X

Best Practices from Oracle Development's A‑Team

Solaris on Exalogic - Setup NIS on Solaris 11.1

For those customers who are running the Solaris version of Exalogic Elastic Cloud Software 2.0.4.0.* on Exalogic will know that the Operating System has been upgraded from Solaris 11 Express to Solaris 11.1.

There is a MOS note (ID: 1491906.1) on how to setup NIS on Solaris 11 Express, it has helped a lot of customers to successfully configured NIS on their systems.

Experienced Solaris administrator should be able to follow the above note to configure the same on Solaris 11.1, this article serves the purpose of illustrating the differences between Solaris 11 Express and Solaris 11.1 when the steps are followed and highlights the additional step that is applicable to Solaris 11.1 only.

This article covers the following:

  • Steps to Configure NIS Master
  • Steps to Configure NIS Slave
  • Steps to Configure NIS Client

Steps to Configure NIS Master

The following steps must be performed as root user.

1. Install the package "service/network/nis"

Run the following command to check if the package has been installed:

root@nis-master:~# pkg info service/network/nis pkg: info: no packages matching the following patterns you specified are installed on the system.  Try specifying -r to query remotely:         service/network/nis

The above output indicates that the package is not installed.

To install the package, run the following command:

root@nis-master:~# pkg install service/network/nis            Packages to install:  2        Create boot environment: No Create backup boot environment: No             Services to change:  1 DOWNLOAD                                PKGS         FILES    XFER (MB)   SPEED Completed                                2/2         57/57      0.3/0.3  6.8M/s PHASE                                          ITEMS Installing new actions                       101/101 Updating package state database                 Done Updating image state                            Done Creating fast lookup database                   Done

2. Setup the NIS domain name

Notice that before NIS domain name is setup, the service "svc:/network/nis/domain" was disabled:

root@nis-master:~# svcs network/nis/domain STATE          STIME    FMRI disabled       10:17:04 svc:/network/nis/domain:default

Setup the domain name by running the following command (using "us.oracle.com" as an example):

root@nis-master:~# domainname us.oracle.com

Notice that the file /etc/defaultdomain has been automatically created and the service "svc:/network/nis/domain" is now online.

root@nis-master:~# cat /etc/defaultdomain us.oracle.com root@nis-master:~# svcs network/nis/domain STATE          STIME    FMRI online         10:17:08 svc:/network/nis/domain:default

3. Setup the domain name for NFSv4

NFSv4 domain must be set to the same NIS domain name for all clients and servers.

Example:

root@nis-master:~# sharectl set -p nfsmapid_domain=us.oracle.com nfs

4. Ensure /etc/hosts has entries for the NIS master and NIS slave(s)

Ensure all clients and servers have the right entries for NIS master and NIS slave(s) defined in their /etc/hosts file.

Example:

root@nis-master:~# cat /etc/hosts # # Copyright 2009 Sun Microsystems, Inc.  All rights reserved. # Use is subject to license terms. # # Internet host table # ::1 nis-master localhost 127.0.0.1 nis-master localhost loghost 192.168.25.111  nis-master 192.168.25.112  nis-slave

5. Create a source directory and copy the source files there

Create a "src" directory under the directory "/var/yp" and copy the source files there:

root@nis-master:/var/yp# mkdir src root@nis-master:/var/yp# cd /etc root@nis-master:/etc# cp auto_home auto_master bootparams ethers group hosts netgroup netmasks networks passwd protocols publickey rpc services shadow timezone user_attr   /var/yp/src cp: cannot access bootparams cp: cannot access ethers cp: cannot access netgroup cp: cannot access timezone

Notice that the files bootparams, ethers, netgroup and timezone are not present

6. Edit the NIS Makefile

Note that if you don't have the package "service/network/nis" installed, the Makefile is not present.

Example:

# cp /var/yp/Makefile /var/yp/Makefile.orig # vi /var/yp/Makefile

In VI mode modify "DIR" and "PWDIR" entries inside Makefile to reflect the location of the alternate directory used in above step 5.

In this example it will be DIR=/var/yp/src and PWDIR=/var/yp/src

If you wish NIS to resolve hosts through DNS comment out "B=" and uncomment "B=-b" inside Makefile. Locate the target labeled " all: " and remove any map from the definition that does not have a corresponding file and will not be used as part of this service. For e.g. bootparams, ethers, and timezone files do not exist by default and may be removed. Because these may avert errors during the make process.

Note: If the netgroup map is to be used later, but does not yet exist, create a placeholder for this in the target directory as follows.

# touch /var/yp/src/netgroup

Example of "all:" label in Makefile:

all: passwd group hosts ipnodes networks rpc services protocols \         netgroup publickey c2secure \         auto.master auto.home ageing \         auth.attr exec.attr prof.attr user.attr

7. Initialize the server

Go to the directory "/var/yp" and run the command "/usr/sbin/ypinit -m" to initialize the NIS server.

Example:

root@nis-master:/var/yp# /usr/sbin/ypinit -m In order for NIS to operate successfully, we have to construct a list of the NIS servers.  Please continue to add the names for YP servers in order of preference, one per line.  When you are done with the list, type a <control D> or a return on a line by itself.         next host to add:  nis-master         next host to add:  nis-slave         next host to add:  ^D The current list of yp servers looks like this: nis-master nis-slave Is this correct?  [y/n: y] Installing the YP database will require that you answer a few questions. Questions will all be asked at the beginning of the procedure. Do you want this procedure to quit on non-fatal errors? [y/n: n] OK, please remember to go back and redo manually whatever fails.  If you don't, some part of the system (perhaps the yp itself) won't work. The yp domain directory is /var/yp/us.oracle.com There will be no further questions. The remainder of the procedure should take 5 to 10 minutes. Building /var/yp/us.oracle.com/ypservers... Running /var/yp /Makefile... updated passwd updated group updated hosts updated ipnodes updated networks updated rpc updated services updated protocols updated netgroup updated publickey updated auto.master updated auto.home updated ageing updated auth_attr updated exec_attr updated prof_attr updated user_attr nis-master has been set up as a yp master server without any errors. If there are running slave yp servers, run yppush now for any data bases which have been changed.  If there are no running slaves, run ypinit on those hosts which are to be slave servers.

8. Enable Remote Access of rpcbind (New in Solaris 11.1)

By default rpcbind service is restricted to local only, to enable remote access of rpcbind, the parameter "config/local_only" must be set to false. It is required for NIS client to communicate with NIS server over the network.

Example:

root@nis-master:~# svccfg -s network/rpc/bind svc:/network/rpc/bind> listprop config config                      application config/allow_indirect      boolean     true config/enable_tcpwrappers  boolean     false config/local_only          boolean     true config/value_authorization astring     solaris.smf.value.rpc.bind config/verbose_logging     boolean     false svc:/network/rpc/bind> setprop config/local_only = boolean: false svc:/network/rpc/bind> exit root@nis-master:~# svcadm refresh network/rpc/bind

Please ensure the service "network/rpc/bind" is refreshed after the change.

Steps to Configure NIS Slave

The following steps must be performed as root user.

1. Prepare NIS Slave server

Follow step 1 to 4 of the section "Steps to Configure NIS Master"

2. Start the NIS Client service

Run the following command to enable the NIS client service:

# svcadm enable svc:/network/nis/client:default

Run the following command to verify if NIS client is running:

# svcs network/nis/client

3. Configure name-service/switch to use NIS

In Solaris 11.1, the file /etc/nsswitch.conf is not to be modified directly but through the Service Management Facility (SMF).

Example:

root@nis-slave:~# svccfg -s name-service/switch svc:/system/name-service/switch> listprop config config                      application config/default             astring     files config/value_authorization astring     solaris.smf.value.name-service.switch config/host                astring     "files dns mdns" config/printer             astring     "user files" svc:/system/name-service/switch> setprop config/password = astring: "files nis" svc:/system/name-service/switch> setprop config/group = astring: "files nis" svc:/system/name-service/switch> exit root@nis-slave:~# svcadm refresh name-service/switch

4. Initialize NIS Slave server

Run the command "/usr/sbin/ypinit -s master_machine_name" to initialize NIS slave server.

Example:

root@nis-slave:~# /usr/sbin/ypinit -s nis-master Installing the YP database will require that you answer a few questions. Questions will all be asked at the beginning of the procedure. Do you want this procedure to quit on non-fatal errors? [y/n: n] OK, please remember to go back and redo manually whatever fails.  If you don't, some part of the system (perhaps the yp itself) won't work. The yp domain directory is /var/yp/us.oracle.com There will be no further questions. The remainder of the procedure should take a few minutes, to copy the data bases from nis-master. Transferring networks.byaddr... Transferring netgroup.byuser... Transferring hosts.byname... Transferring protocols.bynumber... Transferring ipnodes.byname... Transferring protocols.byname... Transferring ipnodes.byaddr... Transferring passwd.byname... Transferring passwd.byuid... Transferring publickey.byname... Transferring ageing.byname... Transferring auth_attr... Transferring networks.byname... Transferring rpc.bynumber... Transferring user_attr... Transferring hosts.byaddr... Transferring auto.home... Transferring auto.master... Transferring services.byservicename... Transferring group.bygid... Transferring ypservers... Transferring netgroup... Transferring exec_attr... Transferring prof_attr... Transferring group.byname... Transferring netgroup.byhost... Transferring services.byname... nis-slave's nis data base has been set up  without any errors.

5. Start NIS Server Service

Run the following command to enable the NIS server service:

# svcadm enable svc:/network/nis/server:default

Run the following command to verify if NIS server is running:

# svcs network/nis/server

6. Enable Remote Access of rpcbind (New in Solaris 11.1)

Refer to step 8 of "Steps to Configure NIS Master"

Steps to Configure NIS Client

The following steps must be performed as root user.

1. Prepare NIS Client

Follow step 2 to 4 of the section "Steps to Configure NIS Master"

2. Initialize the NIS client

Run the command "/usr/sbin/ypinit -c" to initialize NIS client.

Example:

root@acme1_z1:~# /usr/sbin/ypinit -c In order for NIS to operate successfully, we have to construct a list of the NIS servers.  Please continue to add the names for YP servers in order of preference, one per line.  When you are done with the list, type a <control D> or a return on a line by itself.         next host to add:  nis-master         next host to add:  nis-slave         next host to add:  ^D The current list of yp servers looks like this: nis-master nis-slave Is this correct?  [y/n: y]

3. Configure name-service/switch to use NIS

In Solaris 11.1, the file /etc/nsswitch.conf is not to be modified directly but through the Service Management Facility (SMF).

Example:

root@acme1_z1:~# svccfg -s name-service/switch svc:/system/name-service/switch> listprop config config                      application config/default             astring     files config/value_authorization astring     solaris.smf.value.name-service.switch config/host                astring     "files dns mdns" config/printer             astring     "user files" svc:/system/name-service/switch> setprop config/password = astring: "files nis" svc:/system/name-service/switch> setprop config/group = astring: "files nis" svc:/system/name-service/switch> exit root@acme1_z1:~# svcadm refresh name-service/switch

4. Start the NIS Client Service

Run the following command to enable the NIS client service:

# svcadm enable svc:/network/nis/client:default

Run the following command to verify if NIS client is running:

# svcs network/nis/client

5. Check if NIS maps can be retrieved

Run the command "ypwhich -m" to see if NIS maps can be retrieved.

Example:

root@acme1_z1:~# ypwhich  -m networks.byaddr nis-master netgroup.byuser nis-master hosts.byname nis-master protocols.bynumber nis-master ipnodes.byname nis-master protocols.byname nis-master ipnodes.byaddr nis-master passwd.byname nis-master passwd.byuid nis-master publickey.byname nis-master ageing.byname nis-master auth_attr nis-master networks.byname nis-master rpc.bynumber nis-master user_attr nis-master hosts.byaddr nis-master auto.home nis-master auto.master nis-master services.byservicename nis-master group.bygid nis-master ypservers nis-master netgroup nis-master exec_attr nis-master prof_attr nis-master group.byname nis-master netgroup.byhost nis-master services.byname nis-master

If rpcbind service was not enabled for remote access, this command would fail with the following error:

Example:

root@acme1_z1:~# ypwhich  -m ypwhich(dumpmaps): can't get maplist: RPC: Unable to receive; errno = Connection refused; System error

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.Captcha

Recent Content