Novell Doc: NW 6.5 SP8: AFP, CIFS, and NFS (NFAP) Administration Guide

7.15 Managing NIS Server

There is an NIS Server object in eDirectory called NISSERV_ Servername, which is created during installation. The migration utility adds the domain details to this object when a domain is migrated. NIS Server services the list of domains present in this object.

For every user moved, NIS Server updates the user’s Group Membership attribute and gives rights equivalent to that of the Group.

For more information about NIS, see Section 7.5, Network Information Service.

This section includes the following:

7.15.1 iManager-Based Management for NIS Server

You can perform the following administrative tasks using iManager:

In iManager, click File Protocols > NFS Server to view the NFS Services Administration page. Use the object selector to select the server.

Migrating NIS Maps to eDirectory

On the NFS Services Administration page, click Migrate NIS Maps in the NIS Server Management section to display the Migration page.

Figure 7-12 NIS Maps Migration Page

This page lets you set the parameters to migrate the NIS maps to eDirectory.
Make the changes as required.

Refer to the online help for details on parameters.
Do one of the following:
- Click Migrate to migrate the domain for default maps. The default maps are ethers, hosts, networks, protocols, rpc, services, passwd, group, netgroup, bootparams, and ypservers.
- Click Cancel to cancel the modifications and return to the NFS Services Administration page.
(Optional) Click Advanced to display the Advanced Migration Option page where you can set map options for migration.

Figure 7-13 Advanced Migration Options

Use this page to add new or edit properties NIS default maps as well as other maps.
1. Make the changes as required.
  
  Refer to the online help for details on parameters.
2. Do one of the following:
  - Click OK to saves the changes made in this page for migration, then return to the Migration page.
  - Click Cancel to discard the changes made in this page, then return to the Migration page.

Directory Access

On the NFS Services Administration page, click Directory Access to display the Directory Access page.

Figure 7-14 Directory Access Page

This page lets you set the source of user and group information to eDirectory or NIS Server. You can also enable NIS client access.
Make the changes as required.

Refer to the online help for details on parameters.
Do one of the following:
- Click OK to update the sys:\etc\nis.cfg.
  
  If NISBIND is running on the server and NIS Domain and NIS Server Hostname/IP were specified, then ypset is executed on the server to change the NIS bindings to the specified domain and server. If the specified NIS server is running and serving the specified domain, NISBIND is bound to that server for the specified domain. For status of the ypset execution, see the server logger screen.
- Click Cancel to cancel the modifications you made and return to the NFS Services Administration page.

Modifying NIS Server Settings

On the NFS Services Administration page, click NIS Server Settings to display the NIS Server Settings page.

Figure 7-15 NIS Server Settings Page

Use this page to modify the general configurable parameters of NIS Server, such as the map refresh frequency, log file path, maximum number of log messages, enabling Interdomain resolution, and changing the log file error level.
Make the changes as required.

Refer to the online help for information on parameters.
Click OK to update the sys:\etc\nis.cfg.

Or

Click Cancel to cancel the modifications you made and return to the NFS Services Administration page.
For the changes to take effect, stop and start NFS Services on the NFS Services Administration page.

Updating Slave Servers

On the NFS Services Administration page, click Update Slave Servers to display the Update Slave Servers page.

Figure 7-16 Update Slave Servers

Use this page to update NIS Slave servers by executing the yppush utility on the Master NIS Server.
Make the changes as required. Refer to the online help for information on parameters.
Click OK to execute the yppush utility and then returns you to the NFS Services Administration screen.

The yppush utility copies a new version of the named Network Information Service (NIS) map from the master NIS server to the slave NIS servers. The yppush utility is normally run only on the master NIS server after the master databases are changed and the change has to be updated in the NIS slave servers immediately. The yppush utility first constructs a list of NIS slave server hosts by reading the NIS map ypservers within the same domain, then a transfer map request is sent to the slave NIS server on each host.

Or

Click Cancel to discard the modifications you made and return to the NFS Services Administration screen.

Changing NIS Passwords

On the NFS Services Administration page, click Change NIS Password to display the Change NIS User Password page.

Figure 7-17 Change NIS User Password

Use this page to change the password of a user in all the domains that the user belongs to.
Make the changes as required.

Refer to the online help for information on parameters.
Click OK to read the list of domains the user belongs to from eDirectory, change the user password all those domains, then return to the NFS Services Administration screen.

Or

Click Cancel to discard the modification you made, and then return to the NFS Services Administration screen.

7.15.2 File-Based Management for NIS Server

NIS Server Configuration Parameters

The configuration parameters required for NIS Services are available in the nis.cfg file. The following table lists the parameters in nis.cfg.

Parameter	Default Value	Description
NIS_SERVER_CONTEXT		The eDirectory context where the NIS server object is created. It holds all the domain FDNs, and the NIS server reads the domains from here.
NIS_SERVER_NAME		The name by which the NIS server is referenced. By default, the NISINST utility creates an object named NISSERV_ ServerName.
INTERDOMAIN_RESOLUTION	0	Specifies whether interdomain resolution is allowed or not. If allowed, DNS is contacted for hostname resolution even if NIS is not running. This is used for host maps only.
FILEMARK_LOG_FREQ	100	Puts the file in the log after parsing the specified number of records. This is used by the migration utility when the administrator wants to migrate maps that have large records. After transferring a number of records successfully, an index is maintained. If a transfer breaks, it can start from the index kept previously.
LOG_FILE_PATH	sys:etc\nis	The path in the NetWare server where you want to write the log file for migration.
MAX_LOG_MSG	5000	Upper limit of number of log messages that can be logged. The information is specific to each log file. By default the last 5000 messages are displayed. If the number of log messages is set to n, the last n messages are retained.
NIS_LOG_LEVEL	7	The log level indicates the types of messages to be logged. You can either select one of these or a combination of these. To get the combination, add two or more log levels. For example, to get Error and Information Messages, set the Log level to, 5= (1+4). By default, you get all the messages.
MAP_REFRESH_DEFAULT	24:00:00	Specifies the default time interval for refreshing the maps by synchronizing the maps in the slave server with the master.
NIS_ADMIN_OBJECT_ CONTEXT		The context where the NIS Admin object is created.

Setting Up a NetWare Server As a NIS Master

Copy the NIS-related text files required for the domain (they are available in /etc in UNIX) from the UNIX machine into sys:\etc\nis.
(Conditional) Set up another NIS server as a slave to this NIS server:
1. Create a text file called YPSERV in sys:\etc\nis. For every slave server, provide the hostname of the slave server in this file in the following format:
```
slaveserverhostname1 slaveserverhostname1 
```
```
slaveserverhostname2 slaveserverhostname2 
```
  NOTE:The first field should not be IP Address.
2. Specify the YPSERVERS map entry in sys:\etc\nis\nismake with its path in the following format:
```
YPSERVERS sys:\etc\nis\ypserv
```
Migrate the domain. For migration information, see File-Based Migration.
Load nisserv.nlm.

The NetWare NIS Server is now set up as a master NIS Server.
(Conditional) If the map data in this NIS master is modified at any time, and the changes need to be immediately updated in the slave servers, then execute the following command:

yppush -d domainname [-v] mapname

NOTE:The changes on the NIS master are periodically updated on the slave servers.

Setting Up a NetWare Server as NIS Slave Server

While setting up the UNIX machine as the master, add the NetWare server name to the slave server list.
In the NetWare server, make sure that the parameter NIS_CLIENT_ACCESS=1 is in the sys:\etc\nfs.cfg file.
Set the domain to the one that is being served by the UNIX NIS server, using the following command:
```
ypset domainname hostname
```
Ensure that nisserv.nlm is loaded.
Run MKSLAVE to set up the NetWare machine as a slave, using the following parameters:
```
mkslave -d domainname -m master [-x contextname]
```

Setting Up a NetWare Server As a NIS Client

Run NFSSTOP.
In the NetWare server, make sure that the parameter NIS_CLIENT_ACCESS=1 is in the sys:\etc\nfs.cfg file
Run NFSSTART.
Set the default domain by specifying
```
ypset domainname hostname/IP_address 
```

Setting Password of NIS User

From UNIX

Bind to a domain which contains the user.
Execute the yppasswd command and follow the on-screen instructions.

From NetWare Console

Execute the following command:

yppasswd [username]

Where username specifies the user’s name. It can be the fully qualified username (for example,.username.domainname_U.novell) or the user’s common name (for example, user1).
Follow the on-screen instructions to specify the old password and then the new password.

This command reads the list of domains the user belongs to from eDirectory and changes the user's password on all those domains.

7.15.3 ConsoleOne Management for NIS Server

NIS Server Configuration Parameters

To configure the parameters required for NIS services, right-click NISSERVER_ servername, then click Properties. A dialog box similar to the following appears:

Figure 7-18 NIS Parameters Dialog Box

Map Refresh Frequency: The frequency at which all the records of the map should be refreshed. Range = 1 to 2400 hours (100 days).

Log File Path: The path to the NetWare server where you want to write the NIS log files.

Maximum Log Messages: The maximum number of log messages that can be logged. The information is specific to each log file. By default, the last 5000 messages are displayed. If the number of log messages is set to n, the last n messages are retained.

Log File Error Level: The level of error messages written to the audit.log file. Select an error level from the drop-down list.

Enable Interdomain Resolution: Check this box to allow interdomain resolution. DNS is then contacted for hostname resolution for NIS client calls on host maps only.

Viewing Domains Served by NIS Server

To view the domains served by the NIS Server, right-click NISSERVE_ servername, then click Properties > Memberships. A dialog box similar to the following appears.

Figure 7-19 NIS Server Membership Dialog Box

You can add or delete domains from this dialog box. For more details, see the online help.

Setting Up a NetWare Server as a NIS Master

Copy the NIS-related text files required for the domain from the UNIX machine (which are available in /etc in UNIX) to sys:\etc\nis.
(Conditional) Set up another NIS server as slave to this NIS server.
1. Create a text file called YPSERV in sys:\etc\nis. For every slave server specify the hostname of the slave server in this file in the following format:
```
slaveserverhostname1 slaveserverhostname1 
```
```
slaveserverhostname2 slaveserverhostname2 
```
  NOTE:The first field should not be IP Address.
2. Specify the YPSERVERS map entry in sys:\etc\nis\nismake with its path in the following format:
```
YPSERVERS sys:\etc\nis\ypserv
```
Migrate the domain.

For migration information, see ConsoleOne Migration.
Start NISSERV.
(Conditional) Use the YPPUSH utility to update the slave NIS Server.

The YPPUSH utility copies a new version of the named NIS map from the master NIS server to the slave NIS servers. The YPPUSH utility is normally run only on the master NIS server after the master databases are changed and the changes need to be updated in the NIS slave servers immediately. The YPPUSH utility first constructs a list of NIS slave server hosts by reading the NIS map Ypservers within the same domain. Then a transfer map request is sent to the NIS server on each host.

Right-click NISSERV_ servername, then click Update Slave Server. A dialog box similar to the following appears:

Figure 7-20 YPPUSH Dialog Box

Specify the required details such as HostName or IP Address of the Master Server, Domain Name, and Map Name. For more details, see the online help.

NOTE:The changes done to the NIS master are periodically updated on the slave servers.

Setting up a NetWare Server as a NIS Slave Server

While setting up the UNIX machine as the master, add the NetWare server name to the slave server list.
In the left pane of ConsoleOne, click The Network.
Select the server tree where you want to manage the domains and maps.
Click the M icon on the toolbar to display the Migration dialog box.
Specify the NetWare hostname/IP address, slave Domain Name, and context where the Domain object is to be created, to migrate a domain.
Deslect Set the Specified Host As Master Server to set the NIS Server as slave for this specified domain.
Specify the master server's name /IP address in the save server information.
Click Migrate to migrate the domain.

Configuring eDirectory Objects to Be Served by NIS Server

NIS Server recognizes eDirectory users and groups as NIS users and groups only if they have a UNIX profile attached to them. To configure existing eDirectory User or Group objects to be served by NIS Server:

Select the eDirectory User or Group object, right-click Properties, then click UNIX Profile. Specify information in the required fields in this page.
In the Other tab, click Add > nisUserGroupDomain Attribute.
Browse and select the NIS Domain object that you want to attach these users and groups to.

This is a multivalued attribute and you can attach as many NIS domains to this as you want. These users and groups now belong to these NIS domains and are listed under all these domains.
Verify that the eDirectory context that these user and groups exist in is listed in the NIS Domain object by right-clicking Domain Object, then clicking Properties > Memberships.

You can create new NIS maps and NIS map records under the NIS domain object as you create normal eDirectory objects.

NOTE:No objects are under the passwd and group Map objects in the domain. When managing NIS through ConsoleOne, eDirectory objects of type ipService and nisObject cannot be created.

Managing NIS Data in eDirectory

After migration, the NIS maps and records are available as objects under the migrated NIS domain object.

Figure 7-21 Maps under the Migrated Domain

When a client call is made to this domain, the NIS Server lists the data present under the corresponding Domain object. However, for user and group details, it looks for users and groups belonging to the domain under the contexts specified by an attribute of the Domain object.

To view the list of contexts where the users and groups are located, right-click the Domain object, then click Properties > Membership. A dialog box similar to the following appears.

Figure 7-22 Domain Properties Dialog Box

If the NetWare NIS Server is a slave for a domain and the master NIS server for that domain is changed to some other server, to get the updates from the new master you need to change the NIS master server name for the Domain object in the NetWare NIS slave server.

Right-click the Domain object, then click Change Master. A dialog box similar to the following appears:

Figure 7-23 Change Master Dialog Box

Specify the IP address of the new NIS master server. The NIS slave server now contacts the new master server for updates on all the maps under this domain.

You can view the properties for each map. Right-click Map Object > click Properties. A property page similar to the following appears:

Figure 7-24 General Map Properties Property Page

Map Master: The name of the master server serving this map.

Map Last Modified: The last time the map was modified by adding or removing records.

Is Map Secure: Sets the secure flag of the map when checked.

Description: Any general comments that you want to record.

Click each map to perform operations on it and to see the records under the map.

To add an object to a map, right-click the map in the left pane, click New, select the object, then specify the details of the object in the dialog box.

Although the dialog boxes for records on the same map are the same, they differ from map to map.

Administering Maps

The following figures show the main map property pages and are followed by procedures for using each page's basic fields. Using these pages, you can view or modify the map record's properties. The standard fields remain the same.

Figure 7-25 Ethers Map Records Property Page

This property page shows the Ethernet address of the host.

The standard address form is x: x: x: x: x: x, where x is a hexadecimal number.

Click the icon to specify the Ethernet address of the host, click Apply, then click OK.

Figure 7-26 Boot Map Records Property Page

To add the device's boot parameter, click Add, specify the boot parameter of the device in the Boot Parameter field, click Apply, then click OK.
To delete the device's boot parameter, select the boot parameter of the device in the Boot Parameter field, click Delete, click Apply, then click OK.

Figure 7-27 Host Map Records Property Page

To add the host address, click Add, specify the IP address of the host, click Apply, then click OK.

The network addresses are written in the conventional decimal dot notation.
To delete the host address, select the host's IP address from the IP Address field, click Delete, click Apply, then click OK.

Figure 7-28 Netgroup Map Records Property Page

To add a netgroup address, specify the name of the Map Record, browse for the Map Name, specify the map Description, click Apply, then click OK.

Figure 7-29 Network Map Records Property Page

To specify the IP Network Number, click Browse, specify the network number, then click OK.
To specify the IP Netmask Number, click Browse, specify the netmask number, click OK, specify the description of the record, click Apply, then click OK.

Figure 7-30 Protocols Map Records Property Page

Specify the IP Protocol Number and a brief description of the record.
Click Apply, then click OK.

Figure 7-31 RPC Map Records Property Page

In the ONC RPC Number field, specify the RPC number of the program.
Specify a brief Description of the record.
Click Apply, then click OK.

Figure 7-32 Services Map Records Property Page

In the IP Service Port field, specify the port number that this service is available on.
In the IP Service Protocol field, specify the protocol used to access the specified service.
Specify a brief description of the record.
Click Apply, then click OK.

Figure 7-33 General Map Records Properties

In the Map Record field, specify the map record using the following format:
```
key record
```
Specify the Map Name that the record belongs to.
Provide a brief Description of the record.
Click Apply, then click OK.

Starting and Stopping NIS Server from ConsoleOne

Right-click NISSERV_ servername, then click Start/Stop Services.

NOTE:You can start and stop the NIS Services by using the NIS Server menu. Make sure to refresh ConsoleOne after changing the status of NIS using the menu.