DOC HOME SITE MAP MAN PAGES GNU INFO SEARCH PRINT BOOK
 
Configuring the Network Information Service (NIS)

Initializing NIS

You can initialize your system as an NIS:

You must be in single-user mode during initialization.


CAUTION: When initializing NIS servers within an NIS domain, you must initialize and reboot the designated master server for the NIS domain before initializing any other NIS servers in the NIS domain. Failure to follow this requirement could result in incorrect maps on various servers.

Initializing a master server

The following steps explain how to initialize a master NIS server:

  1. Log in as root and shut the system down by using the System Shutdown Manager as described in the SCO OpenServer Handbook.

    You see messages as the system services stop. Press <Enter> at the Safe to Power Off message.

  2. The following prompt appears:
       Type <Ctrl>D to proceed with normal startup,
       (or give root password for system maintenance)
    

  3. Type the root password, then press <Enter>.

  4. Enter either of the following commands at your operating system prompt:

    mkdev nis

    or

    /etc/yp/ypinit

    The functionality and the options for ypinit and mkdev nis are identical.

  5. NIS prompts you to choose the host type:
       You must specify whether this host is to be a master, slave server,
       copy-only server or NIS client. Please enter the server type:[mscCq]
    

    Enter m to indicate that the local host is to be the NIS master server. If you want to stop the initialization, enter q.

  6. If you attempt to configure a master or slave server on a host in Secure Mode (that is, at High or Improved security default), you see the following message:
       ypinit: ERROR: Invalid configuration.
    

    The security settings of this system are incompatible with the NIS configuration requested. Please refer to your Release and Installation Notes for further details. Initialization Aborted.

    Refer to ``NIS interaction with security modes'' for security restrictions.

  7. If NIS has been previously initialized on your system, you see the following:
       NIS has been initialized previously on this machine
       Please verify that you would like to re-initialize NIS
       Do you wish to re-initialize NIS? (y/n/q)
    
    Enter y to continue.

  8. You then see:
       The local host's domain name hasn't been set. Please set it.
       Please enter the domain name or q to quit:
    
    Enter the NIS domain name; you need an NIS domain name to retrieve data from an NIS database.

    You will be asked:

       Is "domainname" correct? [y/n/q]
    
    Enter y if correct. If you enter n, you will be asked to reenter the domain name. If you enter q, NIS initialization aborts.

    You see this prompt:

       Installing the NIS database will require that you answer
       a few questions.  Questions will all be asked at the beginning
       of the procedure.
    

  9. If an NIS database already exists on your machine, you see:
       Can we destroy the existing /etc/yp/<domainname> and its contents?
       [y/n/q: n]
    

    If you see this message, enter y to continue, which tells NIS to rebuild the previous NIS database with current information.

    If you enter the default n or q, NIS initialization aborts, and you must manually remove the old NIS databases.

  10. If the /etc/passwd.local file does not exist on the machine, you see the following message:
       NIS stores local logins in /etc/passwd.local, which currently
       doesn't exist on this machine. The /etc/passwd.local file must be
       created before continuing.
    

    Is it okay to copy /etc/passwd to /etc/passwd.local? [y/n/q: n]

    Enter y to continue. See ``About managing users'' for details on these files.

    If you enter the default n, you must manually create the /etc/passwd.local file, then start the initialization procedure again.

  11. If the /etc/group.local file does not exist on your machine, you see:
       NIS stores local groups in /etc/group.local, which currently
       doesn't exist on this machine.  The /etc/group.local file must be
       created before continuing.
       

    Is it okay to copy /etc/group to /etc/group.local? [y/n/q: n]

    Enter y to continue. See ``About managing users'' for details on these files.

    If you enter the default n, you must manually create the /etc/group.local file, then start the initialization procedure again.

  12. Next, verify that the YP_MAP_X_LATE file contains correct information. You see:
       The YP_MAP_X_LATE file contains the following:
       list of mapnames
       

    Is this correct? [y/n/q: n]

    If the list is not correct, enter the default n. Edit YP_MAP_X_LATE to contain the correct entries, and start the initialization procedure again. Refer to the ypmapxlate(NF) manual page for more information.

    If the list is correct, enter y to continue.

  13. You see the following prompt:
       The NIS network password file resides in /etc/passwd.yp on master
       servers only.
       Since this node is being set up as a
       master server, /etc/passwd.yp must be created.
       

    Is it okay to create /etc/passwd.yp? [y/n/q: n]

    Enter y to continue.

    If you enter n, you must manually create the /etc/passwd.yp file, then start the initialization procedure again.

  14. You see the following prompt:
       The NIS network password file resides in /etc/group.yp
       on master servers only.
       Since this node is being set up as a master
       server, /etc/group.yp must be created.
       

    Is it okay to copy /etc/group to /etc/group.yp? [y/n/q: n]

    Enter y to continue.

    If you enter n, you must manually create the /etc/group.yp file, then start the initialization procedure again.

  15. You then see:
       You must specify whether ypbind is to be run with the secure
       option (-s), the ypset option (-ypset), allowing anyone to
       change your binding, or the ypsetme option (-ypsetme) which
       only allows requests with host-name's IP address
       to change host-name's binding, or with no options.
       Please see ypserv(NADM) for more information
       1) ypbind -s
       2) ypbind -ypset
       3) ypbind -ypsetme
       4) ypbind
       Please enter your choice (1-4,q):
    
    Enter the response appropriate to your security concerns:

    Option 1
    Recommended for most heterogeneous environments, where other versions of NIS are also in use.

    Option 2
    Recommended when the server is on a different subnet and you want others to be able to change your bindings.

    Option 3
    Recommended when the server is on a different subnet and only requests with host-name's IP address should be able to change your bindings.

    Option 4
    Recommended in an SCO NIS environment where the server is on the same subnet.

    For further information, consult the ypserv(NADM) manual page, which includes information about ypbind. See also ypset(NADM).

  16. You then see:
       At this point, we have to construct a list of the hosts that
       will be running NIS (NIS server hosts).  The local host
       is in this list of NIS server hosts. Please continue to add the
       names for the other hosts, one per line. When you are done with
       the list, type a <Ctrl>D.
    
    Enter all of the master and slave server names, including all server machines running other operating systems. The machine name and the Internet Protocol (IP) domain name are acceptable host names; the NIS domain name is not. Press <Enter> after each host name. After entering the last host name, press <Ctrl>D to continue, and enter y to verify that the host names are correct. NIS then creates and updates the maps.

  17. You then see:
       Should administration accounts such as "root"
       be distributed? [y/n/q: n]
    
    Enter n to prevent administration accounts from being distributed, unless there is strong reason to do so. See ``Administering NIS users and groups'' for more information.


    NOTE: When you initialize NIS, all of the UNIX system files that have the same names as NIS files are backed up in parallel subdirectories under /usr/lib/nisrt. When you initialize the NIS server, NIS changes some system files. For example, NIS saves the system file /bin/passwd to /usr/lib/nisrt/bin/passwd and then replaces /bin/passwd with a link to the file /etc/yppasswd.

    When the initialization procedure is complete, you see a series of messages resembling the following display:

       There will be no further questions.
       The remainder of the procedure should take 5 to 10 minutes.
    

  18. If NIS has been previously initialized on your system, you see:
       The backup directory /usr/lib/nisrt already exists
       

    Do you wish to continue with the SCO NIS Runtime System Initialization?

    Enter y to continue; NIS then backs up system passwd files. If you enter n or q, NIS installation aborts.

    You then see a series of messages similar to:

       Backing up system passwd files . . .
       

    Building /etc/yp/domain_name/ypservers . . .

    Running /etc/yp/ypmake . . .

    <list of updated files>

    host_name has been set up as a NIS master server without any errors.

    This display of updated maps should correspond to the maps listed in /etc/yp/YP_MAP_X_LATE.

    Your master server is now initialized.

  19. You will see:
       If there are running slave servers, run yppush now for any
       data bases that have been changed. If there are no running
       slaves, run ypinit on those hosts that are to be slave servers.
    
    See the reference manual pages for yppush(NADM) and ypinit(NADM) if you have questions about these procedures.

  20. Shut the system down and reboot it by using the System Shutdown Manager as described in the SCO OpenServer Handbook. Remember to select Reboot after shutdown when using the manager.

    The first time an NIS slave server enters multiuser mode after NIS has been initialized on the slave server, its startup script calls ypxfr to transfer maps from the master server. Subsequent system startups do not transfer maps automatically.


Initializing a slave server

The following steps explain how to initialize a slave NIS server:

  1. Log in as root and enter the following command to shut down the system:

    /etc/shutdown -g0 -y

    You see messages as the system services stop. Press <Enter> at the Safe to Power Off message.

  2. The following prompt appears:
       Type <Ctrl>D to proceed with normal startup,
       (or give root password for system maintenance)
    

  3. Type the root password, then press <Enter>.

  4. Enter either of the following commands at your operating system prompt:

    mkdev nis

    or

    /etc/yp/ypinit

    The functionality and the options for ypinit and mkdev nis are identical.

  5. NIS prompts you to choose the host type:
       You must specify whether this host is to be a master, slave server,
       copy-only server or NIS client. Please enter the server type:[mscCq]
    

    Enter s to indicate that you are setting up a slave server. If you want to stop the initialization, enter q.

  6. If you attempt to configure a master or slave server on a host in Secure Mode (that is, at High or Improved security default), you see the following message:
       ypinit: ERROR: Invalid configuration.
    

    The security settings of this system are incompatible with the NIS configuration requested. Please refer to your Release and Installation Notes for further details. Initialization Aborted.

    Refer to ``NIS interaction with security modes'' for security restrictions.

  7. If NIS has been previously initialized on your system, you see the following:
       NIS has been initialized previously on this machine
       Please verify that you would like to re-initialize NIS
       Do you wish to re-initialize NIS? (y/n/q)
    
    Enter y to continue.

  8. You then see:
       The local host's domain name hasn't been set. Please set it.
       Please enter the domain name or q to quit:
    
    Enter the NIS domain name; you need an NIS domain name to retrieve data from an NIS database.

    You will be asked:

       Is "domainname" correct? [y/n/q]
    
    Enter y if correct. If you enter n, you will be asked to reenter the domain name. If you enter q, NIS initialization aborts.

  9. NIS prompts you to enter a host name. You see:
       You must specify a host name to act as the NIS master
       during map transfer [q to quit]:
    
    Enter the name of a master server with an up-to-date and stable database.

    You see this prompt:

       Installing the NIS database will require that you answer
       a few questions.  Questions will all be asked at the beginning
       of the procedure.
    

  10. If an NIS database already exists on your machine, you see:
       Can we destroy the existing /etc/yp/<domainname> and its contents?
       [y/n/q: n]
    
    If you see this message, enter y to continue, which tells NIS to rebuild the previous NIS database with current information.

    If you enter the default n or q, NIS initialization aborts, and you must manually remove the old NIS databases.

  11. If the /etc/passwd.local file does not exist on the machine, you see the following message:
       NIS stores local logins in /etc/passwd.local, which currently
       doesn't exist on this machine. The /etc/passwd.local file must be
       created before continuing.
    

    Is it okay to copy /etc/passwd to /etc/passwd.local? [y/n/q: n]

    Enter y to continue. See ``About managing users'' for details on these files.

    If you enter the default n, you must manually create the /etc/passwd.local file, then start the initialization procedure again.

  12. If the /etc/group.local file does not exist on your machine, you see:
       NIS stores local groups in /etc/group.local, which currently
       doesn't exist on this machine. The /etc/group.local file must be
       created before continuing.
       

    Is it okay to copy /etc/group to /etc/group.local? [y/n/q: n]

    Enter y to continue. See ``About managing users'' for details on these files.

    If you enter the default n, you must manually create the /etc/group.local file, then start the initialization procedure again.

  13. Next, verify that the YP_MAP_X_LATE file contains correct information. You see:
       The YP_MAP_X_LATE file contains the following:
       list of mapnames
    

    Is this correct? [y/n/q: n]

    If the list is not correct, enter the default n. Edit YP_MAP_X_LATE to contain the correct entries, and start the initialization procedure again. Refer to the ypmapxlate(NF) manual page for more information.

    If the list is correct, enter y to continue.

  14. You then see:
       You must specify whether ypbind is to be run with the secure
       option (-s), the ypset option (-ypset), allowing anyone to
       change your binding, or the ypsetme option (-ypsetme) which
       only allows requests with host-name's IP address
       to change host-name's binding, or with no options.
       Please see ypserv(NADM) for more information
       1) ypbind -s
       2) ypbind -ypset
       3) ypbind -ypsetme
       4) ypbind
       Please enter your choice (1-4,q):
    
    Enter the response appropriate to your security concerns.

    Option 1
    Recommended for most heterogeneous environments, where other versions of NIS are also in use.

    Option 2
    Recommended when the server is on a different subnet and you want others to be able to change your bindings.

    Option 3
    Recommended when the server is on a different subnet and only requests with host-name's IP address should be able to change your bindings.

    Option 4
    Recommended in an SCO NIS environment where the server is on the same subnet.
    For further information, consult the ypserv(NADM) manual page, which includes information about ypbind. See also ypset(NADM).

  15. When the initialization procedure is complete, you see a series of messages resembling the following display:
       There will be no further questions.  The remainder of the
       procedure should take a few minutes to set up the NIS server.
       

    The NIS maps will be transferred from master_server when server_name goes to run level 2.

  16. If NIS has been previously initialized on your system, you see:
       The backup directory /usr/lib/nisrt already exists
       

    Do you wish to continue with the SCO NIS Runtime System Initialization?

    Enter y to continue; NIS then backs up system passwd files. If you enter n or q, NIS installation aborts.

    You then see:

       Backing up system passwd files . . .
       

    server_name's NIS data base has been set up without any errors.

    Your slave server is now initialized.

  17. Shut the system down and reboot it by using the System Shutdown Manager as described in the SCO OpenServer Handbook. Remember to select Reboot after shutdown when using the manager.

    The first time an NIS slave or copy-only server enters multiuser mode, its startup script calls ypxfr to transfer maps from the master server. Subsequent system startups do not transfer maps automatically.

Initializing a copy-only server

The following steps explain how to initialize a copy-only NIS server.

  1. Log in as root and enter the following command to shut down the system:

    /etc/shutdown -g0 -y

    You see messages as the system services stop. Press <Enter> at the Safe to Power Off message.

  2. The following prompt appears:
       Type <Ctrl>D to proceed with normal startup,
       (or give root password for system maintenance)
    

  3. Type the root password, then press <Enter>.

  4. Enter either of the following commands at your operating system prompt:

    mkdev nis

    or

    /etc/yp/ypinit

    The functionality and the options for ypinit and mkdev nis are identical.

  5. NIS prompts you to choose the host type:
       You must specify whether this host is to be a master, slave server,
       copy-only server or NIS client. Please enter the server type:[mscCq]
    

    Enter c to indicate that you are setting up a copy-only server. If you want to stop the initialization, enter q.

  6. If you are initializing a copy-only server in Secure Mode, you see:
       Due to the restrictions of running NIS under the current security
       setting of this system, this server will accept, but not integrate
       sensitive maps received through NIS. Please refer to your Release
       and Installation Notes for further details.
    

    Hit return to continue.

  7. If NIS has been previously initialized on your system, you see the following:
       NIS has been initialized previously on this machine
       Please verify that you would like to re-initialize NIS
       Do you wish to re-initialize NIS? (y/n/q)
    
    Enter y to continue.

  8. You then see:
       The local host's domain name hasn't been set. Please set it.
       Please enter the domain name or q to quit:
    
    Enter the NIS domain name; you need an NIS domain name to retrieve data from an NIS database.

    You will be asked:

       Is "domainname" correct? [y/n/q]
    
    Enter y if correct. If you enter n, you will be asked to reenter the domain name. If you enter q, NIS initialization aborts.

  9. NIS prompts you to enter a host name. You see:
       You must specify a host name to act as the NIS master
       during map transfer [q to quit]:
    
    Enter the name of a master server with an up-to-date and stable database.

    You see this prompt:

       Installing the NIS database will require that you answer
       a few questions.  Questions will all be asked at the beginning
       of the procedure.
    

  10. If an NIS database already exists on your machine, you see:
       Can we destroy the existing /etc/yp/<domainname> and its contents?
       [y/n/q: n]
    
    If you see this message, enter y to continue, which tells NIS to rebuild the previous NIS database with current information.

    If you enter the default n or q, NIS initialization aborts, and you must manually remove the old NIS databases.

  11. (Skip this step if you are initializing a copy-only server in Secure Mode.)

    If the /etc/passwd.local file does not exist on the machine, you see the following message:

       NIS stores local logins in /etc/passwd.local, which currently
       doesn't exist on this machine. The /etc/passwd.local file must be
       created before continuing.
    

    Is it okay to copy /etc/passwd to /etc/passwd.local? [y/n/q: n]

    Enter y to continue. See ``About managing users'' for details on these files.

    If you enter the default n, you must manually create the /etc/passwd.local file, then start the initialization procedure again.

  12. (Skip this step if you are initializing a copy-only server in Secure Mode.)

    If the /etc/group.local file does not exist on your machine, you see:

       NIS stores local groups in /etc/group.local, which currently
       doesn't exist on this machine. The /etc/group.local file must be
       created before continuing.
    

    Is it okay to copy /etc/group to /etc/group.local? [y/n/q: n]

    Enter y to continue. See ``About managing users'' for details on these files.

    If you enter the default n, you must manually create the /etc/group.local file, then start the initialization procedure again.

  13. Next, verify that the YP_MAP_X_LATE file contains correct information. You see:
       The YP_MAP_X_LATE file contains the following:
       list of mapnames
    

    Is this correct? [y/n/q: n]

    If the list is not correct, enter the default n. Edit YP_MAP_X_LATE to contain the correct entries, and start the initialization procedure again. Refer to the ypmapxlate(NF) manual page for more information.

    If the list is correct, enter y to continue.

  14. You then see:
       You must specify whether ypbind is to be run with the secure
       option (-s), the ypset option (-ypset), allowing anyone to
       change your binding, or the ypsetme option (-ypsetme) which
       only allows requests with host-name's IP address
       to change host-name's binding, or with no options.
       Please see ypserv(NADM) for more information
       1) ypbind -s
       2) ypbind -ypset
       3) ypbind -ypsetme
       4) ypbind
       Please enter your choice (1-4,q):
    
    Enter the response appropriate to your security concerns.

    Option 1
    Recommended for most heterogeneous environments, where other versions of NIS are also in use.

    Option 2
    Recommended when the server is on a different subnet, and you want others to be able to change your bindings.

    Option 3
    Recommended when the server is on a different subnet, and only requests with host-name's IP address should be able to change your bindings.

    Option 4
    Recommended in an SCO NIS environment where the server is on the same subnet.
    For further information, consult the ypserv(NADM) manual page, which includes information about ypbind. See also ypset(NADM).

  15. When the initialization procedure is complete, you see a series of messages resembling the following display when initializing a copy-only server:
       There will be no further questions.  The remainder of the
       procedure should take a few minutes to set up the NIS server.
       

    The NIS maps will be transferred from master_server when server_name goes to run level 2.

  16. If NIS has been previously initialized on your system, you see:
       The backup directory /usr/lib/nisrt already exists
    

    Do you wish to continue with the SCO NIS Runtime System Initialization?

    Enter y to continue; NIS then backs up system passwd files. If you enter n or q, NIS installation aborts.

    You then see:

       Backing up system passwd files . . .
       

    server_name's NIS data base has been set up without any errors.

    Your copy-only server is now initialized.

  17. Shut the system down and reboot it by using the System Shutdown Manager as described in the SCO OpenServer Handbook. Remember to select Reboot after shutdown when using the manager. Enter <Ctrl>D when prompted to return to multiuser mode.

    The first time an NIS slave or copy-only server enters multiuser mode, its startup script calls ypxfr to transfer maps from the master server. Subsequent system startups do not transfer maps automatically.

Initializing an NIS Client

The following steps explain how to initialize an NIS client.

  1. Log in as root and enter the following command to shut down the system:

    /etc/shutdown -g0 -y

    You see messages as the system services stop. Press <Enter> at the Safe to Power Off message.

  2. The following prompt appears:
       Type <Ctrl>D to proceed with normal startup,
       (or give root password for system maintenance)
    

  3. Type the root password, then press <Enter>.

  4. Enter either of the following commands at your operating system prompt:

    mkdev nis

    or

    /etc/yp/ypinit

    The functionality and the options for ypinit and mkdev nis are identical.

  5. NIS prompts you to choose the host type:
       You must specify whether this host is to be a master, slave server,
       copy-only server or NIS client. Please enter the server type:[mscCq]
    

    Enter C to indicate that you are setting up an NIS client. If you want to stop the initialization, enter q.

  6. If NIS has been previously initialized on your system, you see the following:
       NIS has been initialized previously on this machine
       Please verify that you would like to re-initialize NIS
       Do you wish to re-initialize NIS? (y/n/q)
    
    Enter y to continue.

  7. You then see:
       The local host's domain name hasn't been set. Please set it.
       Please enter the domain name or q to quit:
    
    Enter the NIS domain name; you need an NIS domain name to retrieve data from an NIS database.

    You will be asked:

       Is "domainname" correct? [y/n/q]
    
    Enter y if correct. If you enter n, you will be asked to reenter the domain name. If you enter q, NIS initialization aborts.

  8. You then see:
       You must specify whether ypbind is to be run with the secure
       option (-s), the ypset option (-ypset), allowing anyone to
       change your binding, or the ypsetme option (-ypsetme) which
       only allows requests with host-name's IP address
       to change host-name's binding, or with no options.
       Please see ypserv(NADM) for more information
       1) ypbind -s
       2) ypbind -ypset
       3) ypbind -ypsetme
       4) ypbind
       Please enter your choice (1-4,q):
    
    Enter the response appropriate to your security concerns.

    Option 1
    Recommended for most heterogeneous environments, where other versions of NIS are also in use.

    Option 2
    Recommended when the server is on a different subnet, and you want others to be able to change your bindings.

    Option 3
    Recommended when the server is on a different subnet, and only requests with host-name's IP address should be able to change your bindings.

    Option 4
    Recommended for a SCO NIS environment where the server is on the same subnet.

    For further information, consult the ypserv(NADM) manual page, which includes information about ypbind. See also ypset(NADM).

  9. You then see:
       server_name's NIS data base has been set up without any errors.
    
    Your NIS client is now initialized.

  10. To enable all distributed user accounts edit the file /etc/passwd and add +: as the last line of the file. Similarly, add +::: as the last line of the file /etc/group.

  11. Shut the system down and reboot it by using the System Shutdown Manager as described in the SCO OpenServer Handbook. Remember to select Reboot after shutdown when using the manager.


NOTE: As a side effect of initializing an NIS client, the entry ``NIS_ENABLED=Y'' is made automatically in the file /etc/default/security. If you do not require an NIS client to be able to read password and group maps, change the entry to ``NIS_ENABLED=N'' before rebooting the system.


Next topic: Reinitializing a server
Previous topic: Adding NIS to your PATH variables

© 2005 The SCO Group, Inc. All rights reserved.
SCO OpenServer Release 6.0.0 -- 02 June 2005