Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!simtel!swidir.switch.ch!newsfeed.ACO.net!Austria.EU.net!EU.net!news.sprintlink.net!cs.utexas.edu!swrinde!emory!sol.ctr.columbia.edu!startide.ctr.columbia.edu!wpaul From: wpaul@ctr.columbia.edu (Bill Paul) Newsgroups: comp.unix.bsd.freebsd.misc Subject: Re: How to set up NIS slave server? Date: 11 Aug 1995 13:41:15 GMT Organization: Columbia University Center for Telecommunications Research Lines: 132 Message-ID: <40fmlr$72i@sol.ctr.columbia.edu> References: <40d7h0$uam@cmi.hahnemann.edu> NNTP-Posting-Host: startide.ctr.columbia.edu X-Newsreader: TIN [version 1.2 PL2] Daring to challenge the will of the almighty Leviam00se, Charles N. Owens (owensc@enc.edu) had the courage to say: : Hi all, : I've gotten NIS to function on the master server, and I've succeeded in : getting another FBSD box to work as a client. Now, I'm trying to get : this second box to work as a SLAVE server. : Here's what I did: : 1. On the slave: : a. start ypserv Ok. : 2. On the master: : a. edit /var/yp/Makefile and commented out NOPUSH="True" Ok. : b. edit /var/yp/ypservers and added name of slave. : Does this have to be in some special format? No, there's no special format: just list the hostnames of the slave machines, one machine per line, like this: slave1.domain.domain slave2.domain.domain slave3.domain.domain When the ypservers map is built, the hostnames will appear as both the key and data of the map: % ypcat -k ypservers slave1.domain.domain slave1.domain.domain slave2.domain.domain slave2.domain.domain slave3.domain.domain slave3.domain.domain Note that you do not neccessarily need to include the name of theo master: on the master are rebuilt directly, so having it push to itself would be silly. It usually doesn't hurt anything though. : c. touch /var/yp/master.passwd You should probably touch all of the source files of the maps you want to push too. Alternatively, you can just flat out copy the master's maps over to the slave server to get things started. : d. make : make starts to update the files, as it should, but then dies : when it calls (apparantly) yppush. Here's the output : Updating hosts.byname... : Usage: /usr/bin/yppush [ -d domain ] [ -v ] mapname ... : *** Error code 1 : Stop. : *** Error code 1 : Stop. Ah! You found a bug in /var/yp/Makefile. For your reward, here's a fix: Look for the lines in /var/yp/Makefile that say this: DBLOAD = /usr/sbin/yp_mkdb -m `hostname` MKNETID = /usr/libexec/mknetid YPPUSH = /usr/bin/yppush DOMAINNAME = `/bin/domainname` And right under them, insert a line that says this: DOMAIN = $(DOMAINNAME) The maps should be pushed correctly now. : Have I skipped any steps or made any mistakes? No, you got it right. It was I who got it wrong. :) : A couple more questions: : 1. I've read that when a server (slave or master) is also allows NIS logins : that its a good idea to force ypbind to bind to the server itself. I've : attempted to do this by the following: : ypbind -ypsetme : ypset servername : Is this right? Yes, this is correct. In 2.2, you'll be able to specify a domainname and list of servers to ypbind. This will force it to bind only to the specified domain and the specified servers. This feature was shamlessly stolen from OSF/1. : 2. Ultimately, I'd also like to make an RS/6000 AIX box a slave server. Will : there be problems with this? AIX's shawdow password files are of a MUCH : different format than FreeBSD's (or likely and other unix's :-( )... will : this make FreeBSD/AIX NIS-cooperation impossible? Not having any AIX boxes handy, I have no idea if its shadow password support and ours are compatible. You'll have to use NIS in 'unsecure' mode, which is to say that you'll need to uncomment the line in /var/yp/Makefile that says 'UNSECURE=True', and then rebuild your password maps. With the UNSECURE=True line, /var/yp/Makefile will construct passwd maps with valid password fields rather than asterisks. The AIX (and other NIS-capable systems) should work correctly then, _provided_ that you're using DES-encrypted passwords. (Other systems don't understand FreeBSD's default MD5 password encryption.) This will completely defeat the shadow password security on your network, but it's the only way to pacify other systems. :( : Any help is greatly appreciated, : thank, : --- : ------------------------------------------------------------------------- : Charles Owens Email: owensc@enc.edu Please let me know how the slave systems works once you get it running. I haven't heard from many people who are using FreeBSD's NIS system. -Bill -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~T~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -Bill Paul (212) 854-6020 | System Manager Work: wpaul@ctr.columbia.edu | Center for Telecommunications Research Home: wpaul@skynet.ctr.columbia.edu | Columbia University, New York City ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The Møøse Illuminati: ignore it and be confused, or join it and be confusing! ~~~~~~ "Welcome to All Things BSDish! If it's not BSDish, it's crap!" ~~~~~~~