Configuration d’un serveur NIS maître HPUX
par
popularité : 24%
Configuration d’un serveur NIS maître :
en bref :
concaténation de tout les
fichiers du parc pour un créer un de chaque sur le serveur
NIS.
pour le fichier passwd :
-
sur le serveur NIS, il doit y
avoir que les utilisateurs -
sur les clients , il doit y avoir
root, et les démons
pour le fichier group :
-
sur le serveur NIS, il doit y
avoir que les groupes utilisateurs -
sur les clients, il doit y avoir
que les groupes systemes
pour le fichiers hosts :
-
sur le serveur NIS, il ne doit pas
avoir de doublon IP, nom de machine et d’alias. -
sur les clients, on pourra
supprimer ce fichier (cf. configuration d’un client NIS)
puis modifier /etc/rc.config.d/namesvrs
et /var/yp/Makefile
copier les fichiers a mapper dans
/var/yp/etc/ ( ou cp -r /etc /var/yp/etc/ , mais c’est pas bien
!!!)
modificer le PATH de root :
PATH=$PATH :/var/yp :/usr/lib/netsvc/yp :/usr/ccs/bin
/usr/bin/domainname domainname /usr/sbin/ypinit -m /sbin/init.d/nis.server start /sbin/init.d/nis.client start
A. préparation des fichiers passwd, group, hosts.
1° récuperation de tout les fichiers /etc/passwd du parc de la société.
sur chaque machine cliente :
cp /etc/passwd /etc/passwd.$(hostname) ATTENTION : dans le fichier
passwd des futur clients NIS, il doit y avoir que les demons et aucun
utilisateur.
puis copier
/etc/passwd.$(hostname) sur le serveur NIS dans /var/yp/etc/
sur le serveur NIS :
cp /etc/passwd /var/yp/etc/passwd2° traitement du fichier passwd sur le serveur NIS :
ATTENTION : dans le fichier
passwd du serveur NIS, il doit y avoir que les utilisateurs et aucun
demon.
sort -o /var/yp/etc/passwd.temp -t : -k1,1 /var/yp/etc/passwd.temp
Cette derniere commande permet trier le
fichier pour faciliter la recherche des logins en double.
Il ne faut pas de doublon dans le
login.
sort -o /etc/passwd.temp -t : -k3n,3 /etc/passwd.temp
Cette derniere commande permet trier le
fichier pour faciliter la recherche des UID en double.
Il ne faut pas de doublon dans les UID.
Quand le fichier est correct :
mv /var/yp/etc/passwd.temp /var/yp/etc/passwd rm /var/yp/etc/passwd.*3° récuperation de tout les fichiers /etc/group du parc de la société
sur chaque machine cliente :
cp /etc/group /etc/group.$(hostname)
puis copier /etc/group.$(hostname) sur
le serveur NIS dans /var/yp/etc/
sur le serveur NIS :
cp /etc/group /var/yp/etc/group
4° traitement du fichier group sur le serveur NIS :
cd /var/yp/etc cat group group.* > group.tempsort -o /var/yp/etc/group.temp -t : -k1,1 /var/yp/etc/group.temp
Cette derniere commande permet trier le
fichier pour faciliter la recherche des noms de groupe en double.
Il ne faut pas de doublon dans les noms
de groupe.
sort -o /etc/group.temp -t : -k3n,3 /etc/group.temp
Cette derniere commande permet trier le
fichier pour faciliter la recherche des GID en double.
Il ne faut pas de doublon dans les GID.
Quand le fichier est correct :
mv /var/yp/etc/group.temp /var/yp/etc/group rm /var/yp/etc/group.*
5° récuperation de tout les fichiers /etc/hosts du parc de la société
sur chaque machine cliente :
cp /etc/hosts /etc/hosts.$(hostname)
puis copier /etc/hosts.$(hostname) sur
le serveur NIS dans /var/yp/etc/
sur le serveur NIS :
cp /etc/hosts /var/yp/etc/hosts
6° traitement du fichier hosts sur le serveur NIS :
cd /var/yp/etc cat hosts hosts.* > hosts.temp sort -o /etc/hosts.temp /etc/hosts.tempCette derniere commande permet trier le
fichier pour faciliter la recherche des IP en double.
Il ne faut pas de doublon dans les
addresses IP.
sort -o /etc/hosts.temp -b -k2,2 /etc/hosts.temp
Cette derniere commande permet trier le
fichier pour faciliter la recherche des noms de machines en double.
Il ne faut pas de doublon. Ainsi que
dans les alias de machine.
Quand le fichier est correct :
mv /var/yp/etc/hosts.temp /var/yp/etc/hosts rm /var/yp/etc/hosts.*B. Modification des fichiers de configuration :
1° modification de /etc/rc.config.d/namesvrs :
# domainname represente le nom
du domaine NIS
NIS_DOMAIN=domainname
NIS_MASTER_SERVER=1
NIS_CLIENT=1
NIS_SLAVE_SERVER=0
YPPASSWDD_OPTIONS="/var/yp/etc/passwd -m passwd
PWFILE=/var/yp/etc/passwd"
2° modification de /var/yp/Makefile
Dans ce fichier, il va falloir modifier
la variable DIR :
DIR=/var/yp/etc/
Et modifier la liste de fichier a
mapper :
pour cela, /all : (c’est une cmd de
vi) , cela va nous positionner sur le paragraphe all, ce dernier
liste les fichier a mapper.
Il faud maintenant vérifier
l’existance de ces derniers dans /etc et les copier dans /var/yp/etc/
C. Création du serveur NIS
1° modification du PATH de root :
PATH=$PATH :/var/yp :/usr/lib/netsvc/yp :/usr/ccs/bin
2° Bientôt fin
# domainname represente le nom du
domaine NIS
/usr/bin/domainname domainname
/usr/sbin/ypinit -m
La commande ypinit permet de créer
un serveur nis, en lisant ses informations dans /var/yp/Makefile. Il
faudra lui indiquer les serveurs shaves s’il y en a. Pour sortir,
appuyer sur "Entree".
3° Joueur ou pas joueur ??
shutdown -r 0
ou
/sbin/init.d/nis.server start /sbin/init.d/nis.client start4° La minute de vérité ...
/usr/bin/ypwhich -m #doit nous afficher la liste de table généré.Pour en savoir plus ....
To Restrict Client and Slave Server Access to the
Master Server
-
On the NIS master server, create a file called/var/yp/securenets,
if it does not already exist. -
Add lines to the file with the following syntax :
address_mask IP_address
The
<I>IP_address</I>is the internet address of an NIS
client, NIS slave server, or subnet that may request NIS information
or transfer NIS maps from the NIS master server.
The<I>address_mask</I>indicates which bits in the
<I>IP_address</I>field are important. If a bit is set
in the<I>address_mask</I>field, the corresponding bit
in the source address of any incoming NIS requests must match the
same bit in the<I>IP_address</I>field. -
Issue the following commands to
kill and restart theypservprocess :/sbin/init.d/nis.server stop /sbin/init.d/nis.server start
If a client or slave host has multiple network interface cards,
add a line to the securenets file for the IP address of
each card.
Type man 4 securenets at the HP-UX prompt for more
information.
Examples from /var/yp/securenets
The
following line from a /var/yp/securenets file allows
only the NIS client at IP address 10.11.12.13 to request information
from the NIS master server. Because every bit is set in the address
mask, the source IP address on the NIS request must match exactly, or
the master server will not return the requested information.
255.255.255.255 10.11.12.13
The following line from a /var/yp/securenets file allows
any host on the network 10.11.12.0 to request NIS information or
transfer NIS maps from the master server. The last 8 bits of the IP
address are ignored, because the last 8 bits of the address mask are
set to 0. Any host whose IP address begins 10.11.12 will be allowed
access to the master server.
255.255.255.0 10.11.12.13
To Check the Contents of an NIS Map
-
Issue
the following command to verify that an NIS map contains the data
you expect it to contain :/usr/bin/ypcat -k mapname
The -k option lists the key for each item in the map
as well as the data associated with the key. For example, in the
netgroup map, the netgroup name is the key. Without the
-k option, ypcat would list all the data
associated with each netgroup name, but not the netgroup name itself.
For more information on the ypcat command, type
man
1 ypcatat the HP-UX prompt.
-
Make your changes to the source file for the NIS map. For
example, if you want to change the NIShostsmap, make
your changes to the/etc/hostsfile. -
Issue the following commands to generate the map and push it
to the slave servers :cd /var/yp /usr/ccs/bin/make mapname
If your slave servers are not up and running yet,
run themakecommand with theNOPUSHflag
set to 1 :cd /var/yp /usr/ccs/bin/make NOPUSH=1 mapname
This procedure works for all NIS maps
except the ypservers map, which has no source file. For
instructions on modifying the ypservers map,
If you make changes to the passwd,
group, or hosts maps, regenerate the
netid.byname map. The netid.byname map is a
mapping of users to groups, where each user is followed by a list of
all the groups to which the user belongs. The netid.byname
map is generated from the /etc/passwd and /etc/group
files.
For more information, see the following man pages : make(1),
ypmake(1M), yppush(1M), and ypxfr(1M).
To Add an Automounter Map to Your NIS Domain
-
Log in as root to the NIS master server.
-
In the/usr/sbin/ypinitscript, use a text editor to
add the automounter map to theMASTER_MAPSlist, as
follows :<FONT SIZE=3><FONT COLOR="#ffffff">MASTER_MAPS="group.bygid group.byname \<BR> hosts.byaddr bosts.byname netgroup netgroup.byhost \<BR> netgroup.byuser networks.byaddr networks.byname passwd.byname \<BR> passwd.byuid protocols.byname protocols.bynumber rpc.bynumber \<BR> services.byname vhe_list publickey.byname netid.byname mail.byaddr \<BR> mail.aliases auto_master rpc.byname servi.bynp auto_<I>mapname</I>"</FONT></FONT>
-
In the
/var/yp/Makefilefile, add the
automounter map to the list of maps that begins withall:,
as follows :all: passwd group hosts networks rpc services protocols \ netgroup aliases publickey netid vhe_list auto_master \ auto_mapname -
In the/var/yp/Makefilefile, copy the statement that
begins$(YPDBDIR)/$(DOM)/auto_master.timeto the space
below it. Change all occurrences ofauto_masterto the
name of the map you are adding.<FONT SIZE=3><FONT COLOR="#ffffff">$ (YPDBDIR)/$(DOM)/auto_master.time: $(DIR)/auto_master<BR> @(sed -e "s/^[ | ]*//g" -e "/^#/d" -e s/#.*$$// <<BR>$(DIR)/auto_master $(CHKPIPE)) |<BR> $(MAKEDBM) - $(YPDBDIR) /$(DOM)/auto_master;<BR> @touch $(YPDBDIR)/$(DOM)/auto_master.time;<BR> @echo "updated auto_master";<BR> @if [ ! $(NOPUSH) ]; then $(YPPUSH) -d $(DOM) auto_master; fi<BR> @if [ ! $(NOPUSH) ]; then echo "pushed auto_master"; fi<BR> <BR>$ (YPDBDIR)/$(DOM)/auto_<I>mapmame</I>.time: $(DIR)/auto_<I>mapname </I> @(sed -e "s/^[ | ]*//g" -e "/^#/d" -e s/#.*$$// <<BR>$(DIR)/auto_<I>mapname</I> $(CHKPIPE)) |<BR> $(MAKEDBM) - $(YPDBDIR) /$(DOM)/auto_<I>mapname</I>;<BR> @touch $(YPDBDIR)/$(DOM)/auto_<I>mapname</I>.time;<BR> @echo "updated auto_<I>mapname</I>";<BR> @if [ ! $(NOPUSH) ]; then $(YPPUSH) -d $(DOM) auto_<I>mapname</I>; fi<BR> @if [ ! $(NOPUSH) ]; then echo "pushed auto_<I>mapname</I>"; fi</FONT></FONT>
-
In the
/var/yp/Makefile
file, copy the statement that beginsauto_master:to
the space below it. Changeauto_mastertoauto_<I>mapname</I>,
and change both occurrences ofauto_master.timeto
auto_<I>mapname</I>.time.<FONT SIZE=3><FONT COLOR="#ffffff">auto_master:<BR> @if [ $(NOPUSH) ]; then $(MAKE) $(MFLAGS) -k \<BR> $(YPDBDIR)/$(DOM)/auto_master.time DOM=$(DOM) DIR=$(DIR); \<BR> else $(MAKE) $(MFLAGS) -k $(YPDBDIR)/$(DOM)/auto_master.time \<BR> DOM=$(DOM) DIR=$(DIR) NOPUSH=$(NOPUSH);fi<BR> <BR>auto_<I>mapname</I>:<BR> @if [ $(NOPUSH) ]; then $(MAKE) $(MFLAGS) -k \<BR> $(YPDBDIR)/$(DOM)/auto_<I>mapname</I>.time DOM=$(DOM) DIR=$(DIR); \<BR> else $(MAKE) $(MFLAGS) -k $(YPDBDIR)/$(DOM)/auto_<I>mapname</I>.time \<BR> DOM=$(DOM) DIR=$(DIR) NOPUSH=$(NOPUSH);fi</FONT></FONT>
-
Issue the following commands to generate the map :cd /var/yp /usr/ccs/bin/make NOPUSH=1 auto_mapname
-
If you have slave servers configured in your domain, log into
each slave server and issue the following command to copy the new
map to the slave server :/usr/sbin/ypxfr auto_mapname
For more information, see the man page for ypinit(1M),
make(1), ypmake(1M), or ypxfr(1M).
To Remove an Automounter Map from Your NIS
Domain
-
In the
/usr/sbin/ypinitscript, use a text
editor to remove the map name from theMASTER_MAPSlist.
-
In the
/var/yp/Makefile
file, remove the map from the list of maps that begins withall:. -
In the
/var/yp/Makefilefile, remove the statement that begins
$(YPDBDIR)/$(DOM)/auto_<I>mapname</I>.time. For
example, if you were removing theauto_homemap, you
would remove the following lines :<FONT SIZE=3><FONT COLOR="#ffffff">$ (YPDBDIR)/$(DOM)/auto_home.time: $(DIR)/auto_home<BR> @(sed -e "s/^[ | ]*//g" -e "/^#/d" -e s/#.*$$// <<BR>$(DIR)/auto_home $(CHKPIPE)) |<BR> $(MAKEDBM) - $(YPDBDIR) /$(DOM)/auto_home;<BR> @touch $(YPDBDIR)/$(DOM)/auto_home.time;<BR> @echo "updated auto_home";<BR> @if [ ! $(NOPUSH) ]; then $(YPPUSH) -d $(DOM) auto_home; fi<BR> @if [ ! $(NOPUSH) ]; then echo "pushed auto_home"; fi</FONT></FONT>
-
In the
/var/yp/Makefile
file, remove the statement that beginsauto_<I>mapname</I>:.
For example, if you were removing theauto_homemap,
you would remove the following lines :<FONT SIZE=3><FONT COLOR="#ffffff">auto_home:<BR> @if [ $(NOPUSH) ]; then $(MAKE) $(MFLAGS) -k \<BR> $(YPDBDIR)/$(DOM)/auto_home.time DOM=$(DOM) DIR=$(DIR); \<BR> else $(MAKE) $(MFLAGS) -k $(YPDBDIR)/$(DOM)/auto_home.time \<BR> DOM=$(DOM) DIR=$(DIR) NOPUSH=$(NOPUSH);fi</FONT></FONT>
-
On the master and on each of the slave servers, remove the
map files,<I>mapname</I>.dirand<I>mapname</I>.pagfrom the directory where your maps are stored. The directory is
called/var/yp/<I>domainname</I>, where<I>domainname</I>
is the name of your NIS domain. For example, if you were removing
theauto_homemap from theFinancedomain,
you would issue the following commands on the master server and on
each of the slave servers :cd /var/yp/Finance rm auto_home.dir auto_home.pag
For more information, see the man pages ypinit(1M),
make(1), ypmake(1M), and ypfiles(4).
To Add a Slave Server to Your NIS Domain
-
Log in as root to the NIS master server.
-
Issue the following command, where
<I>domainname</I>
is the name of the domain to which you want to add the slave server :cd /var/yp/domainname
-
Issue the following command to create an editable ASCII text
file from theypserversmap :/usr/sbin/makedbm -u ypservers > tempfile
-
Use a text editor to add the name of the new server to the
ASCII file,tempfile. -
Issue the following command to regenerate the
ypservers
map from the ASCII file :/usr/sbin/makedbm tempfile ypservers
-
Log in as root to the new slave server and configure it as an
NIS slave server.
For more information, see the man page for makedbm(1M)
or ypfiles(4).
To Remove a Slave Server from Your NIS Domain
-
Issue the following commands to create an editable ASCII text
file from theypserversmap :cd /var/yp/domainname /usr/sbin/makedbm -u ypservers > tempfile
-
Use a text editor to remove the name of the slave server from
the ASCII file,tempfile. -
Issue the following command to regenerate the
ypservers
map from the ASCII file :/usr/sbin/makedbm tempfile ypservers
-
Log in as root to the slave server.
-
Remove all the map files from the map directory, and remove
the map directory. The directory is called/var/yp/<I>domainname</I>,
where<I>domainname</I>is the name of your NIS domain.
For example, if you were removing a slave server from theFinance
domain, you would issue the following commands :cd /var/yp/Finance rm * cd .. rmdir Finance
-
If the slave is not a slave server in any other NIS domain, use a
text editor to set theNIS_SLAVE_SERVERvariable to 0
in the/etc/rc.config.d/namesvrsfile.NIS_SLAVE_SERVER=0
-
If the slave is not a server
in any other NIS domain, issue the following command to turn off NIS
server capability :/sbin/init.d/nis.server stop
For more information, see the man pages makedbm(1M)
and ypfiles(4).
To Query BIND for Host Information After Querying
NIS
This
section tells you how to set up server-side hostname fallback,
which causes your NIS servers to query BIND for host information
after querying NIS. A server will search the NIS hosts
database first, but if the hosts database does not
contain the requested information, the server will query the BIND
name service. The server will return the host information to the
clients through NIS.
-
Configure your NIS servers as BIND name servers, or install
an/etc/resolve.conffile on each server that allows it
to query a BIND name server. for more information. -
On the NIS master server, in the
/var/yp/Makefile
file, set theBvariable to-b, as
follows :B=-b
-
Issue the following command on the master server to change
the modification time on/etc/hostsso thatmake
will regenerate thehostsdatabase :/usr/bin/touch /etc/hosts
-
Issue the following commands to
regenerate the NIS maps on the master server and push them to the
NIS slave servers :cd /var/yp /usr/ccs/bin/make
-
On all the NIS servers in your domain, change thehosts
line in the/etc/nsswitch.conffile to the
following :hosts: nis dns files
Hewlett-Packard recommends that you use the Name Service Switch on
your NIS clients instead of server-side hostname fallback. However,
if your NIS clients are PCs that do not have a feature like the Name
Service Switch, use the server-side hostname fallback described in
this section if you want to force BIND lookups after NIS lookups.
To Use NIS With Short File Names
-
Make sure the first 14 characters of your domain name uniquely
identify your domain among the other NIS domains in your network. -
If you plan to use NIS to manage your automounter maps, keep
the automounter map names to 10 characters or fewer. -
Log in as root to the NIS master server.
-
In the
/var/yp/Makefilefile, uncomment all the
lines betweenSTART OF EXAMPLEandEND OF EXAMPLE. (Remove the sharp sign [#] from the beginning of
each line.) Do not uncomment theSTART OF EXAMPLEand
END OF EXAMPLElines. -
In the
/var/yp/Makefilefile, delete everything
after theEND OF EXAMPLEline.
This procedure causes your NIS master server to use HP’s
proprietary ypmake script instead of the Makefile.
The Makefile does not support short filenames, but
ypmake does. Type man 1M ypmake at the
HP-UX prompt for more information.
