NIS + Set up Overview

Table 7-1 summarizes the recommended generic setup procedure. The left column lists the major setup activities, such as setting up the root domain or creating a client. The text in the middle describes the activities. The third column lists which script or NIS+ commands accomplish each step.

Table 7-1

Activity	Description	Script/NIS+ Commands
Set Up Root Domain	Create the root domain. Set up and initialize the root master server. Create the root domain admin group.	nisserver(1M)
Populate Tables	Populate the NIS+ tables of the root domain from text files or NIS maps. Create credentials for root domain clients. Create administrator credentials.	nispopulate(1M) nisgrpadm(1M) nisping(1M)
Set Up Root Domain Clients	Set up the client machines. (Some of them will subsequently be converted into servers.) Initialize users as NIS+ clients.	nisclient(1M)
Enable Servers	Enable some clients of the root domain to become servers. Some servers will later become root repli-cas, others will support lower-level domains.	rpc.nisd(1M)
Set Up Root Replicas	Designate one or more of the servers you just set up as a replica of the root domain.	nisserver(1M)
Set Up Non-Root Domains	Create a new domain. Designate previously en-abled server as its master. Create its admin group and admin credentials.	nisserver(1M)
Populate Tables	Create credentials for clients of the new domain. Populate the NIS+ tables of the new domain from text files or NIS maps.	nispopulate(1M)

Table 7-1 (Continued)

Activity	Description	Script/NIS+ Commands
Set Up Domain Clients	Set up the clients of the new domain. (Some may subsequently be converted into servers for lower-level domains.) Initialize users as NIS+ clients.	nisclient(1M)
Set Up Servers for Lower Level	If the namespace will have lower-level domains, convert some of the second level domain's clients into the servers that will later become masters and replicas of the lower levels.	nisserver(1M)
Set Up Other Domains	Set up other domains, whether at the same level as the new domain or beneath it, by repeating activi-ties 6-9.

The NIS+ scripts enable to you to skip most of the individual procedures the above activities represent.

Script Prerequisites

Before you use the scripts to create your actual namespace you have to:

1. Plan your NIS+ layout.

2. Choose a root domain name.

3. Choose a root server machine.

4. Choose your client machines.

---

Note - The machine that will be designated the root server must be up and running and you must have superuser access to it.

---

To create the sample namespace, you only need to do steps 3 and 4 above. The tutorial does the NIS+ layout planning for you and chooses a domain name.

Creating a Sample NIS+ Namespace

The procedures in this chapter show you how to create a sample NIS+ namespace. The sample NIS+ namespace will be created from /etc files and NIS maps. This sample shows you how to use the scripts both when your site

is not running the Network Information Service (NIS) and when NIS is running at your site. You can set your servers to NIS-compatibility mode if they will be serving NIS clients. See NIS+ Transition Guide for more information on NIS-compatibility mode.

---

Note - Your site's actual NIS+ namespace and its domain hierarchy will probably differ from the sample namespace's, and yours will probably contain a different number of servers, clients and domains. Do not expect to have any resemblance between your final domain configuration or hierarchy and the sample one. The sample namespace is merely an illustration of how to use the NIS+ scripts. Once you have created this sample namespace, you should have a clear idea about how to create domains, servers and clients at your site.

---

The sample namespace will contain the following components:

• A root master server (for the wiz.com. domain)
• Four clients:

  · The first client will become a root replica (for the wiz.com. domain)

  · The second client will become a master server for a new subdomain (for the subwiz.wiz.com. domain)

  · The third client will become a non-root replica server of the new subdomain (for the subwiz.wiz.com. domain)

  · The fourth client will remain solely a client of the root domain (wiz.com.)

• Two clients of the subdomain (subwiz.wiz.com.)

This scenario shows the scripts being used to set up NIS+ at a site that uses both system information files, such as /etc/hosts, and NIS maps to store network service information. The sample NIS+ namespace uses such a mixed site purely for example purposes.

Figure 7-1 shows the layout of the sample namespace. When you finish creating the sample domain, it should resemble the NIS+ domain in this figure. Notice that some machines are simultaneously servers and clients.

Figure 7-1

Summary of NIS+ Scripts Command Lines

Table 7-2 contains the generic sequence of NIS+ scripts and commands you will use to create the NIS+ domains shown in Figure 7-1. Subsequent sections describe these command lines in detail. After you are familiar with the tasks required to create NIS+ domains, servers, and clients, use Table 7-2 as a quick

reference guide to the appropriate command lines. Table 7-3 on page 123 is a summary of the actual commands with the appropriate variables that you will type to create the sample NIS+ namespace.

Table 7-2

Purpose	On Which Machine	Command Line
Include /usr/lib/nis in root's path; C shell or Bourne shell	Root master server and client machines as superuser	setenv PATH $PATH:/usr/lib/nis orPATH=$PATH:/usr/lib/nis; export PATH
Create a root master server without or with NIS (YP) compatibility	Root master server as superuser	nisserver -r -d newdomain. or nisserver -Y -r -d newdomain.
Populate the root master server tables from files or from NIS maps	Root master server as superuser	nispopulate -F -p /files -d newdomain. ornispopulate -Y -d newdomain. -h NIS_servername\ -a NIS_server_ipaddress -y NIS_domain
Add additional users to the NIS+ admin group	Root master server as superuser	nisgrpadm -a admin.domain. name.domain.
Make a checkpoint of the NIS+ database	Root master server as superuser	nisping -C domain.
Initialize a new client machine	Client machine as superuser	nisclient -i -d domain. -h rootmaster
Initialize user as an NIS+ client	Client machine as user	nisclient -u
Start the rpc.nisd daemon--required to convert a client to a server without or with NIS (& DNS) compatibility	Client machine as superuser	rpc.nisd or rpc.nisd -Y or rpc.nisd -Y -B
Convert a server to a root replica	Root master server as superuser	nisserver -R -d domain. -h clientname
Convert a server to a non-root master server	Root master server as superuser	nisserver -M -d newsubdomain.domain. -h \ clientmachine
Populate the new master server tables from files or from NIS maps	New subdomain master server as superuser	nispopulate -F -p /subdomaindirectory -d \ newsubdomain.domain. ornispopulate -Y -d newsubdomain.domain. -h \ NIS_servername -a NIS_server_ipaddress -y NIS_domain
Convert a client to a master server replica	Subdomain master server as superuser	nisserver -R -d subdomain.domain. -h clientname

Table 7-2 (Continued)

Purpose	On Which Machine	Command Line
Initialize a new client of the subdomain. Clients can be converted to subdomain replicas or to another server.	New subdomain client machine as superuser	nisclient -i -d newsubdomain.domain. -h \ subdomainmaster
Initialize user as an NIS+ client	Client machine as user	nisclient -u

---

Note - To see what commands an NIS+ script will call without actually having the commands execute, use the new -x option. The -x option will cause the command names and their approximate output to echo to the screen as if you were actually running the script. Running the scripts for the first time with -x may minimize unexpected results. See the scripts' man pages for more information.

---

Setting Up NIS+ Root Servers

Setting up the root master server is the first activity towards establishing NIS+ domain. This section shows you how to set up a root master server using the nisserver(1M) script with default settings. The root master server will use the following defaults:

• Security level 2 (DES)--the highest level of NIS+ security
• NIS (YP) compatible set to OFF (instructions for setting NIS (yp) compatibility are included)
• System information files (/etc) or NIS maps as the source of name services information
• admin.domainname as the NIS+ group

---

Note - The nisserver(1M) script modifies the name service switch file for NIS+ when it sets up a root master server. The /etc/nsswitch.conf file may be changed later. See Chapter 5, "Understanding the Name Service Switch" for information on the Name Service Switch.

---

Prerequisites to Running nisserver (1M)

While this is usually true, check to see that the /etc/passwd file on the machine you want to be root master server contains an entry for root.

Information You Need

You need the following:

• The superuser password of the workstation that will become the root master server
• The name of the new root domain

In the following example, the machine that will be designated the root master server is called rootmaster, and "wiz.com." will be the new root domain.

· How to Create a Root Master Server

1. Set the superuser's PATH variable to include /usr/lib/nis. Either add this path to root's .cshrc or .profile file or set the variable directly with either of the following commands. The first example shows the C shell command; the second example shows the Bourne shell command.

rootmaster# setenv PATH $PATH:/usr/lib/nis rootmaster# PATH=$PATH:/usr/lib/nis; export PATH

2. Type the following as superuser (root) to set up a root master server.

   The -r option indicates that a root master server should be set up. The -d option specifies the NIS+ domain name.

rootmaster# nisserver -r -d wiz.com. This script sets up this machine "rootmaster" as a NIS+ root master server for domain wiz.com. Domain name : wiz.com. NIS+ group : admin.wiz.com. NIS (YP) compatibility : OFF Security level : 2=DES Is this information correct? (type 'y' to accept, 'n' to change)

"NIS+ group" refers to the group of users who are authorized to modify the information in the wiz.com. domain. (Domain names always end with a period.) Modification includes deletion. admin.domainname is the default name of the group. See "How to Change Incorrect Information" on page 89 for instructions on how to change this name.

"NIS (YP) compatibility" refers to whether an NIS+ server will accept information requests from NIS clients. When set to OFF, the default setting, the NIS+ server will not fulfill requests from NIS clients. When set to ON, an NIS+ server will fulfill such requests. You can change the NIS-compatibility setting with this script. See "How to Change Incorrect Information" on page 89.

---

Note - This script only sets machines up at security level 2, the highest level of NIS+ security. You cannot change the security level when using this script. After the script has completed, you can change the security level with the appropriate NIS+ command. See Name Services Administration Guide for more information on changing security levels.

---

3. Type y (if the information shown on the screen is correct).

   Typing n causes the script to prompt you for the correct information. (See "How to Change Incorrect Information" below for what you need to do if you type n.)

Is this information correct? (type 'y' to accept, 'n' to change) y This script will set up your machine as a root master server for domain wiz.com. without NIS compatibility at security level 2. Use "nisclient -r" to restore your current network service environment. Do you want to continue? (type 'y' to continue, 'n' to exit the script)

4. Type y to continue the NIS+ setup.

   (Typing n safely stops the script.) If you interrupt the script after you have chosen y and while the script is running, the script stops running and leaves set up whatever it has created so far. The script does not do any automatic recovery or cleaning up. You can always rerun this script.

Do you want to continue? (type 'y' to continue, 'n' to exit the script) y setting up domain information "wiz.com." ... setting up switch information ... running nisinit ... This machine is in the wiz.com. NIS+ domain. Setting up root server ... All done. starting root server at security level 0 to create credentials... running nissetup ... (creating standard directories & tables) org_dir.wiz.com. created groups_dir.wiz.com. created passwd.org_dir.wiz.com. created group.org_dir.wiz.com. created auto_master.org_dir.wiz.com. created auto_home.org_dir.wiz.com. created bootparams.org_dir.wiz.com. created cred.org_dir.wiz.com. created ethers.org_dir.wiz.com. created hosts.org_dir.wiz.com. created mail_aliases.org_dir.wiz.com. created sendmailvars.org_dir.wiz.com. created netmasks.org_dir.wiz.com. created netgroup.org_dir.wiz.com. created networks.org_dir.wiz.com. created protocols.org_dir.wiz.com. created rpc.org_dir.wiz.com. created services.org_dir.wiz.com. created timezone.org_dir.wiz.com. created adding credential for rootmaster.wiz.com... Enter login password:

The nissetup(1M) command creates the directories for each NIS+ table.

5. Type your machine's root password at the prompt, then press Return.

   In this case, the user typed the rootmaster machine's root password.

Wrote secret key into /etc/.rootkey setting NIS+ group to admin.wiz.com. ... restarting root server at security level 2 ... This system is now configured as a root server for domain wiz.com. You can now populate the standard NIS+ tables by using the nispopulate or /usr/lib/nis/nisaddent commands.

Your root master server is now set up and ready for you to populate the NIS+ standard tables. To continue with populating tables, skip to "Populating NIS+ Tables" on page 91.

· How to Change Incorrect Information

If you typed n because some or all of the information returned to you was wrong in step 2 in the above procedure, you will see the following:

Is this information correct? (type 'y' to accept, 'n' to change) n Domain name : [wiz.com.]

1. Press Return if Domain name is correct; otherwise, type the correct domain name and press Return.

   In this example, Return was pressed, confirming that the desired domain name is wiz.com. The script then prompts for the NIS+ group name.

Is this information correct? (type 'y' to accept, 'n' to change) n Domain name : [wiz.com.] NIS+ group : [admin.wiz.com.]

2. Press Return if NIS+ group is correct; otherwise, type the correct NIS+ group name and press Return.

   In this example, the name was changed. The script then prompts for NIS (YP) compatibility.

NIS+ group: [admin.wiz.com.] netadmin.wiz.com. NIS (YP) compatibility (0=off, 1=on): [0]

3. Press Return if you do not want NIS compatibility; otherwise, type 1 and press Return.

   In this example, Return was pressed, confirming that NIS compatibility status is correct. Once again, the script asks you if the information is correct.

---

Note - If you choose to make this server NIS compatible, you also need to edit a file and restart the rpc.nisd(1M) daemon before it will work. See "How to Configure a Client as an NIS+ Server" for more information.

---

NIS (YP) compatibility (0=off, 1=on): [0] Domain name : wiz.com. NIS+ group : netadmin.wiz.com. NIS (YP) compatibility : OFF Security level : 2=DES Is this information correct? (type 'y' to accept, 'n' to change)

Once the information is correct, continue with Step 3 in "How to Create a Root Master Server." You can keep choosing n until the information is correct.

---

Note - This script only sets machines up at security level 2. You cannot change the security level when using this script. After the script has completed, you can change the security level with the appropriate NIS+ command. See Name Services Administration Guide for more information on changing security levels.

---

Populating NIS+ Tables

Once the root master server has been set up, you should populate its standard NIS+ tables with name services information. This section shows you how to populate the root master server's tables with data from files or NIS maps using the nispopulate(1M) script with default settings. The script uses:

• The domain created in the previous example (wiz.com.)
• System information files or NIS maps as the source of name services
• The standard NIS+ tables: auto_master, auto_home, ethers,

group, hosts, networks, passwd, protocols, services, rpc,
netmasks, bootparams, netgroup, and aliases

---

Note - The shadow file's contents are merged with the passwd file's to create the passwd table when files are the tables' information source. No shadow table is created.

---

Prerequisites to Running nispopulate(1M)

Before you can run the script nispopulate(1M):

• The information in the files must be formatted appropriately for the table into which it will be loaded. Chapter 4, "Understanding NIS+ Tables and Information" describes the format required for a text file to be transferred into its corresponding NIS+ table. Local /etc files are usually formatted properly. NIS maps from running NIS domains are presumed to be correctly formatted.
• It is recommended that you make copies of the /etc files and use the copies to populate the tables instead of the actual ones for safety reasons. (This example uses files in a directory called /nis+files, for instance.) You also may want edit four of the copied files, passwd, shadow, aliases and hosts for security reasons. (See User Accounts, Printers, and Mail

Administration for more information on these files.) For example, you may want to remove the following lines from the copy of your local passwd file so they will not be distributed across the namespace:

root:x:0:1:0000-Admin(0000):/:/sbin/sh daemon:x:1:3:0000-Admin(0000):/: bin:x:3:5:0000-Admin(0000):/usr/bin: sys:x:3:3:0000-Admin(0000):/: adm:x:4:4:0000-Admin(0000):/var/adm: lp:x:78:9:0000-lp(0000):/usr/spool/lp: smtp:x:0:0:mail daemon user:/: uucp:x:5:5:0000-uucp(0000):/usr/lib/uucp: nuucp:x:7:8:0000- uucp(0000):/var/spool/uucppublic:/usr/lib/uucp/uucico listen:x:22:6:Network Admin:/usr/net/nls: nobody:x:60000:60000:uid no body:/: noaccess:x:60002:60002:uid no access:/:

• The domain must have already been set up and its master server must be running.
• The domain's server must have sufficient disk space to accommodate the new table information.
• You must be logged in as an NIS+ principal (a client with appropriate credentials) and have write permission to the NIS+ tables in the specified domain. In this example, you would have to be the user root on the machine rootmaster.

Information You Need

If populating from files, you need:

• The new NIS+ domain name
• The path of the appropriately edited text files whose data will be transferred
• Your root password

If populating from NIS maps, you need:

• The new NIS+ domain name
• The NIS domain name
• The NIS server's name

• The IP address of the NIS server
• Your root password

---

Note - The NIS domain name is case sensitive, while the NIS+ domain name is not.

---

· How to Populate the Root Master Server Tables

1. Perform either step a or step b to populate the root master server tables and then continue with step 2.

   Step a shows you how to populate tables from files. Step b shows you how to populate tables from NIS maps. Type these commands in a scrolling window as the script's output may otherwise scroll off the screen.

---

Note - The nispopulate(1M) script may fail if there is insufficient /tmp space on the system. To keep this from happening, you can set the environment variable TMPDIR to a different directory. If TMPDIR is not set to a valid directory, the script will use the /tmp directory.

---

a. Type the following to populate the tables from files.

rootmaster# nispopulate -F -p /nis+files -d wiz.com. NIS+ domain name : wiz.com. Directory Path : /nis+files Is this information correct? (type 'y' to accept, 'n' to change)

The -F option indicates that the tables will take their data from files. The -p option specifies the directory search path for the source files. (In this case, the path is /nis+files.) The -d option specifies the NIS+ domain name. (In this case, the domain name is wiz.com.)

The NIS+ principal user is root. You must perform this task as superuser in this instance because this is the first time that you are going to populate the root master server's tables. The nispopulate (1M) script adds credentials for all members of the NIS+ admin group.

b. Type the following to populate the tables from NIS maps.

rootmaster# nispopulate -Y -d wiz.com. -h corporatemachine -a 130.48.58.111 -y corporate.wiz.com. NIS+ domain name : wiz.com. NIS (YP) domain : corporate.wiz.com NIS (YP) server hostname : corporatemachine Is this information correct? (type 'y' to accept, 'n' to change)

The -Y option indicates that the tables will take their data from NIS maps. The -d option specifies the NIS+ domain name. The -h option specifies the NIS server's machine name. (In this case, the NIS server's name is corporatemachine. You would have to insert the name of a real NIS server at your site to create the sample domain.) The -a option specifies the NIS server's IP address. (In this case, the address is 130.48.58.111. You would have to insert the IP address of a real NIS server at your site to create the sample domain.) The -y option specifies the NIS domain name. (In this case, the domain's name is corporate.wiz.com; you would have to insert the NIS domain name of the real NIS domain at your site to create the sample domain. Remember that NIS domain names are case sensitive.)

The NIS+ principal user is root. You must perform this task as superuser in this instance because this is the first time that you are going to populate the root master server's tables. The nispopulate (1M) script also adds credentials for all members of the NIS+ admin group.

2. Type y (if the information returned on the screen is correct).

   Typing n causes the script to prompt you for the correct information. (See "How to Change Incorrect Information" on page 89 for what you need to do if the information is incorrect.)

a. If you performed step 1a, you will see the following:

Is this information correct? (type 'y' to accept, 'n' to change) y This script will populate the following NIS+ tables for domain wiz.com. from the files in /nis+files: auto_master auto_home ethers group hosts networks passwd protocols services rpc netmasks bootparams netgroup aliases shadow **WARNING: Interrupting this script after choosing to continue may leave the tables only partially populated. This script does not do any automatic recovery or cleanup. Do you want to continue? (type 'y' to continue, 'n' to exit this script)

b. If you performed step 1b, you will see the following:

Is this information correct? (type 'y' to accept, 'n' to change) y This script will populate the following NIS+ tables for domain wiz.com. from the NIS (YP) maps in domain corporate: auto_master auto_home ethers group hosts networks passwd protocols services rpc netmasks bootparams netgroup aliases **WARNING: Interrupting this script after choosing to continue may leave the tables only partially populated. This script does not do any automatic recovery or cleanup. Do you want to continue? (type 'y' to continue, 'n' to exit this script)

3. Type y to continue populating the tables.

   (Typing n safely stops the script.) If you interrupt the script after you have chosen y--while the script's running, the script stops running and may leave the tables only partially populated. The table that was currently being populated may be only partially populated. The script does not do any automatic recovery or cleaning up. You can safely rerun the script, however, the tables will be overwritten with the latest information.

a. If you are populating tables from files, you will see the following:

Do you want to continue? (type 'y' to continue, 'n' to exit this script)y populating auto_master table from file /nis+files/auto_master... auto_master table done. populating auto_home table from file /nis+files/auto_home... auto_home table done. populating ethers table from file /nis+files/ethers... ethers table done. populating group table from file /nis+files/group... group table done. populating hosts table from file /nis+files/hosts... hosts table done. Populating the NIS+ credential table for domain wiz.com. from hosts table. dumping hosts table... loading credential table... The credential table for domain wiz.com. has been populated. The password used will be nisplus. populating networks table from file /nis+files/networks... networks table done. populating passwd table from file /nis+files/passwd... passwd table done. Populating the NIS+ credential table for domain wiz.com. from passwd table. dumping passwd table... loading credential table...

The script is using hosts and passwd information to create the credentials for hosts and users.

The credential table for domain wiz.com. has been populated. The passwd used will be nisplus. populating protocols table from file /nis+files/protocols... protocols table done. populating services table from file /nis+files/services... services table done. populating rpc table from file /nis+files/rpc... rpc table done. populating netmasks table from file /nis+files/netmasks... netmasks table done. populating bootparams table from file /nis+files/bootparams... bootparams table done. populating netgroup table from file /nis+files/netgroup... netgroup table done populating mail_aliases table from file /nis+files/aliases... mail_aliases table done. populating passwd table from file /nis+files/shadow... passwd table done. Credentials have been added for the entries in the hosts and passwd table(s). Each entry was given a default network password (also known as a Secure-RPC password). This password is: nisplus Use this password when the nisclient script requests the network password. Done!

The script continues until it has searched for all the files it expects and loads all the tables it can from the available files.

b. If you are populating tables from NIS maps, you will see the following:

Do you want to continue? (type 'y' to continue, 'n' to exit this script) y populating auto_master table from corporate.wiz.com NIS(YP) domain... auto_master table done. populating auto_home table from file corporate.wiz.com NIS(YP) domain... auto_home table done. populating ethers table from corporate.wiz.com NIS(YP) domain... ethers table done. populating group table from corporate.wiz.com NIS(YP) domain... group table done. populating hosts table from corporate.wiz.com NIS(YP) domain... hosts table done. Populating the NIS+ credential table for domain wiz.com. from hosts table. The passwd used will be nisplus. dumping hosts table... loading credential table... The credential table for domain wiz.com. has been populated. The passwd used will be nisplus. populating networks table from corporate.wiz.com NIS(YP) domain... networks table done. populating passwd table from corporate.wiz.com NIS(YP) domain... passwd table done. Populating the NIS+ credential table for domain wiz.com. from passwd table. dumping passwd table... loading credential table... The credential table for domain wiz.com. has been populated.

The script is using hosts and passwd information to create the credentials for hosts and users.

The passwd used will be nisplus. populating protocols table from corporate.wiz.com NIS(YP) domain... protocols table done. populating services table from corporate.wiz.com NIS(YP) domain... services table done. populating rpc table from corporate.wiz.com NIS(YP) domain... rpc table done. populating netmasks table from corporate.wiz.com NIS(YP) domain... parse error: no mask (key #) netmasks table done. populating bootparams table from corporate.wiz.com NIS(YP) domain... parse error: no value (key) bootparams table done. populating netgroup table from corporate.wiz.com NIS(YP) domain... netgroup table done. populating mail_aliases table from corporate.wiz.com NIS(YP) domain... mail_aliases table done. Credentials have been added for the entries in the hosts and passwd table(s). Each entry was given a default network password (also known as a Secure-RPC password). This password is: nisplus Use this password when the nisclient script requests the network password. Done!

All the tables are now populated. You can ignore the parse error warnings shown above. The errors indicate that NIS+ found empty or unexpected values in a field of a particular NIS map. You may want to verify the data later after the script completes.

4. (Optional step) Type the following command to add yourself and other administrators to the root domain's admin group.

---

Note - This step is only necessary if you want to add additional users to the admin group now, which is a good time to add administrators to the root server. You can also add users to the admin group after you have set up NIS+.

---

You don't have to wait for the other administrators to change their default passwords to perform this step, however, they must already be listed in the password table before you can add them to the admin group. Members of the admin group will be unable to act as NIS+ principals until they add themselves to the domain. See "How to Initialize an NIS+ User" for more information on initializing users. The group cache also has to expire before the new members will become active.

Use the nisgrpadm(1M) command with the -a option. The first argument is the group name, the remaining arguments are the names of the administrators. This example adds two administrators, topadmin and secondadmin, to the admin.wiz.Com. group:

rootmaster# nisgrpadm -a admin.wiz.Com. topadmin.wiz.Com. \ secondadmin.wiz.Com. Added "topadmin.wiz.Com." to group "admin.wiz.Com.". Added "secondadmin.wiz.Com." to group "admin.wiz.Com.".

5. Type the following command to checkpoint the domain.

rootmaster# nisping -C wiz.Com. Checkpointing replicas serving directory wiz.com. : Master server is rootmaster.wiz.com. Last update occurred at <date> Master server is rootmaster.wiz.com. checkpoint scheduled on rootmaster.wiz.com..

This step ensures that all the servers supporting the domain transfer the new information from their initialization(.log) files to the disk-based copies of the tables. Since you have just set up the root domain, this step affects only the root master server, as the root domain does not yet have replicas.

---

Caution - If you don't have enough swap or disk space, the server will be unable to checkpoint properly, but it won't notify you. One way to make sure all goes well is to list the contents of a table with the niscat(1M) command. For example, to check the contents of the rpc table, type:

rootmaster# niscat rpc.org_dir rpcbind rpcbind 100000 rpcbind portmap 100000 rpcbind sunrpc 100000

If you don't have enough swap space, you'll see the following error message instead of the sort of output you see above:

can't list table: Server busy, Try Again.

Even though it doesn't seem to, this message indicates that you don't have enough swap space. Increase the swap space and checkpoint the domain again.

---

Setting Up Root Domain NIS+ Client Machines

Once the root master server's tables have been populated from files or NIS maps, you can initialize an NIS+ client machine. Since the root master server is an NIS+ client of its own domain, no further steps are required to initialize it. This section shows you how to initialize an NIS+ client using the nisclient(1M) script with default settings. The NIS+ client machine is a different workstation than the NIS+ root server. The script will use:

• The domain used in previous examples, wiz.com.
• The network password created by the nispopulate(1M) script in the previous example (nisplus, the default password)

---

Note - The -i option used in "How to Initialize a New Client Machine" does not set up an NIS+ client to resolve host names requiring DNS. You need to explicitly include DNS for clients in their name service switch file. See Chapter 5, "Understanding the Name Service Switch" for more information on resolving host names through DNS.

---

Prerequisites to Running nisclient(1M)

Before you can use the nisclient(1M) script:

• The domain must have already been set up and its master server must be running.
• The master server of the domain's tables must be populated. (At a minimum, the hosts table must have an entry for the new client machine.)
• You must be logged in as superuser on the machine that is to become an NIS+ client. In this example, the new client machine is named wizclient1.

Information You Need

You need:

• The domain name
• The default network password (nisplus)
• The root password of the workstation that will become the client
• The IP address of the NIS+ server (in the client's home domain)

· How to Initialize a New Client Machine

1. Type the following to initialize the new client on the new client machine.

   The -i option initializes a client. The -d option specifies the new NIS+ domain name. (If the domain name is not specified, the default would be the current domain name.) The -h option specifies the NIS+ server's hostname.

wizclient1#nisclient -i -d wiz.com. -h rootmaster Initializing client wizclient1 for domain "wiz.com.". Once initialization is done, you will need to reboot your machine. Do you want to continue? (type 'y' to continue, 'n' to exit this script)

2. Type y.

   Typing n exits the script. The script only prompts you for the root server's IP address if there is no entry for it in the client's /etc/hosts file.

Do you want to continue? (type 'y' to continue, 'n' to exit this script) y Type server rootmaster's IP address:

3. Type the correct IP address, then press Return. This example uses the address 126.141.246.63.

Type server rootmaster's IP address: 126.141.246.63 setting up the domain information... setting up the name service switch information...

4. Type the network password (also known as the Secure-RPC password) only if the network password differs from the root login password. In this case, use the default, nisplus.

   The password does not echo on the screen. If you mistype it, you are prompted for the correct one. If you mistype it twice, the script exits and restores your previous network service. If this happens, try running the script again.

At the prompt below, type the network password (also known as the Secure-RPC password) that you obtained either from your administrator or from running the nispopulate script. Please enter the Secure-RPC password for root:

5. Type the root password for this client machine.

   The password does not echo on the screen. (If the network password and the root login password happen to be the same, you will not be prompted for the root login password.)

   Typing the root password changes the credentials for this machine. The RPC password and the root password are now the same for this machine.

Please enter the login password for root: Wrote secret key into /etc/.rootkey Your network password has been changed to your login one. Your network and login passwords are now the same. Client initialization completed!! Please reboot your machine for changes to take effect.

6. Reboot your new client machine.

   Your changes will not take effect until you reboot the machine.

You can now have the users of this NIS+ client machine add themselves to the NIS+ domain.

Creating Additional Client Machines

Repeat the preceding client initiation procedure on as many machines as you like. To initiate clients for another domain, repeat the preceding procedure but change the domain and master server names to the appropriate ones.

The sample NIS+ domain described in this chapter assumes that you will initialize four clients in the domain wiz.com. You are then going to configure two of the clients as non-root NIS+ servers and a third client as a root replica of the root master server of the wiz.com domain.

---

Note - You always have to make a system into a client of the parent domain before you can make the same system a server of any type.

---

Initializing NIS+ Client Users

Once a machine has become an NIS+ client, the users of that machine must add themselves to the NIS+ domain. Adding a user to the domain means changing the network password to that user's login password. What actually happens is that the user's password and the network password are bound together. This procedure uses the nisclient(1M) script.

Prerequisites to Running nisclient(1M)

Before you can use the nisclient(1M) script to initialize a user:

• The domain must have already been set up and its master server must be running.
• The master server of the domain's tables must be populated. (At a minimum, the hosts table must have an entry for the new client machine.)
• You must have initialized a client machine in the domain.
• You must be logged in as a user on the client machine. In this example, the user is named user1.

Information You Need

You need:

• A user's login name--user1 in this example

• The default network password--nisplus in this example
• The login password of the user that will become the NIS+ client

· How to Initialize an NIS+ User

1. Type the following while logged in as the user to become an NIS+ client.

user1prompt% nisclient -u At the prompt below, type the network password (also known as the Secure-RPC password) that you obtained either from your administrator or from running the nispopulate script. Please enter the Secure-RPC password for user1:

2. Type the network password (Secure-RPC password), which is nisplus in this case, and then press Return.

   The password does not echo on the screen.

Please enter the login password for user1:

3. Type the user's login password and then press Return.

   The password does not echo on the screen.

Your network password has been changed to your login one. Your network and login passwords are now the same.

This user is now an NIS+ client. You need to have all users make themselves NIS+ clients.

Setting Up NIS+ Servers

Now that the client machines have been initialized, you can change any of them to NIS+ servers but not into root NIS+ servers. Root NIS+ servers are a special type of NIS+ server. See "Setting Up NIS+ Root Servers" for more information. You need NIS+ servers for three purposes:

• To be root replicas--to contain copies of the NIS+ tables that reside on the root master server

• To be master servers of subdomains of the root domain
• To be replicas of master servers of subdomains of the root domain

You can configure servers any of three different ways:

• Without NIS compatibility
• With NIS compatibility
• With NIS compatibility and DNS forwarding--you only need to set DNS forwarding if you are going to have SunOS 4.x clients in your NIS+ namespace (See NIS+ Transition Guide for more information on using NIS-compatibility mode.)

Servers and their replicas should have the same NIS-compatibility settings. If they do not have the same settings, a client that needs NIS compatibility set to receive network information may not be able to receive it if either the server or replica it needs is unavailable.

This example shows the machine wizclient1 being changed to a server. This procedure uses the NIS+ command rpc.nisd(1M) instead of an NIS+ script.

Prerequisites to Running rpc.nisd(1M)

Before you can run rpc.nisd(1M):

• The domain must have already been set up and its master server must be running.
• The master server of the domain's tables must be populated. (At a minimum, the hosts table must have an entry for the new client machine.)
• You must have initialized the client machine in the domain.
• You must be logged in as root on the client machine. In this example, the client machine is named wizclient1.

Information You Need

You need the superuser password of the client that you will convert into a server.

· How to Configure a Client as an NIS+ Server

* Perform any of the following to configure a client as a server.

This step creates a directory with the same name as the server and creates the server's initialization files. They are placed in /var/nis.

---

Note - All servers in the same domain must have the same NIS-compatibility setting. For example, if the master server is NIS compatible, then its replicas also should be NIS compatible.

---

• To configure a NIS+ server without NIS compatibility:

wizclient1# rpc.nisd

• To configure a NIS+ server with NIS compatibility:

  i. Edit the /etc/init.d/rpc file on the server. Uncomment the whole line containing the string EMULYP="-Y". ii. Type the following as superuser:

wizclient1# rpc.nisd -Y

• To configure a NIS+ server with NIS compatibility and DNS forwarding (needed for SunOS 4.x NIS clients):

  i. Edit the /etc/init.d/rpc file on the server. Uncomment the whole line (remove the # character from the beginning of the line) containing the string EMULYP="-Y". ii. Add -B to the above line inside the quotes. The line should read: EMULYP="-Y -B"

  iii. Type the following as superuser:

wizclient1# rpc.nisd -Y -B

Now this server is ready to be designated a master or replica of a domain.

Creating Additional Servers

Repeat the preceding client-to-server conversion procedure on as many client machines as you like.

The sample NIS+ domain described in this chapter assumes that you will convert three clients to servers. You are then going to configure one of the servers as a root replica, another as a master of a new subdomain, and the third as a replica of the master of the new subdomain.

Designating Root Replicas

To have regularly available NIS+ service, you should always create root replicas. Having replicas may also speed network request resolution since multiple servers are available to handle requests. The root replica server contains exact copies of the NIS+ tables on the root server. Replication of the master's database starts a few minutes after you perform this procedure and can take anywhere from a few minutes to a couple of hours to complete, depending upon the size of your tables.

This example shows the machine wizclient1 being configured as a root replica. This procedure uses the NIS+ script nisserver(1M).

Prerequisites to Running nisserver(1M)

Before you can run nisserver(1M) to create a root replica:

• The domain must have already been set up and its master server must be running.
• The master server of the domain's tables must be populated. (At a minimum, the hosts table must have an entry for the new client machine.)
• You must have initialized the client machine in the domain.
• You must have started rpc.nisd(1M) on the client.
• You must be logged in as root on the root master server. In this example, the root master machine is named rootmaster.

Information You Need

You need:

• The domain name

• The client machine name; wizclient1 in this example
• The superuser password for the root master server

· How to Create a Root Replica

1. Type the following as superuser (root) on the NIS+ domain's root master server to create a root replica.

   The -R option indicates that a replica should be set up. The -d option specifies the NIS+ domain name, wiz.com. in this instance. The -h option specifies the client machine, wizclient1 in this example, that will become the root replica.

rootmaster# nisserver -R -d wiz.com. -h wizclient1 This script sets up a NIS+ replica server for domain wiz.com. Domain name ::wiz.com. NIS+ server: :wizclient1 Is this information correct? (type 'y' to accept, 'n' to change)

2. Type y to continue.

   Typing n causes the script to prompt you for the correct information. (See "How to Change Incorrect Information" for what you need to do if you type n.)

Is this information correct? (type 'y' to accept, 'n' to change) y This script will set up machine "wizclient1" as an NIS+ replica server for domain wiz.com. without NIS compatibility. The NIS+ server daemon, rpc.nisd, must be running on wizclient1 with the proper options to serve this domain. Do you want to continue? (type 'y' to continue, 'n' to exit this script)

3. Type y to continue.

   Typing n safely stops the script. The script will exit on its own if rpc.nisd(1M) is not running on the client machine.

Is this information correct? (type 'y' to continue, 'n' to exit this script) y The system wizclient1 is now configured as a replica server for domain wiz.com.. The NIS+ server daemon, rpc.nisd, must be running on wizclient1 with the proper options to serve this domain. If you want to run this replica in NIS (YP) compatibility mode, edit the /etc/init.d/rpc file on the replica server to uncomment the line which sets EMULYP to "-Y". This will ensure that rpc.nisd will boot in NIS-compatibility mode. Then, restart rpc.nisd with the '-Y' option. These actions should be taken after this script completes.

---

Note - The above notice refers to an optional step. You only need to modify the /etc/init.d/rpc file if you want the root replica to be NIS (YP) compatible and it is not now NIS compatible. That is, the file needs modification only if you want the root replica to fulfill NIS client requests and it was not already configured as an NIS compatible server. See "How to Configure a Client as an NIS+ Server" for more information on creating NIS compatible servers.

---

The machine wizclient1 is now an NIS+ root replica. The new root replica can handle requests from the clients of the root domain. Since there are now two servers available to the domain, information requests may be fulfilled faster.

Creating Additional Replicas

Repeat the preceding server-to-replica conversion procedure on as many server machines as you like. It is not recommended, however, that you have more than a few replicas per domain for overall performance reasons. Do create as many replicas, though, as is necessary to serve physically distant sites. For example, it may make sense from an organizational point of view to have two physically distant sites in the same NIS+ domain. If a root replica and the master of the domain are at the first site, there will be much network traffic

between the first site and the second site of the domain. Creating an additional root replica at the second site should reduce network traffic. See NIS+ Transition Guide for more information on replica distribution.

The sample NIS+ domain described in this chapter includes only one root replica. One of the other clients of the wiz.com. domain will be converted to a replica of the subdomain created in the next section.

Creating a Subdomain

This section shows you how to create the master server of a new non-root domain. The new domain will be a subdomain of the wiz.com. domain. The hierarchical structure of NIS+ allows you to create a domain structure that parallels your organizational structure.

This example shows the machine, wizclient2 being converted to the master server of a new domain called subwiz.wiz.com. This procedure uses the NIS+ script nisserver(1M).

Prerequisites to Running nisserver(1M)

Before you can run nisserver(1M) to create a master server for a new non-root domain:

• The parent domain must have already been set up and its master server must be running.
• The parent domain's tables must be populated. (At a minimum, the hosts table must have an entry for the new client machine.)
• You must have initialized the new client machine in the parent domain.
• You must have started rpc.nisd(1M) on the client.
• You must have adequate permissions to add the new domain. In this case, you must be logged in as root on the parent master server. In this example, the parent master machine is named rootmaster.

Information You Need

You need:

• A name for the new non-root domain--the name of the new domain includes the name of the parent domain, for example, newdomain.rootdomain.

• The client machine name; wizclient2 in this example
• The superuser password for the parent master server

In the following example, the new non-root domain is called "subwiz.wiz.com."

---

Note - Any NIS+ client can be converted to an NIS+ master server as long as it is itself in a domain above the domain it will be serving. For example, an NIS+ client in domain subwiz.wiz.com can serve domains below it in the hierarchy such as corp.subwiz.wiz.com or even east.corp.subwiz.wiz.com. This client cannot, however, serve the domain wiz.com because wiz.com is above the domain subwiz.wiz.com in the hierarchy. Root replicas are the only exception to this rule. They are clients of the domain that they serve.

---

· How to Create a New Non-Root Domain

1. Type the following as superuser (root) on the NIS+ domain's root master server to create a new non-root domain master server.

   The -M option indicates that a master server for a new non-root domain should be created. The -d option specifies the new domain name, subwiz.wiz.com. in this instance. The -h option specifies the client machine, wizclient2 in this example, that will become the master server of the new domain.

rootmaster# nisserver -M -d subwiz.wiz.com. -h wizclient2 This script sets up a non-root NIS+ master server for domain subwiz.wiz.com. Domain name : subwiz.wiz.com. NIS+ server : wizclient2 NIS+ group : admin.subwiz.wiz.com. NIS (YP) compatibility : OFF Security level : 2=DES Is this information correct? (type 'y' to accept, 'n' to change)

Master servers of new non-root domains are created with the same set of default values as root servers. See "How to Create a Root Master Server" for more information on NIS+ group, NIS (YP) compatibility and Security level.

2. Type y to continue.

   Typing n causes the script to prompt you for the correct information. (See "How to Change Incorrect Information" for what you need to do if you type n.)

Is this information correct? (type 'y' to accept, 'n' to change) y This script sets up machine "wizclient2" as an NIS+ non-root master server for domain subwiz.wiz.com. Do you want to continue? (type 'y' to continue, 'n' to exit this script)

3. Type y to continue.

   Typing n safely exits the script. The script will exit on its own if rpc.nisd(1M) is not running on the client machine.

Do you want to continue? (type 'y' to continue, 'n' to exit this script) y running nissetup ... org_dir.subwiz.wiz.com. created groups_dir.subwiz.wiz.com. created passwd.org_dir.subwiz.wiz.com. created group.org_dir.subwiz.wiz.com. created auto_master.org_dir.subwiz.wiz.com. created auto_home.org_dir.subwiz.wiz.com. created bootparams.org_dir.subwiz.wiz.com. created cred.org_dir.subwiz.wiz.com. created ethers.org_dir.subwiz.wiz.com. created hosts.org_dir.subwiz.wiz.com. created mail_aliases.org_dir.subwiz.wiz.com. created sendmailvars.org_dir.subwiz.wiz.com. created netmasks.org_dir.subwiz.wiz.com. created netgroup.org_dir.subwiz.wiz.com. created networks.org_dir.subwiz.wiz.com. created protocols.org_dir.subwiz.wiz.com. created rpc.org_dir.subwiz.wiz.com. created services.org_dir.subwiz.wiz.com. created timezone.org_dir.subwiz.wiz.com. created setting NIS+ group admin.subwiz.wiz.com. ...

The system wizclient2 is now configured as a non-root server for domain subwiz.wiz.com.. You can now populate the standard NIS+ tables by using the nispopulate or /usr/lib/nis/nisaddent commands.

The machine wizclient2 is now the master server of the subwiz.wiz.com. domain. The subwiz.wiz.com. domain is a subdomain of the wiz.com. domain. The machine wizclient2 is simultaneously still a client of the root domain wiz.com., and the master server of the subwiz.wiz.com. domain. See Figure 7-1 on page 83.

You can now populate the standard NIS+ tables on the new master server of the subwiz.wiz.com. domain.

Creating Additional Domains

Repeat the preceding procedure for changing servers to master servers of new non-root domains on as many server machines as you like. Every new master server is a new domain. Plan your domain structure before you start creating a NIS+ namespace. See Chapter 2, "Understanding Name Services" for more information on planning an NIS+ hierarchy.

Populating the New Domain's Tables

After you have created a new domain, you need to populate its master server's standard NIS+ tables. You use the same procedure to populate the new master server's tables as you used to populate the root master server's tables. The major difference is that the nispopulate(1M) script is run on the new master server instead of on the root master server. The domain names and file paths or NIS servers' names may change as well.

This example shows the tables of the new domain, subwiz.wiz.com., being populated.

Prerequisites to Running nispopulate(1M)

Before you can run the script nispopulate(1M) to populate the new master server's tables:

• The information in the files must be formatted appropriately for the table into which it will be loaded. Chapter 4, "Understanding NIS+ Tables and Information" describes the format required for a text file to be transferred into its corresponding NIS+ table. Local /etc files are usually formatted properly. NIS maps from running NIS domains are presumed to be correctly formatted.
• It is recommended that you make copies of the /etc files and use the copies to populate the tables instead of the actual ones for safety reasons. (This example uses files in a directory called /nis+files, for instance.) You also may want edit four of the copied files, passwd, shadow, aliases and hosts for security reasons. For example, you may want to remove the following lines from the copy of your local passwd file so they will not be distributed across the namespace:

root:x:0:1:0000-Admin(0000):/:/sbin/sh daemon:x:1:3:0000-Admin(0000):/: bin:x:3:5:0000-Admin(0000):/usr/bin: sys:x:3:3:0000-Admin(0000):/: adm:x:4:4:0000-Admin(0000):/var/adm: lp:x:78:9:0000-lp(0000):/usr/spool/lp: smtp:x:0:0:mail daemon user:/: uucp:x:5:5:0000-uucp(0000):/usr/lib/uucp: nuucp:x:7:8:0000- uucp(0000):/var/spool/uucppublic:/usr/lib/uucp/uucico listen:x:22:6:Network Admin:/usr/net/nls: nobody:x:60000:60000:uid no body:/: noaccess:x:60002:60002:uid no access:/:

• The domain must have already been set up and its master server must be running.
• The domain's servers must have sufficient disk space to accommodate the new table information.
• You must be logged in as an NIS+ principal and have write permission to the NIS+ tables in the specified domain. In this example, you would have to be the user root on the machine wizclient2.

---

Note - The nispopulate(1M) script may fail if there is insufficient /tmp space on the system. To keep this from happening, you can set the environment variable TMPDIR to a different directory. If TMPDIR is not set to a valid directory, the script will use the /tmp directory instead.

---

Information You Need

If populating from files, you need:

• The new NIS+ domain name
• The path of the appropriately edited text files whose data will be transferred
• The root password of the NIS+ master server

If populating from NIS maps, you need:

• The new NIS+ domain name
• The NIS domain name
• The NIS server's name
• The IP address of the NIS server
• The root password of the NIS+ master server

---

Note - The NIS domain name is case sensitive, while the NIS+ domain name is not.

---

· How to Populate Master Server Tables

Since this procedure is essentially the same as the procedure shown in "How to Populate the Root Master Server Tables," this example only shows you what you would type to populate the tables of the new domain, subwiz.wiz.com. For more information about this procedure, see "How to Populate the Root Master Server Tables."

---

Note - This script should be run on the new domain's master server, not the root master server.

---

* Perform either step a or step b to populate the master server tables on the new master server.

Step a shows you how to populate tables from files. Step b shows you how to populate tables from NIS maps. Type these commands in a scrolling window as the script's output may otherwise scroll off the screen.

a. Type the following to populate the tables from files.

wizclient2# nispopulate -F -p /nis+files -d subwiz.wiz.com. NIS+ domain name : subwiz.wiz.com. Directory Path : /nis+files Is this information correct? (type 'y' to accept, 'n' to change)

b. Type the following to populate the tables from NIS maps.

wizclient2# nispopulate -Y -d subwiz.wiz.com. -h businessmachine -a 130.48.58.242 -y business.wiz.com NIS+ Domain name : subwiz.wiz.com. NIS (YP) domain : business.wiz.com NIS (YP) server hostname : businessmachine Is this information correct? (type 'y' to accept, 'n' to change)

See "How to Populate the Root Master Server Tables" for the rest of this script's output.

Designating Replicas

Just as you did in the wiz.com. domain, to have regularly available NIS+ service, you should always create replicas. Having replicas may also speed network request resolution since multiple servers are available to handle requests. The replica server contains exact copies of the NIS+ tables on the master server of your new domain. Replication of the master's database starts a few minutes after you perform this procedure and can take anywhere from a few minutes to a couple of hours to complete, depending upon the size of your tables.

You use the same procedure to create a replica as you do to create a root replica. The major difference between creating the root replica and this replica, is that the machine you are going to convert to a replica is going to remain a

client of the domain above the one it will be serving as a replica. This example only shows you what you would type to create a replica for the new domain. For the rest of the script's output, see "How to Create a Root Replica."

Prerequisites to Running nisserver(1M)

Before you can run nisserver(1M) to create a replica:

• The domain must have already been set up and its master server must be running.
• The domain's tables must be populated. (At a minimum, the hosts table must have an entry for the new client machine.)
• You must have initialized the client machine in the parent domain.
• You must have started rpc.nisd(1M) on the client.
• You must be logged in as root on the master server. In this example, the master machine is named wizclient2.

Information You Need

• The domain name
• The client machine name; wizclient3 in this example
• The superuser password for the root master server

· How to Create a Replica

* Type the following as superuser (root) on the NIS+ domain's master server (wizclient2) to create a replica.

The -R option indicates that a replica should be set up. The -d option specifies the NIS+ domain name, subwiz.wiz.com. in this instance. The -h option specifies the client machine, wizclient3 in this example, that will become the replica. Notice that this machine is still a client of the wiz.com. domain and not a client of the subwiz.wiz.com. domain.

wizclient2# nisserver -R -d subwiz.wiz.com. -h wizclient3 This script sets up a NIS+ replica server for domain subwiz.wiz.com. Domain name ::subwiz.wiz.com. NIS+ server :wizclient3 Is this information correct? (type 'y' to accept, 'n' to change)

See "How to Create a Root Replica" for the rest of this script's output.

Initializing Subdomain NIS+ Client Machines

Once the master server's tables have been populated from files or NIS maps, you can initialize an NIS+ client machine. This section shows you how to initialize an NIS+ client in the new domain using the nisclient(1M) script with default settings. The NIS+ client machine is a different workstation than the NIS+ master server.

---

Note - The -i option used in "How to Initialize a New Subdomain Client Machine" does not set up an NIS+ client to resolve hostnames requiring DNS. You need to explicitly include DNS for clients in their name service switch file. See Chapter 5, "Understanding the Name Service Switch" for more information on resolving host names through DNS.

---

You use the same procedure to initialize a client in the new domain as you do to initialize a client in the root domain. This example only shows you what you would type to initialize a client for the new domain. For the rest of the script's output, see "How to Initialize a New Client Machine."

Prerequisites to Running nisclient(1M)

Before you can use the nisclient(1M) script to initialize a user:

• The domain must have already been set up and its master server must be running.
• The master server of the domain's tables must be populated. (At a minimum, the hosts table must have an entry for the new client machine.)
• You must have initialized a client machine in the domain.
• You must be logged in as a user on the client machine. In this example, the user is named user1.

Information You Need

You need:

• The domain name--subwiz.wiz.com. in this example
• The default network password (nisplus)

• The root password of the workstation that will become the client
• The IP address of the NIS+ server (in the client's home domain)--in this example, the address of the master server wizclient2

· How to Initialize a New Subdomain Client Machine

* Type the following as superuser to initialize the new client on the new client machine.

The -i option initializes a client. The -d option specifies the new NIS+ domain name. (If the domain name is not specified, the default would be the current domain name.) The -h option specifies the NIS+ server's hostname.

subclient1#nisclient -i -d subwiz.wiz.com. -h wizclient2 Initializing client subclient1 for domain "subwiz.wiz.com.". Once initialization is done, you will need to reboot your machine. Do you want to continue? (type 'Y' to continue, 'N' to exit this script)

See "How to Initialize a New Client Machine" for the rest of this script's output.

Initializing Subdomain NIS+ Client Users

You use the same procedure (nisclient(1M)) to initialize a user in the new domain as you do to initialize a user in the root domain. All users must make themselves NIS+ clients. This example only shows you what you would type to initialize a user for the new domain. For the rest of the script's output, see "How to Initialize an NIS+ User."

Prerequisites to Running nisclient(1M)

Before you can use the nisclient(1M) script to initialize a user:

• The domain must have already been set up and its master server must be running.

• The master server of the domain's tables must be populated. (At a minimum, the hosts table must have an entry for the new client machine.)
• You must have initialized a client machine in the domain.
• You must be logged in as a user on the client machine. In this example, the user is named user2.

Information You Need

You need:

• The user's login name--user2 in this example
• The default network password--nisplus in this example
• The login password of the user that will become the NIS+ client

· How to Initialize an NIS+ Subdomain User

* Type the following while logged in as the user to become an NIS+ client.

user2prompt% nisclient -u At the prompt below, type the network password (also known as the Secure-RPC password) that you obtained either from your administrator or from running the nispopulate script. Please enter the Secure-RPC password for user2:

See "How to Initialize an NIS+ User" for the rest of this script's output.

Summary of Commands for the Sample NIS+ Namespace

Table 7-3 on page 123 summarizes the actual commands that you typed to create the sample namespace. The prompt preceding each command indicates on which machine the command should be typed. See Figure 7-1 on page 83 for a diagram of the sample namespace.

Table 7-3

Command Line	Purpose
#setenv PATH $PATH:/usr/lib/nis or #PATH=$PATH:/usr/lib/nis; export PATH	Set environment path to include /usr/lib/nis--C shell or Bourne shell
rootmaster# nisserver -r -d wiz.com.	Create root master server for wiz.com. domain
rootmaster# nispopulate -F -p /nis+files -d wiz.com. orrootmaster# nispopulate -Y -d wiz.com. -h corporatemachine -a 130.48.58.111 -y corporate.wiz.com	Populate the root master server's NIS+ tables--from files or from NIS maps
rootmaster# nisgrpadm -a admin.wiz.Com. topadmin.wiz.Com. \ secondadmin.wiz.Com.	Add additional members to the admin group (2)
rootmaster# nisping -C wiz.Com.	Make a checkpoint of the NIS+ database
wizclient1# nisclient -i -d wiz.com. -h rootmaster	Initialize a NIS+ client machine in the wiz.com. domain
wizclient1user1prompt% nisclient -u	Initialize user as a NIS+ client
wizclient1#rpc.nisd or wizclient1#rpc.nisd -Y or wizclient1#rpc.nisd -Y -B	Convert NIS+ client to NIS+ server, without or with NIS compatibility or with NIS and DNS.
rootmaster# nisserver -R -d wiz.com. -h wizclient1	Create a root replica
rootmaster# nisserver -M -d subwiz.wiz.com. -h wizclient2	Convert a server to a non-root master server of the subwiz.wiz.com. domain
wizclient2# nispopulate -F -p /nis+files -d subwiz.wiz.com. orwizclient2# nispopulate -Y -d subwiz.wiz.com. -h \ businessmachine -a 130.48.58.242 -y business.wiz.com	Populate the new master server's NIS+ tables--from files or from NIS maps
wizclient2# nisserver -R -d subwiz.wiz.com. -h wizclient3	Create a master server replica
subclient1# nisclient -i -d subwiz.wiz.com. -h wizclient2	Initialize a NIS+ client in the subwiz.wiz.com. domain
subclient1user2prompt% nisclient -u	Initialize user as a NIS+ client