Network Information Service plus (NIS+), a service used for network naming and administration, expands the services provided by Network Information Service (NIS). NIS+ works on a client-server model, and it stores information at a central location that allows clients to access it over the network. This central location, called the NIS+ namespace, can store information such as security details, workstation addresses, mail information, and so on.
The NIS+ namespace is hierarchical in nature, and it can be easily configured according to the logical structure of an organization. NIS+ also has a special security system to protect the structure of the namespace and its information; it checks both authentication and authorization to process a user's request.
This article summarizes the basic steps and commands for NIS+ installation, configuration, and administration.
Installation and configuration
The installation and configuration examples use the following machine names as root server and client:
- NIS+ server: server (188.8.131.52)
- NIS+ client: client (184.108.40.206)
The installation of NIS+ requires the bos.net.nisplus fileset.
- Check the availability of the fileset using the following command:
# lslpp –l | grep bos.net.nisplus
- Planning the NIS+ layout includes selecting the root domain name, root server machine, clients, and slave machines. Preparing a sketch of the domain hierarchy is also handy when configuring NIS+.
- The /usr/lib/security/methods.cfg file should have the NISPLUS module defined
in it, as follows:
NISPLUS: program = /usr/lib/security/NISPLUS
The NISPLUS load module should be available in /usr/lib/security.
- In the /etc/security/user file, define the SYSTEM attribute in the default
section as NISPLUS or compat:
default: SYSTEM = NISPLUS OR compat
- Include the /usr/lib/nis directory in the default PATH, as follows:
# export PATH=$PATH:/usr/lib/nis
Starting the configuration of NISPLUS server requires a root domain name. Let's
use the root domain name
- Execute the
nisservercommand, as follows:
# nisserver -r -d isl.com
You should see the following display:
# nisserver -r -d isl.com. 0513-059 The keyserv Subsystem has been started. Subsystem PID is 303260. This script sets up this machine "indus29" as an NIS+ root master server for domain isl.com.. Domain name : isl.com NIS+ group : admin.isl.com NIS (YP) compatibility : OFF Security Level : 2=DES Is this information correct? (type 'y' to accept, 'n' to change)
Change the attributes defined above by selecting
n, and select
You should see the following display:
This script will set up your machine as a root master server for domain isl.com without NIS compatibility at security level 2. WARNING: this script removes directories and files related to NIS+ under /var/nis directory with the exception of the client_info NIS_COLD_START and NIS_SHARED_DIRCACHE files which will be renamed to <file>.no_nisplus. If you want to save these files, you should abort from this script now to save these files first. WARNING: once this script is executed, you will not be able to restore the existing NIS+ server environment. However, you can restore your NIS+ client environment using "nisclient -i" with the proper domain name and server information. Do you want to continue? (type 'y' to continue, 'n' to exit this script)
yto proceed, which triggers setting up the NIS+ server.
- The next step is to populate the NIS+ tables from the local files. You can use
the following series of steps to copy the required files to the /var/tmp/nisplus
directory, and then use the
nispopulatecommand to populate the tables. This might take a long time, depending on the number of users in the system.
# mkdir -p /var/tmp/nisplus # cp /etc/passwd /var/tmp/nisplus/passwd # cp /etc/hosts /var/tmp/nisplus/hosts # cp /etc/group /var/tmp/nisplus/group # cp /etc/rpc /var/tmp/nisplus/rpc # cp /etc/protocols /var/tmp/nisplus/protocols # cp /etc/networks /var/tmp/nisplus/networks # cp /etc/services /var/tmp/nisplus/services # cd /var/tmp/nisplus # /usr/lib/nis/nispopulate -v -F -f -l <passwd>
You have to give a password with the
nispopulatecommand, which is used later for communication between the clients and server.
- Add the root server to the hosts table using the following command:
nistbladm –A cname=<rootservername.domainname.> name=<rootservername> addr=<ipaddress of rootserver> hosts.org_dir.domainname
nistbladm -A cname=server.isl.com. name=server addr=220.127.116.11 hosts.org_dir.isl.com
The addition of this entry to the host table completes the NIS+ server configuration.
- To check if the server is up, run the following commands:
# niscat passwd.org_dir # nisls
- Use the following command to add clients to the hosts table on the NIS+ server:
# nistbladm –A cname=<clientname.domainname.> name=<clientname> addr=<ipaddress of the client> hosts.org_dir.domainname.
# nistbladm -A cname=client.isl.com. name=client addr=18.104.22.168 hosts.org_dir.isl.com
- After adding clients to the host table, go to a client and initialize the
client by using the following series of commands:
# /usr/lib/nis/nisclient -D # stopsrc -s keyserv # /usr/lib/nis/nisclient -i -h <rootservername> -a <rootserverip> -d <domainname>
# /usr/lib/nis/nisclient -i -h server -a 22.214.171.124 -d isl.com
- Reboot the client:
# shutdown -Fr
Configuration of the NIS+ client is now complete.
- You can use the
nisstatcommand from the client to check the server details. This ensures that the setup is correct.
This section discusses general administration and basic commands for your NIS+ setup.
- To stop NIS+ and remove the domainname, enter the following:
# stopsrc -s nis_cachemgr # /usr/lib/nis/nisserver -D # stopsrc -s keyserv # /usr/lib/nis/nisclient –D
Remove all the files in the /var/nis/ directory.
- To create a group, check the domainname and use the
nisgrpadmcommand to create a group (for example,
# domainname isl.com # nisgrpadm -c testgrp.isl.com Group "testgrp.isl.com" created
- To see if the groups formed, enter:
# nisls groups_dir groups_dir.isl.com: admin testgrp
- To create an NIS+ user (for example,
# nismkuser nispuser
- To display the users, enter:
# niscat passwd.org_dir
Similarly, you can use the
niscatcommand to check several entries present in the NIS+ tables. For example, you can use it to display the host entries, as follows:
# niscat -h hosts.org_dir
- To add the user to a group, enter:
# nisgrpadm -a testgrp nispuser
The command added
- To check the group entry for the
# nisgrpadm -l testgrp.isl.com
To check the group entry for the
- Another useful command is
nisls, which can be used to check the entries of the NIS+ tables. For example, to list the tables that have been populated, enter:
# nisls org_dir
To list the groups, enter:
# nisls groups_dir
Though NIS+ has some advantages over NIS, it is important to note that there is no relation between NIS+ and NIS. The commands and the overall structure of NIS+ are different from NIS. The syntax for some commands in NIS+ is different from the commands for NIS. NIS+ was designed from scratch, and it is not an extension of NIS.
See the Network Information Services (NIS and NIS+) Guide in the Resources section for detailed information on other commands used for NIS+ administration.
- Network Information Services (NIS and NIS+) Guide: Browse through the AIX documentation site for additional information on NIS and NIS+.
- Network Information Service+ (NIS+) Overview: You can find additional information on NIS+ here.
- NIS Administration: Visit the Network Information Services (NIS and NIS+) Guide and learn more about system administration tasks for NIS+.
- Popular content: See what AIX® and UNIX® content your peers find interesting.
- AIX and UNIX: The AIX and UNIX developerWorks zone provides a wealth of information relating to all aspects of AIX systems administration and expanding your UNIX skills.
- New to AIX and UNIX?: Visit the "New to AIX and UNIX" page to learn more about AIX and UNIX.
- AIX Wiki: A collaborative environment for technical information related to AIX.
- Search the AIX and UNIX library by topic:
- Safari bookstore: Visit this e-reference library to find specific technical resources.
- developerWorks technical events and webcasts: Stay current with developerWorks technical events and webcasts.
- Podcasts: Tune in and catch up with IBM technical experts.
Get products and technologies
- IBM trial software: Build your next development project with software for download directly from developerWorks.
- Quick links for AIX fixes: Get your AIX updates here.
- IBM Fix Central: This site provides fixes and updates for your system's software, hardware, and operating system.
- Participate in the developerWorks blogs and get involved in the developerWorks community.
- Participate in the AIX and UNIX forums: