Installing and Administrating NIS+

The Solaris nisplus is a network information service which allows you to store client information at a central place where all the clients have access. This enables system administrators to manage a group of servers from a central place.

In this article we will discus nisplus objects, installation of servers, clients and administration commands.

Introduction to NIS+

  • NIS+ is network information services which allows you to store client information at a central place where all the clients have access. The information can be user passwords , home directories, network services etc.
  • The information is stored in NIS+ tables . Some of the standard tables (16 in number) comes with predefined structure when NIS+ is installed . The other tables can be created as per requirement using NIS+ commands.
  • NIS+ uses hierarchical structure and can have multiple domains servers .
  • NIS+ uses the client server model . The primary server is called master server and the backup server is called the replica server. Both server runs NIS+ and have copies of tables . The changes in master server are propagated to replica servers in increments.
  • For security it uses both authentication and authorization for securing the access to system and resources. Authentication verifies validity of a user ; Authorization verifies if the user is allowed to have access to the resources. Access to any NIS+ table can be controlled through the table permissions.
  • Clients have a configuration file /etc/nsswitch.com — entries in this file determines where the clients should look for the information , in local files or NIS+ maps at the server.

Objects in NIS+

There are three objects in NIS+

  1. Parent domain — represented by domain name e.g. church1e.local (parent domain)
  2. org_dir — which contains all the NIS+ tables
  3. groups_dir — contains the groups information, by default only admin group is there.

Standard tables in NIS+

These tables contain same type of information as standard files of the same name .The passwd table however contains the encrypted password information also. Standard tables in NIS+ are:

  • passwd
  • group
  • auto_master
  • auto_home
  • bootparams
  • cred
  • ethers
  • hosts
  • mail_aliases
  • sendmailvars
  • netmasks
  • netgroup
  • networks
  • protocols
  • rpc
  • services
  • timezone
  • client_info

Groups in NIS+

By default only the admin group is created at the time of installation of NIS+.

Preparing for Install

The first step is to prepare the data files for NIS+ maps .This can be done by coping the files which needs to be put in the nisplus tables for centralised administration . The files are located in /etc and mostly have the same name as NIS+ tables

If you want only passwords, groups, hosts, home directories to be administered then you need to copy the these files in some other directory – say /tmp/nisfiles. You can make additional changes here:

# cp /etc/passwd /tmp/nisfiles
# cp /etc/group /tmp/nisfiles
# cp /etc/hosts /tmp/nisfiles

auto_home can be created by editing a copy of the passwd file and keeping only the login name and home directory.

A typical auto_home consists of following entries:

# head auto_home
+auto_home
martin 10.10.1.4:/export/home/&
schlumpf 10.10.1.4:/export/home/&
smurf 10.10.1.4:/export/home/&

where the first column is user names followed by name of the machine providing home directories & home directory path.

Installing the NIS+ Server

The following steps are necessary to correctly install a NIS+ server:

  1. Define a default domain if not defined already in /etc/defaultdomain:
    # domainname
    church1e.local
    # domainname > /etc/defaultdomain
  2. As root, run the server initialization program:
    # /usr/lib/nis/nisserver -r

    If you need to setup your NIS+ server in NIS compatibility mode, run:

    # nisserver -r -Y

    The above commands will setup the NIS+ server software.

  3. Reboot the server
  4. Login as root, change directory to the one containing the files auto_home, passwd and group and run the command to populate the empty nis+ tables:
    # cd /tmp/nisfiles
    # nispopulate –v –F
    This will try to populate all the standard tables from the files in local directory, you can also specify a particular file name in for populating a single table e.g.
    # nispopulate –v –F auto_home
    auto_home is the local file containg the entries in proper format.

Installing a NIS+ Client

  1. Login as root in clientDefine a default domain name
    # domainname
    church1e.local
    # domainname > /etc/defaultdomain
  2. Run the client initialsation program:
    # nisclient –i -h schlumpf -d church1e.local
  3. reboot the client machine.
  4. Login again and open /etc/nsswitch.conf and check to see that only entries coreesponding to the populated tables are pointing to nisplus first and then files. Rest of them should be files and nisplus.

Administrating NIS+

The following are examples of commom nisplus administration tasks;

Table 1 — nisplus administration commands
ActionCommand
Listing table & objects in NIS+ # nisls — gives the total objects in NIS+
# nisls org_dir — Lists the tables listed in the directory.
Listing a contents of tables # niscat passwd.org_dir
Listing table structure # niscat -o passwd.org_dir
Add a user # nistbladm -a name=smurf uid=84838 gid=1122 home=/home/smurf shell=/bin/sh passwd.org_dir
Changing the user information in passwd table (Super user only, replace <> with the correspindong details # nistbladm –a name=<> passwd=<> uid=<> gid=<> home=<> shelll=<> passwd.org_dir for example:
# nistbladm -a name=smurf uid=84838 gid=1124 home=/home/smurf shell=/bin/sh passwd.org_dir
to change only shell
# nistbladm -m shell=/usr/local/bin/bash [name=smurf],passwd.org_dir
Changing user passwd (root) # nispasswd username — the user has to update his key through chkey -p
Change user passwd (as user)
$ nispasswd
$ chkey -p
Adding user credentials
# nisaddcred -p 84838 -P smurf local
# nisaddcred -p unix.84838@church1e.local -P smurf.church1e.local. des

where 84838 is the userid and smurf is the user name.

Adding / removing a user dir entry in auto_home table
# nistbladm -a key=smurf value=10.10.1.4:/home/smurf auto_home.org_dir
# nistbladm -r key=smurf auto_home.org_dir
— If key is not unique then more fields needs to be defined!
Removing a user # nistbladm -r name=smurf passwd.org_dir
Modifying the tables for multiple entries. Dump the table to a file:
# nisaddent -d passwd > /tmp/passwd
Edit the dumpted file:
# vi /tmp/passwd
Populate the table with the amended data entries:
# nisaddent -r -f /tmp/passwd passwd
Note: nisaddent command is available only for some of the standard tables, for others either nispopulate or nistbladm has to be used.