There are a number of day-to-day tasks in NIS management. Some of these tasks include updating NIS maps on master and slave servers, managing user accounts and passwords, and maintaining security. These tasks are discussed next .
NIS maps can be updated on the master server using the /var/yp/ypmake command. It reads ASCII files and regenerates the required NIS maps. For example, if you change the shell of a user in the /etc/passwd file, the following command updates the passwd.byname and passwd.byuid maps and pushes to slave NIS servers.
# /var/yp/ypmake For NIS domain testdom: Building the passwd map(s)... passwd build complete. Pushing the passwd map(s): passwd.byname passwd.byuid The group map(s) are up-to-date. The hosts map(s) are up-to-date. The networks map(s) are up-to-date. The rpc map(s) are up-to-date. The services map(s) are up-to-date. The protocols map(s) are up-to-date. The netgroup map(s) are up-to-date. The aliases map(s) are up-to-date. The publickey map(s) are up-to-date. Building the netid map(s)... netid build complete. Pushing the netid map(s): netid.byname The auto_master map(s) are up-to-date. ypmake complete: no errors encountered. #
NIS maps from the master server are transferred to the slave server at the time of configuring the slave server. These maps should be updated periodically using the ypxfr command on all slave servers or the yppush command on the master server. The yppush command initiates the ypxfr command on slave servers, which then uses the ypxfrd daemon to transfer updated maps from the master server. These commands should be invoked using cron on a regular basis. The following command copies the passwd.byname map from the master server.
ypxfr passwd.byname
In addition to these two commands, NIS comes with scripts in the /var/yp directory that can be used with cron for the regular update of NIS maps on all clients . These scripts are preconfigured to update appropriate maps at regular time intervals.
ypxfr_1perhour | This script should be invoked every hour . |
ypxfr_1perday | This should be invoked once per day. |
ypxfr_2perday | This should be invoked twice every day. |
Sample cron entries for these scripts are as shown here.
1 * * * * /var/vp/ypxfr_1perhour 1 1 * * * /var/vp/ypxfr_1perday 1 2,14 * * * /var/vp/ypxfr_2perday
The first script is executed at the first minute of every hour. The second script is executed at the first minute of 1 a.m. every day. The third script is executed at the first minute of 2 a.m. and 2 p.m. every day.
You can change a password on a client host in the normal way using the passwd command. When you use this command, it contacts the rpc.yppasswdd daemon on an NIS server. This daemon verifies the old password and updates its ASCII password file as well as the NIS maps. The old way of changing a password on an NIS server is through the use of the yppasswd command. Its use is similar to the passwd command. The following session is used to change the password for user boota on an NIS server using the yppasswd command.
# yppasswd boota Changing password for boota on NIS server Old NIS password: New password: Re-enter new password: NIS(YP) passwd/attributes changed on myhp, the master NIS server. #
If the user is not being administered by NIS and his or her login name and password resides in the local /etc/passwd file on the local system, the NIS server is not contacted and the change is made locally. Commands for changing a password use the rpc.yppasswdd daemon and can be executed on any NIS client machine.
The rpcinfo command is used for troubleshooting purposes. It can be used to verify that an NIS server is running and responding to client's requests . The following command lists RPC services registered on NIS server myhp .
# rpcinfo -s myhp program version(s) netid(s) service owner 100000 2,3,4 udp,tcp,ticlts,ticotsord,ticots rpcbind superuser 100024 1 tcp,udp status superuser 100021 2,4,3,1 udp,tcp nlockmgr superuser 100020 1 tcp,udp llockmgr superuser 100068 5,4,3,2 udp cmsd superuser 100083 1 tcp ttdbserver superuser 100069 1 tcp,udp ypxfrd superuser 100028 1 udp,tcp ypupdated superuser 100029 2,1 ticots,ticotsord,ticlts keyserv superuser 100004 1,2 tcp,udp ypserv superuser 100009 1 udp yppasswdd superuser 100007 1,2 udp,tcp ypbind sys #
Make sure that the NIS server processes are present in this list. To check the response of a particular service, you can send a request to it using the TCP or UDP protocol. The following command sends a UDP request to ypserv on host myhp .
# rpcinfo -u myhp ypserv program 100004 version 1 ready and waiting program 100004 version 2 ready and waiting #
The output of the command shows that ypserv is running and accepting requests at program number 100004. More information about rpcinfo is presented in the next chapter.
Top |