Original posting:
>
>
> Dear Sun Managers:
>
> We have a SunOS 4.1.3 11 sun4m machine as the NIS master. Two of the Solaris 2.3
>machines that act as the subnet servers are to be made the replicas for the NIS
>master.
>
> What are your suggestions?
>
> 1) Run NIS+ on the master and the replicas
> 2) Run NIS on the master and NIS+ in compatibility mode on the replicas
> 3) .....
>
-------------------------------------------------------------------------------
Thanks for all those who responded :
Torsten Metzner <tom@uni-paderborn.de>
jun@crick.ssctr.bcm.tmc.edu (Jun Wu)
Danny Barron <dbarron@csci0.uark.edu>
epl@Kodak.COM (Gene Loriot (epl@kodak.com))
pburyk@leis.leis.bellcore.com (Patrick Buryk)
Dan Stromberg - OAC-DCS <strombrg@bingy.acs.uci.edu>
Joe Konczal <konczal@mail-gw.ncsl.nist.gov>
and saved me the hassle of breaking the machines and then finding the problems.
Torsten Metzner and Joe Konczal's responses have made up my mind to go with NIS
master and NIS slaves. Will wait till Solaris 2.4 and then think about NIS+.
Thanks!!
RESPONSES:
==========
-------------------------------------------------------------------------------
From: jun@crick.ssctr.bcm.tmc.edu (Jun Wu)
Run 4.1.3 as NIS master server, and Solaris 2.3 as NIS slave server. You can
use NSKIT from Sun to make Solaris 2.3 machine run NIS. Don't mess with
NIS+ until it's stable. We are stuck with it now and it is the most
ugly program I've ever seen from Sun.
Jun
--
o o o o o o . . . ____===_T__ ____========_T__ ____=========_T__
o _____ || Jun Wu | |System Support| |jun@bcm.tmc.edu|
.][__n_n_|DD[ ====____ |~{Nb>|~} | |Baylor College| | uunet!bcm!jun | |
>(________|__|_[________]_|_________|_|_of Medicine__|_|_713-798-8356__|_|
__/oo OOOOO oo` ooo ooo 'o^o o^o` 'o^o o^o` 'o^o o^o`
--------------------------------------------------------------------------------
From: Torsten Metzner <tom@uni-paderborn.de>
I think you mean slave servers if you speak about NIS.
If you don't need NIS+, then use NIS, because it is more stable.
But read my notes to (2), because there are a lot of problems with
a SunOS4.1.3 master server and Solaris2.3 slave servers.
In my opinion, it's not possible to have a NIS master server and a NIS+ replica
Server ( more exakt a NIS+ slave server ) for the same domain. But there
exist a NISkit for Solaris2.3. But be careful there are a lot of
problems with the NISkit and a Solaris 2.3 Slave Server if the master server
is a 4.1.3 machine. Two weeks ago, two of our SunOS4.1.3 Slave Servers were
changed by Solaris 2.3 slave servers ( SS20 and SS1000 ) and we got a lot of
problems.
(1) SunOS4.1.3 clients couldn't resolve names in the nets wich were served by
the Solaris machines. There exist an unoffical patch for this problem.
The patch number is: T101363-06
More exakt: NISkit needs patch 101363-03, but then DNS forwarding doesn't
work on SunOS4.1.3 clients, so you need patch T101363-06. Great, isn't it.
(2) In the SS1000 net, we got three more problems.
(i)
Bug Id: 1167591
Category: bincompat
Subcategory: lib
Release summary: s1093
Synopsis: niskit with various revisions of patches creates defunct processes
Integrated in releases:
Patch id:
Description:
ypserv causes defunct processes to be created on every call to ypserv,
until the process table fills up with processes, and the machine stops.
This condition occurs when 101316-42,45,46 AND 101484-03 are
loaded together, using niskit 1.0 or 1.1
RESULT TABLE WITH NISKIT 1.0
101484 not loaded 101484-03
101316-36 WORKS WORKS
101316-42 WORKS FAILS
101316-45 WORKS FAILS
101316-46 WORKS FAILS
After loading a machine with a configuration of patches which
fail, the following can be reproduced.
p4m-30a# repeat 10 ypcat hosts > /dev/null &
p4m-30a# ps -ef
UID PID PPID C STIME TTY TIME COMD
root 0 0 80 12:44:04 ? 0:01 sched
root 1 0 74 12:44:09 ? 0:01 /etc/init -
root 2 0 2 12:44:09 ? 0:00 pageout
root 3 0 15 12:44:09 ? 0:00 fsflush
root 197 1 27 12:45:13 ? 0:00 /usr/lib/saf/sac -t 300
root 198 1 53 12:45:13 console 0:00 /usr/lib/saf/ttymon -g -h -p p4m-30a console login: -T sun -d /dev/console -l
root 200 197 36 12:45:15 ? 0:00 /usr/lib/saf/ttymon
root 95 1 80 12:44:37 ? 0:03 /usr/sbin/rpcbind
root 122 1 80 12:44:50 ? 0:01 /usr/sbin/inetd -s
root 87 1 6 12:44:35 ? 0:00 /usr/sbin/in.rdisc -s
root 97 1 7 12:44:38 ? 0:00 /usr/sbin/keyserv
root 102 1 80 12:44:39 ? 0:01 /usr/lib/netsvc/yp/ypbind
root 104 1 33 12:44:39 ? 0:00 /usr/sbin/kerbd
root 113 1 62 12:44:42 ? 0:01 /usr/lib/netsvc/yp/ypserv
root 129 1 32 12:44:51 ? 0:00 /usr/lib/autofs/automountd
root 133 1 40 12:44:52 ? 0:00 /usr/lib/nfs/statd
root 135 1 80 12:44:52 ? 0:01 /usr/lib/nfs/lockd
root 146 1 40 12:44:55 ? 0:00 /usr/sbin/syslogd
root 169 1 71 12:45:08 ? 0:00 /usr/lib/lpsched
root 159 1 24 12:45:04 ? 0:00 /usr/sbin/cron
root 154 122 77 12:44:58 ? 0:01 in.rlogind
sdw 156 154 80 12:45:00 pts/0 0:01 -sh
root 177 169 22 12:45:09 ? 0:00 lpNet
root 178 1 17 12:45:10 ? 0:00 /usr/lib/sendmail -bd -q1h
root 206 204 80 12:45:40 pts/0 0:00 csh
root 231 206 26 12:46:12 pts/0 0:00 ps -ef
root 204 156 48 12:45:31 pts/0 0:00 sh
root 209 113 5 0:00 <defunct>
root 211 113 6 0:00 <defunct>
root 213 113 6 0:00 <defunct>
root 215 113 7 0:00 <defunct>
root 217 113 6 0:00 <defunct>
root 219 113 6 0:00 <defunct>
root 224 113 7 0:00 <defunct>
root 222 113 6 0:00 <defunct>
root 226 113 6 0:00 <defunct>
root 228 113 7 0:00 <defunct>
To Reproduce:
- Install desktop at Solaris 2.3 (SUNWCall)
- Install patches 101484-03 and 101318-45
- Install NISKit 1.0
- Configure as NIS master or slave
- Force server to bind to self (Easy if on it's own test domain)
- Reboot
- Login and query NIS
- Watch for the defunct processes parented by ypserv
Work around:
Back out the patches installed and go to a previous revision level.
Get a beta copy of niskit 1.1 and run it.
Both the workarounds require that the customer has already broken
their machine to discover the problem.
History:
Submitter: steve.d.white@uk Date: 05/24/94
Dispatch Operator: bugtraq Date: 05/24/94
Evaluator: sperbeck Date: 05/24/94
Closeout Operator: jrt Date: 05/26/94
(ii) The automounter becomes very very slow. Sometimes you need more then
two minutes to rlogin in another host.
(iii) Sometimes ( very often ), mostly if you display some X-Applikation from
a remote host, the XNEWS-Server hangs for more then 4 minutes and then
everything works well again.
NISkit 1.1 ( it's also unofficial ) solves the problems (i) - (iii) but
be careful, because NISkit1.1 sais:
DISCLAIMER:
-----------
THIS IS BETA SOFTWARE. THAT MEANS THAT YOU SHOULDN'T BE SURPRISED
WHEN THERE ARE PROBLEMS. IF THE CORRECT WORKING OF THIS SOFTWARE IS
CRITICAL TO YOUR FUTURE, YOU SHOULDN'T EVEN CONSIDER USING IT.
and we got a new problem. After three days without any problems Solaris2.3
strikes back. No client in the SS1000 net could find his NIS-Server ( the
SS1000 ). We haven't solve this problem yet. For this reason another
SS10 ( SunOS4.1.3 ) in this net becomes a slave server, so that the
people in this net ( Me, too ) can work.
You see there are a lot of problems with a Solaris2.3 Slave Server.
If you can avoid it you should do it and use a SunOS4.1.3 Slave Server
instead.
Hope this helps,
Torsten.
-------------------------------------------------------------------------------
My address : Torsten Metzner E-Mail: tom@uni-paderborn.de
Rechnerbetreuung Mathematik Tel.: +49 5251 603898 or
Universitaet-GH Paderborn Tel.: +49 5251 602634
FB 17 - Mathematik Fax : +49 5251 603836
Warburger Str. 100
33098 Paderborn
Germany
-------------------------------------------------------------------------------
From: Danny Barron <dbarron@csci0.uark.edu>
I wasn't the one at our site who set up NIS+ (at least most of it), but I
did do our initial setup with NIS. I can say that NIS+ offers greater
security, but at the risk of also greater pains in setup (both initial
and setup of user accts etc). NIS+ DOES work if you do everything right
and cross your fingers. If you have the time to trial and error a time
or two, I'd suggest NIS+ (for it's greater stability and security (from
my experiences)). Danny Barron
----------------------------------------------------------------------------------
From: epl@Kodak.COM (Gene Loriot (epl@kodak.com))
We run only Solaris 2.3/NIS+; and have one NIS+ replica in each name space.
This works fine. A word of caution: less is better...DO NOT have any more
than one replica server in any one name space, and if you have a subnet
that is well attached (good, and reliable network connection) I might try
not having a replica server in that space.
--
#### ###### Gene Loriot E-mail: epl@Kodak.COM
### ######## Eastman Kodak Company Voice: (716) 724-6962
## ########## Customer Equipment Services Fax: (716) 724-9860
# ### KODAK ## 343 State Street
## ########## Mail Code: 00708
### ######## Rochester, New York 14650-0708
#### ###### U. S. A. [On a clear DISK you can SEEK forever]
-------------------------------------------------------------------------------------
From: pburyk@leis.leis.bellcore.com (Patrick Buryk)
Jasjit -
As long as you're running a 4.1.3 "NIS" master, why not use
"NIS" on your Solaris slaves? You can purchase the "NIS Naming Services
Transition Kit" from Sun that will allow you to load up NIS (not NIS+)
on your Solaris master and slave servers, so you can keep things status
quo, until you're ready to migrate to NIS+. I've done this at two other
client sites and it has performed as well as it did under 4.1.3.
Patrick Buryk
Bellcore
(908) 699-4089
---------------------------------------------------------------------------------------
From: Dan Stromberg - OAC-DCS <strombrg@bingy.acs.uci.edu>
NIS+ with NIS+ replicas, or NIS with NIS slaves.
You can have NIS clients of an NIS+ server (compat mode), but I
believe you cannot do NIS slaves of an NIS+ master, nor an NIS+
replica of an NIS master.
----------------------------------------------------------------------------------------
From: Joe Konczal <konczal@mail-gw.ncsl.nist.gov>
Avoid using NIS+ if possible. I will be switching back to NIS.
I have heard that the Sun is no longer working on the enormous task of
debugging NIS+, and that plain old NIS, not NIS+, will be shipped with
Solaris 2.4. Also, you can buy NIS for Solaris 2.x for less than
$100.00. I don't know yet if the NIS from Solaris 1.x will run on
Solaris 2.x in compatibility mode.
I upgraded from Solaris 1.1 to Solaris 2.3 last week. Most of my 40
to 50 PC-NFS 5.0 clients are still working, using NIS+ in NIS
compatibility mode, but two users have reported problems with DNS
lookups through NIS+. Fortunately, I still have another SunOS 4.1 NIS
server which serves them well.
--
Joseph C. Konczal
Computer Scientist
National Institute of Standards and Technology
Gaithersburg, Maryland 20899
phone: (301) 975-3285
email: jkonczal@nist.gov
--------------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:09:09 CDT