Part I Naming Service Setup

This part describes how to use the nsswitch.conf file to specify how different name services work together.

• Chapter 1, Setting Up the Name Service Switch, Setting Up the Name Service Switch

Chapter 1 Setting Up the Name Service Switch

This section describes the name service switch and provides step-by-step instructions for configuring it.

• "Name Service Switch"

• "The nsswitch.conf File"

• "Selecting a Different Configuration File"

• "Enabling a Machine to Use DNS"

• "Adding Compatibility With +/- Syntax"

Name Service Switch

The name service switch controls how a client workstation or application obtains network information. The name service switch is often referred to as the switch. The switch determines which naming services, and in what order, an application uses to obtain naming information. The switch is a file called nsswitch.conf, which is stored in each machine's /etc directory.

The nsswitch.conf File

Each workstation has a nsswitch.conf file in its /etc directory. Each line of that file identifies a particular type of network information, such as host, password, and group, followed by one or more sources, such as NIS+ tables, NIS maps, the DNS hosts table, or local /etc, where the client is to look for that information. For additional information on the nsswitch.conf file, see Solaris Naming Administration Guide.

An /etc/nsswitch.conf file is automatically loaded into every workstation's /etc directory by the Solaris 2.6 release software, along with three alternate (template) versions:

• /etc/nsswitch.nisplus

• /etc/nsswitch.nis

• /etc/nsswitch.files

These alternate template files contain the default switch configurations used by the NIS+ and NIS services, and local files. No default file is provided for DNS, but you can edit any of these files to use DNS (see "Enabling a Machine to Use DNS"). When Solaris 2.6 release software is first installed on a workstation, the installer selects the workstation's default name service: NIS+, NIS, or local files. During installation, the corresponding template file is copied to /etc/nsswitch.conf. For example, for a workstation client using NIS+, the installation process copies nsswitch.nisplus to nsswitch.conf.

If your network is connected to the Internet and you want users to be able to access Internet hosts using DNS, you must now enable DNS forwarding as described in "Enabling a Machine to Use DNS".

Unless you have an unusual namespace, the default template file as copied to nsswitch.conf (with or without DNS, as described above) should be sufficient for normal operation.

Default NIS+ Version of Switch File

The NIS+ version of the switch file supplied with Solaris 2.6 release is named nsswitch.nisplus.

Example 1-1 Default nsswitch.nisplus File

#
# /etc/nsswitch.nisplus:
#
# An example file that could be copied over to /etc/nsswitch.conf; it
# uses NIS+  (NIS Version 3) in conjunction with files.
#
# "hosts:" and "services:" in this file are used only if the
# /etc/netconfig file has a "-" for nametoaddr_libs of "inet" transports.
# the following two lines obviate the "+" entry in /etc/passwd and /etc/group.
passwd: files nisplus
group: files nisplus
# consult /etc "files" only if nisplus is down. 
hosts: nisplus [NOTFOUND=return] files
#Uncomment the following line, and comment out the above, to use both DNS
#and NIS+. You must also set up the /etc/resolv.conf file for DNS name
#server lookup. See resolv.conf(4).
#hosts: nisplus dns [NOTFOUND=return] files
services: nisplus [NOTFOUND=return] files
networks: nisplus [NOTFOUND=return] files
protocols: nisplus [NOTFOUND=return] files
rpc: nisplus [NOTFOUND=return] files
ethers: nisplus [NOTFOUND=return] files
netmasks: nisplus [NOTFOUND=return] files	
bootparams: nisplus [NOTFOUND=return] files
publickey: nisplus
netgroup: nisplus
automount: files nisplus
aliases: files nisplus
sendmailvars: files nisplus

Default NIS Version of Switch File

The NIS version of the switch file supplied with Solaris 2.6 release is named nsswitch.nis.

Example 1-2 Default nsswitch.nis File

#
# /etc/nsswitch.nis:
#
# An example file that could be copied over to /etc/nsswitch.conf; it
# uses NIS (YP) in conjunction with files.
#
# "hosts:" and "services:" in this file are used only if the
# /etc/netconfig file has a "-" for nametoaddr_libs of "inet" transports.
# the following two lines obviate the "+" entry in /etc/passwd and /etc/group.
passwd: files nis
group: files nis
# consult /etc "files" only if nis is down. 
hosts: nis [NOTFOUND=return] files
networks: nis [NOTFOUND=return] files
protocols: nis [NOTFOUND=return] files
rpc: nis [NOTFOUND=return] files
ethers: nis [NOTFOUND=return] files
netmasks: nis [NOTFOUND=return] files	
bootparams: nis [NOTFOUND=return] files
publickey: nis [NOTFOUND=return] files
netgroup: nis
automount: files nis
aliases: files nis
# for efficient getservbyname() avoid nis
services: files nis
sendmailvars: files

Default Files Version of Switch File

The local files version of the switch file supplied with Solaris 2.6 release is named nsswitch.files.

Example 1-3 Default nsswitch.files File

#
# /etc/nsswitch.files:
#
# An example file that could be copied over to /etc/nsswitch.conf; it
# does not use any naming service.
#
# "hosts:" and "services:" in this file are used only if the
# /etc/netconfig file has a "-" for nametoaddr_libs of "inet" transports.
passwd: files
group: files
hosts: files
networks: files
protocols: files
rpc: files
ethers: files
netmasks: files	
bootparams: files
publickey: files
# At present there isn't a 'files' backend for netgroup; the system will 
# figure it out pretty quickly, and won't use netgroups at all.
netgroup: files
automount: files
aliases: files
services: files
sendmailvars: files

Selecting a Different Configuration File

When you change a workstation's naming service, you need to change that machine's switch file to one appropriate for the new service. For example, if you change a workstation's name service from NIS to NIS+, you need to install a switch file appropriate for NIS+. You change switch files by copying the appropriate template file to nsswitch.conf.

If you are installing NIS+ on a workstation using the NIS+ installation scripts, the NIS+ template script is copied to nsswitch.conf for you. In this case, you do not have to configure the switch file unless you want to customize it.

Before proceeding to change switch files, make sure the sources listed in the file are properly set up. In other words, if you are going to select the NIS+ version, the client must eventually have access to NIS+ service; if you are going to select the local files version, those files must be properly set up on the client.

Here is a list of the basic steps:

1. Log in as superuser to the client.

2. Copy the alternate file over the nsswitch.conf file.

3. Reboot the workstation. (This is necessary because nscd caches the switch information which it reads only at start up.)

Security Considerations

You must perform this operation as superuser.

How to Select a Different Configuration File

To change to a switch file, follow these steps:

1. Log in as superuser to the client.

2. Copy the alternate file appropriate for the machine's name service over the nsswitch.conf file.

   NIS+ Version (done automatically for you by NIS+ scripts)

   client1# cd /etc client1# cp nsswitch.nisplus nsswitch.conf

   NIS Version

   client1# cd /etc client1# cp nsswitch.nis nsswitch.conf

   Local /etc Files Version

   client1# cd /etc client1# cp nsswitch.files nsswitch.conf

3. Reboot the workstation.

   The nscd name service cache daemon caches switch information. Some library routines do not periodically check the nsswitch.conf file to see whether it has been changed. You must reboot the workstation to make sure that the daemon and those routines have the latest information in the file.

Enabling a Machine to Use DNS

This section describes how to set up the name service switch configuration file for the NIS+ or local files name services so that a machine can also use the Domain Name System (DNS). DNS forwarding is inherent in the NIS name service. You do not have to (and should not) add a DNS entry to the hosts line of switch file of a machine using the NIS service. The steps described below apply only to those machines using local /etc files or NIS+.

Here is a list of the steps for machines using local /etc files or NIS+:

1. Log in as superuser.

2. Open the /etc/nsswitch.conf file.

3. Specify DNS as a source of hosts information.

4. Save the file and reboot the workstation.

Prerequisites

The machine must have a properly configured /etc/resolv.conf file (as described in "The Resolver").

Security Considerations

You must perform this operation as superuser.

How to Enable an NIS+ Client to Use DNS

1. Log in as superuser.

2. Open the /etc/nsswitch.conf file.

3. Specify DNS as a source of hosts information.

   DNS can be the only source or an additional source for the hosts information. Locate the hosts line and use DNS in one of the ways shown below:

   hosts: files dns

   or

   hosts: nisplus dns [NOTFOUND=return] files

   or

   hosts: dns nisplus [NOTFOUND=return] files

   Do not use the above syntax for NIS clients, since it will make them look for unresolved names twice in DNS.

4. Save the file and reboot the workstation.

   Because the nscd daemon caches this information, which it reads at start up, you must reboot the workstation now.

Adding Compatibility With +/- Syntax

This task describes how to add compatibility with the +/- syntax used in /etc/passwd, /etc/shadow, and /etc/group files when you are using either NIS or NIS+ as your primary naming service.

Here is a list of the steps:

1. Log in as superuser.

2. Open the /etc/nsswitch.conf file.

3. Change the passwd and group sources to compat.

4. Add + or + netgroup to /etc/passwd,, /etc/shadow, and /etc/group.

5. Save the file and reboot the workstation.

Security Considerations

You must perform this operation as superuser.

Users working on a client machine being served by a NIS+ server running in NIS compatibility mode cannot run ypcat on the netgroup table. Doing so will give you results that indicate the table is empty, even if it has entries.

How to Add DNS Compatibility With +/- Syntax

1. Log in as superuser.

2. Open the /etc/nsswitch.conf file.

3. Change the passwd and groups sources to compat.

   • For use with NIS, enter:

     passwd: compat group: compat

   • For NIS+, enter:

     passwd: compat passwd_compat: nisplus group: compat group_compat: nisplus

   This provides the same syntax as in the Solaris 1.x release: it looks up /etc files and NIS maps as indicated by the +/- entries in the files.

4. Add -+ or -+ netgroup to /etc/passwd, /etc/shadow, and /etc/group files.

   ---

   Caution -

   If you fail to add the -+ or -+ netgroup entries to /etc/shadow and /etc/passwd, you won't be able to log in.

   ---

5. Save the file and reboot the workstation.

   Because some library routines do not periodically check the nsswitch.conf file to see whether it has been changed, you must reboot the workstation to make sure those routines have the latest information in the file.