AIX/HP-UX Interoperability Guide (continued)
[Last Chapter: 10. Domain Name Service]

11. NIS

11.1 AIX

NIS Maps and Commands

On AIX 3.2.5 /etc/yp is a link to /var/yp. In the latter on servers is the domainname subdirectory containing all the maps, and the following files: 

Makefile
Makefile.pre_ix26157
aliases.time
binding
group.time
hosts.time
netid.time
passwd.time
protocols.time
publickey.time
rpc.time
services.time
updaters

The make command uses the Makefile in this directory and can be used to create maps and to push them. Unlike HP-UX, there is no ypmake script. Makefile calls the makedbm command to build maps, create *.time files, and push the maps. The Makefile refers to various yp commands in the /usr/etc/yp directory, but actually, all the commands in that directory are links: 

chmaster -> /usr/sbin/mkmaster
chslave -> /usr/sbin/mkslave
chypdom -> /usr/sbin/chypdomlsmaster -> /usr/sbin/lsmaster
makedbm -> /usr/sbin/makedbm
mkalias -> /usr/sbin/mkalias
mkclient -> /usr/sbin/mkclient
mkkeyserv -> /usr/sbin/mkkeyserv
mkmaster -> /usr/sbin/mkmaster
mknetid -> /usr/sbin/mknetid
mkslave -> /usr/sbin/mkslave
mrgpwd -> /usr/sbin/mrgpwd
revnetgroup -> /usr/sbin/revnetgroup
rmkeyserv -> /usr/sbin/rmkeyserv
rmyp -> /usr/sbin/rmyp
stdethers -> /usr/sbin/stdethers
stdhosts -> /usr/sbin/stdhosts
udpublickey -> /usr/sbin/udpublickey
ypinit -> /usr/sbin/ypinit
yppoll -> /usr/sbin/yppoll
yppush -> /usr/sbin/yppush
ypset -> /usr/sbin/ypset
ypxfr -> /usr/sbin/ypxfr
ypxfr_1perday -> /usr/sbin/ypxfr_1perday
ypxfr_1perhour -> /usr/sbin/ypxfr_1perhour
ypxfr_2perday -> /usr/sbin/ypxfr_2perday

Also, the yp commands in /usr/etc are actually links: 

rpc.yppasswdd -> /usr/lib/netsvc/yp/rpc.yppasswdd
rpc.ypupdated -> /usr/lib/netsvc/yp/rpc.ypupdated
ypbind -> /usr/lib/netsvc/yp/ypbind
ypserv -> /usr/lib/netsvc/yp/ypserv

Master Server Configuration

You can use SMIT to configure NIS or you can do so manually. If you do a manual configuration, the process is the same as in HP-UX, with the exception of starting the yp daemons.

Restricting Access to the Master Server

You can use a password file other than /etc/passwd. To do so,

  1. Edit the /etc/rc.nfs file and change the following stanza:

    DIR=/etc
    if [ -x /usr/etc/rpc.yppasswdd -a -f $DIR/passwd ]; then
    startsrc -s yppasswdd
    fi

  2. Change $DIR/passwd to the pathname of the actual password file, such as /etc/passwd.nis:

    DIR=/etc
    if [ -x /usr/etc/rpc.yppasswdd -a -f $DIR/passwd.nis ]; then
    startsrc -s yppasswdd
    fi

  3. Then enter the following command before starting the yppasswdd daemon:

    # chssys -s yppasswdd -a '/etc/passwd.nis -m passwd'

Creating an NIS Master Server

  1. If you haven't done so already, set the domain name:

    # smit chypdom

  2. Start SMIT:

    # smit mkmaster

  3. You will see the following:

    Configure this Host as a NIS Master Server

    Type or select values in entry fields.
Press Enter AFTER making all desired changes.

                                                        [Entry Fields]
  HOSTS that will be slave servers                   []
* Can existing MAPS for the domain be overwritten?    yes              +
* EXIT on errors, when creating master server?        yes              +
* START the yppasswdd daemon?                         no               +
* START the ypupdated daemon?                         no               +
* START the ypbind daemon?                            yes              +
* START the master server now,                        both             +
   at system restart, or both?
  4. In the HOSTS field, enter the names of your slave servers if you have any or going to have any.

This is all that's required. If you want a more secure setup, you can choose yes to START the yppasswdd daemon and START the ypupdated daemon. See the man page for these daemons for more information. If you accept the default value of both for START the master server now, at system restart, or both, SMIT will call ypinit -m, start the appropriate daemons, and make changes to the /etc/rc.nfs file to make the changes permanent.

Creating an NIS Slave

  1. If you haven't done so already, set the domain name:

    # smit chypdom

  2. Start SMIT:

    # smit mkslave

  3. You will see the following:

    Configure this Host as a NIS Slave Server

    Type or select values in entry fields.
Press Enter AFTER making all desired changes.

                                                        [Entry Fields]
* HOSTNAME of the master server                      []
* Can existing MAPS for the domain be overwritten?    yes             +
* START the slave server now,                         both            +
   at system restart, or both?
* Quit if errors are encountered?                     yes             +

Enter the name of your master server. If the defaults are fine, press Enter. SMIT will run ypinit -s and make sure the necessary changes are made to /etc/rc.nfs to make the changes permanent.

Creating an NIS Client

  1. If you haven't done so already, set the domain name:

    # smit chypdom

  2. Start SMIT:

    # smit mkclient

  3. You will see the following:

    Configure this Host as a NIS Client

    Type or select values in entry fields.
Press Enter AFTER making all desired changes.

                                                      [Entry Fields]
* START the NIS client now,                           both             +
   at system restart, or both?

Pressing Enter at this point starts ypbind and edits /etc/rc.nfs.

Managing yp Daemons

You can manage all the yp daemons using SMIT or on the command line using SRC commands.

  1. To use SMIT type:

    # smit ypstartstop

  2. You will see the following:

    Start / Stop Configured NIS Daemons

    Move cursor to desired item and press Enter.

  Start the Server Daemon, ypserv
  Start the Client Daemon, ypbind
  Start the yppasswdd Daemon
  Start the ypupdated Daemon
  Stop the Server Daemon, ypserv
  Stop the Client Daemon, ypbind
  Stop the yppasswdd Daemon
  Stop the ypupdated Daemon
  3. Follow the menu items to stop or start the appropriate daemons. Each selection above gives you the option of starting or stopping daemons immediately, at system restart, or both.

You can start or stop yp daemons using SRC commands, either individually or as a group.

To stop all yp daemons:

# stopsrc -g yp

To start all yp daemons:

# startsrc -g yp

To stop a yp daemon, for example ypbind, individually:

# stopsrc -s ypbind

To start a yp daemon, for example ypserv, individually:

# startsrc -s ypserv

Following is excerpts from /etc/rc.nfs. To manually configure yp in /etc/rc.nfs, edit the following stanzas with a text editor: 

# Uncomment the following lines  and change the domain
# name to define your domain (domain must be defined
# before starting NIS).
if [ -x /usr/bin/domainname ]; then
        /usr/bin/domainname elmo
fi

...

if [ -x /usr/etc/ypserv -a -d /etc/yp/`domainname` ]; then
        startsrc -s ypserv
fi

if [ -x /usr/etc/ypbind ]; then
        startsrc -s ypbind
fi

if [ -x /usr/etc/keyserv ]; then
        startsrc -s keyserv
fi

if [ -x /usr/etc/rpc.ypupdated -a -d /etc/yp/`domainname` ]; then
        startsrc -s ypupdated
...

#Uncomment the following lines to start up the NIS
#yppasswd daemon.
DIR=/etc
if [ -x /usr/etc/rpc.yppasswdd -a -f $DIR/passwd ]; then
        startsrc -s yppasswdd
fi

11.2 HP-UX

NIS Maps and Commands

On HP-UX 9.0x /etc/yp is a link to /usr/etc/yp. In the latter is the domainname subdirectory containing all the maps, and the following files: 

Makefile
longfiles
makedbm
mkalias
revnetgroup
stdhosts
ypinit
ypmake
yppoll
yppush
ypserv.log
ypset
ypxfr
ypxfr.log
ypxfr_1perday
ypxfr_1perhour
ypxfr_2perday

The file ypmake is a shell script that builds one or more maps on a master NIS server. If no arguments are specified, ypmake either creates maps if they do not already exist or rebuilds maps that are not current. yppush is then executed to notify slave NIS servers of the change and make the slave servers copy the updated maps to their machines. If any maps are supplied on the command line, ypmake creates or updates those maps only. The make command can be used instead of ypmake. The Makefile in /usr/etc/yp calls the ypmake script to actually construct the maps. Better performance is achieved if ypmake is called.

Master Server Configuration

You must be superuser to create an NIS master server (i.e., to build the NIS master databases). You should also be in a single user state of operation.

Preparations for Creating an NIS Master Server.

  1. Perform the following steps before creating your master server:
  2. Ensure /etc files are complete and current: passwd, hosts, group, networks, protocols, rpc, and services.
  3. If you know the correct configuration, create the /etc/netgroup file. (See netgroup(4) in the HP-UX Reference.)

Restricting Access to the Master Server

If you want to restrict access to the master server to a smaller set of users than defined by the complete /etc/passwd file, perform the following steps:

  1. Copy the entire /etc/passwd file to a different file (e.g., /etc/passwd.nis).
  2. Delete undesired users from the original /etc/passwd file. To prevent all entries in the NIS passwd map from being able to log in, this smaller file should not include the following line:

    +::0:0:::

  3. Edit /usr/etc/yp/ypinit. Change the line containing:

    PWFILE=/etc/passwd

    TO:

    PWFILE=/etc/passwd.nis

  4. Edit /etc/netnfsrc as follows:

    CHANGE:

    /usr/etc/rpc.yppasswdd /etc/passwd -m passwd PWFILE=/etc/passwd

    TO:

    /usr/etc/rpc.yppasswdd /etc/passwd.nis -m passwd\ PWFILE=/etc/passwd.nis

  5. If you have rpc.yppasswdd running, kill and restart it.

    # /usr/etc/rpc.yppasswdd /etc/passwd.nis -m passwd\ PWFILE=/etc/passwd.nis

If in the future you need to run ypmake and you have restricted access to the master server as just described, enter the following line:

# /usr/etc/yp/ypmake passwd PWFILE=/etc/passwd.nis

Creating an NIS Master Server

  1. Set the NIS domain name using the domainname command.

    # domainname nis_domain_name

  2. Execute ypinit with the -m parameter in one of two ways:
  3. The system asks whether you want the procedure to quit at the first non-fatal error. Do one of the following:
  4. The ypinit script prompts you for a list of hosts that will become servers.

Manually Starting the NIS Master Server

  1. If you have not already done so, set the NIS domain name using the domainname command. This NIS domain name must be the same one used for all clients and servers within this NIS domain.

    # domainname nis_domain_name

  2. Execute ypserv.

    # /usr/etc/ypserv

  3. Execute ypbind.

    # /etc/ypbind

Starting the NIS Master Server on System Restart

  1. Edit /etc/netnfsrc:
  2. Set NISDOMAIN to the NIS domain name:

    NISDOMAIN=nis_domain_name You will need to use this same NIS domain name for all clients and servers within this NIS domain.

  3. Set NIS_MASTER_SERVER to a value other than zero. Changing this variable permits users to change their NIS password:

    NIS_MASTER_SERVER=1

  4. Set the NIS_SLAVE_SERVER to zero to disable the node as a slave server:

    NIS_SLAVE_SERVER=0

  5. Set NIS_CLIENT to a value other than zero:

    NIS_CLIENT=1

Creating an NIS Slave Server

  1. Set the NIS domain name using the domainname command. This NIS domain name must be the same one used for all clients and servers within this NIS domain:

    # domainname nis_domain_name

  2. Execute ypinit with the -s parameter in one of two ways:
  3. The system asks whether you want the procedure to quit at the first non-fatal error. Do one of the following:
  4. Since the slave server is also a client, customize the files which traditionally implement the database.

Manually Starting the NIS Slave Server

  1. If you have not already done so, set the NIS domain name using the domainname command. This NIS domain name must be the same one used for all clients and servers within this NIS domain.

    # domainname nis_domain_name

  2. Execute ypserv.

    # /usr/etc/ypserv

  3. Execute ypbind.

    # /etc/ypbind -ypsetme

Starting NIS Slave Server on System Restart

  1. Go into /etc/netnfsrc.
  2. Set NISDOMAIN to the same NIS domain name used on all clients and servers within this NIS domain.

    NISDOMAIN=nis_domain_name

  3. Set the NIS_MASTER_SERVER to zero to disable the node as a master server.

    NIS_MASTER_SERVER=0

  4. Set NIS_SLAVE_SERVER to a value other than zero.

    NIS_SLAVE_SERVER=1

  5. Set NIS_CLIENT to a value other than zero.

    NIS_CLIENT=1

Creating an NIS Client.

Customize the following files that traditionally store the information: 

/etc/passwd
/etc/group
/etc/hosts
/etc/protocols
/etc/netgroup
/etc/rpc
/etc/networks
/etc/services

Manually Starting the NIS Client

  1. If you have not already done so, set the NIS domain name using the domainname command. This NIS domain name must be the same one used for all clients and servers within this NIS domain.

    # domainname nis_domain_name

  2. Execute ypbind.

    # /etc/ypbind -ypsetme

Starting the NIS Client on System Restart

  1. Edit /etc/netnfsrc.
  2. Set NISDOMAIN to the same NIS domain name used on all clients and servers within this NIS domain.

    NISDOMAIN=nis_domain_name

  3. Set NIS_CLIENT to a value other than zero.

    NIS_CLIENT=1 Note: A zero in the NIS_CLIENT field disables the node from working as an NIS client

11.3 Summary

There are many common features of NIS on each platform: the yp daemons have the same name and function, domains work the same, commands like ypwhich, ypset, and ypinit work the same. The differences lie in configuring NIS on each platform. AIX supplies a number of scripts that make configuring NIS relatively easy: mkmaster, mkslave, mkclient, chypdom. If you use SMIT to configure NIS, then you are actually providing parameters for these scripts. HP-UX does not have equivalent commands, but it does provide the ypmake script to make map propagation easier. You also use SRC commands in AIX to control the yp daemons.

Each system has a different way of creating NIS maps: on AIX it involves editing /var/yp/Makefile while on HP-UX you have to change /usr/etc/yp/ypmake. Each of these scripts differs in its makeup. However, they ultimately call the makedbm command and produce maps that can be read across platforms. For example, if you have a map of user account names called /etc/auto.user, regardless of which platform the corresponding .dbm and .pag files are created on, they can be read by NIS utilities on any system, as long as that system is in the same domain.

[Next Chapter: 12. NFS]

Provide feedback to: alan_roberts@hp.com

[Table of Contents] [Outline] [Index] (Updated 09 MAR 97)
Copyright 1996 Hewlett-Packard Company. All rights reserved.