Network Information Service plus (NIS+), a service used for network naming and administration, expands the services provided by Network Information Service (NIS). NIS+ works on a client-server model, and it stores information at a central location that allows clients to access it over the network. This central location, called the NIS+ namespace, can store information such as security details, workstation addresses, mail information, and so on.
The NIS+ namespace is hierarchical in nature, and it can be easily configured according to the logical structure of an organization. NIS+ also has a special security system to protect the structure of the namespace and its information; it checks both authentication and authorization to process a user's request.
This article summarizes the basic steps and commands for NIS+ installation, configuration, and administration.
Installation and configuration
The installation and configuration examples use the following machine names as root server and client:
- NIS+ server: server (9.124.111.62)
- NIS+ client: client (9.124.111.61)
The installation of NIS+ requires the bos.net.nisplus fileset.
- Check the availability of the fileset using the following command:
# lslpp –l | grep bos.net.nisplus
- Planning the NIS+ layout includes selecting the root domain name, root server machine, clients, and slave machines. Preparing a sketch of the domain hierarchy is also handy when configuring NIS+.
- The /usr/lib/security/methods.cfg file should have the NISPLUS module defined
in it, as follows:
NISPLUS: program = /usr/lib/security/NISPLUSThe NISPLUS load module should be available in /usr/lib/security.
- In the /etc/security/user file, define the SYSTEM attribute in the default
section as NISPLUS or compat:
default: SYSTEM = NISPLUS OR compat
- Include the /usr/lib/nis directory in the default PATH, as follows:
# export PATH=$PATH:/usr/lib/nis
Starting the configuration of NISPLUS server requires a root domain name. Let's
use the root domain name isl.com.
- Execute the
nisservercommand, as follows:# nisserver -r -d isl.com
You should see the following display:
# nisserver -r -d isl.com. 0513-059 The keyserv Subsystem has been started. Subsystem PID is 303260. This script sets up this machine "indus29" as an NIS+ root master server for domain isl.com.. Domain name : isl.com NIS+ group : admin.isl.com NIS (YP) compatibility : OFF Security Level : 2=DES Is this information correct? (type 'y' to accept, 'n' to change)
Change the attributes defined above by selecting
n, and selectyto continue.You should see the following display:
This script will set up your machine as a root master server for domain isl.com without NIS compatibility at security level 2. WARNING: this script removes directories and files related to NIS+ under /var/nis directory with the exception of the client_info NIS_COLD_START and NIS_SHARED_DIRCACHE files which will be renamed to <file>.no_nisplus. If you want to save these files, you should abort from this script now to save these files first. WARNING: once this script is executed, you will not be able to restore the existing NIS+ server environment. However, you can restore your NIS+ client environment using "nisclient -i" with the proper domain name and server information. Do you want to continue? (type 'y' to continue, 'n' to exit this script)
Select
yto proceed, which triggers setting up the NIS+ server. - The next step is to populate the NIS+ tables from the local files. You can use
the following series of steps to copy the required files to the /var/tmp/nisplus
directory, and then use the
nispopulatecommand to populate the tables. This might take a long time, depending on the number of users in the system.# mkdir -p /var/tmp/nisplus # cp /etc/passwd /var/tmp/nisplus/passwd # cp /etc/hosts /var/tmp/nisplus/hosts # cp /etc/group /var/tmp/nisplus/group # cp /etc/rpc /var/tmp/nisplus/rpc # cp /etc/protocols /var/tmp/nisplus/protocols # cp /etc/networks /var/tmp/nisplus/networks # cp /etc/services /var/tmp/nisplus/services # cd /var/tmp/nisplus # /usr/lib/nis/nispopulate -v -F -f -l <passwd>
You have to give a password with the
nispopulatecommand, which is used later for communication between the clients and server. - Add the root server to the hosts table using the following command:
nistbladm –A cname=<rootservername.domainname.> name=<rootservername> addr=<ipaddress of rootserver> hosts.org_dir.domainname
For example:
nistbladm -A cname=server.isl.com. name=server addr=9.124.111.62 hosts.org_dir.isl.com
The addition of this entry to the host table completes the NIS+ server configuration.
- To check if the server is up, run the following commands:
# niscat passwd.org_dir # nisls
- Use the following command to add clients to the hosts table on the NIS+ server:
# nistbladm –A cname=<clientname.domainname.> name=<clientname> addr=<ipaddress of the client> hosts.org_dir.domainname.
For example:
# nistbladm -A cname=client.isl.com. name=client addr=9.124.111.61 hosts.org_dir.isl.com
- After adding clients to the host table, go to a client and initialize the
client by using the following series of commands:
# /usr/lib/nis/nisclient -D # stopsrc -s keyserv # /usr/lib/nis/nisclient -i -h <rootservername> -a <rootserverip> -d <domainname>
For example:
# /usr/lib/nis/nisclient -i -h server -a 9.124.113.62 -d isl.com
- Reboot the client:
# shutdown -Fr
Configuration of the NIS+ client is now complete.
- You can use the
nisstatcommand from the client to check the server details. This ensures that the setup is correct.# nisstat
This section discusses general administration and basic commands for your NIS+ setup.
- To stop NIS+ and remove the domainname, enter the following:
# stopsrc -s nis_cachemgr # /usr/lib/nis/nisserver -D # stopsrc -s keyserv # /usr/lib/nis/nisclient –D
Remove all the files in the /var/nis/ directory.
- To create a group, check the domainname and use the
nisgrpadmcommand to create a group (for example,testgrp).# domainname isl.com # nisgrpadm -c testgrp.isl.com Group "testgrp.isl.com" created
- To see if the groups formed, enter:
# nisls groups_dir groups_dir.isl.com: admin testgrp
- To create an NIS+ user (for example,
nispuser), enter:# nismkuser nispuser
- To display the users, enter:
# niscat passwd.org_dir
Similarly, you can use the
niscatcommand to check several entries present in the NIS+ tables. For example, you can use it to display the host entries, as follows:# niscat -h hosts.org_dir
- To add the user to a group, enter:
# nisgrpadm -a testgrp nispuser
The command added
nispuser.isl.comto thetestgrp.isl.comgroup. - To check the group entry for the
testgrpgroup, enter:# nisgrpadm -l testgrp.isl.com
To check the group entry for the
testgrp.isl.comgroup, enter:nispuser
- Another useful command is
nisls, which can be used to check the entries of the NIS+ tables. For example, to list the tables that have been populated, enter:# nisls org_dir
To list the groups, enter:
# nisls groups_dir
Though NIS+ has some advantages over NIS, it is important to note that there is no relation between NIS+ and NIS. The commands and the overall structure of NIS+ are different from NIS. The syntax for some commands in NIS+ is different from the commands for NIS. NIS+ was designed from scratch, and it is not an extension of NIS.
See the Network Information Services (NIS and NIS+) Guide in the Resources section for detailed information on other commands used for NIS+ administration.
Learn
- Network
Information Services (NIS and NIS+) Guide:
Browse through the AIX documentation site for additional information on NIS and
NIS+.
- Network
Information Service+ (NIS+) Overview:
You can find additional information on NIS+ here.
- NIS
Administration:
Visit the Network Information Services (NIS and NIS+) Guide and learn more
about system administration tasks for NIS+.
- Popular content:
See what AIX® and UNIX® content your peers find interesting.
- AIX and
UNIX:
The AIX and UNIX developerWorks zone provides a wealth of information relating to
all aspects of AIX systems administration and expanding your UNIX skills.
- New to AIX and UNIX?:
Visit the "New to AIX and UNIX" page to learn more about AIX and UNIX.
- AIX Wiki:
A collaborative environment for technical information related to AIX.
- Search the AIX and UNIX library by topic:
- System administration
- Application development
- Performance
- Porting
- Security
- Tips
- Tools and utilities
- Java™ technology
- Linux®
- Open source
- Safari bookstore:
Visit this e-reference library to find specific technical resources.
- developerWorks technical events and webcasts:
Stay current with developerWorks technical events and webcasts.
- Podcasts: Tune in and
catch up with IBM technical experts.
Get products and technologies
- IBM trial software:
Build your next development project with software for download directly from
developerWorks.
- Quick links
for AIX fixes:
Get your AIX updates here.
- IBM
Fix Central:
This site provides fixes and updates for your system's software, hardware, and
operating system.
Discuss
- Participate in the
developerWorks blogs
and get involved in the developerWorks community.
- Participate in the AIX and UNIX forums:
- AIX—technical forum
- AIX 6 Open Beta
- AIX for Developers Forum
- Cluster Systems Management
- IBM Support Assistant
- Performance Tools—technical
- Virtualization—technical
- More AIX and UNIX forums
Ashish Nainwal is an AIX security support specialist and system administrator at IBM India Systems and Technology Lab. He has been one of the focal points in AIX security in his two years with AIX. Ashish has also been involved in various System p™ administration activities and has diverse experience with customers. You can contact him at anainwal@in.ibm.com.
Comments (Undergoing maintenance)
Table of contents
Local resources
My developerWorks community
Tags
Use the slider bar to see more or fewer tags.
Popular tags shows the top tags for this particular content zone (for example, Java technology, Linux, WebSphere).
My tags shows your tags for this particular content zone (for example, Java technology, Linux, WebSphere).
Popular article tags |
My article tagsSkip to tags list
Popular article tags |
My article tags
