Setting up NISPlus on Solaris

NOTE: I never finished this project, it got dropped as a priority, then the company went out of business. This document is far from complete, but it should be a good starting point to refresh my memory if I ever need to do this again.

Given that I'm in the process of setting up NISPlus in Solaris, I'm putting up the process.

This is the quick and dirty way to have one root master, and several clients. This is pretty much for a small setup with no replicas. I've written this based on my notes and test run. I will update them when I do the real install.

Various notes before we begin:

Whenever you need to type your domain name, ALWAYS put a trailing dot. Instead of company.com it's company.com.
Anything in italics is something you need to replace with your OWN information. Namely:
- domain.com
- host

ON YOUR SERVER
1. Put /usr/lib/nis in your PATH. Make life easy:
PATH=$PATH:/usr/lib/nis

2. Set a good key size (as opposed to using des):
nisauthconf dh1024-0

or if you want to default to that, yet allow des (for compatability or something):
nisauthconf dh1024-0 des

3. Set up your machine as the root server:
nisserver -r -d domain
where domain is what you want your NIS+ domain to be. For example if you are yourcompany.com, you're NIS domain will eb yourcompany.com. (WITH the trailing dot).

4. Make a directory to hold modified system files that will populate the NIS+ database:
mkdir /var/nis/etc

5. Copy auto_master, auto_home, ethers, group, hosts, networks, passwd, protocols, services, rpc, netmasks, bootparams, netgroup, and aliases into /var/nis/etc:

cp auto_master auto_home ethers group hosts networks passwd protocols services rpc netmasks bootparams netgroup aliases /var/nis/etc

6. Go through your /var/nis/etc/hosts file. Take out all non-internal entries. This should contain only systems that are or will be part of the NIS+ domain. Also make sure that there is no more than one line per IP address (and therefore no duplicates as well). So change any:

10.0.0.1	foo

10.0.0.1	fooalias

to:
10.0.0.1 foo fooalias foo.yourdomain.com

7. Go through your /var/nis/etc/passwd file and take out entries you don't want in there such as:

root:x:0:1:0000-Admin(0000):/:/sbin/sh
daemon:x:1:3:0000-Admin(0000):/:
bin:x:3:5:0000-Admin(0000):/usr/bin:
sys:x:3:3:0000-Admin(0000):/:
adm:x:4:4:0000-Admin(0000):/var/adm:
lp:x:78:9:0000-lp(0000):/usr/spool/lp:
smtp:x:0:0:mail daemon user:/:
uucp:x:5:5:0000-uucp(0000):/usr/lib/uucp:
nuucp:x:7:8:0000-uucp (0000):/var/spool/uucppublic:/usr/lib/uucp/uucico
listen:x:22:6:Network Admin:/usr/net/nls

This is an optional step, but recommended.

8. Go through any other files in /var/nis/etc/ files and make sure they are all the way you want NIS+ to look. Then populate the NIS+ tables be doing:


cd /var/nis/etc

nispopulate -F -d yourdomain.com.

9. If you so choose, add yourself as an admin for NIS+:
nisgrpadm -a admin.yourdomain.com. you.yourdomain.com.

10. Test:

nisping -C yourdomain.com.

niscat rpc.org_dir

ON CLIENTS
1. Setup the key size:
nisauthconf dh1024-0

or if you want to accept des as well:
nisauthconf dh1024-0 des

2. Setup the box as a client:
nisclient -i -d yourdomain.com. -h hostname.yourdomain.com.

3. Reboot

FOR EACH USER
1. Sync the user's password with the RPC password. By default the RPC password is nisplus. AS THE USER:
nisclient -u
and enter 'nisplus' as the RPC password.

This page is © Phil Dibowitz 2001 - 2004