Managing NFS and NIS, 2nd Edition - Mike Eisler [29]
newmaster# mkdir /etc/nispw
newmaster# chmod 0700 /etc/nispw
newmaster# grep -v '^root:' /etc/passwd > /etc/nispw/passwd
newmaster# grep -v '^root:' /etc/shadow > /etc/nispw/shadow
newmaster# vi /etc/passwd /etc/shadow # delete the nonprivileged entries,
# e.g., stern and mre
newmaster# cp /var/yp/Makefile /var/yp/Makefile.save
newmaster# vi /var/yp/Makefile # change the PWDIR variable to /etc/nispw
Before you create the new master server, you must decide how many slave servers you will have. For availability, it is a good idea to have at minimum one slave. Once NIS is installed, if it ever becomes unavailable, your network will become unusable. The first time your master server becomes unavailable, your users and you will appreciate being able to use the network. If you need additional server horsepower, then set up more than one NIS slave server. Once you know what the names of the slaves are, make sure that the master's /etc/hosts file has entries for each slave.
To create a new master server, become the superuser on the host and invoke ypinit with the -m flag:
Edit /etc/hosts to add entries for each slave
newmaster# /usr/sbin/ypinit -m
ypinit builds the domain subdirectory of /var/yp for the current default domain. Note that the ypinit utility lives in /usr/sbin, so you should use its full pathname if you don't have this directory in your search path. In this example, ypinit creates /var/yp/bedrock.
After building the domain subdirectory, ypinit builds a complete set of administrative maps for your system and places them in this directory. The first map created by ypinit -m is the ypservers map. ypinit will ask you for a list of hosts that will be running NIS. The hosts named in the ypservers map do not have to be running NIS at that time, but they should become NIS servers before the first modifications are made to NIS maps.
You must have one and only one master server per NIS domain. There is nothing in ypinit that checks for the existence of another master server, so it's possible to create two masters accidentally in the same domain. Having more than one master may lead to NIS map corruption; at best it confuses procedures that contact the NIS master, such as map transfers and NIS password file updates.
Now enable NIS in nsswitch.conf so that processes on your NIS master host can use NIS for all of its name service accesses:
newmaster# cp /etc/nsswitch.nis /etc/nsswitch.conf
If you are running Solaris 8 and if you think you will ever use the sec=dh option with NFS, then it would be an excellent idea to change the entry for publickey in nsswitch.conf to:
publickey: nis
The reason for this step is that the Solaris 8 utilities that manipulate the publickey map get confused if there are multiple database sources in the publickey entry of nsswitch.conf. You should do this on NIS slaves and NIS clients as well.
Once ypinit finishes and nsswitch.conf is set up to use NIS, you should start the NIS service manually via the ypstart script or by rebooting the server host. In Solaris, the relevant part of the boot script /etc/rc2.d//S71rpc normally looks like this:
# Start NIS (YP) services. The ypstart script handles both client
# and server startup, whichever is appropriate.
if [ -x /usr/lib/netsvc/yp/ypstart ]; then
/usr/lib/netsvc/yp/ypstart rpcstart
fi
Assuming you opt to start the NIS service manually, you would do:
newmaster# /usr/lib/netsvc/yp/ypstart
As the comment in S71rpc says, the ypstart script handles the case when the host is an NIS server or NIS client or both. Both S71rpc and ypstart came with the system when it was installed, and normally won't need modifications. The logic in ypstart may require modifications if a server is a client of one domain but serves another; this situation sometimes occurs when a host is on multiple networks. Issues surrounding multiple domains are left for the next chapter.
Test that your NIS server is working:
newmaster# ypcat passwd
noaccess:NP:60002:60002:No Access User:/:
nobody4:NP:65534:65534:SunOS