N2L service (Continued)when not to use, 229with custom mappings, 237with nonst<strong>and</strong>ard mappings, 237with st<strong>and</strong>ard mappings, 235N2L transition, See <strong>NIS</strong> to <strong>LDAP</strong> transitionname resolution, 301name server, 301name space, <strong>DNS</strong>, 27namespace, 301naming, 21-27<strong>DNS</strong>, 27files-based, 28<strong>NIS</strong>, 28Solaris naming services, 27-29naming service, 301naming service switch, 301ndbm, 71, 85ndbm file, changing map server, 99netgroup.byhost file, 96netgroup.byuser file, 96netgroup file, 96entries, example, 97netnames, 278netstat, testing, 115network mask, 301network password, 301New FeaturesService Management Facility with<strong>LDAP</strong>, 178-179Service Management Facility with<strong>NIS</strong>, 80-81Service Management Facility with <strong>NIS</strong>+ to<strong>LDAP</strong>, 253Service Management Facility with<strong>NIS</strong>-to-<strong>LDAP</strong> toolsSee also <strong>NIS</strong>, <strong>LDAP</strong>nicknames files, 75<strong>NIS</strong>, 28, 67-68, 301“not responding” messages, 113“unavailable” messages, 114architecture, 68automatic starting, 88binding, 77-78binding, broadcast, 77binding, server-list, 77broadcast binding, 78C2 security, 110<strong>NIS</strong> (Continued)client problems, 114-117client setup, 91clients, 69-70comm<strong>and</strong>s hang, 114components, 70-77crontab, 104-105daemons, 70daemons, not running, 118-119daemons, starting, 87<strong>DNS</strong>, <strong>and</strong>, 68<strong>DNS</strong> <strong>and</strong>, 111-112domain names, 82domains, 68, 70domains, multiple, 87halting, 112Internet <strong>and</strong>, 68list of comm<strong>and</strong>s, 76-77list of daemons, 70Makefile, 72Makefile filtering, 101makefile preparation, 85master servers, 69modifying configuration files, 99-100ndbm format, 71netgroups, 96-97, 97overloaded servers <strong>and</strong>, 118passwd maps auto update, 105password data, 82-83, 83passwords, user, 95-96problems, 113-121restarting, comm<strong>and</strong> line, 88root entry, 94rpc.yppasswdd, 96security, 93-94server binding not possible, 116-117server-list binding, 77servers, 69-70servers, malfunction, 118servers, maps different versions, 119-120servers not available, 115-116Service Management Facility, 80-81setup, preparation for, 80, 82-83slave server setup, 89-90slave servers, 69source files, 82-83, 83-84starting, 87-89starting, comm<strong>and</strong> line, 88308 System Administration Guide: <strong>Naming</strong> <strong>and</strong> <strong>Directory</strong> <strong>Services</strong> (<strong>DNS</strong>, <strong>NIS</strong>, <strong>and</strong> <strong>LDAP</strong>) • January 2005
<strong>NIS</strong> (Continued)stopping, 112stopping, comm<strong>and</strong> line, 88structure of, 68updates, automating, 104-105, 105-106updating passwd maps, 95updating via shell scripts, 105-106user password locked, 95useradd, 94userdel, 95users, adding, 94-95users, administering, 94-97utility programs, 71/var/yp/, 72ypbind “can’t” messages, 113ypbind daemon, 77ypbind fails, 117ypinit, 86ypservers file, 109ypwhich, 78ypwhich inconsistent displays, 116<strong>NIS</strong>+, 301<strong>NIS</strong>+ to <strong>LDAP</strong>Service Management Facility, 253when not to use SMF, 254<strong>NIS</strong> clients, not bound to server, 115<strong>NIS</strong>-compatibility mode, 301<strong>NIS</strong> domain namesincorrect, 114-115missing, 114-115<strong>NIS</strong> domains, changing, 110<strong>NIS</strong> hosts, changing domain of, 110<strong>NIS</strong> maps, 72-74, 301administering, 97-103changing server, 98-99CHKPIPE in Makefile, 102comm<strong>and</strong>s related to, 75-77crontab, 104-105default, 72-74descriptions of, 72-74displaying contents, 98displaying contents of, 75format is ndbm, 71locating, 75Makefile, DIR variable, 101Makefile, DOM variable, 101Makefile, PWDIR variable, 101Makefile <strong>and</strong>, 100-101<strong>NIS</strong> maps (Continued)Makefile filtering, 101Makefile macros, changing, 101Makefile variables, changing, 101making, 75modifying configuration files, 99-100new maps, creating from files, 107new maps, creating from keyboard, 107nicknames, 75nondefault, 103NOPUSH in Makefile, 102propagating, 104updates, automating, 104-105, 105-106updating, 74-75updating Makefile entries, 104-106updating via shell scripts, 105-106/var/yp/, 72working with, 74-75yppush in Makefile, 102ypxfr, crontab file in, 105ypxfr, invoking directly, 106ypxfr, shell scripts in, 105-106ypxfr logging, 106<strong>NIS</strong> slave serversadding, 108-110initializing, 109<strong>NIS</strong>-to-<strong>LDAP</strong>Service Management FacilitySee also <strong>NIS</strong>, <strong>LDAP</strong><strong>NIS</strong> to <strong>LDAP</strong> transition, 227-250See also N2Lbuffer overruns, 243comm<strong>and</strong>s, 231-232configuration files, 231-232deadlock, 248debugging the <strong>NIS</strong><strong>LDAP</strong>mappingfile, 245-247hosts file configuration, 234ipnodes file configuration, 234issues, 245-248<strong>LDAP</strong> error codes, 244-245lock files, 247nsswitch.conf file configuration, 234prerequisites, 234restrictions, 244reverting to <strong>NIS</strong>, 248-250server timeouts, 242-243, 247terminology, 230-231309
- Page 1 and 2:
System Administration Guide:Naming
- Page 3 and 4:
ContentsPreface 15Part I About Nami
- Page 5 and 6:
Server-List Mode 77Broadcast Mode 7
- Page 7 and 8:
Using Fully Qualified Domain Names
- Page 9 and 10:
Checking Server Data From a Non-Cli
- Page 11 and 12:
Replication Timestamps 268The Direc
- Page 13 and 14:
ExamplesEXAMPLE 2-1 NIS+ Switch Fil
- Page 15 and 16:
PrefaceSolaris Administration Guide
- Page 17 and 18:
Related Books■ Sun Java System Di
- Page 19 and 20:
PARTIAbout Naming and Directory Ser
- Page 21 and 22:
CHAPTER 1Naming and Directory Servi
- Page 23 and 24:
A network information service store
- Page 25 and 26:
docS2S1sales.docS3manf.docC1 C2 C3
- Page 27 and 28:
Subsequent changes in your organiza
- Page 29 and 30:
NIS+ uses a client-server model to
- Page 31 and 32:
CHAPTER 2The Name Service Switch (O
- Page 33 and 34:
TABLE 2-1 Switch File Information S
- Page 35 and 36:
networks: nis [NOTFOUND=return] fil
- Page 37 and 38:
Note - In order to use LDAP naming
- Page 39 and 40:
EXAMPLE 2-3 Files Switch File Templ
- Page 41 and 42:
Selecting a Different Configuration
- Page 43 and 44:
Caution - Potential delay issues:
- Page 45 and 46:
PARTIIDNS Setup and AdministrationT
- Page 47 and 48:
CHAPTER 3DNS Setup and Administrati
- Page 49 and 50:
DNS and the Service ManagementFacil
- Page 51 and 52:
EXAMPLE 3-2 Sample named.conf File
- Page 53 and 54:
etc/rndc.confComparison of BIND 8 a
- Page 55 and 56:
Options {Changes[ directory path_na
- Page 57 and 58:
Options {Changes[ sortlist { addres
- Page 59 and 60:
options {blackhole { ; ... };coresi
- Page 61 and 62:
};print-time ;print-severity ;print
- Page 63 and 64:
};maintain-ixfr-base ; // obsoletem
- Page 65 and 66:
PARTIIINIS Setup and Administration
- Page 67 and 68:
CHAPTER 4Network Information Servic
- Page 69 and 70:
NIS Machine TypesThere are three ty
- Page 71 and 72:
Note - rpc.yppasswdd considers all
- Page 73 and 74:
TABLE 4-3 NIS Map DescriptionsMap N
- Page 75 and 76:
For example, when you add a new mac
- Page 77 and 78:
TABLE 4-4 NIS Command SummaryComman
- Page 79 and 80:
CHAPTER 5Setting Up and Configuring
- Page 81 and 82:
■You can query the status of NIS
- Page 83 and 84:
In addition, if audit_user, auth_at
- Page 85 and 86:
Preparing the MakefileAfter checkin
- Page 87 and 88:
If the map or maps being pushed by
- Page 89 and 90:
# svcadm restart network/nis/server
- Page 91 and 92:
Setting Up NIS ClientsThe two metho
- Page 93 and 94:
CHAPTER 6Administering NIS (Tasks)T
- Page 95 and 96:
This step is necessary because the
- Page 97 and 98:
separated by commas. For example, t
- Page 99 and 100:
▼How to Change a Map’s Master S
- Page 101 and 102:
master of the map, modify the Makef
- Page 103 and 104:
5. Run make.# make mapnameWhere map
- Page 105 and 106:
To periodically run ypxfr at a rate
- Page 107 and 108:
■Using the Makefile” on page 10
- Page 109 and 110:
2. Change to the NIS domain directo
- Page 111 and 112:
Using NIS in Conjunction With DNSTy
- Page 113 and 114:
CHAPTER 7NIS TroubleshootingThis ch
- Page 115 and 116:
Client7# ls /var/yp...-rwxr-xr-x 1
- Page 117 and 118:
Note - For security reasons, the us
- Page 119 and 120:
# svcadm restart network/nis/server
- Page 121 and 122:
100004 2 udp 731 ypserv100004 1 udp
- Page 123 and 124:
PARTIVLDAP Naming Services Setup an
- Page 125 and 126:
CHAPTER 8Introduction to LDAP Namin
- Page 127 and 128:
DNS NIS NIS+ LDAPServers Master/sla
- Page 129 and 130:
CHAPTER 9LDAP Basic Components andC
- Page 131 and 132:
networksdn: ipNetworkNumber=200.20.
- Page 133 and 134:
Also, if you use interface-specific
- Page 135 and 136:
semicolon-separated base-scope-filt
- Page 137 and 138:
LDAP Client ProfilesTo simplify Sol
- Page 139 and 140:
TABLE 9-2 Client Profile Attributes
- Page 141 and 142:
LDAP Naming Services Security Model
- Page 143 and 144:
Caution - Allowing anonymous write
- Page 145 and 146:
■and that it is easy to set up.sa
- Page 147 and 148:
Pluggable Authentication MethodsBy
- Page 149 and 150:
TABLE 9-5 pam_unix versus pam_ldapP
- Page 151 and 152:
Note - The preceding account manage
- Page 153 and 154:
CHAPTER 10Planning Requirements for
- Page 155 and 156:
information will be searched for a
- Page 157 and 158:
For information about how to set up
- Page 159 and 160:
Because the entries are stored in t
- Page 161 and 162:
CHAPTER 11Setting Up Sun Java Syste
- Page 163 and 164:
Note - If you are using hostnames i
- Page 165 and 166:
Using Service Search Descriptors to
- Page 167 and 168:
▼How to Configure Sun Java System
- Page 169 and 170:
EXAMPLE 11-1 Running idsconfig for
- Page 171 and 172:
EXAMPLE 11-1 Running idsconfig for
- Page 173 and 174:
Populating the Directory Server Wit
- Page 175 and 176:
Migrating Your Sun Java SystemDirec
- Page 177 and 178:
CHAPTER 12Setting Up LDAP Clients (
- Page 179 and 180:
■dependencyrequire_all/none svc:/
- Page 181 and 182:
System successfully configuredThe -
- Page 183 and 184:
Setting Up TLS SecurityNote - The s
- Page 185 and 186:
Retrieving LDAP Naming ServicesInfo
- Page 187 and 188:
Enabling DNS With LDAPIf you want t
- Page 189 and 190:
CHAPTER 13LDAP Troubleshooting (Ref
- Page 191 and 192:
Checking the Current Profile Inform
- Page 193 and 194:
5. No password is defined for the u
- Page 195 and 196:
CHAPTER 14LDAP General Reference (R
- Page 197 and 198:
CompatibilityClients configured on
- Page 199 and 200:
General LDAP ToolsLDAP command line
- Page 201 and 202:
other password required pam_dhkeys.
- Page 203 and 204:
IETF Schemas for LDAPSchemas are de
- Page 205 and 206:
SYNTAX ’INTEGER’ SINGLE-VALUE )
- Page 207 and 208:
( nisSchema.2.5 NAME ’oncRpc’ S
- Page 209 and 210:
Directory User Agent Profile(DUAPro
- Page 211 and 212:
Solaris SchemasThe schemas required
- Page 213 and 214:
( 1.3.6.1.4.1.42.2.27.5.2.4 NAME
- Page 215 and 216:
EQUALITY caseIgnoreMatch ORDERING c
- Page 217 and 218:
"edge-stitch-bottom", "staple-dual-
- Page 219 and 220:
Legal values include; "unknown", "b
- Page 221 and 222:
client generates protocol extension
- Page 223 and 224:
ootparams(&(objectclass=bootableDev
- Page 225 and 226:
TABLE 14-5 getent Attribute Filters
- Page 227 and 228:
CHAPTER 15Transitioning From NIS to
- Page 229 and 230:
■■Chapter 4, for an overview of
- Page 231 and 232:
TABLE 15-1 Terminology Related to t
- Page 233 and 234:
Transitioning From NIS to LDAP (Tas
- Page 235 and 236:
■ The name of the configuration f
- Page 237 and 238:
d. Start the NIS daemons to ensure
- Page 239 and 240:
Tip - The original NIS dbm files ar
- Page 241 and 242:
ou=servdates, ?one? \objectClass=se
- Page 243 and 244:
For example, to increase the minimu
- Page 245 and 246:
Object class violationError Number:
- Page 247 and 248:
Problem: Object class violations oc
- Page 249 and 250:
▼How to Revert to Maps Based on O
- Page 251 and 252:
CHAPTER 16Transitioning From NIS+ t
- Page 253 and 254:
“client_info and timezone Tables
- Page 255 and 256:
2. Stop the NIS+ service.# svcadm d
- Page 257 and 258: ■nisplusLDAPconfigProxyPasswordSe
- Page 259 and 260: ■■■■■■■■■■nispl
- Page 261 and 262: Carefully consider how critical it
- Page 263 and 264: Assuming the defaultSearchBase valu
- Page 265 and 266: ▼How to Convert All NIS+ Data to
- Page 267 and 268: 7. Create merged versions of the ta
- Page 269 and 270: eplica. For example, assume that th
- Page 271 and 272: traffic. For example, if the rpc.ni
- Page 273 and 274: ■■■passwordnisplusLDAPproxyPa
- Page 275 and 276: NIS+ Entry Owner, Group, Access, an
- Page 277 and 278: homeDirectory=home, \loginShell=she
- Page 279 and 280: Set the owner of the link object to
- Page 281 and 282: NAME ’nisplusClientInfoData’ \D
- Page 283 and 284: nisplusLDAPdatabaseIdMappingIf this
- Page 285 and 286: nisplusLDAPobjectDNThe cname column
- Page 287 and 288: nisplusLDAPcolumnFromAttribute \net
- Page 289 and 290: NIS+/LDAP configuration attributes
- Page 291 and 292: NAME ’nisplusLDAPbaseDomain’ \D
- Page 293 and 294: APPENDIXASolaris 10 Software Update
- Page 295 and 296: It is not possible to provide a cle
- Page 297 and 298: Glossaryapplication-levelnaming ser
- Page 299 and 300: DNS zonesDNS zone filesdomainAdmini
- Page 301 and 302: N2L servername resolutionname serve
- Page 303 and 304: server listslave serverSee preferre
- Page 305 and 306: IndexNumbers and Symbols+/- Syntaxc
- Page 307: IP address, 300ipsec(7), 144IPv6, n
- Page 311 and 312: private key, 301Profiles, LDAP clie
- Page 313 and 314: yppush command, NIS problems, 120yp