in
one of it’s local files, it queries the slave it’s bound to and
gets the information from there.
• For some of the files, such as passwd, the NIS map looks
much like the file would look on a non NIS host. For other
files, such as auto.home, the file looks somewhat different.
• Maps are created with the makedbm command.
What Works Well Under NIS
• Environments where a user needs to be able
to use any computer.
• Systems that use common storage and need
users and groups to be kept in sync.
• Large installations where manual
administration of the files would be time
prohibitive.
Some Files That Can Be
Managed by NIS
Passwd Group
Hosts Services
Auto.home Netgroup
Aliases Netmasks
Networks Bootparams
Ethers Protocols
Rpc
Domains
• Basically, a domain is defined as a group of
servers who share the same NIS maps.
• Reasons for having more than one domain
include the size of the domain and the level
of failure protection required, load
balancing, network considerations, and user
requirements.
DSI Standards
• NIS Masters will be Solaris boxes
• NIS Slaves will be Solaris boxes
• NIS Clients can be any supported platform
• Network Appliances are only supported for
binding to unix boxes (for future reference).
Unit 2: The Common NIS
Commands
ypcat yppasswd
ypwhich ypmatch
ypbind makedbm
ypserv yppush
ypinit ypxfr
ypset
ypset
• Example:
#ypset sca-sun04
• Used when a slave is not available on the
same subnet. Points ypbind at a particular
server.
• First, ypbind must be called with the -
ypsetme option, otherwise the ypset
command will be ignored.
ypwhich
• Example:
#ypwhich
sca-sun07
• Used to determine which server the host is
bound to. Will return a hostname if the
binding was successful.
ypbind
• Ypbind is run on all client hosts, whether or not the system is also
running ypserv.
• Called from the startup scripts (on sun: /usr/lib/netsvc/yp/ypstart)
• This is used to tell a client to bind to a server.
• The default mode is -broadcast, if not called with -broadcast, ypbind
steps through the ypservers file to try and bind to a client. If the server
is on another subnet, must be called with the -ypset option to force
ypbind to accept ypset commands.
• The ypset command tells the server who to bind to.
• All hosts must be in the local hosts table before they can be called by
ypset.
ypserv
• Ypserv runs on the slave and master
servers. It is the daemon that makes them a
server, vs. a client and allows them to serve
the maps to the clients.
ypinit
• Ypinit can be used to set up an NIS system.
• The -c option sets up a client
• The -m option is to build a master server database
• The -s master_server option builds the slave database.
The master_server variable must equal the same master
configured in the yp maps and returned by the ypwhich -m
command. You must use the fully qualified domain name
in this variable.
• Ypinit only sets up systems for the domain it belongs to.
ypcat
• Example: ypcat passwd
• Requests a cat of the passwd map from the
bound system
• This is a good test to see if the setup you
have performed has worked correctly. If you
type ypcat passwd and don’t see the
password file scroll across the screen, there’s
a problem.
yppasswd
• Example: yppasswd swidup2
• This changes the passwd on the NIS system
for the user swidup2.
ypmatch
• Example: ypmatch swidup2 passwd
• Queries the slave system for the entry in the
passwd map that matches swidup2.
makedbm
• This is the command used to turn a file in to
an NIS map.
• Example:
cat /tmp/ypservers | makedbm - /var/yp/peoplesoft.com/ypservers
• It is configured in /usr/lib/netsvc/yp/ypstart
(this is where you’d issue the ypset
commands)
• Alternatively, you can start a client using
ypinit -c and specify the list of servers for it
to bind to.
Changes to Files
• To prepare a slave (or client) server to read the
NIS maps:
– Add the following line to the bottom of the /etc/passwd file:
+::0:0:::
• Next type:
– dragon>ypcat passwd
– You should see the NIS password file scroll across your screen.
Adding a Network Appliance to NIS
• Options commands
• The rc file changes
• Hosts table changes
The Options Command
The nis options commands should be set as follows:
nis.domainname <domainname>
nis.enable on
nis.group_update.enable off
nis.group_update_schedule 24
nis.servers <ypservers>,*
Changes to the rc file
Jasmin
Daddy
(sca-sun04)
NIS Slave Maps Maps
NIS Slave
Maps Homedirs
Home Directories mount
from scp-nfs01:/Data/
homedirs
Homedirs
They mount to /disk/
Homedirs
scp-nfs01
Homedirs
homedirs on the client and
Network Appliance
are governed by the
auto.home map entries
NIS Standards for Supply Chain QA
Maxwell
NIS Master
Maps
Maps
Maps
Maps
Maps
Homedirs
Home Directories mount
from scp-nfs01:/Data/
homedirs
Homedirs
They mount to /disk/
Homedirs
scp-nfs01
Homedirs
homedirs on the client and
Network Appliance
are governed by the
auto.home map entries
NIS Standards for Tools
Bigdaddy
NIS Master
Jasmin
Daddy
(sca-sun04)
NIS Slave Maps Maps
NIS Slave
Maps
Maps Maps
Maps
Maps
Homedirs
Jasmin
Daddy
(sca-sun04)
NIS Slave Maps Maps
NIS Slave
Maps
Homedirs
Home Directories mount
from scp-nfs01:/Data/
homedirs
Homedirs
They mount to /home on
Homedirs
scp-nfs01
Homedirs
the client and are
Network Appliance
governed by the
auto.home map entries
Planned Changes
• Authentication will eventually be handled by Active
Directory in the Corp domain
• Unix Services for Windows to handle communication
between AD and NIS and will be the Master
• NIS slaves will talk to the Master
• Unix hosts will talk to NIS slaves
• The Network Appliances will only talk to slaves (non-unix
master is not supported)
• User adds/deletes will be handled through Active Directory
via Northstar tickets.
Status of Planned Changes
• Phase I (completed):
– Migrated Tools users into existing
peoplesoft.com domain
– Homedirs primarily on st-nfs03
– Users existed in both places, so Tools hosts that
are in NIS must mount scp-nfs01 to allow them
to use their existing homedirs.
Status of Planned Changes
(Cont.)
• Phase II
– Obtain version 3 of Unix Services for Windows
(approx.. Q2-3)
– Gain Corp IT approval for installation on the
Domain Controller(s)
– Install above software
– Integrate the maps for all domains and use
netgroups to segregate host access
Suggested Reading
• Managing NFS and NIS, by Hal Stern (O’Reilly book)
• Unix System Administration Handbook, by Nemeth,
Snyder, Seebass & Hein
• http://docs.sun.com (the definitive reference on
Solaris)
• http://www.ebsinc.com/solaris/network/nis.html
(general Solaris NIS reference)
• http://www.eng.auburn.edu/users/doug/nis.html
(Securing NIS)
Appendices
• Unix Quick References
• Makefiles
• Standard nsswitch.conf file
Standard nsswitch.conf file
passwd: compat (If this causes problems, use files [NOTFOUND=continue] nis)
group: compat (If this causes problems, use files [NOTFOUND=continue] nis)
hosts: files [NOTFOUND=continue] dns [NOTFOUND=continue] nis
services: nis [NOTFOUND=continue] files
networks: nis [NOTFOUND=continue] files
protocols: nis [NOTFOUND=continue] files
rpc: nis [NOTFOUND=continue] files
publickey: nis [NOTFOUND=continue] files
netgroup: nis
automount: files [NOTFOUND=continue] nis
aliases: files