Thread: Nis+ issues
View Single Post

   
  #2 (permalink)  
Old 01-12-2008, 06:17 AM
Neil W Rickert
 
Posts: n/a
Default Re: Nis+ issues
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Luotao Fu <devrandom@freenet.de> writes:

>Got some questions about Nis+ Stuff. I don't exactly know, if I'm here in
>the right group, so don't beat me, if you know a better place to post this.

>We get here a Linux/Solaris Network, the User Auth and some Diretory Service
>stuff are done with a Nis+ Server. The Server as well as the Client had all
>publich IPs. Right now we are rebuilding the network for Firewalling, the
>client and the Nis+ Server are now putten in a NAT network, my question
>here is, will it work, if I simply change the hosttable ( because of the IP
>changes ) on the Nis+ Server( I don't want to change all the Credentials )?
>Will the credentials for the clienthosts or users be affectetd?

Changing the hosts entry (in the nis+ hosts table) will work. It
won't affect the credentials, which are based on host/domain, not on
IP. Changing the IP address of the NIS+ server is trickier. The
recommendated solution for that is to give the the NIS+ server two IP
addresses (both new and old) for a while. The new IP can be on a
virtual interface (hme0:2 for example). Then run "nisupdkeys -a".
Then wait for a while to allow time for the information to be updated
on all clients and servers. Then switch to the new IP, delete the
old IP, and finally run "nisupdkeys -a" again. You can use "niscat
- -o directory" to check what are the IP addresses that will be tried
for contacting a server.

>Question2: I setted up a Nis+ Replica Server earlier with
>nismkdir -s ..., now I'd like to take this Replica Server down, but I just

Use

nisrmdir -s

for this. Check the man pages for nisrmdir.

Normally, one would use

nisrmdir -s org_dir.$NIS_DOMAIN
nisping
### wait a minute or two for "nisping" to propogate
nisrmdir -s groups_dir.$NIS_DOMAIN
nisping
### wait a minute or two for "nisping" to propogate
nisrmdir -s $NIS_DOMAIN
nisping

If the replica is not accessible at the time, add "-f" to the
"nisrmdir" options.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (SunOS)

iD8DBQFAIThEvmGe70vHPUMRAqxDAKDfr/167FPpNF8dcq0F0CM+8NWCogCguPE5
pX6cHQu7WZ9jnVUkK1zyXrc=
=IvP2
-----END PGP SIGNATURE-----
Reply With Quote