Setting Up an NIS+ Server

This section applies to any NIS+ server except the root master; that is, root replicas, nonroot masters, and nonroot replicas, whether running in NIS-compatibility mode or not.

Standard versus NIS-Compatible Setup Procedures

The differences between setting up an NIS-compatible and a standard NIS+ server are the same as the differences between setting up standard and NIS-compatible root master servers (see "Standard versus NIS-Compatible Setup Procedures" on page 68). The NIS+ daemon for an NIS-compatible server must be started with the -Y option (and the -B option for DNS forwarding), which allows the server to answer requests from NIS clients. This is described in Step 2 (the equivalent step for standard NIS+ servers is Step 3).

---

Note - Whenever rpc.nisd is started with either the -Y or -B option, a secondary daemon named rpc.nisd_resolv is spawned to provide name resolution. This secondary daemon must be separately killed whenever you kill the primary rpc.nisd daemon.

---

Here is a summary of the entire setup process:

1. Logging in as superuser to the new replica server.

2. [NIS-Compatibility Only] Starting the NIS+ daemon with -Y.

3. [Standard NIS+ Only] Starting the NIS+ daemon.

Security Considerations

You must perform this operation as superuser on the server. The security level at which you start the server (Step 4) determines the credentials that its clients must have. For instance, if the server is set up with security level 2 (the default), the clients in the domain it supports must have DES credentials. If you have set up the client according to the instructions in this book, the client has DES credentials in the proper domain, and you can start the server with security level 2.

---

Note - Security level 0 is for administrator setup and testing purposes only. SEcurity level 1 is not supported. Do not use level 0 or 1 in any environment where ordinary users are doing their normal work. Operating networks should always be run at security level 2.

---

Prerequisites

• The root domain must already be set up (see Chapter 4, "Setting Up the Root Domain").
• The server must have already been initialized as an NIS+ client (see Chapter 5, "Setting Up NIS+ Clients").
• If the server will run in NIS-compatibility mode and support DNS forwarding, it must have a properly configured /etc/resolv.conf file (described in Chapter 9, "Setting Up the Name Service Switch.")

Information You Need

You need the superuser password of the client that you will convert into a server.

· How to Set Up an NIS+ Server

1. Log in as superuser to the new replica server.

   The following steps assume you rebooted the workstation after you set it up as an NIS+ client, as instructed in "Client Setup" on page 90. Rebooting starts the cache manager, which is a recommended prerequisite to the following step. If you did not reboot the workstation, restart the cache manager now, using nis_cachemgr.

2. [NIS-Compatibility Only] Start the NIS+ daemon with -Y. Perform this step only if you are setting up the server in NIS-compatibility mode; if setting up a standard NIS+ server, perform Step 3 instead.

   This step also includes instructions for supporting the DNS forwarding capabilities of NIS clients.

   This step has two parts. The first part starts the NIS+ daemon in NIS-compatibility mode. The second part makes sure that when the server is rebooted, the NIS+ daemon restarts in NIS-compatibility mode.

a. Run rpc.nisd with the -Y and -B flags.

compatserver# rpc.nisd -Y -B

The -Y option invokes an interface that answers NIS requests in addition to NIS+ requests. The -B option supports DNS forwarding.

b. Edit the /etc/init.d/rpc file.

Search for the string EMULYP=-Y in the /etc/init.d/rpc file and uncomment that line.

To retain DNS forwarding capabilities, add a -B flag to the EMULYP=-Y line. (If you don't need to retain DNS forwarding capabilities, uncomment the line, but don't add the -B flag.)

This step creates a directory called /var/nis/data and a transaction log file called trans.log, which is placed in /var/nis.

compatserver# ls -F /var/nis NIS_COLD_START data/ trans.log data.dict

The trans.log file is a transaction log. You can examine the contents of the transaction log by using the nislog command, described in the directories chapter of NIS+ and FNS Administration Guide.

---

Caution - Do not rename the /var/nis directory or the /var/nis/trans.log or /var/nis/data.dict files.

---

Now this server is ready to be designated a master or replica of a domain, as described in Chapter 7, "Setting Up a Nonroot Domain." This step completes this task. A task summary is provided on page 112.

3. [Standard NIS+ Only] Start the NIS+ daemon.

   Run the rpc.nisd command.

server# rpc.nisd

To verify that the NIS+ daemon is indeed running, use the ps command.

server# ps -ef | grep rpc.nisd root 1081 1 16:43:33 ? 0:01 rpc.nisd root 1087 1004 11 16:44:09 pts/1 0:00 grep rpc.nisd

This step creates a directory called /var/nis/data and a transaction log file called trans.log which is placed in /var/nis.

compatserver# ls -F /var/nis NIS_COLD_START data/ trans.log data.dict

The compatserver.log file is a transaction log. You can examine the contents of the transaction log by using the nislog command, described in the directories chapter of NIS+ and FNS Administration Guide.

---

Caution - Do not rename the /var/nis directory or the /var/nis/trans.log or /var/nis/data.dict files.

---

Now this server is ready to be designated a master or replica of a domain, as described in Chapter 7, "Setting Up a Nonroot Domain." This step completes this task. A task summary is provided on page 112.

Adding a Replica to an Existing Domain

This section describes how to add a replica server to an existing domain using the raw NIS+ command, whether root or nonroot. Here is a list of the steps:

1. First set up the server as described in "Setting Up an NIS+ Server" on page 105.

2. Log in to the domain's master server.

3. Add the replica to the domain.

4. Run nisping on the replica.

---

Note - If you have a domain that spans multiple subnets, it is a good idea to have at least one replica server within each subnet so that if the connection between nets is temporarily out of service, each subnet can continue to function until the connection is restored.

---

Security Considerations

The NIS+ principal performing this operation must have modify rights to the domain's directory object.

Prerequisites

• The server that will be designated a replica must have already been set up.
• The domain must have already been set up and assigned a master server.

Information You Need

• The name of the server
• The name of the domain

· How to Add a Replica Server

1. Log in to the domain's master server.

2. Add the replica to the domain.

   Run the nismkdir command with the -s option. The example adds the replica machine named rootreplica to the Wiz.Com. domain.

rootmaster# nismkdir -s rootreplica Wiz.Com. rootmaster# nismkdir -s rootreplica org_dir.Wiz.Com. rootmaster# nismkdir -s rootreplica group_dir.Wiz.Com.

When you run the nismkdir command on a directory object that already exists, it does not recreate the directory but simply modifies it according to the flags you provide. In this case, the -s flag assigns the domain an additional replica server. You can verify that the replica was added by examining the directory object's definition, using the niscat -o command.

---

Caution - Always run nismkdir on the master server. Never run nismkdir on the replica machine. Running nismkdir on a replica creates communications problems between the master and the replicas.

---

3. Run nisping on the directories

   This step sends a message (a "ping") to the new replica, telling it to ask the master server for an update. If the replica does not belong to the root domain, be sure to specify its domain name. (The example below includes the domain name only for completeness; since the example used throughout this task adds a replica to the root domain, the Wiz.Com. domain name in the example below is not necessary.)

rootmaster# nisping Wiz.Com. rootmaster# nisping org_dir.Wiz.Com. rootmaster# nisping group_dir.Wiz.Com.

You should see results similar to these:

rootmaster# nisping Wiz.Com. Pinging replicas serving directory Wiz.Com. : Master server is rootmaster.Wiz.Com. No last update time Replica server is rootreplica.Wiz.Com. Last update seen was Wed Nov 18 11:24:32 1992 Pinging ... rootreplica.Wiz.Com.

If you have set up the domain's tables immediately after completing the domain setup, this step propagates the tables down to the replica. For more information about nisping, see the directories chapter of NIS+ and FNS Administration Guide.

Server Setup Summary

Table 6-1 and Table 6-2 provide a summary of the tasks described in this chapter. They assume the simplest case, so be sure you are familiar with the more thorough task descriptions before you use this summary as a reference. This summary does not show the server's responses to each command.

Table 6-1

Tasks	Commands
Log in to the server as root.	server% su
NIS-compat only: Start daemon with -Y -B. Change to EMULYP= -Y -B.	server# rpc.nisd -Y - B server# vi /etc/inet.d/rpc
NIS+-Only: Start daemon.	server# rpc.nisd

Table 6-2

Tasks	Commands
Log in as superuser to domain master. Designate the new replica.	rootmaster% su # nismkdir -s rootreplica Wiz.Com.
Ping the replica.	# nismkdir -s rootreplica org_dir.Wiz.Com. # nismkdir -s rootreplica groups_dir.Wiz.Com. #/usr/lib/nis/nisping Wiz.Com #/usr/lib/nis/nisping org_dir.Wiz.Com #/usr/lib/nis/nisping groups_dir.Wiz.Com