SUMMARY: NIS+ setup

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

1. My original posting:

>I am running Solaris 2.3 trying to go from files to NIS+, server setup goes
>fine, adding clients, I use :
>
> nisclient -i -d our.nis.domain. -h master_server
>
>this prompts for a secure-RPC password. I have tried the root password,
>nisplus ( which someone told me was the default) and even old passwords,
>nothing works, I can't get past this point. I have checked the archives and
>the FAQ and found no help. Can any one help on this or point me to a good
>NIS+ FAQ.
>
>I will summarize and thanks in advance.

2. Responses I received:

########################################################################

on the master server do the following....

# nisgrep client_name cred.org_dir

{see if the master server has credentials for the client already, if
there is one, remove it}

# nisaddcred -r principalname.domainname.

{note the trailing dot at the end}

now recreate the credentials as follows with your root passwd.

# nisaddcred -p unix.m/c_name@domainame -P m/c_name.domainame. -l passwd des

remember it si the root passwd you have to type in, and then try
running that script on the client m/c.

Don't forget to remove /etc/.rootkey file on the client m/c
before you start all this.

good luck

---------------------------------------Asim Zuberi

##########################################################################

Try nisplus as password
Mike

##########################################################################

   We've had more than our share of NIS+ woes. Here's the best set of
   procedures we've been able to find.

   We're going to start running "npasswd" to avoid the NIS crap.

-- 
Karl Vogel                             vogelke@c17.wpafb.af.mil  937-255-3688
Control Data Systems, Inc.           ASC/YCOA, Wright-Patterson AFB, OH 45433
The only thing that separates us from the animals
is superstition and mindless rituals. 				--Latke
=============================================================================
	How to remove NIS+ completely:
	-------------------------------------------------------------------S
	% nisclient -r
	% rm -rf /var/nis
	% rm /etc/defaultdomain
	% rm /etc/.rootkey
	% ps -ef | grep keyserv
	
	  [ kill any pid you find ]
	
	% keyserv
	% shutdown -y -g0 -i6
	-------------------------------------------------------------------E
	How to check the NIS package for installation problems:
	-------------------------------------------------------------------S
	% pkgchk SUNWnisu
	-------------------------------------------------------------------E
	How to rebuild NIS+ from scratch:  (note trailing dots)
	-------------------------------------------------------------------S
	% nisserver -r -d your.domain.name.
	% nispopulate -F -p /etc -d your.domain.name.
	
	  [ check /etc/nsswitch.conf and replace if needed ]
	
	% shutdown -y -g0 -i6
	-------------------------------------------------------------------E
	Excerpt from Sun:
	-------------------------------------------------------------------S
	From: Rich.Newman@Corp.Sun.COM (Rich Newman - SunService)
	Date: Mon, 4 Nov 1996 15:54:48 -0800
	
	 NIS+ Recommended Patches for Solaris 2.5.1 (sparc)
	
	103640-03:SunOS 5.5.1: kernel patch (2261271 bytes)
	103686-01:SunOS 5.5.1: rpc.nisd_resolv rebuild for BIND 4.9.3 
		(89859 bytes) 
	103680-01:SunOS 5.5.1: nscd/nscd_nischeck rebuild for BIND 
		4.9.3 (101203 bytes) 
	
	***************************************************
	
	I assume that you have 1 root master and 1 root replica.  Before you 
	perform the procedure below, you should make sure:
	
	1.  the root master and root replica are up.
	2.  then do these steps on the root master.
	
	    # nisping   org_dir.`domainname`.
	    # nisping   groups_dir.`domainname`.
	    # nisping   `domainname`.
	    # nisping -C  org_dir.`domainname`.
	    # nisping -C  groups_dir.`domainname`.
	    # nisping -C  `domainname`.
	
	3.  verify its update as
	
	    # nislog
	    or
	    # nisping -u `domainname`.
	
	4.  do a system back up on the root master and replica.
	
	Now, do this procedure.
	
	How to convert a root replica to root master:
	--------------------------------------------
	1.  On the root master machine, create master's objects for
	    replica.
	
	  # nismkdir -m replica groups_dir.`domainname`.
	  # nismkdir -m replica org_dir.`domainname`.
	  # nismkdir -m replica `domainname`.
	  
	2.  Kill rpc.nisd and nis_cachemgr on both master and replica.
	 
	  # ps -ef | grep nis
	  # kill rpc.nisd_pid nis_cachemgr_pid
	  
	3.  One the root replica machine, copy root.object of the root master.
	
	  # rcp master:/var/nis/hostname/root.object /var/nis/data
	  
	4.  Restart rpc.nisd and nis_cachemgr on the new root master 
	    (old replica machine).
	  
	  # /usr/sbin/rpc.nisd
	  # /usr/sbin/nis_cachemgr -i
	    
	5.  Access the domainname directory and verify that the old replica
	is now the master. On the new root master (old root replica) 
	machine: 
	    
	  # /usr/lib/nis/nisshowcache -v (this should show the new root 
		master) 
	  # niscat -o groups_dir.`domainname`. (this shows the old root 
		master. It's OK.) 
	  # niscat -o org_dir.`domainname`. (this show the old root 
		master. It's OK.) 
	  # niscat -o `domainname`.  (this should show the new root master)
	  
	  Important Note: Pay attention to the nis_cachemgr.  If it does
	  not switch, do not run nis_cachemgr while debugging.
	
	  If the contents of the cache still shows the old master server
	  to be the root master, do the following on the old replica
	  (new root master):
	  
	  replica# nismkdir -m replica org_dir.`domainname`.
	  replica# nismkdir -m replica groups_dir.`domainname`.
	  replica# nismkdir -m replica `domainname`.
	
	6.  On the new root master, do
	
	  # /usr/lib/nis/nisping -C `domainname`.
	  (In 2-4 mins, it will start propagating the maps).
	  
	7.  On each client, kill nis_cachemgr.
	
	  # ps -ef | grep nis
	  # kill nis_cachemgr_pid
	  
	8.  On client, get a new coldstart file from the new master server.
	
	  # nisinit -c -H new_master_server
	  
	9.  On client, restart nis_cachemgr.
	
	  # /usr/sbin/nis_cachemgr -i
	-------------------------------------------------------------------E

############################################################################
Chris:
SunService infodoc 11988 might help.  If you haven't really implemented
NIS+ yet, you could remove NIS+ (described in section 3.17 of the
infodoc) and start over.  I have been told by Sun that the only way
to fix this problem is to reinstall NIS+.  If you have already implemented
NIS+, then you have to dump all the tables including the cred table
and back up /var/nis and /etc/.rootkey, etc, etc, etc, etc.  I have
not yet attempted the whole procedure but will in the next couple of
weeks.
--
**************************************************************************
* Russell Weeks                             rweeks@.math.usu.edu         *
* System Manager                            TEL: (801)797-4061           *
* Department of Mathematics & Statistics    FAX: (801)797-1822           *
* Utah State University                     WWW: http://www.math.usu.edu *
**************************************************************************
###########################################################################
Here I use the root passwd of the client. What you should do is remove the
credentials in the rootmaster using nisaddcred. Then add them again. Once
you're done, do the add the client running the nisclient from the client
machine.
It works for me anyway.
Good luck.
--
Charles Gagnon                      | All opinions expressed herein are
Systems Engineer                    | fictitious. Any ressemblance with actual
Charles@Grafnetix.COM               | opinions, living or dead is purely
http://www.Grafnetix.COM/~charles/  | concidental.
###########################################################################
Chris,
Try this www location.
http://www.batnet.com:80/stokely/sunservice.tips/11988.html
David.
---------------------------------------------------------------------------
David Montgomery
Department of Computer Science
University of Newcastle
University Drive                        Phone: +61 49 216174
Callaghan 2308 NSW                      Fax  : +61 49 216929
AUSTRALIA                               Email: david@cs.newcastle.edu.au
#############################################################################
3. What I did:
I tried removing the credentials from the database with nisaddcred -r but
that did not work.  So eventually I just uninstalled nis+ completely and
re-installed it with all applicable patches.  Works fine now.  SunService 
infodoc 11988 was very informative and helpful.
I think it is available at the above address or I can email it to anyone
requesting it.  Thanks to all respondants.
Chris Haggard			 _____/\_____
UNIX System Administrator     	 ____//\\____
Norad System Support Facility    ___//  \\___  
United States Air Force          __//    \\__
(h) 904-913-8815                 __\\    //__          
(w) 904-283-5294        	 ___\\  //___
chris@nssf1.nssf.af.mil          ____\\//____
chris@falcon.nssf.af.mil              \/
				

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:11:18 CDT