Solaris on Exalogic – Setup NIS on Solaris 11.1

For those customers who are running the Solaris version of Exalogic Elastic Cloud Software 2.0.4.0.* on Exalogic will know that the Operating System has been upgraded from Solaris 11 Express to Solaris 11.1.

There is a MOS note (ID: 1491906.1) on how to setup NIS on Solaris 11 Express, it has helped a lot of customers to successfully configured NIS on their systems.

Experienced Solaris administrator should be able to follow the above note to configure the same on Solaris 11.1, this article serves the purpose of illustrating the differences between Solaris 11 Express and Solaris 11.1 when the steps are followed and highlights the additional step that is applicable to Solaris 11.1 only.

This article covers the following:

  • Steps to Configure NIS Master
  • Steps to Configure NIS Slave
  • Steps to Configure NIS Client

Steps to Configure NIS Master

The following steps must be performed as root user.

1. Install the package “service/network/nis”

Run the following command to check if the package has been installed:

root@nis-master:~# pkg info service/network/nis
pkg: info: no packages matching the following patterns you specified are
installed on the system.  Try specifying -r to query remotely:

        service/network/nis

The above output indicates that the package is not installed.

To install the package, run the following command:

root@nis-master:~# pkg install service/network/nis
           Packages to install:  2
       Create boot environment: No
Create backup boot environment: No
            Services to change:  1

DOWNLOAD                                PKGS         FILES    XFER (MB)   SPEED
Completed                                2/2         57/57      0.3/0.3  6.8M/s

PHASE                                          ITEMS
Installing new actions                       101/101
Updating package state database                 Done
Updating image state                            Done
Creating fast lookup database                   Done

2. Setup the NIS domain name

Notice that before NIS domain name is setup, the service “svc:/network/nis/domain” was disabled:

root@nis-master:~# svcs network/nis/domain
STATE          STIME    FMRI
disabled       10:17:04 svc:/network/nis/domain:default

Setup the domain name by running the following command (using “us.oracle.com” as an example):

root@nis-master:~# domainname us.oracle.com

Notice that the file /etc/defaultdomain has been automatically created and the service “svc:/network/nis/domain” is now online.

root@nis-master:~# cat /etc/defaultdomain
us.oracle.com
root@nis-master:~# svcs network/nis/domain
STATE          STIME    FMRI
online	        10:17:08 svc:/network/nis/domain:default

3. Setup the domain name for NFSv4

NFSv4 domain must be set to the same NIS domain name for all clients and servers.

Example:

root@nis-master:~# sharectl set -p nfsmapid_domain=us.oracle.com nfs

4. Ensure /etc/hosts has entries for the NIS master and NIS slave(s)

Ensure all clients and servers have the right entries for NIS master and NIS slave(s) defined in their /etc/hosts file.

Example:

root@nis-master:~# cat /etc/hosts
#
# Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
# Use is subject to license terms.
#
# Internet host table
#
::1 nis-master localhost
127.0.0.1 nis-master localhost loghost
192.168.25.111  nis-master
192.168.25.112  nis-slave

5. Create a source directory and copy the source files there

Create a “src” directory under the directory “/var/yp” and copy the source files there:

root@nis-master:/var/yp# mkdir src
root@nis-master:/var/yp# cd /etc
root@nis-master:/etc# cp auto_home auto_master bootparams ethers group hosts netgroup netmasks networks passwd protocols publickey rpc services shadow timezone user_attr   /var/yp/src
cp: cannot access bootparams
cp: cannot access ethers
cp: cannot access netgroup
cp: cannot access timezone

Notice that the files bootparams, ethers, netgroup and timezone are not present

6. Edit the NIS Makefile

Note that if you don’t have the package “service/network/nis” installed, the Makefile is not present.

Example:

# cp /var/yp/Makefile /var/yp/Makefile.orig

# vi /var/yp/Makefile

In VI mode modify “DIR” and “PWDIR” entries inside Makefile to reflect the location of the alternate directory used in above step 5.

In this example it will be DIR=/var/yp/src and PWDIR=/var/yp/src

If you wish NIS to resolve hosts through DNS comment out “B=” and uncomment “B=-b” inside Makefile. Locate the target labeled ” all: “ and remove any map from the definition that does not have a corresponding file and will not be used as part of this service. For e.g. bootparams, ethers, and timezone files do not exist by default and may be removed. Because these may avert errors during the make process.

Note: If the netgroup map is to be used later, but does not yet exist, create a placeholder for this in the target directory as follows.

# touch /var/yp/src/netgroup

Example of “all:” label in Makefile:

all: passwd group hosts ipnodes networks rpc services protocols \
        netgroup publickey c2secure \
        auto.master auto.home ageing \
        auth.attr exec.attr prof.attr user.attr

7. Initialize the server

Go to the directory “/var/yp” and run the command “/usr/sbin/ypinit -m” to initialize the NIS server.

Example:

root@nis-master:/var/yp# /usr/sbin/ypinit -m

In order for NIS to operate successfully, we have to construct a list of the
NIS servers.  Please continue to add the names for YP servers in order of
preference, one per line.  When you are done with the list, type a <control D>
or a return on a line by itself.
        next host to add:  nis-master
        next host to add:  nis-slave
        next host to add:  ^D
The current list of yp servers looks like this:

nis-master
nis-slave

Is this correct?  [y/n: y]

Installing the YP database will require that you answer a few questions.
Questions will all be asked at the beginning of the procedure.

Do you want this procedure to quit on non-fatal errors? [y/n: n]
OK, please remember to go back and redo manually whatever fails.  If you
don't, some part of the system (perhaps the yp itself) won't work.
The yp domain directory is /var/yp/us.oracle.com
There will be no further questions. The remainder of the procedure should take
5 to 10 minutes.
Building /var/yp/us.oracle.com/ypservers...
Running /var/yp /Makefile...
updated passwd
updated group
updated hosts
updated ipnodes
updated networks
updated rpc
updated services
updated protocols
updated netgroup
updated publickey
updated auto.master
updated auto.home
updated ageing
updated auth_attr
updated exec_attr
updated prof_attr
updated user_attr

nis-master has been set up as a yp master server without any errors.

If there are running slave yp servers, run yppush now for any data bases
which have been changed.  If there are no running slaves, run ypinit on
those hosts which are to be slave servers.

8. Enable Remote Access of rpcbind (New in Solaris 11.1)

By default rpcbind service is restricted to local only, to enable remote access of rpcbind, the parameter “config/local_only” must be set to false. It is required for NIS client to communicate with NIS server over the network.

Example:

root@nis-master:~# svccfg -s network/rpc/bind
svc:/network/rpc/bind> listprop config
config                      application
config/allow_indirect      boolean     true
config/enable_tcpwrappers  boolean     false
config/local_only          boolean     true
config/value_authorization astring     solaris.smf.value.rpc.bind
config/verbose_logging     boolean     false
svc:/network/rpc/bind> setprop config/local_only = boolean: false
svc:/network/rpc/bind> exit
root@nis-master:~# svcadm refresh network/rpc/bind

Please ensure the service “network/rpc/bind” is refreshed after the change.

Steps to Configure NIS Slave

The following steps must be performed as root user.

1. Prepare NIS Slave server

Follow step 1 to 4 of the section “Steps to Configure NIS Master”

2. Start the NIS Client service

Run the following command to enable the NIS client service:

# svcadm enable svc:/network/nis/client:default

Run the following command to verify if NIS client is running:

# svcs network/nis/client

3. Configure name-service/switch to use NIS

In Solaris 11.1, the file /etc/nsswitch.conf is not to be modified directly but through the Service Management Facility (SMF).

Example:

root@nis-slave:~# svccfg -s name-service/switch
svc:/system/name-service/switch> listprop config
config                      application
config/default             astring     files
config/value_authorization astring     solaris.smf.value.name-service.switch
config/host                astring     "files dns mdns"
config/printer             astring     "user files"
svc:/system/name-service/switch> setprop config/password = astring: "files nis"
svc:/system/name-service/switch> setprop config/group = astring: "files nis"
svc:/system/name-service/switch> exit
root@nis-slave:~# svcadm refresh name-service/switch

4. Initialize NIS Slave server

Run the command “/usr/sbin/ypinit -s master_machine_name” to initialize NIS slave server.

Example:

root@nis-slave:~# /usr/sbin/ypinit -s nis-master

Installing the YP database will require that you answer a few questions.
Questions will all be asked at the beginning of the procedure.

Do you want this procedure to quit on non-fatal errors? [y/n: n]
OK, please remember to go back and redo manually whatever fails.  If you
don't, some part of the system (perhaps the yp itself) won't work.
The yp domain directory is /var/yp/us.oracle.com
There will be no further questions. The remainder of the procedure should take
a few minutes, to copy the data bases from nis-master.
Transferring networks.byaddr...
Transferring netgroup.byuser...
Transferring hosts.byname...
Transferring protocols.bynumber...
Transferring ipnodes.byname...
Transferring protocols.byname...
Transferring ipnodes.byaddr...
Transferring passwd.byname...
Transferring passwd.byuid...
Transferring publickey.byname...
Transferring ageing.byname...
Transferring auth_attr...
Transferring networks.byname...
Transferring rpc.bynumber...
Transferring user_attr...
Transferring hosts.byaddr...
Transferring auto.home...
Transferring auto.master...
Transferring services.byservicename...
Transferring group.bygid...
Transferring ypservers...
Transferring netgroup...
Transferring exec_attr...
Transferring prof_attr...
Transferring group.byname...
Transferring netgroup.byhost...
Transferring services.byname...

nis-slave's nis data base has been set up

 without any errors.

5. Start NIS Server Service

Run the following command to enable the NIS server service:

# svcadm enable svc:/network/nis/server:default

Run the following command to verify if NIS server is running:

# svcs network/nis/server

6. Enable Remote Access of rpcbind (New in Solaris 11.1)

Refer to step 8 of “Steps to Configure NIS Master”

Steps to Configure NIS Client

The following steps must be performed as root user.

1. Prepare NIS Client

Follow step 2 to 4 of the section “Steps to Configure NIS Master”

2. Initialize the NIS client

Run the command “/usr/sbin/ypinit -c” to initialize NIS client.

Example:

root@acme1_z1:~# /usr/sbin/ypinit -c

In order for NIS to operate successfully, we have to construct a list of the
NIS servers.  Please continue to add the names for YP servers in order of
preference, one per line.  When you are done with the list, type a <control D>
or a return on a line by itself.
        next host to add:  nis-master
        next host to add:  nis-slave
        next host to add:  ^D
The current list of yp servers looks like this:

nis-master
nis-slave

Is this correct?  [y/n: y]

3. Configure name-service/switch to use NIS

In Solaris 11.1, the file /etc/nsswitch.conf is not to be modified directly but through the Service Management Facility (SMF).

Example:

root@acme1_z1:~# svccfg -s name-service/switch
svc:/system/name-service/switch> listprop config
config                      application
config/default             astring     files
config/value_authorization astring     solaris.smf.value.name-service.switch
config/host                astring     "files dns mdns"
config/printer             astring     "user files"
svc:/system/name-service/switch> setprop config/password = astring: "files nis"
svc:/system/name-service/switch> setprop config/group = astring: "files nis"
svc:/system/name-service/switch> exit
root@acme1_z1:~# svcadm refresh name-service/switch

4. Start the NIS Client Service

Run the following command to enable the NIS client service:

# svcadm enable svc:/network/nis/client:default

Run the following command to verify if NIS client is running:

# svcs network/nis/client

5. Check if NIS maps can be retrieved

Run the command “ypwhich -m” to see if NIS maps can be retrieved.

Example:

root@acme1_z1:~# ypwhich  -m
networks.byaddr nis-master
netgroup.byuser nis-master
hosts.byname nis-master
protocols.bynumber nis-master
ipnodes.byname nis-master
protocols.byname nis-master
ipnodes.byaddr nis-master
passwd.byname nis-master
passwd.byuid nis-master
publickey.byname nis-master
ageing.byname nis-master
auth_attr nis-master
networks.byname nis-master
rpc.bynumber nis-master
user_attr nis-master
hosts.byaddr nis-master
auto.home nis-master
auto.master nis-master
services.byservicename nis-master
group.bygid nis-master
ypservers nis-master
netgroup nis-master
exec_attr nis-master
prof_attr nis-master
group.byname nis-master
netgroup.byhost nis-master
services.byname nis-master

If rpcbind service was not enabled for remote access, this command would fail with the following error:

Example:

root@acme1_z1:~# ypwhich  -m
ypwhich(dumpmaps): can't get maplist: RPC: Unable to receive; errno = Connection refused; System error

Add Your Comment