System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP)
Previous Next

Working With NIS Maps

This section contains the following information:

Obtaining Map Information

Users can obtain information from and about the maps at any time by using the ypcat, ypwhich, and ypmatch commands. In the examples that follow, mapname refers both to the official name of a map and to its nickname, if any.

To list all the values in a map, type the following.

% ypcat mapname

To list both the keys and the values (if any) in a map, type the following.

% ypcat -k mapname

To list all the map nicknames, type any of the following commands.

% ypcat -x
% ypmatch -x
% ypwhich -x

To list all the available maps and their master(s), type the following.

% ypwhich -m

To list the master server for a particular map, type the following.

% ypwhich -m mapname

To match a key with an entry in a map, type the following.

% ypmatch key mapname

If the item you are looking for is not a key in a map, type the following.

% ypcat mapname | grep item

where item is the information for which you are searching. To obtain information about other domains, use the -d domainname options of these commands.

If the machine requesting information for a domain other than its default does not have a binding for the requested domain, ypbindconsults the /var/yp/binding/domainname/ypservers file for a list of servers for that domain. If this file does not exist it issues an RPC broadcast for a server. In this case, there must be a server for the requested domain on the same subnet as the requesting machine.

Changing a Map's Master Server

To change the master server for a selected map, you first have to build the map on the new NIS master. Since the old master server name occurs as a key-value pair in the existing map (this pair is inserted automatically by makedbm), copying the map to the new master or transferring a copy to the new master with ypxfr is insufficient. You have to reassociate the key with the new master server name. If the map has an ASCII source file, you should copy this file to the new master.

How to Change a Map's Master Server
  1. On the new master, become superuser or assume an equivalent role.

    Roles contain authorizations and privileged commands. For more information about roles, see Chapter 9, Using Role-Based Access Control (Tasks), in System Administration Guide: Security Services.

  2. Change directories.
    newmaster# cd /var/yp
  3. The Makefile must have an entry for the new map before you specify the map to make. If this is not the case, edit the Makefile now, using a map called sites.byname.
  4. To update or remake the map, type the following.
    newmaster# make sites.byname
  5. If the old master remains an NIS server, remote log in (rlogin) to the old master and edit Makefile. Make sure you comment out the section of the Makefile that made sites.byname so that it is no longer made there.
  6. If sites.byname only exists as an ndbm file, remake it on the new master by disassembling a copy from any NIS server, then running the disassembled version through makedbm.
    newmaster# cd /var/yp
    newmaster# ypcat sites.byname | makedbm -domain-/sites.byname

    After making the map on the new master, you must send a copy of the new map to the other slave servers. Do not use yppush, because the other slaves will try to get new copies from the old master, rather than the new one. A typical method for circumventing this is to transfer a copy of the map from the new master back to the old master. To do this, become superuser, or assume an equivalent role, on the old master server and type the following.

    oldmaster# /usr/lib/netsvc/yp/ypxfr -h newmaster sites.byname

    Now it is safe to run yppush. Any remaining slave servers still believe that the old master is the current master and will attempt to get the current version of the map from the old master. When clients do so, they will get the new map, which names the new master as the current master.

    If this method fails, you can log in as root on each NIS server and execute the ypxfr command shown above.

Modifying Configuration Files

NIS intelligently parses the setup files. Although this makes NIS administration easier, it does make the behavior of NIS more sensitive to changes in the setup and configuration files.

Use the procedures in this section when modifying any of the following.

  • /var/yp/Makefile to add or delete supported maps

  • Adding or deleting /etc/resolv.conf to allow or deny DNS forwarding

  • Adding or deleting $PWDIR/security/passwd.adjunct to allow or deny C2 security ($PWDIR is defined in /var/yp/Makefile)

How to Modify Configuration Files

You do not have to stop and start NIS when changing NIS maps or the map source files.

Keep the following in mind.

  • Deleting a map or source file from an NIS master server does not automatically result in corresponding deletions from slave servers. You must delete maps and source files from slave servers by hand.

  • New maps do not automatically get pushed to existing slave servers. You must run ypxfr from the slaves.

  1. Become superuser or assume an equivalent role.

    Roles contain authorizations and privileged commands. For more information about roles, see Chapter 9, Using Role-Based Access Control (Tasks), in System Administration Guide: Security Services.

  2. Stop the NIS server.
    # svcadm disable network/nis/server
  3. Make the necessary changes to your files.
  4. Start the NIS server.
    # svcadm enable network/nis/server

Modifying and Using the Makefile

You can modify the Makefile provided by default in /var/yp to suit your needs. You can add or delete maps, and you can change the names of some of the directories.


Tip - Keep an unmodified copy of the original Makefile for future reference.


Working With the Makefile

To add a new NIS map, you must get copies of the ndbm files for the map into the /var/yp/domainname directory on each of the NIS servers in the domain. This is normally done for you by the Makefile. After deciding which NIS server is the master of the map, modify the Makefile on the master server so that you can conveniently rebuild the map. Different servers can be masters of different maps, but in most cases this leads to administrative confusion. Try to set only one server as the master of all maps.

Typically a human-readable text file is filtered through awk, sed, or grep to make it suitable for input to makedbm. Refer to the default Makefile for examples. See the make(1S) for general information about the make command.

Use the mechanisms already in place in the Makefile when deciding how to create dependencies that make will recognize. Be aware that make is very sensitive to the presence or absence of tabs at the beginning of lines within the dependency rules. A missing tab can invalidate an entry that is otherwise well formed.

Adding an entry to the Makefile involves the following.

  • Adding the name of the database to the all rule

  • Writing the time rule

  • Adding the rule for the database

For example, in order for the Makefile to work on automounter input files, you would have to add the auto_direct.time and auto_home.time maps to the NIS database.

To add these maps to the NIS database you need to modify the Makefile.

Changing Makefile Macros/Variables

You can change the settings of the variables defined at the top of the Makefile by changing the value to the right of the equal sign (=). For instance, if you do not want to use the files located in /etc as input for the maps, but you would rather use files located in another directory, such as /var/etc/domainname, you should change DIR from DIR=/etc to DIR=/var/etc/domainname. You should also change PWDIR from PWDIR=/etc to PWDIR=/var/etc/domainname.

The variables are the following.

  • DIR= The directory containing all of the NIS input files except passwd and shadow. The default value is /etc. Since it is not good practice to use the files in the master server's /etc directory as NIS input files, you should change this value.

  • PWDIR= The directory containing the passwd and shadow NIS input files. Since it is not good practice to use the files in the master server's /etc directory as NIS input files, you should change this value.

  • DOM= The NIS domain name. The default value of DOM is set using the domainname command. However, most NIS commands use the current machine's domain which is set in the machine's /etc/defaultdomain file.

Modifying Makefile Entries

The following procedure describes how to add and delete databases from the Makefile.

How to Modify the Makefile to Use Specific Databases
  1. Become superuser or assume an equivalent role.

    Roles contain authorizations and privileged commands. For more information about roles, see Chapter 9, Using Role-Based Access Control (Tasks), in System Administration Guide: Security Services.

  2. Modify the line that starts with the word all by adding the name(s) of the database you want to add:
    all: passwd group hosts ethers networks rpc services protocols \
        netgroup bootparams aliases netid netmasks \
        audit_user auth_attr exec_attr prof_attr \
      auto_direct auto_home auto_direct.time auto_home.time

    The order of the entries is not relevant, but the blank space at the beginning of the continuation lines must be a Tab, not spaces.

  3. Add the following lines at the end of the Makefile:
    auto_direct: auto_direct.time
    auto_home: auto_home.time
  4. Add an entry for auto_direct.time in the middle of the file.
    auto_direct.time: $(DIR)/auto_direct
     @(while read L; do echo $$L; done < $(DIR)/auto_direct
     $(CHKPIPE)) | \ (sed -e "/^#/d" -e "s/#.*$$//" -e "/^ *$$/d"
     $(CHKPIPE)) | \ $(MAKEDBM) - $(YPDBDIR)/$(DOM)/auto_direct;
     @touch auto_direct.time;
     @echo "updated auto_direct";
     @if [ ! $(NOPUSH) ]; then $(YPPUSH) auto_direct; fi
     @if [ ! $(NOPUSH) ]; then echo "pushed auto_direct"; fi

    where

    • CHKPIPE makes certain that the operations to the left of the pipe (|) are successfully completed before piping the results to next commands. If the operations to the left of the pipe do not successfully complete, the process is terminated with a NIS make terminated message.

    • NOPUSH prevents the makefile from calling yppush to transfer the new map to the slave servers. If NOPUSH is not set, the push is done automatically.

    The while loop at the beginning is designed to eliminate any backslash-extended lines in the input file. The sed script eliminates comment and empty lines.

    The same procedure should be followed for all other automounter maps, such as auto_home, or any other nondefault maps.

  5. Run make.
    # make mapname

    Where mapname is the name of the map you want to make.

How to Modify the Makefile to Delete Databases

If you do not want the Makefile to produce maps for a specific database, edit the Makefile as follows.

  1. Delete the name of the database from the all rule.
  2. Delete or comment out the database rule for the database you want to delete.

    For example, to delete the hosts database, the hosts.time entry should be removed.

  3. Remove the time rule.

    For example, to delete the hosts database, the hosts: hosts.time entry should be removed.

  4. Remove the map from the master and slave servers.
Previous Next