NIS
The NIS, formerly called the "Yellow Pages (YP)," is a distributed database system that enables the system administrator to administer the configuration of many hosts from a central location. Common configuration information, which would have to be maintained separately on each host in a network without NIS, can be stored and maintained in a central location and then propagated to all the nodes in the network. NIS stores information about workstation names and addresses, users, the network itself, and network services. This collection of network information is referred to as the NIS namespace. This chapter explains how to configure and administer the servers and clients in a NIS domain.
NOTE
The NIS was formerly known as Sun Yellow Pages (YP). The functionality of the two remains the same; only the name has changed. The name "Yellow Pages" is a registered trademark in the United Kingdom of British Telecommunications PLC, and it may not be used without permission.
NIS is a huge topic, which could potentially span several volumes. The purpose of this chapter is to prepare you for questions regarding NIS that might appear on the exam. I also want to provide an overview of NIS, complete enough so that you are equipped to set up a basic NIS network and have a basic understanding of its use. Before I begin a discussion of the structure of NIS, you need to be aware that the NIS administration databases are called maps. A domain is a collection of systems that share a common set of NIS maps.
Structure of the NIS Network
The systems within a NIS network are configured in the following ways:
Master server
Slave servers
Clients of NIS servers
The center of the NIS network is the NIS master server. The system designated as master server contains the set of maps that you, the NIS administrator, create and update as necessary. After the NIS network is set up, any changes to the maps must be made on the master server. Each NIS domain must have one, and only one, master server. The master server should be a system that can propagate NIS updates with minimal performance degradation.
In addition to the master server, you can create backup servers, called NIS slave servers, to take some of the load off the master server and to substitute for the master server if it is down. If you create a NIS slave server, the maps on the master server are transferred to the slave server. A slave server has a complete copy of the master set of NIS maps. If a change is made to a map on the master server, the updates are propagated among the slave servers. The existence of slave servers enables the system administrator to evenly distribute the load that results from answering NIS requests. It also minimizes the impact of a server becoming unavailable.
Typically, all the hosts in the network, including the master and slave servers, are NIS clients. If a process on a NIS client requests configuration information, it calls NIS instead of looking in its local configuration files. For group and password information and mail aliases, the /etc/files might be consulted first, then NIS might be consulted if the requested information is not found in the /etc/files.
Any system can be a NIS client, but only systems with disks should be NIS servers, whether master or slave. Servers are also clients of themselves.
As mentioned earlier, the set of maps shared by the servers and clients is called the NIS domain. The master copies of the maps are located on the NIS master server, in the directory /var/yp/<domainname>, in which domainname is a chosen name for your own domain. Under the domainname directory, each map is stored as two files: mapname.dir and mapname.pag. Each slave server has an identical directory containing the same set of maps.
When a client starts up, it broadcasts a request for a server that serves its domain. Any server that has the set of maps for the client's domain, whether it's a master or a slave server, can answer the request. The client "binds" to the first server that answers its request, and that server then answers all its NIS queries.
A host cannot be the master server for more than one NIS domain. However, a master server for one domain might be a slave server for another domain. A host can be a slave server for multiple domains. A client belongs to only one domain.
Determining the Number of NIS Servers You Need
The following guidelines can be used for determining the number of NIS servers that you need in your domain:
You should put a server on each sub network in your domain. When a client starts up, it broadcasts a message to find the nearest server. Solaris 2.6 does not require the server to be on the same subnet; however, earlier implementations of NIS historically have required that a server exist on every subnet using NIS.
In general, a server can serve about 30 NIS clients, if the clients and servers run at the same speed. If the clients are faster than the servers are, then you need more servers. If the clients are slower than the servers are, each server can serve 50 or more clients.
Determining Which Hosts Will Be NIS Servers
Determine which systems on your network will be NIS servers as follows:
Choose servers that are reliable and highly available.
Choose fast servers that are not used for CPU-intensive applications. Do not use gateways or terminal servers as NIS servers.
Distribute servers appropriately among client networks. Because a NIS client can bind only to a server on its own subnet, each subnet must have enough servers to accommodate the clients on that subnet.
Information Managed by NIS
NIS stores information in a set of files called maps. NIS maps were designed to replace UNIX /etc files, as well as other configuration files.
NIS maps are two-column tables. One column is the key and the other column is the information value related to the key. NIS finds information for a client by searching through the keys. Some information is stored in several maps because each map uses a different key. For example, the names and addresses of systems are stored in two maps: hosts.byname and hosts.byaddr. If a server has a system's name and needs to find its address, it looks in the hosts.byname map. If it has the address and needs to find the name, it looks in the hosts.byaddr map.
Maps for a domain are located in each server's /var/yp/<domainname> directory. For example, the maps that belong to the domain pyramid.com are located in each server's /var/yp/pyramid.com directory.
A NIS Makefile is stored in the /var/yp directory of the NIS server at installation time. If you run the /usr/ccs/bin/make command in that directory, makedbm creates or modifies the default NIS maps from the input files. For example, an input file might be /etc/hosts. By now, you should be familiar with the content of this file. Issue the following command to create the NIS map files:
cd /var/yp /usr/ccs/bin/make
NOTE
Never make the maps on a slave server. Always run the make command on the master server.
Creating NIS maps is described in more detail in the "Configuring a NIS Master Server" section.
Solaris provides a default set of NIS maps, described in Table 7-1. You might want to use all or only some of these maps. NIS can also use whatever maps you create or add if you install other software products.
Table 7-1 Default NIS Maps
|
Map Name |
Corresponding |
Description NIS Admin File |
|
bootparams |
bootparams |
This map contains the path names that file's clients need during start up: root, swap, and possibly others. |
|
ethers.byaddr |
ethers |
This map contains system names and Ethernet addresses. The Ethernet address is the key in the map. |
|
ethers.byname |
ethers |
This map is the same as ethers.byaddr, except that the key is the system name instead of the Ethernet address. |
|
group.bygid |
group |
This map contains group security information with GID (group ID) as the key. |
|
group.byname |
group |
This map contains group security information with group name as the key. |
|
hosts.byaddr |
hosts |
This map contains system name, and IP address, with IP address as the key. |
|
hosts.byname |
hosts |
This map contains system name and IP address, with system (host) name as the key. |
|
mail.aliases |
aliases |
This map contains aliases and mail addresses, with aliases as the key. |
|
mail.byaddr |
aliases |
This map contains mail address and alias, with mail addresses as the key. |
|
netgroup.byhost |
netgroup |
This map contains group name, user name, and system name, with the system name as the key. |
|
netgroup.byuser |
netgroup |
This map is the same as netgroup.byhost, except that key is the user name. |
|
netgroup |
netgroup |
This map is the same as netgroup.byhost, except that key is the group name. |
|
netid.byname |
passwd, |
This map is used for UNIX-style hosts and group authentication. Contains system name and mail address (including domain name). If there is a netid file available, it is consulted, in addition to the data available through the other files. |
|
netmasks.byaddr |
netmasks |
This map contains the network masks to be used with IP submitting, with the address as the key. |
|
networks.byaddr |
networks |
This map contains names of networks known to your system and their IP addresses, with the address as the key. |
|
networks.byname |
networks |
This map is the same as networks.byaddr, except the key is name of network. |
|
passwd.adjunct.byname |
passwd and |
This map contains auditing shadow information and the hidden password information for C2 clients. |
|
passwd.byname |
passwd and |
This map contains password shadow information with the user name as key. |
|
passwd.byuid |
passwd and |
This map is the same as passwd.byname, shadow except that key is user ID. |
|
protocols.byname |
protocols |
This map contains the network protocols known to your network with protocol as key. |
|
protocols.bynumber |
protocols |
This map is the same as protocols.byname, except that the key is protocol number. |
|
rpc.bynumber |
rpc |
This map contains program number and name of Remote Procedure Calls (RPCs) known to your system. The key is the RPC program number. |
|
services.byname |
services |
This map lists Internet services known to your network. The key is the port or protocol. |
|
services.byservice |
services |
This map lists Internet services known to your network. The key is the service name. |
|
ypservers |
N/A |
This map lists the NIS servers known to your network. |
The information in these files is put into NIS databases automatically when you create a NIS master server. Other system files can also be managed by NIS, if you want to customize your configuration.
NIS makes updating network databases much simpler than with the /etc file system. You no longer have to change the administrative /etc files on every system each time you modify the network environment. For example, if you add a new system to a network running NIS, you only have to update the input file in the master server and run /usr/ccs/bin/make. This process automatically updates the hosts.byname and hosts.byaddr maps. These maps are then transferred to any slave servers and made available to all the domain's client systems and their programs.
Just as you use the cat command to display the contents of a text file, you can use the ypcat command to display the values in a map. The ypcat basic syntax is:
ypcat <mapname>
In this case, mapname is the name of the map you want to examine.
You can use the ypwhich command to determine which server is the master of a particular map. Type the following:
ypwhich -m <mapname>
In this case, mapname is the name of the map whose master you want to find. ypwhich responds by displaying the name of the master server.