NIS+ with zones Derek Crudgington http://hell.jedicoder.net In your global zone you want to make it the NIS+ server: root@ferrari:~% nisserver -r -d laptop.com. ******** ******** WARNING ******** ******** NIS+ might not be supported in a future release. Tools to aid the migration from NIS+ to LDAP are available in the Solaris 9 operating environment. For more information, visit http://www.sun.com/directory/nisplus/transition.html ******** ******** ******* ******** ******** This script sets up this machine "ferrari" as an NIS+ root master server for domain laptop.com.. Domain name : laptop.com. NIS+ group : admin.laptop.com. NIS (YP) compatibility : OFF Security level : 2=DES Is this information correct? (type 'y' to accept, 'n' to change) y This script will set up your machine as a root master server for domain laptop.com. without NIS compatibility at security level 2. Use "nisclient -r" to restore your current network service environment. Do you want to continue? (type 'y' to continue, 'n' to exit this script) y setting up domain information "laptop.com." ... setting up switch information ... running nisinit ... This machine is in the "laptop.com." NIS+ domain. Setting up root server ... All done. starting root server at security level 0 to create credentials... running nissetup to create standard directories and tables ... org_dir.laptop.com. created groups_dir.laptop.com. created passwd.org_dir.laptop.com. created group.org_dir.laptop.com. created auto_master.org_dir.laptop.com. created auto_home.org_dir.laptop.com. created bootparams.org_dir.laptop.com. created cred.org_dir.laptop.com. created ethers.org_dir.laptop.com. created hosts.org_dir.laptop.com. created ipnodes.org_dir.laptop.com. created mail_aliases.org_dir.laptop.com. created netmasks.org_dir.laptop.com. created netgroup.org_dir.laptop.com. created networks.org_dir.laptop.com. created protocols.org_dir.laptop.com. created rpc.org_dir.laptop.com. created services.org_dir.laptop.com. created timezone.org_dir.laptop.com. created client_info.org_dir.laptop.com. created auth_attr.org_dir.laptop.com. created exec_attr.org_dir.laptop.com. created prof_attr.org_dir.laptop.com. created user_attr.org_dir.laptop.com. created audit_user.org_dir.laptop.com. created adding credential for ferrari.laptop.com... Enter login password: creating NIS+ administration group: admin.laptop.com. ... adding principal ferrari.laptop.com. to admin.laptop.com. ... restarting NIS+ root master server at security level 2 ... This system is now configured as a root server for domain laptop.com. You can now populate the standard NIS+ tables by using the nispopulate script or /usr/lib/nis/nisaddent command. root@ferrari:~% share - /export/home rw,nosuid "homedirs" - /home rw,nosuid "homedirs" root@ferrari:~% nispopulate -F -p /etc -d laptop.com. NIS+ domain name : laptop.com. Directory Path : /etc Is this information correct? (type 'y' to accept, 'n' to change) y This script will populate the standard NIS+ tables for domain laptop.com. from the files in /etc: auto_master auto_home ethers group hosts ipnodes networks passwd protocols services rpc netmasks bootparams netgroup aliases timezone auth_attr exec_attr prof_attr user_attr audit_user shadow **WARNING: Interrupting this script after choosing to continue may leave the tables only partially populated. This script does not do any automatic recovery or cleanup. Do you want to continue? (type 'y' to continue, 'n' to exit this script) y populating auto_master table from file /etc/auto_master... auto_master table done. populating auto_home table from file /etc/auto_home... auto_home table done. populating ethers table from file /etc/ethers... ethers table done. populating group table from file /etc/group... group table done. populating hosts table from file /etc/hosts... hosts table done. Populating the NIS+ credential table for domain laptop.com. from hosts table. dumping hosts table... loading credential table... The credential table for domain laptop.com. has been populated. The password used will be nisplus. **WARNING: file /etc/ipnodes does not exist! ipnodes table will not be loaded. populating networks table from file /etc/networks... networks table done. populating passwd table from file /etc/passwd... passwd table done. Populating the NIS+ credential table for domain laptop.com. from passwd table. dumping passwd table... loading credential table... nisaddcred: need not add LOCAL entry for root nisaddcred: unable to create credential. The credential table for domain laptop.com. has been populated. The password used will be nisplus. populating protocols table from file /etc/protocols... protocols table done. populating services table from file /etc/services... services table done. populating rpc table from file /etc/rpc... rpc table done. populating netmasks table from file /etc/netmasks... netmasks table done. populating bootparams table from file /etc/bootparams... bootparams table done. populating netgroup table from file /etc/netgroup... netgroup table done. populating mail_aliases table from file /etc/aliases... mail_aliases table done. populating timezone table from file /etc/timezone... parse error: zero key length (line 1) timezone table done. **WARNING: file /etc/auth_attr does not exist! auth_attr table will not be loaded. **WARNING: file /etc/exec_attr does not exist! exec_attr table will not be loaded. **WARNING: file /etc/prof_attr does not exist! prof_attr table will not be loaded. populating user_attr table from file /etc/user_attr... user_attr table done. **WARNING: file /etc/audit_user does not exist! audit_user table will not be loaded. populating passwd table from file /etc/shadow... passwd table done. Credentials have been added for the entries in the hosts and passwd table(s). Each entry was given a default network password (also known as a Secure-RPC password). This password is: nisplus Use this password when the nisclient script requests the network password. nispopulate failed to populate the following tables: ipnodes auth_attr exec_attr prof_attr audit_user root@ferrari:~% nisping -C laptop.com. Checkpointing replicas serving directory "laptop.com." : Master server is "ferrari.laptop.com." Last update occurred at Fri Oct 7 13:35:51 2005 Master server is "ferrari.laptop.com." checkpoint scheduled on "ferrari.laptop.com.". root@ferrari:~% niscat rpc.org_dir .... ------------------------------------------- On the Client (Zone 1): bash-3.00# nisclient -i -d laptop.com. -h ferrari ******** ******** WARNING ******** ******** NIS+ might not be supported in a future release. Tools to aid the migration from NIS+ to LDAP are available in the Solaris 9 operating environment. For more information, visit http://www.sun.com/directory/nisplus/transition.html ******** ******** ******* ******** ******** Initializing client zone1 for domain "laptop.com.". Once initialization is done, you will need to reboot your machine. Do you want to continue? (type 'y' to continue, 'n' to exit this script) y setting up domain information "laptop.com."... setting up the name service switch information... At the prompt below, type the network password (also known as the Secure-RPC password) that you obtained either from your administrator or from running the nispopulate script. Please enter the Secure-RPC password for root: Please enter the login password for root: Your network password has been changed to your login one. Your network and login passwords are now the same. Client initialization completed!! Please reboot your machine for changes to take effect. ---------- Add client machine users to NIS+: -bash-3.00$ /usr/lib/nis/nisclient -u ******** ******** WARNING ******** ******** NIS+ might not be supported in a future release. Tools to aid the migration from NIS+ to LDAP are available in the Solaris 9 operating environment. For more information, visit http://www.sun.com/directory/nisplus/transition.html ******** ******** ******* ******** ******** At the prompt below, type the network password (also known as the Secure-RPC password) that you obtained either from your administrator or from running the nispopulate script. Please enter the Secure-RPC password for test11: Please enter the login password for test11: Your network password has been changed to your login one. Your network and login passwords are now the same.