Configuration d’un serveur NIS escale :

en bref :

vérifier si ypserv tourne sur le
Master ?

personnalisé les fichiers
/etc/passwd et /etc/group

modificer le PATH de root :
PATH=$PATH :/var/yp :/usr/lib/netsvc/yp :/usr/ccs/bin

modifier /etc/rc.config.d/namesvrs

1° modification du fichier /etc/passwd :

Supprimer toutes les entrées superieure ou egale a 100 pour
UID

Ajouter la ligne ci dessous a la fin :

Le signe (+) signifie au processuse de
login d’aller voir les NIS.

The -2 in the user ID field restricts
the access of people who may attempt to log in using "+" as
a valid user name when NIS is not running. Anyone who successfully
logs in as "+" will be granted only the access permissions
of user nobody.

Pour plus d’information man 4 passwd

exemple :

2° modification du fichier /etc/group :

Supprimer tous les groupes non
systemes

Supprimer toutes les entrées
superieure ou egale a 100 pour UID

Ajouter la ligne ci dessous a la fin :

exemple :

3° vérification

vérifier que le serveur NIS
fonctionne, et que ypserv est en mémore.

modification du PATH de root :

PATH=$PATH :/var/yp :/usr/lib/netsvc/yp :/usr/ccs/bin

modification /etc/rc.config.d/namesvrs
avec :

4° rien ne va plus ...

domainname est le nom du domain NIS

5° plannification des mises à jours :

# cela permet de concerver l’existant

Ajouter les trois lignes au fichier

"fichier_crontab"

Pour plus d’information ....

For more information, see the following
man pages : domainname(1), ypinit(1M), and ypfiles(4).

To Verify Your NIS Slave
Server Configuration

1.Log in as root to the slave server.

2.In the /etc/rc.config.d/namesvrs
file, add -ypset to the YPBIND_OPTIONS variable :

YPBIND_OPTIONS="-ypset"

3.Issue the following commands to
restart ypbind (the NIS client process) on the slave server :

/sbin/init.d/nis.client stop

/sbin/init.d/nis.client start

4.Issue the following command to force
the NIS client process on the slave server to bind to the server
process on the same host :

/usr/sbin/ypset slave_server_name

5.Issue the following command to check
whether the NIS slave server is working :

/usr/bin/ypwhich

The ypwhich command should return the
host name of the slave server.

If the ypwhich command does not return
the name of the slave server, il y a un probleme ....

6.In the /etc/rc.config.d/namesvrs
file, remove -ypset from the YPBIND_OPTIONS variable :

YPBIND_OPTIONS=""

7.Issue the following commands to
restart ypbind (the NIS client process) on the slave server :

/sbin/init.d/nis.client stop

/sbin/init.d/nis.client start

For more information, see the following
man pages : ypbind(1M), ypset(1M), and ypwhich(1).

To Schedule Regular Map
Transfers from the NIS Master Server

1.Log in as root to the slave server.

2.Copy the ypxfr_1perday,
ypxfr_2perday, and ypxfr_1perhour scripts from the
/usr/newconfig/var/yp directory to the /var/yp directory :

cp /usr/newconfig/var/yp/ypxfr_1perday
/var/yp

cp /usr/newconfig/var/yp/ypxfr_2perday
/var/yp

cp /usr/newconfig/var/yp/ypxfr_1perhour
/var/yp

3.Create a crontab file that invokes
these files at regular times. Following is an example crontab file :

0 21 * * * /var/yp/ypxfr_1perday

30 5,19 * * * /var/yp/ypxfr_2perday

15 * * * * /var/yp/ypxfr_1perhour

This file runs the ypxfr_1perday script
at 9:00 PM every night.

It runs the ypxfr_2perday script at
5:30 AM and 7:30 PM every day.

It runs the ypxfr_1perhour at 15
minutes past every hour.

4.Issue the following command to enter
the file into crontab,

crontab filename

where filename is the crontab file you
just created.

If you have created customized NIS maps
for your domain, you will have to add them to the appropriate
scripts.

You can also use the scripts provided
as templates for creating your own scripts.

In some domains, transferring the
passwd maps once per hour generates too much network traffic.

If you find this is the case, schedule
transfers of the passwd maps for less frequent intervals.

If you have multiple slave servers,
schedule map transfers for different times on different servers, so
all the servers are not performing transfers at the same time.

For more information, see the following
man pages : cron(1M), crontab(1), and ypxfr(1M).

To Restrict Access to the
Slave Server

1.On the NIS slave server, create a
file called /var/yp/securenets, if it does not already exist.

2.Add lines to the file with the
following syntax :

address_mask IP_address

The IP_address is the internet address
of an NIS client, NIS slave server, or subnet that may request NIS
information or transfer NIS maps from the NIS master server.

The address_mask indicates which bits
in the IP_address field are important.

If a bit is set in the address_mask
field, the corresponding bit in the source address of any incoming
NIS

requests must match the same bit in the
IP_address field.

3.Issue the following commands to kill
and restart the ypserv process :

/sbin/init.d/nis.server stop

/sbin/init.d/nis.server start

If a client or slave host has multiple
network interface cards, add a line to the securenets file for the IP
address of each card.

Type man 4 securenets at the HP-UX
prompt for more information.

Examples from /var/yp/securenets

The following line from a
/var/yp/securenets file allows only the NIS client at IP address
10.11.12.13 to request information from the NIS slave server. Because
every bit is set in the address mask, the source IP address on the
NIS request must match exactly, or the slave server will not return
the requested information.

255.255.255.255 10.11.12.13

The following line from a
/var/yp/securenets file allows any host on the network 10.11.12.0 to
request NIS information or transfer NIS maps from the slave server.
The last 8 bits of the IP address are ignored, because the last 8
bits of the address mask are set to 0. Any host whose IP address
begins 10.11.12 will be allowed access to the slave server.

255.255.255.0 10.11.12.13