AIX/HP-UX Interoperability Guide (continued)
[Last Chapter: 10. Domain Name Service]
On AIX 3.2.5 /etc/yp is a link to /var/yp. In the latter on servers is the domainname subdirectory containing all the maps, and the following files:
Makefile Makefile.pre_ix26157 aliases.time binding group.time hosts.time netid.time passwd.time protocols.time publickey.time rpc.time services.time updaters
The make command uses the Makefile in this directory and can be used to create maps and to push them. Unlike HP-UX, there is no ypmake script. Makefile calls the makedbm command to build maps, create *.time files, and push the maps. The Makefile refers to various yp commands in the /usr/etc/yp directory, but actually, all the commands in that directory are links:
chmaster -> /usr/sbin/mkmaster chslave -> /usr/sbin/mkslave chypdom -> /usr/sbin/chypdomlsmaster -> /usr/sbin/lsmaster makedbm -> /usr/sbin/makedbm mkalias -> /usr/sbin/mkalias mkclient -> /usr/sbin/mkclient mkkeyserv -> /usr/sbin/mkkeyserv mkmaster -> /usr/sbin/mkmaster mknetid -> /usr/sbin/mknetid mkslave -> /usr/sbin/mkslave mrgpwd -> /usr/sbin/mrgpwd revnetgroup -> /usr/sbin/revnetgroup rmkeyserv -> /usr/sbin/rmkeyserv rmyp -> /usr/sbin/rmyp stdethers -> /usr/sbin/stdethers stdhosts -> /usr/sbin/stdhosts udpublickey -> /usr/sbin/udpublickey ypinit -> /usr/sbin/ypinit yppoll -> /usr/sbin/yppoll yppush -> /usr/sbin/yppush ypset -> /usr/sbin/ypset ypxfr -> /usr/sbin/ypxfr ypxfr_1perday -> /usr/sbin/ypxfr_1perday ypxfr_1perhour -> /usr/sbin/ypxfr_1perhour ypxfr_2perday -> /usr/sbin/ypxfr_2perday
Also, the yp commands in /usr/etc are actually links:
rpc.yppasswdd -> /usr/lib/netsvc/yp/rpc.yppasswdd rpc.ypupdated -> /usr/lib/netsvc/yp/rpc.ypupdated ypbind -> /usr/lib/netsvc/yp/ypbind ypserv -> /usr/lib/netsvc/yp/ypserv
You can use SMIT to configure NIS or you can do so manually. If you do a manual configuration, the process is the same as in HP-UX, with the exception of starting the yp daemons.
You can use a password file other than /etc/passwd. To do so,
DIR=/etc
if [ -x /usr/etc/rpc.yppasswdd -a -f $DIR/passwd ]; then
startsrc -s yppasswdd
fi
DIR=/etc
if [ -x /usr/etc/rpc.yppasswdd -a -f $DIR/passwd.nis ]; then
startsrc -s yppasswdd
fi
# chssys -s yppasswdd -a '/etc/passwd.nis -m passwd'
Configure this Host as a NIS Master Server
Type or select values in entry fields. Press Enter AFTER making all desired changes. [Entry Fields] HOSTS that will be slave servers [] * Can existing MAPS for the domain be overwritten? yes + * EXIT on errors, when creating master server? yes + * START the yppasswdd daemon? no + * START the ypupdated daemon? no + * START the ypbind daemon? yes + * START the master server now, both + at system restart, or both?
This is all that's required. If you want a more secure setup, you can choose yes to START the yppasswdd daemon and START the ypupdated daemon. See the man page for these daemons for more information. If you accept the default value of both for START the master server now, at system restart, or both, SMIT will call ypinit -m, start the appropriate daemons, and make changes to the /etc/rc.nfs file to make the changes permanent.
# smit chypdom
Configure this Host as a NIS Slave Server
Type or select values in entry fields. Press Enter AFTER making all desired changes. [Entry Fields] * HOSTNAME of the master server [] * Can existing MAPS for the domain be overwritten? yes + * START the slave server now, both + at system restart, or both? * Quit if errors are encountered? yes +
Enter the name of your master server. If the defaults are fine, press Enter. SMIT will run ypinit -s and make sure the necessary changes are made to /etc/rc.nfs to make the changes permanent.
# smit chypdom
Configure this Host as a NIS Client
Type or select values in entry fields. Press Enter AFTER making all desired changes. [Entry Fields] * START the NIS client now, both + at system restart, or both?
Pressing Enter at this point starts ypbind and edits /etc/rc.nfs.
You can manage all the yp daemons using SMIT or on the command line using SRC commands.
Start / Stop Configured NIS Daemons
Move cursor to desired item and press Enter. Start the Server Daemon, ypserv Start the Client Daemon, ypbind Start the yppasswdd Daemon Start the ypupdated Daemon Stop the Server Daemon, ypserv Stop the Client Daemon, ypbind Stop the yppasswdd Daemon Stop the ypupdated Daemon
You can start or stop yp daemons using SRC commands, either individually or as a group.
To stop all yp daemons:
# stopsrc -g yp
To start all yp daemons:
# startsrc -g yp
To stop a yp daemon, for example ypbind, individually:
# stopsrc -s ypbind
To start a yp daemon, for example ypserv, individually:
Following is excerpts from /etc/rc.nfs. To manually configure yp in /etc/rc.nfs, edit the following stanzas with a text editor:
# Uncomment the following lines and change the domain # name to define your domain (domain must be defined # before starting NIS). if [ -x /usr/bin/domainname ]; then /usr/bin/domainname elmo fi ... if [ -x /usr/etc/ypserv -a -d /etc/yp/`domainname` ]; then startsrc -s ypserv fi if [ -x /usr/etc/ypbind ]; then startsrc -s ypbind fi if [ -x /usr/etc/keyserv ]; then startsrc -s keyserv fi if [ -x /usr/etc/rpc.ypupdated -a -d /etc/yp/`domainname` ]; then startsrc -s ypupdated ... #Uncomment the following lines to start up the NIS #yppasswd daemon. DIR=/etc if [ -x /usr/etc/rpc.yppasswdd -a -f $DIR/passwd ]; then startsrc -s yppasswdd fi
On HP-UX 9.0x /etc/yp is a link to /usr/etc/yp. In the latter is the domainname subdirectory containing all the maps, and the following files:
Makefile longfiles makedbm mkalias revnetgroup stdhosts ypinit ypmake yppoll yppush ypserv.log ypset ypxfr ypxfr.log ypxfr_1perday ypxfr_1perhour ypxfr_2perday
The file ypmake is a shell script that builds one or more maps on a master NIS server. If no arguments are specified, ypmake either creates maps if they do not already exist or rebuilds maps that are not current. yppush is then executed to notify slave NIS servers of the change and make the slave servers copy the updated maps to their machines. If any maps are supplied on the command line, ypmake creates or updates those maps only. The make command can be used instead of ypmake. The Makefile in /usr/etc/yp calls the ypmake script to actually construct the maps. Better performance is achieved if ypmake is called.
You must be superuser to create an NIS master server (i.e., to build the NIS master databases). You should also be in a single user state of operation.
If you want to restrict access to the master server to a smaller set of users than defined by the complete /etc/passwd file, perform the following steps:
+::0:0:::
PWFILE=/etc/passwd
TO:
PWFILE=/etc/passwd.nis
CHANGE:
/usr/etc/rpc.yppasswdd /etc/passwd -m passwd PWFILE=/etc/passwd
TO:
/usr/etc/rpc.yppasswdd /etc/passwd.nis -m passwd\ PWFILE=/etc/passwd.nis
# /usr/etc/rpc.yppasswdd /etc/passwd.nis -m passwd\ PWFILE=/etc/passwd.nis
If in the future you need to run ypmake and you have restricted access to the master server as just described, enter the following line:
# /usr/etc/yp/ypmake passwd PWFILE=/etc/passwd.nis
# domainname nis_domain_name
# /usr/etc/yp/ypinit -m
# /usr/etc/yp/ypinit -m DOM=XXX
XXX represents the domain name for which you
are setting this node to be a master server.
# domainname nis_domain_name
# /usr/etc/ypserv
# /etc/ypbind
NISDOMAIN=nis_domain_name
You will need to use this same NIS domain name
for all clients and servers within this NIS domain.
NIS_MASTER_SERVER=1
NIS_SLAVE_SERVER=0
NIS_CLIENT=1
# domainname nis_domain_name
# /usr/etc/yp/ypinit -s master_server_name
# /usr/etc/yp/ypinit -s master_server_name [DOM=XXX ]
XXX represents the domain name for which you
are setting this node to be a slave server.
# domainname nis_domain_name
# /usr/etc/ypserv
# /etc/ypbind -ypsetme
NISDOMAIN=nis_domain_name
NIS_MASTER_SERVER=0
NIS_SLAVE_SERVER=1
NIS_CLIENT=1
Customize the following files that traditionally store the information:
/etc/passwd /etc/group /etc/hosts /etc/protocols /etc/netgroup /etc/rpc /etc/networks /etc/services
# domainname nis_domain_name
# /etc/ypbind -ypsetme
NISDOMAIN=nis_domain_name
NIS_CLIENT=1
Note: A zero in the NIS_CLIENT field
disables the node from working as an NIS client
There are many common features of NIS on each platform: the yp daemons have the same name and function, domains work the same, commands like ypwhich, ypset, and ypinit work the same. The differences lie in configuring NIS on each platform. AIX supplies a number of scripts that make configuring NIS relatively easy: mkmaster, mkslave, mkclient, chypdom. If you use SMIT to configure NIS, then you are actually providing parameters for these scripts. HP-UX does not have equivalent commands, but it does provide the ypmake script to make map propagation easier. You also use SRC commands in AIX to control the yp daemons.
Each system has a different way of creating NIS maps: on AIX it involves editing /var/yp/Makefile while on HP-UX you have to change /usr/etc/yp/ypmake. Each of these scripts differs in its makeup. However, they ultimately call the makedbm command and produce maps that can be read across platforms. For example, if you have a map of user account names called /etc/auto.user, regardless of which platform the corresponding .dbm and .pag files are created on, they can be read by NIS utilities on any system, as long as that system is in the same domain.
Provide feedback to: alan_roberts@hp.com