NIS,NIS+ on SunOS 4.1.x and Solaris 2.x

NIS,NIS+ on SunOS 4.1.x and Solaris 2.x

Post by Devin L. Gang » Thu, 08 Jan 1998 04:00:00



         1         2         3         4         5         6         7         8
12345678901234567890123456789012345678901234567890123456789012345678901234567890

Hello, all.

I have a Sparc 4/20 running SunOS 4.1.4, an Auspex enterprise file server
running its own modified SunOS 4.1.3x, a Sun 690 with Solaris 2.5, and
an UltraSparc 2 and a handful of Intel boxen running Solaris 2.6.

Currently, my 4/20 is the main RADIUS/user server.  We are currently
running no form of NIS.  The 4/20 is pretty overloaded, as the former
"sysadmin" believed in minimal effort, was scared of the Auspex, and
didn't know how to do things the right way.  He piled a bunch of services
onto this thing, and consequently, it's not very stable.

I'm trying to bring some of these other boxen in to take over services
currently being performed by the 4/20, which will allow me to eventually
take it offline long enough to nuke it and stick Solaris 2.6 on it.
However, I'm obviously going to need to do some sort of centalized
management such as NIS/NIS+, which I've not used before.

I've been downloading whitepapers left and right, and have persuaded my
boss to order some of the 2.6 documentation for me (I have the 4.1.4
books already), and have the O'Reilly _Managing NFS and NIS_ book, so
I've got plenty of reading, but I don't have anything currently that
really goes into detail about NIS+.

What is my best option here?  I'd prefer to go with NIS+, if I have to
do this at all, in order to keep things as secure as possible, but from
what I know, since I have the two 4.1.x boxen I can't do that.

How hard is it going to be to transfer the current password files off
of the 4.1.4 box into an NIS master?  Is there any reading material out
there that can help me gain some insight into this godawful mess I'm
about to plow into?

Thanks in advance; if you email me your responses, I'll compile the results
and post them here.

--

Chief Systems Administrator
Premier1 Internet Services

 
 
 

NIS,NIS+ on SunOS 4.1.x and Solaris 2.x

Post by Logan Sh » Thu, 08 Jan 1998 04:00:00




Quote:>     1         2         3         4         5         6         7         8
>12345678901234567890123456789012345678901234567890123456789012345678901234567890

Yikes.  I think I actually *like* that ruler.

Quote:>I've been downloading whitepapers left and right, and have persuaded my
>boss to order some of the 2.6 documentation for me (I have the 4.1.4
>books already), and have the O'Reilly _Managing NFS and NIS_ book, so
>I've got plenty of reading, but I don't have anything currently that
>really goes into detail about NIS+.

http://docs.sun.com should have lots of information.  Look for
the documents called "Solaris Naming Setup and Configuration Guide"
and "Solaris Naming Administration Guide".

Quote:>What is my best option here?  I'd prefer to go with NIS+, if I have to
>do this at all, in order to keep things as secure as possible, but from
>what I know, since I have the two 4.1.x boxen I can't do that.

Supposedly, NIS+ has an NIS-compatibility mode in which NIS+ servers
can pretend to be NIS servers.  This doesn't do wonders for the security
advantages of NIS+, but at least you can go with NIS+ and then turn
off NIS compatibility later when you don't have SunOS 4.1.x anymore.

Quote:>How hard is it going to be to transfer the current password files off
>of the 4.1.4 box into an NIS master?  Is there any reading material out
>there that can help me gain some insight into this godawful mess I'm
>about to plow into?

NIS+ isn't really *that* big of a mess.  I figured out how to make it
work (having already used NIS alot) in about a day or two.  The key
things you have to get straight in your head are:

1.  NIS+ servers and clients have to authenticate to each other; it's
        not just done with TCP/IP broadcasts like NIS was.

2.  Users using NIS+ need to be setup so they can use their passwords
        to login as well as decrypt their private key for NIS+-related
        authentication.  nispasswd will take care of this automatically
        in most cases, but you do need to be careful, especially when
        creating new users and credentials for them.

3.  Solaris 2.6 supposedly adds a way to dump the NIS+ databases to
        text files for system recovery purposes, and you should use
        this.

4.  Newly installed NIS+ client systems have to be given seed info
        so they can contact NIS+ servers.  This is similar to the
        root cache data for a DNS server, except that it's not the
        same for every site everywhere.

Of course, there's other stuff, but those were the things that weren't
clear to me from reading the documentation (perhaps because it was
assumed I knew the basics of how NIS+ works, which I didn't).

You might want to also go search some Sun site for a Whitepaper about
NIS+.  I think there may be one, and it might give you a good overview
of what's really going on with the system and why it is the way it is,
which is something that often helps you understand how to use it better.

Hope that helps.

  - Logan

 
 
 

1. NIS on SunOS to NIS on Solaris problems

Boy could I use some advice and suggestions.  Does anyone have a list of
advice and pitfalls to lookout for when converting from NIS on SunOS to NIS
on Solaris?  The key problem we're having is that our makes return numerous
"Error 138" errors.

In addition to posting a response, if you could email me as well, that'd be
great.

THX, Scott

2. using a device in O_DIRECT mode through a FS

3. SunOS 4.1.X NIS+ binary problems

4. Bug in ispell

5. SunOS 4.1.3C NIS/DNS problems

6. SAMBA: Any IDEAS?

7. Password aging with NIS under SunOS 4.1.x

8. Info on 386BSD UNIX???

9. Need help setting NIS+ replica on SunOS 4.1.x

10. Problem with NIS group map on Sunos 4.1.x

11. SunOS 4.1 as NIS client

12. RFH: SunOS NIS users can't "automount" their home directory from NIS+ Server

13. Solaris 2.3 NIS+ Upgrade to Solaris 2.5 NIS+ Question!