NFS Services Administrator’s Guide HP-UX 11.0, 11i v1, v1.5 and v1.6 Manufacturing Part Number : 5992-0715 April 2007 © Copyright 2007 Hewlett-Packard Development Company, L.P.
Legal Notices Copyright 2007 Hewlett-Packard Development Company, L.P. Confidential computer software. Valid license required from HP for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor’s standard commercial license. The information contained herein is subject to change without notice.
Contents 1. Installing the NFS Services Installing the NFS Services Software. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 Overview of the NFS Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 2. Configuring and Administering NFS Preparing for NFS Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To Check the Network Connections . . . . . . . . . . . . . . . . . . . . . . .
Contents How the Automounter Sets Up Direct and Indirect Mounts . . . . . . . . . . . . . . . . . 67 To Mount a Remote Directory Using a Direct Automounter Map . . . . . . . . . . . . . . . 68 Example File Entries for Direct Automounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71 To Mount a Remote Directory Using an Indirect Automounter Map . . . . . . . . . . . . 72 Example File Entries for Indirect Automounts . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contents Example of Automounting a User’s Home Directory . . . . . . . . . . . . . . . . . . . . . . To Automount Multiple Directories Simultaneously (Hierarchical Mounts) . . . . . To Include an Automounter Map in Another Automounter Map. . . . . . . . . . . . . . . To Create a Hierarchy of Automounter Maps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To Turn Off an Automounter Map with the -null Map. . . . . . . . . . . . . . . . . . . . . . . To Enable AutoFS . . . . . . . . . . . . . . .
Contents To Determine Which Hosts Will Be NIS Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . To Draw an NIS Network Map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Configuring and Administering an NIS Master Server. . . . . . . . . . . . . . . . . . . . . . . . To Create the Master passwd File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To Create the Master group File . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contents To Bind an NIS Client to a Server on a Different Subnet . . . . . . . . . . . . . . . . . . . . Configuring and Administering Secure RPC (if NIS+ is not used) . . . . . . . . . . . . . . . To Have Users Create their Secure RPC Keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To Create Secure RPC Keys for Users. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To Create Secure RPC Keys for Hosts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contents To Change the Ownership of NIS+ Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To Change the Search Order of Domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To List the Contents of an NIS+ Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To Search an NIS+ Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To Add an Entry to an NIS+ Table . . . . . . . . . . . . . . . . . . .
Contents To Configure REX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 283 To Configure REX Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 285 To Configure Logging for the rexd Daemon . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 286 8. Troubleshooting NFS Services Common Problems with NFS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contents To Improve NFS Client Performance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To Improve NIS+ Performance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Logging and Tracing of NFS Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . NFS Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To Control the Size of Log Files . . . . . . . . .
Tables Table 2-1. Standard-Mounted vs. Automounted Directories . . . . . . . . . . . . . . . . . . . .38 Table 2-2. NFS Mount Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .46 Table 2-3. NFS Caching Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .53 Table 2-4. Direct vs. Indirect Automounter Map Types. . . . . . . . . . . . . . . . . . . . . . . .66 Table 2-5. Old Automount Command-Line Options Used By AutoFS . . . . .
Tables 12
Figures Figure 2-1. Symbolic Links in NFS Mounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .28 Figure 2-2. NFS Mount of man pages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .44 Figure 2-3. NFS Mount of Home Directories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .45 Figure 2-4. Automounted Directories from -hosts Map—One Server . . . . . . . . . . . . .65 Figure 2-5. Automounted Directories from -hosts Map—Two Servers . . . . . . . . . .
Figures 14
1 Chapter 1 Installing the NFS Services 15
Installing the NFS Services This chapter tells you how to install the NFS Services and briefly describes each one. It contains the following sections: • Installing the NFS Services Software • Overview of the NFS Services This manual does not document NFS Diskless. For information on NFS Diskless configuration and administration, see the Managing Systems and Workgroups manual. For more information, see Managing NFS and NIS, by Hal Stern, published by O’Reilly & Associates.
Installing the NFS Services Installing the NFS Services Software Installing the NFS Services Software Before you begin to install the software, make sure you have the correct operating system on your computer. The HP-UX operating system, the required link software, and the NFS Services software must all be the same version. You can check your HP-UX operating system version with the uname -r command. Use the HP-UX Software Distributor (SD) to install the NFS Services file set.
Installing the NFS Services Overview of the NFS Services Overview of the NFS Services Hewlett-Packard’s NFS Services include the following: 18 • Network File System (NFS) provides transparent access to files from anywhere on the network. An NFS server makes a directory available to other hosts on the network by “exporting” the directory. An NFS client provides access to the NFS server’s directory by “mounting” the directory.
Installing the NFS Services Overview of the NFS Services RPC programming. On HP-UX 10.30 and later, Transport-Independent RPC (TI-RPC) is supported. For information on RPC and rpcgen, see Power Programming with RPC, by John Bloomer, published by O’Reilly and Associates, Inc. Chapter 1 • Remote Execution Facility (REX) allows you to execute commands interactively on a remote host while your local environment is simulated on the remote host.
Installing the NFS Services Overview of the NFS Services • 20 The quota command, which displays information about a user’s disk usage and limits, may be used to get information about a user on a remote host, if the rquotad daemon is running on the remote host. For more information, see the man pages rquotad(1M) and quota(1). For information on configuring rquotad, see “Configuring the Other NFS Daemons and Services” on page 132.
2 Configuring and Administering NFS This chapter tells you how to configure and administer an HP 9000 as an NFS server or client, by editing files and issuing HP-UX commands.
Configuring and Administering NFS An NFS server is a machine that “exports” (makes available) its local files and directories to NFS clients. An NFS client is a machine that “mounts” files and directories exported by NFS servers. NFS-mounted files and directories look to users like part of the NFS client’s local file system. A machine can be an NFS server and an NFS client at the same time. NOTE HP does not support NIS over Wide Area Networks (WANs). WANs include network links using X.
Configuring and Administering NFS Preparing for NFS Configuration Preparing for NFS Configuration Before you configure your machine as an NFS server or client, you must perform the following tasks: 1. To Check the Network Connections 2. To Set User IDs and Group IDs (if neither NIS nor NIS+ is used) 3. To Ensure that No User is a Member of Too Many Groups The rest of this section explains the procedures for performing these tasks.
Configuring and Administering NFS Preparing for NFS Configuration — Each user has the same user ID on all machines where that user has an account. — No two users anywhere on the network have the same user ID. — Each group has the same group ID on all machines where that group exists. — No two groups on the network have the same group ID. When users request NFS access to remote files, their user IDs and group IDs are used to check file ownership and permissions, just as they are locally.
Configuring and Administering NFS Preparing for NFS Configuration This command returns the number of occurrences of username in the NIS group database. If you are using NIS+ to manage your group database, issue the following command for each user in your domain: niscat -M group.org_dir | /usr/bin/grep -c username 2. If any user is a member of more than 16 groups, remove the user from some of the groups. See “To Modify an NIS Map” on page 164 for instructions on modifying an NIS map.
Configuring and Administering NFS Configuring and Administering an NFS Server Configuring and Administering an NFS Server An NFS server is a machine that “exports” its local directories (makes them available for client machines to mount using NFS). On the NFS client, these mounted files and directories look to users like part of the client’s local file system. An NFS server can also be an NFS client. Following are the tasks involved in configuring and administering an NFS server.
Configuring and Administering NFS Configuring and Administering an NFS Server 2. If your system is already running as an NFS server, issue the following command to add the directory to your server’s internal list of exported directories: /usr/sbin/exportfs directory You can issue the exportfs -i command to add the directory to your server’s internal list of exported directories, without adding the directory to the /etc/exports file.
Configuring and Administering NFS Configuring and Administering an NFS Server the server. If the destination of the symbolic link does not exist on the client, a No such file or directory message will be displayed whenever anyone attempts access to it. Figure 2-1 illustrates the problem of symbolic links in NFS mounts, where the destination of the symbolic link exists on the NFS server but might not exist on the NFS client.
Configuring and Administering NFS Configuring and Administering an NFS Server the access privileges of user nobody. Non-root users on all NFS clients are allowed read/write access to the /var/mail directory, if the HP-UX permissions on the /var/mail directory allow them read/write access. /var/mail -root=sage:thyme:basil The following example exports the private root directory of diskless client sage. It allows root access to the root user on client sage.
Configuring and Administering NFS Configuring and Administering an NFS Server To Enable NFS Server Capability 1. In the /etc/rc.config.d/nfsconf file, make sure the NFS_SERVER and START_MOUNTD variables are set to 1, as follows: NFS_SERVER=1 START_MOUNTD=1 2. Issue the following command to run the NFS startup script: /sbin/init.d/nfs.server start The NFS startup script uses the variables in /etc/rc.config.d/nfsconf to determine which processes to start.
Configuring and Administering NFS Configuring and Administering an NFS Server 2. On every NFS client that has the directory mounted, issue the following command for a list of the process IDs and user names of everyone using the mounted directory: /usr/sbin/fuser -u servername:/directory 3. Warn any users to cd out of the directory, and kill any processes that are using the directory, or wait until the processes terminate.
Configuring and Administering NFS Configuring and Administering an NFS Server 9. On the NFS server, issue the following command to unexport the directory: /usr/sbin/exportfs -u directory If you unexport a directory that an NFS client currently has mounted, the next time someone on that client requests access to the directory, NFS will return an NFS stale file handle error message. The client may be able to unmount the directory, but if that does not work, the client must reboot to recover.
Configuring and Administering NFS Configuring and Administering an NFS Server printer lj3_2 lj3_2 lp -dlj3_2 -oraw The /etc/pcnfsd.conf file is read when the pcnfsd daemon starts up. If you make any changes to /etc/pcnfsd.conf while pcnfsd is running, you must restart pcnfsd before your changes will take effect. A PC must have NFS client software installed in order to use your system as a PC NFS server. For more information on pcnfsd, type man 1M pcnfsd at the HP-UX prompt.
Configuring and Administering NFS Configuring and Administering an NFS Server /usr/sbin/umount -h servername 5. If your server will be down for a long time, edit the /etc/fstab file on each client to comment out or remove any NFS mounts from the server you are planning to disable. This prevents the clients from attempting to mount directories from your server when the clients are rebooted. 6.
Configuring and Administering NFS Configuring and Administering an NFS Server If your NFS server will be down for only a very short period of time, this procedure is not necessary. If the server is down for only a few minutes, and directories are hard-mounted on the clients, clients attempting access to the server will simply hang until it comes back up. Then, they will resume access to it as if nothing had happened.
Configuring and Administering NFS Configuring and Administering an NFS Client Configuring and Administering an NFS Client An NFS client is a machine that “mounts” remote directories using NFS. These mounted remote directories appear to users as if they are part of the NFS client’s local file system. An NFS client can also be an NFS server. Following are the tasks involved in configuring and administering an NFS client. Only the first four tasks are required in order to get your client up and running.
Configuring and Administering NFS Configuring and Administering an NFS Client • With AutoFS the configured mount points are the actual mount points. (The pre-existing Automounter mounts directories under /tmp_mnt and creates symbolic links from the configured mount points to the actual ones under /tmp_mnt.) • You do not have to stop AutoFS to change your automounter maps. The AutoFS daemon, automountd, runs continuously.
Configuring and Administering NFS Configuring and Administering an NFS Client Table 2-1 38 Standard-Mounted vs. Automounted Directories Standard-Mounted Directory Automounted Directory (using AutoFS) Automounted Directory (using Automounter) Advantage: Configuration is simpler than for automounted directories. Only one file (/etc/fstab) is used to configure standard mounts. Disadvantage: Configuration can be more complicated than for standard mounts.
Configuring and Administering NFS Configuring and Administering an NFS Client Table 2-1 Standard-Mounted vs. Automounted Directories (Continued) Standard-Mounted Directory Automounted Directory (using AutoFS) Advantage: The configured mount point is the actual mount point. This is straightforward and does not confuse users or programs that require NFS-mounted files and directories. Advantage: The configured mount point is the actual mount point.
Configuring and Administering NFS Configuring and Administering an NFS Client Table 2-1 40 Standard-Mounted vs. Automounted Directories (Continued) Standard-Mounted Directory Automounted Directory (using AutoFS) Automounted Directory (using Automounter) Disadvantage: If a directory is configured to be standardmounted when your system boots, and the NFS server for the directory is not booted yet, your system will hang until the NFS server becomes available.
Configuring and Administering NFS Configuring and Administering an NFS Client Table 2-1 Chapter 2 Standard-Mounted vs. Automounted Directories (Continued) Standard-Mounted Directory Automounted Directory (using AutoFS) Automounted Directory (using Automounter) Not Applicable Advantage: You do not have to stop AutoFS to change your automounter maps. The AutoFS daemon, automountd, runs continuously.
Configuring and Administering NFS Configuring and Administering an NFS Client Table 2-1 Standard-Mounted vs. Automounted Directories (Continued) Standard-Mounted Directory Automounted Directory (using AutoFS) Disadvantage: Standard NFS mounts provide no shortcut for configuring all available remote directories; each directory must be configured explicitly. If the NFS servers change which directories they are exporting, you must change your local NFS client configuration.
Configuring and Administering NFS Configuring and Administering an NFS Client 2.
Configuring and Administering NFS Configuring and Administering an NFS Client This example mounts the directory /usr/share/man from the NFS server broccoli. The local mount point is also /usr/share/man. The directory is mounted read-only.
Configuring and Administering NFS Configuring and Administering an NFS Client Example NFS Mount of Home Directories broccoli:/home/broccoli /home/broccoli nosuid 0 0 cauliflower:/home/cauliflower /home/cauliflower nosuid 0 0 This example mounts the home directories from NFS servers broccoli and cauliflower on the local NFS client. The nosuid option prevents programs with setuid permission from executing on the local client.
Configuring and Administering NFS Configuring and Administering an NFS Client To Verify Your NFS Client Configuration • After you have configured the directories you want to mount and enabled NFS client capability, issue the ls command in the local directories you have configured as NFS mount points. If your NFS client is working correctly, the ls command will list the contents of mounted directories.
Configuring and Administering NFS Configuring and Administering an NFS Client Table 2-2 suid or nosuid (default: suid) NFS Mount Options (Continued) Specify suid if you want to allow mounted programs that have setuid permission to run with the permissions of their owners, regardless of who starts them. If a program with setuid permission is owned by root, it will run with root permissions, regardless of who starts it.
Configuring and Administering NFS Configuring and Administering an NFS Client Table 2-2 intr or nointr (default: intr) NFS Mount Options (Continued) Specify intr if users are not likely to damage critical data by manually interrupting an NFS request. If a hard mount is interruptible, a user may press [CTRL]-C or issue the kill command to interrupt an NFS mount that is hanging indefinitely because a server is down.
Configuring and Administering NFS Configuring and Administering an NFS Client Table 2-2 devs or nodevs (default: devs) NFS Mount Options (Continued) Specify devs if you are mounting device files from a server whose device files will work correctly on the client. The devs option allows you to use NFS-mounted device files to read and write to devices from the NFS client. It is useful for maintaining a standard, centralized set of device files, if all your systems are configured similarly.
Configuring and Administering NFS Configuring and Administering an NFS Client Table 2-2 retrans=n (default=5) NFS Mount Options (Continued) The number of times an NFS request (a read or write request to a mounted directory) is retransmitted after it times out. If the request does not succeed after n retransmissions, a soft mount returns an error, and a hard mount retries the request. Increase the retrans value for a directory that is soft-mounted from a server that has frequent, short periods of down time.
Configuring and Administering NFS Configuring and Administering an NFS Client Table 2-2 wsize=n (default=32768) vers=n (default=3) NFS Mount Options (Continued) The number of bytes the NFS client sends to the NFS server in a single write request. If packets are being dropped between the client and the server, decrease wsize to 4096 or 2048. To find out whether packets are being dropped, issue the NFSstat -rc command at the HP-UX prompt.
Configuring and Administering NFS Configuring and Administering an NFS Client Table 2-2 O (Overlay mount) default: not specified NFS Mount Options (Continued) Allows the file system to be mounted over an existing mount point, making the underlying file system inaccessible. If you attempt to mount a file system over an existing mount point without the -O option, the mount will fail with the error device busy. Caution: Using the -O mount option can put your system in a confusing state.
Configuring and Administering NFS Configuring and Administering an NFS Client Several NFS mount options allow you to change the length of time file and directory attributes remain cached on the NFS client. By default, an NFS client caches certain attributes of files and directories, like their ownership, size, and modification time.
Configuring and Administering NFS Configuring and Administering an NFS Client Table 2-3 NFS Caching Options (Continued) acdirmin=n (default=30) The minimum number of seconds a directory’s attributes are cached on the NFS client. If the directory is modified before this timeout expires, the timeout period is extended by acdirmin seconds.
Configuring and Administering NFS Configuring and Administering an NFS Client Table 2-3 NFS Caching Options (Continued) actimeo=n (no default) Setting actimeo to n seconds is equivalent to setting acdirmax, acdirmin, acregmax, and acregmin to n seconds. Set actimeo=1 or actimeo=3 for a directory that is used and modified frequently by many NFS clients. This ensures that the file and directory attributes are kept reasonably up to date, even if they are changed frequently from various client locations.
Configuring and Administering NFS Configuring and Administering an NFS Client and issue the following commands to kill all the biod daemons (PID is a process ID returned by the ps command): /usr/bin/ps -ef | /usr/bin/grep biod /usr/bin/kill PID PID ... The biod daemons improve write performance by handling NFS write requests from users and applications. After a write request is passed to a biod daemon, control is returned to the user or application.
Configuring and Administering NFS Configuring and Administering an NFS Client /usr/sbin/umount local_mount_point If any user or process is using the remote directory, NFS cannot unmount it and will issue an error message. For more information, type man 1M mount or man 1M fuser at the HP-UX prompt. To Disable NFS Client Capability 1. On the NFS client, issue the mount(1M) command with no options, to get a list of all the mounted file systems on the client: /usr/sbin/mount 2.
Configuring and Administering NFS NFS Client and Server Transport Connections NFS Client and Server Transport Connections NFS runs over both UDP and TCP transport protocols. The default transport protocol is TCP. Using the TCP protocol increases dependability on wide-area networks. Packets are successfully delivered more consistently. TCP provides congestion control and error recovery. NFS over TCP works with NFS version 2 and version 3.
Configuring and Administering NFS NFS Client and Server Transport Connections If TCP is not available on the server, the mount fails. You can tell NFS to use ONLY UDP by using the following command: mount -o proto=udp If UDP is not available on the server, the mount fails. NFS Server Transport Connections On the NFS server, to ensure a request for a TCP connection will be successful, the service must be advertised in the /etc/services name database file.
Configuring and Administering NFS NFS Client and Server Transport Connections On the HP-UX release 11.11, the default number of nfsd processes running on an NFS server is 16 nfsd processes over UDP transport ( NUM_NFSD variable in the /etc/rc.config.d/nfsconf file), plus one nfsd process over TCP transport. You can start a daemon for either transport type or both.
Configuring and Administering NFS NFS Client and Server Transport Connections 1. When the connection has been idle for more than six minutes. Idle is defined as no outbound requests. 2. When the maximum number of connections is reached. If a request for a connection comes in when this is the case, the least recently used connection will be broken. The request for a connection is then established. 3. When the NFS daemon (nfsd) receives a disconnecting event or unrecoverable error.
Configuring and Administering NFS Configuring and Administering the NFS Automounter Configuring and Administering the NFS Automounter This section tells you how to configure the NFS automounter. The automounter mounts directories automatically when users or processes request access to them, and it unmounts them automatically after they have been idle for a period of time (five minutes, by default). Following are the tasks involved in configuring the NFS automounter.
Configuring and Administering NFS Configuring and Administering the NFS Automounter 10. “To Automount Multiple Directories Simultaneously (Hierarchical Mounts)” on page 85 11. “To Improve Automounter Performance with Subdirectory Notation in Indirect Maps” on page 86 12. “To Include an Automounter Map in Another Automounter Map” on page 88 13. “To Turn Off an Automounter Map with the -null Map” on page 89 14. “To Enable the NFS Automounter” on page 89 15.
Configuring and Administering NFS Configuring and Administering the NFS Automounter If you are using NIS to manage your automounter maps, add the line to the master map file on the NIS master server, and then issue the following commands to rebuild the map and push it out to slave servers: cd /var/yp /usr/ccs/bin/make auto.
Configuring and Administering NFS Configuring and Administering the NFS Automounter For example, if server sage exports /opt and /apps, and a user on your NFS client types the following command, cd /net/sage/opt/frame the subdirectory /sage is created under /net, and /opt and /apps are mounted under /sage. Figure 2-4 shows the automounted file structure after the user’s command.
Configuring and Administering NFS Configuring and Administering the NFS Automounter To Decide Between Direct and Indirect NFS Automounts • Before you automount a remote directory, decide whether you want to use a direct or indirect automounter map. Table 2-4 lists the advantages and disadvantages of each type of map.
Configuring and Administering NFS Configuring and Administering the NFS Automounter Table 2-4 Direct vs. Indirect Automounter Map Types Direct Map Indirect Map Disadvantage: If you add or remove mounts in a direct map, or if you change the local mount point for an existing mount in a direct map, you have to restart the automounter or reboot your system before the automounter sees the changes you made.
Configuring and Administering NFS Configuring and Administering the NFS Automounter Figure 2-6 shows the difference between direct mounts and indirect mounts on an NFS client.
Configuring and Administering NFS Configuring and Administering the NFS Automounter If you are using NIS+ to manage your automounter maps, issue the following command to add an entry to the NIS+ direct map table (commonly called auto_direct.org_dir): nistbladm -a key=”local_directory” value=”mount_options \ server:remote_directory” auto_direct.org_dir 2. If you are using local files for your automounter maps, use an editor to open or create the automounter master map in the /etc directory.
Configuring and Administering NFS Configuring and Administering the NFS Automounter The mount options are the same ones used for standard NFS-mounted directories. See “To Change the Default Mount Options” on page 46 for a list of mount options. The bg option cannot be used for an automounted directory. The mount options configured in the direct map override the ones in the master map if there is a conflict. You can configure all your direct automounts in the same map.
Configuring and Administering NFS Configuring and Administering the NFS Automounter Automounted directories in the /etc/mnttab file contain the keyword ignore to prevent them from being mounted at boot time. For more information on automounter configuration, type man 1M automount at the HP-UX prompt. Example File Entries for Direct Automounts Following are example lines from an automounter direct map on NFS client sage. The sharp sign (#) indicates a comment line.
Configuring and Administering NFS Configuring and Administering the NFS Automounter Figure 2-7 illustrates how the automounter sets up the direct mounts for this configuration.
Configuring and Administering NFS Configuring and Administering the NFS Automounter 2. If you are using local files for your automounter maps, use an editor to open or create the automounter master map in the /etc directory. The master map should be called /etc/auto_master. If you are using NIS, open the master map on the NIS master server.
Configuring and Administering NFS Configuring and Administering the NFS Automounter The mount options are the same ones used for standard NFS-mounted directories. See “To Change the Default Mount Options” on page 46 for a list of mount options. The bg option cannot be used for an automounted directory. The mount options configured in the indirect map override the ones in the master map if there is a conflict.
Configuring and Administering NFS Configuring and Administering the NFS Automounter For more information on automounter configuration, type man 1M automount at the HP-UX prompt. Example File Entries for Indirect Automounts Following are example lines from an automounter indirect map on NFS client sage. The sharp sign (#) indicates a comment. Everything from the sharp sign to the end of the line is ignored by the automounter.
Configuring and Administering NFS Configuring and Administering the NFS Automounter Figure 2-8 illustrates how the automounter sets up the indirect mounts for this configuration.
Configuring and Administering NFS Configuring and Administering the NFS Automounter The automounter reads this entry as one line. The line has been broken for readability, and the backslash (\) tells the automounter that the line continues after the line break.
Configuring and Administering NFS Configuring and Administering the NFS Automounter The example shown above assumes that NFS server sage has subdirectories in its /export/private_files directory that are named after the hosts in its network. Every host in the network can use the same automounter map and the same AUTO_OPTIONS definition to mount its private files from server sage. For example, when the automounter starts up on host basil, it assigns the value basil to the HOST variable.
Configuring and Administering NFS Configuring and Administering the NFS Automounter # /etc/auto_master file # local mount point map name mount options /home /etc/auto_home -nosuid Following is the line from the automounter indirect map /etc/auto.home that mounts users’ home directories on demand. # /etc/auto_home file # local mount point server:directory mount options * remote basil:/home/& A user’s home directory is configured in the /etc/passwd file as /home/username.
Configuring and Administering NFS Configuring and Administering the NFS Automounter the automounter attempts to mount /home/charlie from host basil. The asterisk is a match for charlie, so the automounter looks no further and never reads the second line. However, if the /etc/auto_home map contains the following lines, charlie * thyme:/home/charlie basil:/home/& the automounter will mount Charlie’s home directory from host thyme and everyone else’s home directory from host basil.
Configuring and Administering NFS Configuring and Administering the NFS Automounter Setting up the NFS Client 1. In the /etc/passwd file on the NFS clients, or in the NIS passwd map or NIS+ passwd table, configure the home directory of each user as directory/servername/username, where servername is the name of the machine where the user’s home directory is physically located.
Configuring and Administering NFS Configuring and Administering the NFS Automounter 5. Create a symbolic link from each user’s home directory as it is configured in /etc/passwd (for example, /home/sage/claire) to local_parent_directory/username, where local_parent_directory is the local mount point you configured in the automounter master map, as in the following example: ln -s /homes/claire /home/sage/claire The changes you have made will not take effect until you enable or restart the automounter.
Configuring and Administering NFS Configuring and Administering the NFS Automounter To Automount Users’ Home Directories with Wildcard Characters 1. Make sure every user’s home directory is of the form directory/servername/username, on the NFS servers where the directories are located. For example, if the home directories are located under the /home directory on server sage, user Claire’s home directory pathname would be /home/sage/claire.
Configuring and Administering NFS Configuring and Administering the NFS Automounter If you are using NIS+ to manage your automounter maps, issue the following command to add an entry to the auto_home table: nistbladm -a key=”*” value=”&/home/& -nosuid” \ auto_home.org_dir 5.
Configuring and Administering NFS Configuring and Administering the NFS Automounter The automounter reads the auto_home to find out how to mount Howard’s home directory.
Configuring and Administering NFS Configuring and Administering the NFS Automounter same time. For example, the following entry from a direct map mounts the source code and the data files for a project at the same time; whenever anyone requests access to either one, they are both mounted.
Configuring and Administering NFS Configuring and Administering the NFS Automounter Subdirectory notation creates some very confusing path names on the local host. The following example shows how the automounter sets up mounts using subdirectory notation. Assume that the indirect map shown above is called auto.dogs and is listed in the master map as follows: /pets/dogs auto.
Configuring and Administering NFS Configuring and Administering the NFS Automounter To Include an Automounter Map in Another Automounter Map • To include the contents of an automounter map in another automounter map, add a plus sign (+) before the map name, as in the following example: # /etc/auto_home file # local mount point server:directory basil +auto.
Configuring and Administering NFS Configuring and Administering the NFS Automounter For more information, type man 1M automount or man 4 nsswitch.conf. To Turn Off an Automounter Map with the -null Map 1. Add a line with the following syntax to the automounter master map: local_directory -null 2. If the automounter is running, restart it to force it to read its maps. See “To Restart the Automounter” on page 92. The -null option “turns off ” the map that is mounted on local_directory.
Configuring and Administering NFS Configuring and Administering the NFS Automounter 2. If you will use a local file as your automounter master map, make sure the AUTO_MASTER variable in /etc/rc.config.d/nfsconf is set to the name of your automounter master map. (The default master map name is /etc/auto_master.) AUTO_MASTER=”/etc/auto_master” If you will use an NIS or NIS+ automounter master map, remove -f $AUTO_MASTER from the AUTO_OPTIONS variable. 3.
Configuring and Administering NFS Configuring and Administering the NFS Automounter If the directory is configured in an indirect map, issuing the ls command from the parent directory will display nothing. When you cd to a subdirectory configured in the indirect map, or issue the command ls subdirectory, the subdirectory will be mounted.
Configuring and Administering NFS Configuring and Administering the NFS Automounter 3. If you made any of the following changes, you need to restart the automounter before your changes will take effect: • any changes to the master map • changes to the local directory name in a direct map See “To Restart the Automounter” on page 92. To Restart the Automounter 1. Issue the following command to get a list of all the automounted directories on the client: /usr/bin/grep tmp_mnt /etc/mnttab 2.
Configuring and Administering NFS Configuring and Administering the NFS Automounter If the ps command indicates the automounter is still active, make sure all users are out of the automounted directories and then try again. Do not restart the automounter until all automount processes have terminated. 6. Issue the following command to start the automounter: /usr/sbin/automount options options is the list of options configured in the AUTO_OPTIONS variable in the /etc/rc.config.d/nfsconf file.
Configuring and Administering NFS Configuring and Administering AutoFS Configuring and Administering AutoFS This section tells you how to configure AutoFS. AutoFS mounts directories automatically when users or processes request access to them, and it unmounts them automatically after they have been idle for a period of time (five minutes, by default). Following are the tasks involved in configuring AutoFS. Tasks 4 and 16 alone will get AutoFS up and running on your system.
Configuring and Administering NFS Configuring and Administering AutoFS 14. “To Create a Hierarchy of Automounter Maps” on page 120 15. “To Turn Off an Automounter Map with the -null Map” on page 121 16. “To Enable AutoFS” on page 121 17. “To Disable AutoFS” on page 122 18. “To Verify Your AutoFS Configuration” on page 122 19. “To Modify or Remove (Unmount) an Automounted Directory” on page 124 NOTE SAM does not currently support AutoFS.
Configuring and Administering NFS Configuring and Administering AutoFS Migrating From Automounter to AutoFS If you were using the automounter before you updated to the HP-UX Extension Pack Release, August 1998, you must perform the following tasks to migrate your automounter configuration to AutoFS: For more information, see the automount(1M) or automountd(1M) man pages. 1. Move the /etc/rc.config.d/nfsconf file to /etc/rc.config.d.nfsconf.old. 2. Copy the /usr/newconfig/etc/rc.config.
Configuring and Administering NFS Configuring and Administering AutoFS Table 2-5 Old Automount Command-Line Options Used By AutoFS Old automount Option Equivalent AutoFS Command Option Purpose -n Obsolete with AutoFS. Allow automounts only of previously mounted target file systems. -T automountd -T Enable automount tracing. -tl duration automount -t duration Specify time before unmounting idle directories. -tm interval Obsolete with AutoFS. Specify interval between mount attempts.
Configuring and Administering NFS Configuring and Administering AutoFS 3. The automountd daemon, which automounts file systems when they are requested by users. The automount command is invoked at system startup. It reads the automounter master map to create the initial set of AutoFS mount points in the internal mount table, /etc/mnttab. The automounted file systems are not automatically mounted at startup. They are points under which file systems will be mounted later, when users request access to them.
Configuring and Administering NFS Configuring and Administering AutoFS To Automount All Exported Directories from Any Host Using the -hosts Map 1.
Configuring and Administering NFS Configuring and Administering AutoFS subdirectory it created. Directories will stay mounted until they are left idle for five minutes. The five minute default can be changed by adding the -t duration option to the AUTOMOUNT_OPTIONS variable in the /etc/rc.config.d/nfsconf file.
Configuring and Administering NFS Configuring and Administering AutoFS The -hosts map is an indirect map. It uses the hosts database (the /etc/hosts file, the NIS hosts map, or BIND [DNS]) to find a host on the network. The Name Service Switch configuration determines which name services will be searched for host information. See “Configuring the Name Service Switch” on page 267.
Configuring and Administering NFS Configuring and Administering AutoFS Table 2-6 Direct vs. Indirect Automounter Map Types (Continued) Direct Map Indirect Map Disadvantage: If you add or remove mounts in a direct map, or if you change the local mount point for an existing mount in a direct map, you have to force AutoFS to reread its maps or reboot your system before AutoFS sees the changes you made.
Configuring and Administering NFS Configuring and Administering AutoFS Figure 2-13 shows the difference between direct mounts and indirect mounts on an NFS client. Figure 2-13 The Difference Between Direct Mounts and Indirect Mounts mounts in a direct map mounts in an indirect map / / = automounted directory To Mount a Remote Directory Using a Direct Automounter Map 1. If you are using local files for your automounter maps, use an editor to open or create a direct map in the /etc directory.
Configuring and Administering NFS Configuring and Administering AutoFS cd /var/yp /usr/ccs/bin/make auto_master auto_direct 4. On each host that will use the map you have just modified, issue the following command to force AutoFS to read the modified map: /usr/sbin/automount The local directory you configure as the mount point should be empty or non-existent. AutoFS will create any non-existent directories between the root directory and the configured mount point.
Configuring and Administering NFS Configuring and Administering AutoFS You must enable AutoFS before any directories can be automounted. See “To Enable the NFS Automounter” on page 89. Automounted directories stay mounted until they are left idle for five minutes. The five minute default can be changed by adding the -t duration option to the AUTOMOUNT_OPTIONS variable in the /etc/rc.config.d/nfsconf file.
Configuring and Administering NFS Configuring and Administering AutoFS # /etc/auto_direct file # local mount point mount options remote server:directory /auto/project/specs -nosuid thyme:/export/project/specs /auto/project/budget -nosuid basil:/export/FY94/proj1 Following are example lines from the automounter master map on NFS client sage.
Configuring and Administering NFS Configuring and Administering AutoFS To Mount a Remote Directory Using an Indirect Automounter Map 1. If you are using local files for your automounter maps, use an editor to open or create an indirect map in the /etc directory. Add a line with the following syntax to the indirect map: local_subdirectory [mount_options] server:remote_directory If you are using NIS to manage your automounter maps, add the line to an indirect map on the NIS master server. 2.
Configuring and Administering NFS Configuring and Administering AutoFS The local_parent_directory and local_subdirectory should not exist; AutoFS will create them when it mounts the remote directory. If the local_parent_directory or local_subdirectory contains files or directories, they will be hidden beneath the remote directory when it is mounted. CAUTION The local_subdirectory and local_parent_directory must not be symbolic links.
Configuring and Administering NFS Configuring and Administering AutoFS Automounted directories stay mounted until they are left idle for five minutes. The five minute default can be changed by adding the -t duration option to the AUTOMOUNT_OPTIONS variable in the /etc/rc.config.d/nfsconf file. You must enable AutoFS before any directories can be automounted. See “To Enable the NFS Automounter” on page 89.
Configuring and Administering NFS Configuring and Administering AutoFS # /etc/auto_desktop file # local mount point server:directory draw write mount options -nosuid -nosuid remote thyme:/export/apps/draw basil:/exprort/write Following are example lines from the automounter master map on NFS client sage. The master map also includes an entry for the direct map /etc/auto_direct.
Configuring and Administering NFS Configuring and Administering AutoFS To Configure Multiple (Replicated) Servers for an AutoFS Directory 1. Follow the instructions in “To Mount a Remote Directory Using a Direct Automounter Map” on page 68 or “To Mount a Remote Directory Using an Indirect Automounter Map” on page 72. 2. In the direct or indirect map, modify the line that mounts the remote directory so that multiple servers are listed.
Configuring and Administering NFS Configuring and Administering AutoFS The /etc/netmasks file contains Internet Protocol (IP) address masks with IP network numbers. It supports both standard subnetting as specified in RFC-950 and variable length subnetting as specified in RFC-1519. When using the standard subnetting, there should be a single line for each network with the network number and the network mask to use on that network. The network number and mask can be specified in the conventional IP ‘.
Configuring and Administering NFS Configuring and Administering AutoFS If you configure multiple servers on both sides of a gateway, a server on the same side of the gateway as the NFS client will always be used, because it will always respond to the client’s poll before the servers on the other side of the gateway. To Use Environment Variables as Shortcuts in Automounter Maps 1.
Configuring and Administering NFS Configuring and Administering AutoFS To Use Wildcard Characters as Shortcuts in Automounter Maps 1. Use the asterisk (*) in an indirect map as a wildcard character to represent the local subdirectory, when you want the local subdirectory to be the same as the remote system name or the remote subdirectory. 2. Use the ampersand (&) in a direct or indirect map as the remote system name or the remote subdirectory.
Configuring and Administering NFS Configuring and Administering AutoFS The ampersand character can be used to represent both the remote server and the remote subdirectory, in the same line of the indirect map.
Configuring and Administering NFS Configuring and Administering AutoFS To Automount Users’ Home Directories NOTE This configuration requires that users’ home directories be located under the same directory on all systems in the network. On HP-UX release 9.x or earlier, home directories are usually located under /users. On HP-UX release 10.0 or later, home directories are usually located under /home.
Configuring and Administering NFS Configuring and Administering AutoFS cd /var/yp /usr/ccs/bin/make auto_master 6. Issue the following command, on each NFS client that will use these automounter maps, to force AutoFS to reread the maps: /usr/sbin/automount Before you can automount home directories, you must enable AutoFS. See “To Enable the NFS Automounter” on page 89.
Configuring and Administering NFS Configuring and Administering AutoFS AutoFS mounts /export/home/howard from server basil to the local mount point /home/howard on the NFS client. Figure 2-16 illustrates this configuration: Figure 2-16 Home Directories Automounted with Wildcards NFS server "basil" / local NFS client / /export /home /home /howard /howard .profile .
Configuring and Administering NFS Configuring and Administering AutoFS cd ../source Here is another example from an indirect map. In this example, the same mount option (nosuid) applies to all three automounted directories.
Configuring and Administering NFS Configuring and Administering AutoFS For more information, type man 1M automount or man 4 nsswitch.conf. To Create a Hierarchy of Automounter Maps An organization made up of many departments may wish to organize a shared automounted directory structure. In the following example, the shared top-level directory is called /org. The /org directory contains several subdirectories, listed in the auto_org automounter map.
Configuring and Administering NFS Configuring and Administering AutoFS Hierarchical automounter maps provide a framework within which large shared filesystems can be organized. Together with NIS, which allows you to share information across administrative domains, the maintenance of the shared namespace can be effectively decentralized. To Turn Off an Automounter Map with the -null Map 1. Add a line with the following syntax to the automounter master map: local_directory -null 2.
Configuring and Administering NFS Configuring and Administering AutoFS 2. Issue the following command to run the NFS client startup script: /sbin/init.d/nfs.client start The nfs.client start script will start any NFS client processes that are not already running, including AutoFS. When AutoFS starts up, it uses the Name Service Switch to determine which name services you are using and to find the master maps that are available from those name services. For more information, type man 4 nsswitch.
Configuring and Administering NFS Configuring and Administering AutoFS where local_directory is the configured mount point in the automounter map. 2. Type the following command to verify that the contents of the remote directory have been mounted under the local mount point: /usr/bin/ls If the directory is configured in an indirect map, issuing the ls command from the parent directory will display nothing.
Configuring and Administering NFS Configuring and Administering AutoFS To Modify or Remove (Unmount) an Automounted Directory 1. If you are planning to remove an automounted directory, issue the following command to determine whether the directory is currently in use: /usr/sbin/fuser -cu local_mount_point This command lists the process IDs and user names of everyone using the mounted directory. 2.
Configuring and Administering NFS Configuring and Using NFS Netgroups Configuring and Using NFS Netgroups This section tells you how to create and use NFS netgroups to restrict NFS access to your system. It describes the following tasks: • To Create Netgroups in the /etc/netgroup File • To Create Netgroups in the NIS+ netgroup Table • To Use Netgroups in Configuration Files To Create Netgroups in the /etc/netgroup File 1.
Configuring and Administering NFS Configuring and Using NFS Netgroups The NIS_domain field specifies the NIS domain in which the (host, user, NIS_domain) triple is valid. For example, if the netgroup database contains the following netgroup, myfriends (sage,-,bldg1), (cauliflower,-,bldg2), (pear,-,bldg3) and an NFS server running NIS in the domain bldg1 exports a directory only to the netgroup myfriends, only host sage may mount that directory.
Configuring and Administering NFS Configuring and Using NFS Netgroups the /etc/exports file, any host would have access to the exported directory. For this reason, if a netgroup is used strictly as a list of users, it is better to put a dash in the host field, as follows: administrators (-,jane, ), (-,art, ), (-,mel, ) The dash indicates that no hosts are included in the netgroup. The trusted_hosts and administrators netgroups could be used together in the /etc/hosts.
Configuring and Administering NFS Configuring and Using NFS Netgroups or nistbladm -a group=netgroup host= user= domain= \ comment= netgroup.org_dir In the NIS+ netgroup table, each netgroup may consist of multiple table entries. Each table entry specifies either a (host, user, domain) triple or an included netgroup. Each entry may contain a comment in the last column. For information on the general syntax of netgroups and how they are used, see “To Create Netgroups in the /etc/netgroup File” on page 125.
Configuring and Administering NFS Configuring and Using NFS Netgroups Using Netgroups in the /etc/hosts.equiv or $HOME/.rhosts File In the /etc/hosts.equiv file, or in a .
Configuring and Administering NFS Configuring and Using NFS Netgroups Using Netgroups in the /etc/passwd File In the /etc/passwd file, netgroups can be used to indicate whether user information should be looked up in the NIS or NIS+ passwd database.
Configuring and Administering NFS Configuring and Using NFS Netgroups Using Netgroups in the /etc/group File In the /etc/group file, netgroups can be used to indicate whether group information about certain users should be looked up in the NIS or NIS+ group database.
Configuring and Administering NFS Configuring the Other NFS Daemons and Services Configuring the Other NFS Daemons and Services If you want to use some of the other NFS services, like the Remote Execution Facility (REX) or the rup(1) and rusers(1) commands, this section tells you how to enable those daemons and services. This section tells you how to perform the following tasks: • To Enable the Other NFS Services • To Restrict Access to the Other NFS Services To Enable the Other NFS Services 1.
Configuring and Administering NFS Configuring the Other NFS Daemons and Services Table 2-7 Other NFS Services rexd The rpc.rexd program is the server for the on command, which starts the Remote Execution Facility (REX). The on command sends a command to be executed on a remote system. The rpc.rexd program on the remote system executes the command, simulating the environment of the user who issued the on command.
Configuring and Administering NFS Configuring the Other NFS Daemons and Services Table 2-7 Other NFS Services (Continued) rwalld The rpc.rwalld program handles requests from the rwall program. The rwall program sends a message to a specified machine where the rpc.rwalld program is running, and the message is written to all users logged onto the machine. For more information, see man pages rwalld(1M) and rwall(1M). The following line configures rwalld in inetd.
Configuring and Administering NFS Configuring the Other NFS Daemons and Services Specify either allow or deny but not both. Enter only one line per service. host_or_network can be either an official host name or network name or an IP address. Any of the four numbers in an IP address can be specified as a range (for example, 1-28) or the wildcard character (*). The inetd.sec file is checked only when the service is started.
Configuring and Administering NFS Configuring the Other NFS Daemons and Services 136 Chapter 2
3 Configuring the Cache File System (CacheFS) This chapter describes the benefits of using the Cache File System and how to configure it on HP-UX. CacheFS is not available on HP-UX 11.0.
Configuring the Cache File System (CacheFS) The Cache File System The Cache File System IMPORTANT CacheFS is not available on HP-UX 11.0. The Cache File System (CacheFS) is a general purpose file system caching mechanism that improves NFS server performance and scalability by reducing server and network load. CacheFS provides the ability to cache one file system on another.
Configuring the Cache File System (CacheFS) CacheFS Terms CacheFS Terms Following are some CacheFS terms that will be used in this chapter: back file system The file system that is being cached. On HP-UX, NFS is the supported back file system. front file system The file system that contains the cached data. HFS is the supported front file systems. Chapter 3 cold cache A cache that does not yet have any data in its front file system.
Configuring the Cache File System (CacheFS) Configuring CacheFS Configuring CacheFS IMPORTANT CacheFS is not available on HP-UX 11.0. You can use CacheFS to cache NFS-mounted or automounted NFS file systems. You must decide whether to use CacheFS before you mount a file system. Before you can mount a file system using CacheFS, you must configure a local file system as the cache directory. NOTE You cannot use SAM to mount a file system with CacheFS. Configuring CacheFS involves several procedures.
Configuring the Cache File System (CacheFS) Configuring CacheFS To Configure a Local File System as Cache 1. If necessary, configure and mount the HFS file system, the front file system, on the client system where data will be cached. See the HP-UX System Administration Tasks manual for more information. No special disk partitioning is necessary for creating a CacheFS front file system.
Configuring the Cache File System (CacheFS) Configuring CacheFS To Mount an NFS File System Using CacheFS Before you can mount an NFS file system with CacheFS, you must configure a directory in a local file system as cache. See “To Configure a Local File System as Cache” on page 141. 1. Mount an NFS file system using CacheFS by typing the mount(1M) command, as in the following examples: mount -F cachefs -o backfstype=nfs,cachedir=/disk2/cache \ nfsserver:/opt/frame /opt/frame 2.
Configuring the Cache File System (CacheFS) Configuring CacheFS To Automount a File System Using CacheFS Before you can automount an NFS file system with CacheFS, you must configure a directory in a local file system as cache. See “To Configure a Local File System as Cache” on page 141. 1.
Configuring the Cache File System (CacheFS) Configuring CacheFS 144 Chapter 3
4 Configuring and Administering NIS The Network Information Service (NIS), previously called “Yellow Pages,” is a distributed database system that allows you to maintain Chapter 4 145
Configuring and Administering NIS commonly used configuration information on a master server and propagate the information to all the hosts in your network. This chapter explains how to configure and administer the servers and clients in an NIS domain.
Configuring and Administering NIS Overview of NIS Overview of NIS NIS allows you to administer the configuration of many hosts from a central location. Common configuration information, which would have to be maintained separately on each host in a network without NIS, can be stored and maintained in a central location and propagated to all of the nodes in the network.
Configuring and Administering NIS Overview of NIS • /etc/vhe_list, a configuration file for the Virtual Home Environment. (Type man 4 vhe_list for more information.) VHE is not supported on 10.0 and later releases. The information in these files is put into NIS databases automatically when you create an NIS master server. Other system files may be managed by NIS, if you wish to customize your configuration. Structure of the NIS Network The center of the NIS network is the NIS master server.
Configuring and Administering NIS Overview of NIS Figure 4-1 shows the flow of information in an NIS domain. Figure 4-1 Flow of Information in an NIS Network Maps are created from configuration files on the master server. Master Server maps maps Slave Server data Client Maps are transferred from the master server to the slave servers. Slave Server data Servers send configuration data to clients. data Client Client A host cannot be the master server for more than one NIS domain.
Configuring and Administering NIS Overview of NIS You can also configure the NIS client using the ypinit -c command. This command configures the local host as an NIS client to bind the NIS client to a specific NIS server. When you invoke the ypinit command with the -c option, the system prompts you to construct a list of NIS servers in the order of preference to which the client will try to bind. The list of NIS servers is stored in the /var/yp/binding//ypservers file.
Configuring and Administering NIS Planning the NIS Network Planning the NIS Network This section explains how to plan the layout of your NIS network.
Configuring and Administering NIS Planning the NIS Network To Determine the Number of NIS Servers You Need Following are some guidelines for determining the number of NIS servers you will need in your domain: • When a client starts up, it broadcasts a message to find the nearest server and binds to it. If you want the client to bind through broadcast method, at least one server must be present in each subnetwork in a domain.
Configuring and Administering NIS Planning the NIS Network To Draw an NIS Network Map It is a very good idea to draw a map of your NIS network, to help with maintenance and troubleshooting in the future. Figure 4-3 shows an example of an NIS network map. Figure 4-3 Example NIS Network Map hostname: eeyore role: slave (PoohCorners) domain: PoohCorners hostname: pooh role: master (PoohCorners) domain: PoohCorners hostname: tigger role: slave (PoohCorners) domain: PoohCorners network: 192.6.36.
Configuring and Administering NIS Configuring and Administering an NIS Master Server Configuring and Administering an NIS Master Server An NIS master server holds the source files for all the NIS maps in the domain. Any changes to the NIS maps must be made on the NIS master server. The NIS master server delivers information to NIS clients and supplies the NIS slave servers with up-to-date maps. An NIS master server must also be an NIS client. This section explains how to perform the following tasks.
Configuring and Administering NIS Configuring and Administering an NIS Master Server To Create the Master passwd File 1. Copy the /etc/passwd file from each host in your NIS domain to the /etc directory on the host that will be the master server. Name each copy /etc/passwd.hostname, where hostname is the name of the host it came from. 2. Concatenate all the passwd files together, including the master server’s passwd file, into a temporary passwd file, as follows: cd /etc cat passwd passwd.hostname1 passwd.
Configuring and Administering NIS Configuring and Administering an NIS Master Server To Create the Master group File 1. Copy the /etc/group file from each host in your NIS domain to the /etc directory on the host that will be the master server. Name each copy /etc/group.hostname, where hostname is the name of the host it came from. 2. Concatenate all the group files together, including the master server’s group file, into a temporary group file, as follows: cd /etc cat group group.hostname1 group.
Configuring and Administering NIS Configuring and Administering an NIS Master Server To Create the Master hosts File 1. Copy the /etc/hosts file from each host in your NIS domain to the /etc directory on the host that will be the master server. Name each copy /etc/hosts.hostname, where hostname is the name of the host it came from. 2. Concatenate all the hosts files together, including the master server’s hosts file, into a temporary hosts file, as follows: cd /etc cat hosts hosts.hostname1 hosts.
Configuring and Administering NIS Configuring and Administering an NIS Master Server For more information, type man 4 hosts or man 1 sort at the HP-UX prompt. To Enable NIS Master Server Capability 1. Log in as root to the host that will be the master server. 2. On the host that will be the master server, ensure that the $PATH environment variable includes the following directory paths: • /var/yp • /usr/lib/netsvc/yp • /usr/ccs/bin 3.
Configuring and Administering NIS Configuring and Administering an NIS Master Server To configure the local host as an NFS client and enable the client to bind to a specific server, you must use the -c option of the ypinit command. Invoking the -c option of the ypinit command prompts the user to provide a list of servers in the order of preference, to which the client must bind to. To use the -c option of the ypinit command specified in the following step, you must install patch PHNE_24910 or later.
Configuring and Administering NIS Configuring and Administering an NIS Master Server # /usr/bin/ypwhich -m vhe_list mastername servi.bynp mastername services.byname mastername rpc.byname mastername protocols.bynumber mastername protocols.byname mastername rpc.bynumber mastername passwd.byuid mastername passwd.byname mastername networks.byname mastername networks.byaddr mastername netgroup.byuser mastername netgroup.byhost mastername netgroup mastername hosts.byname mastername hosts.byaddr mastername group.
Configuring and Administering NIS Configuring and Administering an NIS Master Server 3. Using a text editor, remove users from the /etc/passwd file who should not be allowed access to the NIS master server. Do not include a plus sign (+) in this file. 4. Use a text editor to edit the /var/yp/Makefile file. Change the following line PWFILE=$(DIR)/passwd to the following: PWFILE=$(DIR)/passwd.yp 5. In the /etc/rc.config.d/namesvrs file, modify the YPPASSWDD_OPTIONS variable.
Configuring and Administering NIS Configuring and Administering an NIS Master Server To Restrict Client and Slave Server Access to the Master Server 1. On the NIS master server, create a file called /var/yp/securenets, if it does not already exist. 2. Add lines to the file with the following syntax: address_mask IP_address The IP_address is the internet address of an NIS client, NIS slave server, or subnet that may request NIS information or transfer NIS maps from the NIS master server.
Configuring and Administering NIS Configuring and Administering an NIS Master Server To Check the Contents of an NIS Map • Issue the following command to verify that an NIS map contains the data you expect it to contain: /usr/bin/ypcat -k mapname The -k option lists the key for each item in the map as well as the data associated with the key. For example, in the netgroup map, the netgroup name is the key.
Configuring and Administering NIS Configuring and Administering an NIS Master Server To Modify an NIS Map 1. Log in as root to the NIS master server. 2. Make your changes to the source file for the NIS map. For example, if you want to change the NIS hosts map, make your changes to the /etc/hosts file. 3.
Configuring and Administering NIS Configuring and Administering an NIS Master Server To Add an Automounter Map to Your NIS Domain 1. Log in as root to the NIS master server. 2. In the /usr/sbin/ypinit script, use a text editor to add the automounter map to the MASTER_MAPS list, as follows: MASTER_MAPS=”group.bygid group.byname \ hosts.byaddr bosts.byname netgroup netgroup.byhost \ netgroup.byuser networks.byaddr networks.byname passwd.byname \ passwd.byuid protocols.byname protocols.bynumber rpc.
Configuring and Administering NIS Configuring and Administering an NIS Master Server @if [ ! $(NOPUSH) ]; then $(YPPUSH) -d $(DOM) auto.mapname; fi @if [ ! $(NOPUSH) ]; then echo ”pushed auto.mapname”; fi 5. In the /var/yp/Makefile file, copy the statement that begins auto.master: to the space below it. Change auto.master to auto.mapname, and change both occurrences of auto_master.time to auto_mapname.time. auto.master: @if [ $(NOPUSH) ]; then $(MAKE) $(MFLAGS) -k \ $(YPDBDIR)/$(DOM)/auto_master.
Configuring and Administering NIS Configuring and Administering an NIS Master Server To Remove an Automounter Map from Your NIS Domain 1. Log in as root to the NIS master server. 2. In the /usr/sbin/ypinit script, use a text editor to remove the map name from the MASTER_MAPS list. 3. In the /var/yp/Makefile file, remove the map from the list of maps that begins with all:. 4. In the /var/yp/Makefile file, remove the statement that begins $(YPDBDIR)/$(DOM)/auto_mapname.time.
Configuring and Administering NIS Configuring and Administering an NIS Master Server For more information, see the man pages ypinit(1M), make(1), ypmake(1M), and ypfiles(4). To Add a Slave Server to Your NIS Domain 1. Log in as root to the NIS master server. 2. Issue the following command, where domainname is the name of the domain to which you want to add the slave server: cd /var/yp/domainname 3.
Configuring and Administering NIS Configuring and Administering an NIS Master Server To Remove a Slave Server from Your NIS Domain 1. Log in as root to the NIS master server. 2. Issue the following commands to create an editable ASCII text file from the ypservers map: cd /var/yp/domainname /usr/sbin/makedbm -u ypservers > tempfile 3. Use a text editor to remove the name of the slave server from the ASCII file, tempfile. 4.
Configuring and Administering NIS Configuring and Administering an NIS Master Server To Query BIND for Host Information After Querying NIS This section tells you how to set up server-side hostname fallback, which causes your NIS servers to query BIND for host information after querying NIS. A server will search the NIS hosts database first, but if the hosts database does not contain the requested information, the server will query the BIND name service.
Configuring and Administering NIS Configuring and Administering an NIS Master Server To Use NIS With Short File Names 1. Make sure the first 14 characters of your domain name uniquely identify your domain among the other NIS domains in your network. 2. If you plan to use NIS to manage your automounter maps, keep the automounter map names to 10 characters or fewer. 3. Log in as root to the NIS master server. 4.
Configuring and Administering NIS Configuring and Administering an NIS Master Server 6. On one of your Sun systems, locate or create an /etc/ethers file, an /etc/bootparams file, and an /etc/netmasks file that contain all the information required by the Sun systems in your NIS domain. 7. Copy the /etc/ethers, /etc/bootparams, and /etc/netmasks files to the HP host that will be the master server. 8. Follow the instructions in “To Enable NIS Master Server Capability” on page 158.
Configuring and Administering NIS Configuring and Administering an NIS Slave Server Configuring and Administering an NIS Slave Server An NIS slave server provides information to NIS clients, taking some load off the NIS master server and substituting for the master server when it is down. The NIS maps are created on the NIS master server and then transferred from the master server to the slave servers.
Configuring and Administering NIS Configuring and Administering an NIS Slave Server To Edit the Slave Server’s passwd File • Remove all users from the /etc/passwd file except the root user and the system entries required for your system to boot. By convention, system entries usually have user IDs less than 100, so you can remove all entries with user IDs of 100 or greater. • The Name Service Switch configuration file provided for NIS (/etc/nsswitch.
Configuring and Administering NIS Configuring and Administering an NIS Slave Server uucp:*:5:3::/usr/spool/uucppublic:/usr/lib/uucp/uucico lp:*:9:7::/usr/spool/lp:/bin/sh hpdb:*:27:1:ALLBASE:/:/bin/sh +::-2:60001::: For more information, type man 4 passwd at the HP-UX prompt. To Edit the Slave Server’s group File • Remove all groups from the /etc/group file except the group entries required for your system to boot. • The Name Service Switch configuration file provided for NIS (/etc/nsswitch.
Configuring and Administering NIS Configuring and Administering an NIS Slave Server To Enable NIS Slave Server Capability 1. Make sure the NIS master server is already configured and running NIS. 2. Log in as root to the host that will be the slave server. 3. On the host that will be the slave server, ensure that the $PATH environment variable includes the following directory paths: • /var/yp • /usr/lib/netsvc/yp • /usr/ccs/bin 4.
Configuring and Administering NIS Configuring and Administering an NIS Slave Server The NIS_server_name is the name of the master server or a slave server that has a complete set of up-to-date maps for the domain. If the slave server will serve a domain different from the one set by the domainname command, specify the domainname after the NIS_server_name. NOTE To configure the local host as an NFS client and enable the client to bind to a specific server, you must use the -c option of the ypinit command.
Configuring and Administering NIS Configuring and Administering an NIS Slave Server To Verify Your NIS Slave Server Configuration 1. Log in as root to the slave server. 2. In the /etc/rc.config.d/namesvrs file, add -ypset to the YPBIND_OPTIONS variable: YPBIND_OPTIONS=”-ypset” 3. Issue the following commands to restart ypbind (the NIS client process) on the slave server: /sbin/init.d/nis.client stop /sbin/init.d/nis.client start 4.
Configuring and Administering NIS Configuring and Administering an NIS Slave Server To Schedule Regular Map Transfers from the NIS Master Server 1. Log in as root to the slave server. 2. Copy the ypxfr_1perday, ypxfr_2perday, and ypxfr_1perhour scripts from the /usr/newconfig/var/yp directory to the /var/yp directory: cp /usr/newconfig/var/yp/ypxfr_1perday /var/yp cp /usr/newconfig/var/yp/ypxfr_2perday /var/yp cp /usr/newconfig/var/yp/ypxfr_1perhour /var/yp 3.
Configuring and Administering NIS Configuring and Administering an NIS Slave Server To Restrict Access to the Slave Server 1. On the NIS slave server, create a file called /var/yp/securenets, if it does not already exist. 2. Add lines to the file with the following syntax: address_mask IP_address The IP_address is the internet address of an NIS client, NIS slave server, or subnet that may request NIS information or transfer NIS maps from the NIS master server.
Configuring and Administering NIS Configuring and Administering an NIS Client Configuring and Administering an NIS Client An NIS client gets its configuration information from an NIS master server or an NIS slave server. When an NIS client is started, it sends out a broadcast message requesting a server. Any server on the client’s network that holds the NIS maps for the client’s domain may respond to the message.
Configuring and Administering NIS Configuring and Administering an NIS Client To Edit the NIS Client’s passwd File • Remove all users from the /etc/passwd file except the root user and the system entries required for your system to boot. By convention, system entries usually have user IDs less than 100, so you can remove all entries with user IDs of 100 or greater. • The Name Service Switch configuration file provided for NIS (/etc/nsswitch.
Configuring and Administering NIS Configuring and Administering an NIS Client uucp:*:5:3::/usr/spool/uucppublic:/usr/lib/uucp/uucico lp:*:9:7::/usr/spool/lp:/bin/sh hpdb:*:27:1:ALLBASE:/:/bin/sh +::-2:60001::: For more information, type man 4 passwd at the HP-UX prompt. To Edit the NIS Client’s group File • Remove all groups from the /etc/group file except the group entries required for your system to boot. • The Name Service Switch configuration file provided for NIS (/etc/nsswitch.
Configuring and Administering NIS Configuring and Administering an NIS Client To Enable NIS Client Capability 1. Make sure at least one NIS master or slave server is running on the client’s subnetwork. 2. Log in as root to the NIS client. 3. On the NIS client, ensure that the $PATH environment variable includes the following directory paths: • /var/yp • /usr/lib/netsvc/yp • /usr/ccs/bin 4.
Configuring and Administering NIS Configuring and Administering an NIS Client /usr/sbin/ypinit -c The ypinit script will prompt you for the names of the servers the client can bind to. 8. Copy the /etc/nsswitch.nis file to /etc/nsswitch.conf: cp /etc/nsswitch.nis /etc/nsswitch.conf If you have plus and minus signs in your /etc/passwd or /etc/group files, they will be ignored.
Configuring and Administering NIS Configuring and Administering an NIS Client To Verify Your NIS Client Configuration • Log into the NIS client and issue the following command: /usr/bin/ypwhich -m The ypwhich -m command lists all the NIS maps available to the client and gives the name of the master server that serves each map. Your display should look something like this, where mastername is the name of the master server for your domain: # /usr/bin/ypwhich -m vhe_list mastername servi.
Configuring and Administering NIS Configuring and Administering an NIS Client To Tell Users How to Use yppasswd • Tell all the users in your NIS domain that they must use /usr/bin/yppasswd or passwd -r nis instead of the passwd command when they want to change their login passwords. • Tell users that, when they want to change their login passwords, they should do so just before they leave for the day. This will allow time for the updated NIS maps on the master server to be pushed to the slave servers.
Configuring and Administering NIS Configuring and Administering an NIS Client To Prevent a Client from Binding to Unknown Servers 1. On the NIS client, create a file called /var/yp/secureservers, if it does not already exist. 2. Add lines to the file with the following syntax: address_mask IP_address The IP_address is the internet address of an NIS server or the subnet of an NIS server from which the client will accept NIS information.
Configuring and Administering NIS Configuring and Administering an NIS Client To Bind an NIS Client to a Server on a Different Subnet Hewlett-Packard recommends that you configure a server on each subnet where you have NIS clients; however, if you cannot do that, follow these steps to force an NIS client to bind to a server on a different subnet: 1. Log in as root to the NIS client. 2. Add the -ypset option to the YPBIND_OPTIONS variable in the /etc/rc.config.
Configuring and Administering NIS Configuring and Administering an NIS Client 1. Log in to the NIS client as a superuser. 2. Issue the following command, to contruct a list of bind servers: /usr/sbin/ypinit -c The ypinit script will prompt you for the names of the servers the client can bind to. 3. Issue the following command to copy the /etc/nsswitch.nis file to the /etc/nsswitch.conf file: cp /etc/nsswitch.nis /etc/nsswitch.conf 4. Issue the following commands to restart the NIS client: /sbin/init.
Configuring and Administering NIS Configuring and Administering Secure RPC (if NIS+ is not used) Configuring and Administering Secure RPC (if NIS+ is not used) Configuring secure RPC allows you to write applications that use secure RPC. You must be running NIS in order to use secure RPC. If you are using NIS+, your secure RPC credentials are created and updated when you configure and administer your NIS+ domain. Follow the procedures in this section only if you are using NIS and not NIS+.
Configuring and Administering NIS Configuring and Administering Secure RPC (if NIS+ is not used) To Have Users Create their Secure RPC Keys 1. In the /etc/publickey file on the NIS master server, make sure the entry for user nobody exists and is not commented out (is not preceded by #). 2. Tell each user in your NIS domain to issue the chkey command: /usr/bin/chkey At the Password prompt, the user should enter his or her login password.
Configuring and Administering NIS Configuring and Administering Secure RPC (if NIS+ is not used) To Create Secure RPC Keys for Users Use this procedure if you do not want users to be able to create their own secure RPC keys. 1. Log in as root to the NIS master server. 2. Comment out the entry in the /etc/publickey file for user nobody. (Insert a sharp sign [#] as the first character on the line.) 3. Issue the following commands to regenerate the publickey.
Configuring and Administering NIS Configuring and Administering Secure RPC (if NIS+ is not used) To Create Secure RPC Keys for Hosts 1. Log in as root to the NIS master server. 2. Issue the newkey -h command for each host in your NIS domain: # /usr/sbin/newkey -h hostname 3. Enter the root password for hostname when prompted for it by the newkey -h command. 4. On each host for which you have just created a secure RPC key, log in as root.
Configuring and Administering NIS Configuring and Administering Secure RPC (if NIS+ is not used) To Tell Users How to Use Secure RPC Tell the users who require secure RPC authorization to follow these guidelines: • If you allow users to create their own secure RPC keys with the chkey command, they should enter their login passwords at the Password prompt.
Configuring and Administering NIS Summary of NIS Commands Summary of NIS Commands Table 4-1 196 Summary of NIS Commands chkey(1) Creates or changes a secure RPC key. domainname(1) Sets or displays the name of the NIS domain. keylogin(1) Decrypts and stores a secure RPC key. keylogin is called when a us logs in, but the user must issue keylogin if no password was provid at login or if a password other than the login password was used to encrypt the secure RPC key.
Configuring and Administering NIS Summary of NIS Commands Table 4-1 Summary of NIS Commands (Continued) ypxfr(1M) Chapter 4 Transfers one or more NIS maps from a master server to the local slave server. A slave server calls ypxfr when yppush is executed on the master server.
Configuring and Administering NIS Summary of NIS Commands 198 Chapter 4
5 Configuring and Administering NIS+ The Network Information Service Plus (NIS+), is the next generation of the Network Information Service (NIS).
Configuring and Administering NIS+ it is a whole new service. Like NIS, it is a distributed database system that allows you to maintain commonly used configuration information on a master server and propagate the information to all the hosts in your network. This chapter explains how to configure and administer the servers and clients in an NIS+ namespace.
Configuring and Administering NIS+ Overview of NIS+ Overview of NIS+ NIS+ allows you to maintain configuration information for many hosts in a set of distributed databases. You can read or modify these databases from any host in the network, if you have the proper credentials and access permissions.
Configuring and Administering NIS+ Overview of NIS+ Disadvantages of NIS+ NIS+ has the following disadvantages: 202 • NIS+ is difficult to administer. It requires dedicated system administrators trained in NIS+ administration. NIS+ administration is very different from NIS administration. • The NIS+ databases are not automatically backed up to flat files.
Configuring and Administering NIS+ Overview of NIS+ Structure of the NIS+ Namespace An NIS+ namespace may be “flat,” consisting of a single domain, or it may be hierarchical, like the DNS domain structure. Every namespace has exactly one root domain. All other domains are subdomains of the root domain. Figure 5-1 shows a sample hierarchical NIS+ namespace. The master server of the root domain is the root master server. Master servers of subdomains are called non-root master servers.
Configuring and Administering NIS+ Overview of NIS+ Structure of an NIS+ Domain An NIS+ domain is an NIS+ directory whose name is the domain name. An NIS+ directory is not an HP-UX directory. You must use the nisls(1) command to see the directory structure of an NIS+ domain. Figure 5-2 shows the NIS+ directory structure of the Wiz.Com.and Eng.Wiz.Com. domains. Each NIS+ domain contains two NIS+ subdirectories, called groups_dir and org_dir.
Configuring and Administering NIS+ Overview of NIS+ just hosts.org_dir or [cname=romney],hosts.org_dir. Domain names always end in a period, except when you are setting the default domain with the domainname command. How NIS+ Information is Stored and Propagated NIS+ information is stored in the /var/nis directory.
Configuring and Administering NIS+ Overview of NIS+ NIS+ Tables By default, an NIS+ domain that you set up with the standard scripts contains the NIS+ tables listed in Table 5-1. Table 5-1 also gives the configuration files and the NIS maps that are equivalent to the NIS+ tables. Table 5-1 Standard NIS+ Tables NIS+ Table 206 Equivalent File Equivalent NIS maps Purpose auto_home /etc/auto_home auto.home Location of users’ home directories. auto_master /etc/auto_master auto.
Configuring and Administering NIS+ Overview of NIS+ Table 5-1 Standard NIS+ Tables (Continued) NIS+ Table Equivalent File Purpose netgroup /etc/netgroup netgroup netgroup.byhost netgroup.byuser List of netgroups (used only with NFS services) and their members. netmasks /etc/netmasks needs to be created and configured manually netmasks.byaddr Used on HP-UX networks /etc/networks networks.byaddr networks.byname Mapping of network names to network addresses. passwd /etc/passwd passwd.
Configuring and Administering NIS+ Overview of NIS+ NIS+ Authentication and Authorization Authentication is the process by which NIS+ determines who you are. To be an authenticated NIS+ user, you must have an entry in the cred table, and your password must decrypt your secure RPC key, which is stored in the cred table. When you log in and supply your password, NIS+ identifies you as an NIS+ principal. If you are a non-root user, your NIS+ principal name is loginname.domainname.
Configuring and Administering NIS+ Overview of NIS+ User nobody is the group of all unauthenticated users. If you have no entry in the cred table, NIS+ identifies you as user nobody and assigns you a user ID of -2. The owner of an NIS+ object is typically the NIS+ principal who created it. However, you can change the owner of an NIS+ object with the nischown(1) command. The group is the NIS+ group that owns the object. NIS+ groups are stored in the groups_dir subdirectory under each domain directory.
Configuring and Administering NIS+ Overview of NIS+ NIS Compatibility Mode An NIS+ server may serve NIS clients, by running in NIS compatibility mode. NIS compatibility mode is intended as a migration tool, to allow you to migrate your servers from NIS to NIS+ without having to migrate all your clients to NIS+ at the same time. NIS compatibility mode has the following disadvantages: • NIS compatibility mode is less secure than regular mode.
Configuring and Administering NIS+ Planning the NIS+ Namespace Planning the NIS+ Namespace This section explains how to plan your NIS+ namespace.
Configuring and Administering NIS+ Planning the NIS+ Namespace To Determine the Number of NIS+ Servers You Need Following are some guidelines for determining the number of NIS+ servers you will need in your domain: • You must configure one master server per NIS+ domain. • Configure at least one replica server per NIS+ domain, but no more than 10 replica servers per domain. • A server may serve more than one domain, but it is not recommended.
Configuring and Administering NIS+ Setting Up the NIS+ Namespace Setting Up the NIS+ Namespace An NIS+ namespace may be “flat,” consisting of a single domain, or it may be hierarchical, like the HP-UX directory structure. Every namespace has exactly one root domain. All other domains are subdomains of the root domain. This section explains how to perform the following tasks. Only the first six tasks are required to set up a “flat” namespace consisting of a single domain.
Configuring and Administering NIS+ Setting Up the NIS+ Namespace To Set Up the Root Master Server Before you perform this task, make sure no one is using the host that will be the root master server. The nisserver script copies the /etc/nsswitch.nisplus file to /etc/nsswitch.conf. This may render the host unusable until the NIS+ tables are populated and NIS+ is operational. 1. Log in as root to the host that will be the root master server. 2.
Configuring and Administering NIS+ Setting Up the NIS+ Namespace nisls -lR The nisls command should list the domain name, the org_dir and groups_dir NIS+ directories, the admin group, and all the standard tables listed in Table 5-1. 6. If the host was previously an NIS server or client, set the NIS_MASTER_SERVER, NIS_SLAVE_SERVER, and NIS_CLIENT variables to 0 in the /etc/rc.config.d/namesvrs file. 7. Create a cron job that runs nisping -Ca at least once a day, during a time when the network is not busy.
Configuring and Administering NIS+ Setting Up the NIS+ Namespace To Populate the NIS+ Tables on the Master Server You can populate NIS+ tables from files or from NIS maps. Before you populate the master server’s tables, you must run the nisserver script to create the tables. See “To Set Up the Root Master Server” on page 214 or “To Set Up an NIS+ Subdomain” on page 225. NOTE The nispopulate script may fail if there is insufficient /tmp space on the system.
Configuring and Administering NIS+ Setting Up the NIS+ Namespace make sure your NIS map names contain no periods. If you will populate your NIS+ tables from files, make sure your file names contain no periods. 6. To populate the NIS+ tables from files, issue the following command. The -p option specifies the path to the files.
Configuring and Administering NIS+ Setting Up the NIS+ Namespace To fix this problem, increase the swap space and checkpoint the domain again. 9. Reboot the host to force long-running processes to read the new /etc/nsswitch.conf file. (The nisserver script copies /etc/nsswitch.nisplus to /etc/nsswitch.conf.) The nispopulate script populates the cred table from the passwd and hosts files or NIS maps.
Configuring and Administering NIS+ Setting Up the NIS+ Namespace To Add Administrators to the NIS+ admin Group Follow this procedure to add administrators to the NIS+ admin group, or use SAM (System Administration Manager). To run SAM type sam at the HP-UX prompt. For more information, type man 1M sam. 1. Type the following command to add NIS+ principals to the admin group: nisgrpadm -a admin.domainname NIS+_principal [NIS+_principal ...
Configuring and Administering NIS+ Setting Up the NIS+ Namespace To Set Up NIS+ Client Hosts Before you set up an NIS+ client host, the master server must be set up and running, and the client must have an entry in the NIS+ hosts table on the master server. Also, make sure no one is using the client host. The nisclient script copies the /etc/nsswitch.nisplus file to /etc/nsswitch.conf. This may render the host unusable until NIS+ is operational. 1.
Configuring and Administering NIS+ Setting Up the NIS+ Namespace If the master server’s internet address is not in the client’s /etc/hosts file, the nisclient script will prompt you for the master server’s internet address. The nisclient script will prompt you for the secure RPC password for root. Type the default NIS+ password, nisplus. The nisclient script will then prompt you for the root password on the client host.
Configuring and Administering NIS+ Setting Up the NIS+ Namespace To Set Up NIS+ Replica Servers Before you can set up a replica server, the master server must be set up and running, and the hosts table on the master server must contain an entry for the host that will be a replica. When you run the nisserver script to initialize a replica server, the NIS+ tables on the master server are copied to the replica.
Configuring and Administering NIS+ Setting Up the NIS+ Namespace If the host was previously an NIS server or client, set the NIS_MASTER_SERVER, NIS_SLAVE_SERVER, and NIS_CLIENT variables to 0. 6. Log in as root to the master server. 7. Type the following command to initialize the replica server: nisserver -R -h replica_host_name The nisserver script asks you if the information it has is correct. You can change it by typing n. The script then allows you to change each piece of information.
Configuring and Administering NIS+ Setting Up the NIS+ Namespace To Initialize NIS+ Client Users Tell all of your non-root users to perform this task. This task sets a user’s secure RPC password to be the same as the user’s login password. 1. Log into any NIS+ client host using your non-root user login. 2. Issue the following command: /usr/lib/nis/nisclient -u The nisclient script will prompt you for the secure RPC password. Type the default password, nisplus.
Configuring and Administering NIS+ Setting Up the NIS+ Namespace To Set Up an NIS+ Subdomain Before you can set up a subdomain, the parent domain must be set up, and its master server must be running. The master server for the parent domain must have an entry in its hosts table for the master server of the new subdomain. 1. Log in as root to the host that will be the master server for the subdomain. 2. Set the PATH variable to include /usr/lib/nis.
Configuring and Administering NIS+ Setting Up the NIS+ Namespace 7. Issue the following command if the master server of the new subdomain will not run in NIS compatibility mode: nisserver -M -d subdomain_name -h subdomain_master_server_name If the master server of the new subdomain will be required to serve NIS clients, issue the following command to set up the master server in NIS compatibility mode: nisserver -M -Y -d subdomain_name -h subdomain_master_server_name 8.
Configuring and Administering NIS+ Setting Up the NIS+ Namespace 14. Initialize the client users of the new subdomain. See “To Initialize NIS+ Client Users” on page 224. Every time you create a master server, you create a new subdomain. You can create as many domains as you need. You can create subdomains beneath subdomains. It is recommended that you keep your namespace hierarchy as simple as possible and that you keep an accurate map of your namespace.
Configuring and Administering NIS+ Setting Up the NIS+ Namespace To Use BIND With NIS+ An NIS+ client can consult BIND (DNS), NIS, NIS+, or the /etc/hosts file when it needs to resolve a host name to an IP address. The Name Service Switch determines where an NIS+ client will look for host information. Some clients, like PCs, cannot use the Name Service Switch.
Configuring and Administering NIS+ Setting Up the NIS+ Namespace To Configure an NIS+ Client to Query BIND 1. Log in as root to the NIS+ client host. 2. Use a text editor to open the /etc/nsswitch.conf file, and find the line that begins with hosts. It probably looks something like this: hosts: nisplus [NOTFOUND=return] files Change the hosts line so that it looks like this: hosts: dns [NOTFOUND=return] nisplus [NOTFOUND=return] files The NIS+ client will now query BIND first for host information.
Configuring and Administering NIS+ Setting Up the NIS+ Namespace To Allow an NIS+ User Authenticated Access to Another Domain A user’s home domain is defined as the domain where the user has a DES credential in the cred table. (Each NIS+ principal has a DES credential in only one domain.) If a user needs to be authenticated in another domain, the user must have a Local credential in that domain. In domains where the user does not have a Local credential, the user is treated as “nobody.” 1.
Configuring and Administering NIS+ Administering NIS+ Administering NIS+ This section explains how to administer and maintain your NIS+ domain or namespace after you have set it up.
Configuring and Administering NIS+ Administering NIS+ To List the Properties of NIS+ Objects • To list the object properties of any NIS+ directory, table, table entry, group, or link, issue the following command from an NIS+ client host: niscat -o NIS+_object For example, to list the object properties of the passwd table entry for user jane in the default domain, you would issue this command: niscat -o ’[name=jane],passwd.
Configuring and Administering NIS+ Administering NIS+ To Change the Default Properties for New NIS+ Objects Whenever you create a new NIS+ object (a directory, table, table entry, group, or link), it inherits a set of default properties (owner, group owner, permissions, time to live, and so on). You can override the default object properties by setting the NIS_DEFAULTS environment variable. You can use SAM (System Administration Manager) to change all the default object properties except time to live.
Configuring and Administering NIS+ Administering NIS+ To Change the Permissions for NIS+ Objects • To change the permissions of an NIS+ directory, table, table entry, group, or link, issue the nischmod command from an NIS+ client host. The following example changes the permissions for the group table in the Wiz.Com. domain. It gives user nobody no permissions, owner and group owner full permissions, and world read permission only. nischmod n=,og=rmcd,w=r group.org_dir.Wiz.Com.
Configuring and Administering NIS+ Administering NIS+ For more information, see the following man pages: nischmod(1), nistbladm(1), sam(1M), and nis(1).
Configuring and Administering NIS+ Administering NIS+ To Change the Ownership of NIS+ Objects • To change the owner of an NIS+ directory, table, table entry, group, or link, issue the nischown command from an NIS+ client host. The following example changes the owner of the passwd table entry for user sid to sid.Sales.Wiz.Com.: nischown sid.Sales.Wiz.Com. ’[name=sid],passwd.org_dir’ The following example makes sid.Sales.Wiz.Com. the owner of his own cred table entries: nischown sid ’[cname=sid.Sales.Wiz.
Configuring and Administering NIS+ Administering NIS+ To Change the Search Order of Domains When a client requests information from an NIS+ table without specifying a domain, by default, the table in the client’s default domain is searched first. If the information is not found, and the default domain is not the root domain, the table in the default domain’s parent domain is searched. The search continues up the hierarchy until the information is found or the root domain has been searched.
Configuring and Administering NIS+ Administering NIS+ To List the Contents of an NIS+ Table • Issue the following command from an NIS+ client host: niscat tablename For example, to list the contents of the passwd table in the domain Wiz.Com., you would issue the following command: niscat passwd.org_dir.Wiz.Com. If the table is in the default domain, you do not have to include the domain name, but you do have to include org_dir.
Configuring and Administering NIS+ Administering NIS+ To Search an NIS+ Table • Issue one of the following commands from any NIS+ client host: nisgrep ’column_name=regular_expression’ tablename nismatch column_name=text_string tablename For example, the following command returns all the entries from users in the passwd table whose home directories are under /users: nisgrep ’home=/users/*’ passwd.org_dir If you do not specify a column name, the first column of the table is searched.
Configuring and Administering NIS+ Administering NIS+ To Add an Entry to an NIS+ Table To add an entry to an NIS+ table, follow one of these procedures, or use SAM (System Administration Manager). To run SAM, type sam at the HP-UX prompt. To Add an Entry with nistbladm 1. Issue the following command from any NIS+ client host: nistbladm -a column_name=value column_name=value ... tablename The following example adds an entry to the hosts table: nistbladm -a cname=romney name=romney.Eng.Wiz.Com \ addr=15.14.
Configuring and Administering NIS+ Administering NIS+ To Add an Entry with nisaddent 1. Issue the following command to dump the NIS+ table to a temporary file: nisaddent -d table_type > filename Do not include “org_dir” in the table type. The following example dumps the group.org_dir table to tempfile: nisaddent -d group > tempfile To find out the table type for a table, issue the niscat -o tablename command. Type man 1 niscat for more information. 2.
Configuring and Administering NIS+ Administering NIS+ To Remove an Entry from an NIS+ Table To remove an entry from an NIS+ table, follow this procedure, or use SAM (System Administration Manager). To run SAM, type sam at the HP-UX prompt. • Issue the following command from any NIS+ client host: nistbladm -r column_name=value column_name=value ... tablename The following example removes an entry from the hosts table: nistbladm -r cname=romney addr=15.14.13.12 hosts.
Configuring and Administering NIS+ Administering NIS+ To Modify an Entry in an NIS+ Table You can use either of two methods to modify a table entry: 1. You can use nistbladm(1) to modify the entry directly. 2. You can use nisaddent(1M) to dump the table to a file, and you can modify the file. Then, you can use nisaddent to update the NIS+ table from the file. You can use SAM (System Administration Manager) to modify entries in NIS+ tables. To run SAM, type sam at the HP-UX prompt.
Configuring and Administering NIS+ Administering NIS+ To Modify an Entry with nisaddent 1. Issue the following command to dump the NIS+ table to a temporary file: nisaddent -d table_type > filename Do not include “org_dir” in the table type. The following example dumps the group.org_dir table to tempfile: nisaddent -d group > tempfile To find out the table type for a table, issue the niscat -o tablename command. Type man 1 niscat for more information. 2.
Configuring and Administering NIS+ Administering NIS+ To Add a Host to an NIS+ Domain 1. Issue the following command, from any NIS+ client host, to add the new host to the NIS+ hosts table: nistbladm -a cname=hostname name=hostname addr=IPaddress \ comment=comment hosts.org_dir.domainname You must have create permission for the hosts table to use this command. You must create one hosts table entry in which the cname and name columns are both set to the official host name.
Configuring and Administering NIS+ Administering NIS+ 3. If you want to allow the root user on this host to administer the NIS+ domain, add the host to the domain’s admin group. Issue this command: nisgrpadm -a hostname.domainname admin_groupname.domainname The admin group for most domains is called “admin,” as in the following example: nisgrpadm -a romney.Eng.Wiz.Com. admin.Eng.Wiz.Com. You must have modify permission for the admin group in order to add members to it. 4.
Configuring and Administering NIS+ Administering NIS+ To Add a User to an NIS+ Domain To add users to an NIS+ domain, follow this procedure, or use SAM (System Administration Manager). To run SAM, type sam at the HP-UX prompt. 1. Issue the following command, from any NIS+ client host, to add the new user to the NIS+ passwd table: nistbladm -a name=loginname passwd= uid=userID gid=groupID \ gcos=user_info home=home_dir shell=shell shadow= \ passwd.org_dir.
Configuring and Administering NIS+ Administering NIS+ 3. Issue the following command to change the user’s password: passwd -r nisplus loginname When the nispasswd command prompts you for a password, type the same password you typed when you created the user’s DES credential in step 2. You can ignore the message that tells you what to do if the user’s login password is different from the user’s secure RPC password. If you followed the steps in this section, the user’s two passwords are the same. 4.
Configuring and Administering NIS+ Administering NIS+ 7. If you are using the automounter to mount users’ home directories, add the new user’s home directory to the auto_home table. For information on the automounter, see “Configuring and Administering the NFS Automounter” on page 62. For instructions on adding an entry to an NIS+ table, see “To Add an Entry to an NIS+ Table” on page 240. 8.
Configuring and Administering NIS+ Administering NIS+ To Create New Credentials for an Existing NIS+ Principal Sometimes a user or host needs new credentials, because the old ones have become corrupted or cannot be used. Follow these steps: 1. Log in as root to the NIS+ master server for the domain. 2. Issue the following command to create new credentials for the NIS+ principal and overwrite any existing credentials: /usr/lib/nis/nisclient -co principalname where principalname is username.
Configuring and Administering NIS+ Administering NIS+ To Create New Credentials for the Root Master Server Sometimes the credentials for the root master server become corrupted and unusable, and it is necessary to create new ones. Follow this procedure to recreate the credentials for the root master server host. 1. Log in as root to every NIS+ server in the namespace, and issue the following commands to kill the nis_cachemgr process and restart rpc.
Configuring and Administering NIS+ Administering NIS+ 6. On the root master server, issue the following command: keylogin -r Supply the root password when prompted for it. 7. Log in as root to every server in the namespace, and issue the following commands. Note that the domainname must end in a dot. nisupdkeys org_dir.domainname. nisupdkeys groups_dir.domainname. nisupdkeys domainname. 8.
Configuring and Administering NIS+ Administering NIS+ To Change a Password • To change the password of a non-root user, issue the following command from any NIS+ client host: passwd -r nisplus username -D domainname The username is not necessary if you are logged in as a non-root user and are changing your own password. The -D domainname is necessary only if you are changing the password of a user in another domain. The nispasswd command changes the password in the NIS+ passwd and cred tables.
Configuring and Administering NIS+ Administering NIS+ To Create an NIS+ Table When you set up an NIS+ domain, the nisserver script creates a default set of tables. You can also create your own custom tables. 1. Issue the following command from any NIS+ client host: nistbladm -c table_type column=flags column=flags ... tablename The following example creates a three-column table called hostinfo.Wiz.Com. The S flag indicates that the first two columns are searchable.
Configuring and Administering NIS+ Administering NIS+ To Remove an NIS+ Table 1. Issue the following command from any NIS+ client host, to remove all the entries in the table: nistbladm -R ’[],tablename’ The following example removes all the entries from the mail_aliases table in the Wiz.Com. domain: nistbladm -R ’[],mail_aliases.org_dir.Wiz.Com.’ 2.
Configuring and Administering NIS+ Administering NIS+ To Create or Remove Paths Among Tables A concatenation path or table path is a property of a table. If a table does not contain information requested by an NIS+ principal, but it has a concatenation path, NIS+ searches the other tables in the concatenation path until it finds the requested information or comes to the end of the path.
Configuring and Administering NIS+ Administering NIS+ To Create or Remove an NIS+ Group • To create an NIS+ group, type the following command on any NIS+ client host: nisgrpadm -c groupname The following example creates an NIS+ group called engineers in the Sales.Wiz.Com. domain: nisgrpadm -c engineers.Sales.Wiz.Com. • To remove an NIS+ group, type the following command on any NIS+ client host: nisgrpadm -d groupname The following example removes the NIS+ group called engineers from the Sales.Wiz.Com.
Configuring and Administering NIS+ Administering NIS+ To Add or Remove Members of an NIS+ Group • To add members to an NIS+ group, type the following command on any NIS+ client host: nisgrpadm -a groupname group_member [group_member...] The following example adds the host principal thyme.Wiz.Com. and the NIS+ group tempadmin.Wiz.Com. to the group admin.Wiz.Com.: nisgrpadm -a admin.Wiz.Com. thyme.Wiz.Com. @tempadmin.Wiz.Com.
Configuring and Administering NIS+ Administering NIS+ To add or remove members of an NIS+ group, you must have modify permission for the group. You can use SAM (System Administration Manager) to add or remove members of NIS+ groups. To run SAM, type sam at the HP-UX prompt. For more information, see the man pages nisgrpadm(1) and sam(1M).
Configuring and Administering NIS+ Administering NIS+ To Remove a Replica Server from an NIS+ Domain 1. Log into the replica you want to remove, and issue the following commands to kill rpc.nisd and nis_cachemgr: ps -ef | grep rpc.nisd kill PID ps -ef | grep nis_cachemgr kill PID 2. Issue the following command to remove the /var/nis directory: rm -R /var/nis 3. Reinitialize the host as an NIS+ client. See “To Set Up NIS+ Client Hosts” on page 220. 4.
Configuring and Administering NIS+ Administering NIS+ To Remove an NIS+ Domain • Issue the following commands to remove an NIS+ domain: nisrmdir org_dir.domainname nisrmdir groups_dir.domainname nisrmdir domainname You must remove the org_dir and groups_dir directories before you remove the domain directory. You will not be able to remove the org_dir and groups_dir subdirectories if you remove the domain directory first.
Configuring and Administering NIS+ Administering NIS+ To Back Up NIS+ Tables It is recommended that you back up your NIS+ tables at least once a day. 1. Create a directory for your flat files, and make it the current directory: mkdir /nis+files cd /nis+files 2. Set the PATH variable to include /usr/lib/nis.
Configuring and Administering NIS+ Administering NIS+ If your transaction log contains only three entries, then your tables are fully checkpointed. If your transaction logs contain more than three entries, issue the following command to checkpoint them: nisping -Ca 5. Use your favorite backup utility (tar[1], dump[1M], etc.) to back up the following: Chapter 5 • The /var/nis directory • The /etc/.
Configuring and Administering NIS+ Summary of NIS+ Commands Summary of NIS+ Commands Table 5-2 264 Summary of NIS+ Commands chkey(1) Creates or changes a secure RPC key. domainname(1) Sets or displays the name of the NIS+ domain. keylogin(1) Decrypts and stores a secure RPC key. keylogin is called wh a user logs in, but the user must issue keylogin if no passw was provided at login or if the login password is different fro the secure RPC password.
Configuring and Administering NIS+ Summary of NIS+ Commands Table 5-2 Chapter 5 Summary of NIS+ Commands (Continued) nisgrep(1) Searches an NIS+ table for a specified string or regular expression. nisgrpadm(1) Creates or destroys NIS+ groups. Adds or removes NIS+ gro members. Lists the members or tests for membership in an NIS+ group. nisinit(1M) Initializes an NIS+ client or NIS+ root master server.
Configuring and Administering NIS+ Summary of NIS+ Commands Table 5-2 266 Summary of NIS+ Commands (Continued) nistbladm(1) Creates or destroys NIS+ tables. Adds, removes, or modifies entries in NIS+ tables. Modifies table properties, like the concatenation path and separator character. nistest(1) Tests for the existence, object type, and access rights of NIS+ objects. nisupdkeys(1M) Updates the public keys in an NIS+ directory object. rpc.nisd(1M) rpc.nisd_resolv(1M) rpc.
6 Chapter 6 Configuring the Name Service Switch 267
Configuring the Name Service Switch The Name Service Switch determines where your host will look for the information that is traditionally stored in the following files: • /etc/mail/aliases • automounter maps (like /etc/auto_master and /etc/auto_home) • /etc/group • /etc/hosts • /etc/netgroup • /etc/networks • /etc/passwd • /etc/protocols • /etc/publickey • /etc/rpc • /etc/services You can configure your host to look for each type of information in NIS, NIS+, or the local /etc file.
Configuring the Name Service Switch NIS and NIS+ allow you to configure a server-side hostname fallback, which causes the NIS or NIS+ server to query BIND when it fails to find requested host information in its database. The NIS or NIS+ server then returns the host information to the client through NIS or NIS+. An NIS+ server must run in NIS compatibility mode to support server-side hostname fallback.
Configuring the Name Service Switch Installing and Customizing the nsswitch.conf File Installing and Customizing the nsswitch.conf File The configuration file for the Name Service Switch is called /etc/nsswitch.conf. If this file does not exist, the system has a default Name Service Switch configuration, described in “Default Configuration” on page 275, later in this chapter. 1. Copy the appropriate Name Service Switch configuration file to /etc/nsswitch.conf.
Configuring the Name Service Switch Installing and Customizing the nsswitch.conf File hosts: dns [NOTFOUND=return] files If you want your host to consult NIS or NIS+ when BIND is not running, change the hosts line to read as follows: hosts: dns [NOTFOUND=return] nis [NOTFOUND=return] files or hosts: dns [NOTFOUND=return] nisplus [NOTFOUND=return] files 3. Reboot your host to force long-running processes to read the new /etc/nsswitch.conf file.
Configuring the Name Service Switch Syntax of the nsswitch.conf File Syntax of the nsswitch.conf File Each line in the /etc/nsswitch.conf file has the following syntax: lookup_type name_service [status=action status=action ...] name_service ... If you include any status=action pairs after a name service, the square brackets are required. lookup_type The type of information to be looked up. The supported keywords and the information types they represent are listed in Table 6-2.
Configuring the Name Service Switch Syntax of the nsswitch.conf File If a line beginning with one of the lookup_types does not exist in the /etc/nsswitch.conf file, the default Name Service Switch configuration for that type of information is used. If the /etc/nsswitch.conf file does not exist, the default configuration is used for every type of information. The default Name Service Switch configuration is described in “Default Configuration” on page 275.
Configuring the Name Service Switch Syntax of the nsswitch.conf File Table 6-2 Types of Lookups Controlled by the Name Service Switch Keyword services Table 6-3 Type of Information Represented by Keyword Mapping of networking services to port numbers and protocols, stor in the /etc/services file, the NIS services.byname and services.bynp maps, or the NIS+ services table.
Configuring the Name Service Switch Default Configuration Default Configuration If the /etc/nsswitch.conf file does not exist, or if the line for a particular type of information is absent or syntactically incorrect, the following default configuration is used.
Configuring the Name Service Switch Default Configuration passwd: group: hosts: networks: protocols: rpc: publickey: netgroup: automount: aliases: services: compat compat dns [NOTFOUND=return] nis [NOTFOUND=return] nis [NOTFOUND=return] nis [NOTFOUND=return] nis [NOTFOUND=return] nis [NOTFOUND=return] files nis files nis nis [NOTFOUND=return] nis [NOTFOUND=return] files files files files files files files This configuration uses the +/- syntax in the /etc/passwd and /etc/group files.
Configuring the Name Service Switch Troubleshooting the Name Service Switch Troubleshooting the Name Service Switch • Issue the nsquery command to perform a hosts, passwd, or group lookup, as follows: /usr/contrib/bin/nsquery lookup_type lookup_query The lookup_type may be hosts, passwd, or group. The lookup_query may be a host name or IP address, a user name or user ID, or a group name or group ID. The nsquery command displays the Name Service Switch configuration that is currently in use.
Configuring the Name Service Switch Troubleshooting the Name Service Switch 278 Chapter 6
7 Chapter 7 Configuring and Using the Remote Execution Facility (REX) 279
Configuring and Using the Remote Execution Facility (REX) The Remote Execution Facility (REX) allows you to execute commands on a remote host. REX is similar to the remsh(1) command, except REX simulates the user’s home environment on the remote host and mounts the user’s current working directory on the remote host. REX consists of the following: • The on command, which is the user interface to REX and runs on the host where the user is logged in.
Configuring and Using the Remote Execution Facility (REX) How REX Works How REX Works 1. A user issues the on command, specifying a command to execute and the name of a remote host on which to execute it. The user must be logged in as a non-root user (a user with a non-zero user ID) to use the on command. Also, an account with the user’s local user ID must exist on the remote host. 2. The on command passes the user’s environment variables to the remote host.
Configuring and Using the Remote Execution Facility (REX) How REX Works REX Example In the following example, user tracy is logged into host sage. Her current working directory is her home directory, /home/sage/tracy. She issues the on command to run more on host thyme: on -i thyme more /etc/exports The -i option is required, because more is an interactive command. tracy’s home environment on host sage is transferred to host thyme.
Configuring and Using the Remote Execution Facility (REX) Configuring REX Configuring REX This section tells you how to set up REX clients and REX servers. It also explains how to configure added security for REX servers and how to configure logging for the rexd daemon. To Configure REX 1. Make sure all the hosts to which users need access are listed in your hosts database (BIND, NIS, or /etc/hosts). 2. Make sure users have accounts on all the hosts they need to use.
Configuring and Using the Remote Execution Facility (REX) Configuring REX 7.
Configuring and Using the Remote Execution Facility (REX) Configuring REX To Configure REX Security 1. On each REX server, add the -r option to the line in /etc/inetd.conf that starts the rexd daemon, as follows: rpc stream tcp nowait root /usr/sbin/rpc.rexd 100017 1 \ rpc.rexd -r 2. Issue the following command to force inetd to reread /etc/inetd.conf: /usr/sbin/inetd -c 3. Add lines to the /etc/hosts.
Configuring and Using the Remote Execution Facility (REX) Configuring REX To Configure Logging for the rexd Daemon 1. Use a text editor to add the -l log_file option to the line in /etc/inetd.conf that starts rexd, as in the following example: rpc stream tcp nowait root /usr/sbin/rpc.rexd 100017 1 rpc.rexd -l /var/adm/rexd.log \ 2.
8 Troubleshooting NFS Services This chapter describes tools and procedures for troubleshooting the NFS Services.
Troubleshooting NFS Services 288 • Common Problems with NIS • Common Problems with NIS+ • Performance Tuning • Logging and Tracing of NFS Services • Normal System Startup Chapter 8
Troubleshooting NFS Services Common Problems with NFS Common Problems with NFS This section lists the following common problems encountered with NFS and suggests ways to correct them. Chapter 8 • If You Receive an NFS “Server Not Responding” Message, see page 290. • If You Receive an “Access Denied” Message, see page 293. • If You Receive a “Permission Denied” Message, see page 295. • If You Receive an “Unknown Host” or “Not In Hosts Database” Message, see page 297.
Troubleshooting NFS Services Common Problems with NFS If You Receive an NFS “Server Not Responding” Message ❏ Issue the /usr/sbin/ping(1M) command on the NFS client to make sure the NFS server is up and is reachable on the network. If the ping command fails, either the server is down, or the network has a problem. If the server is down, reboot it, or wait for it to come back up. For information on troubleshooting network problems, see Installing and Administering LAN/9000 Software.
Troubleshooting NFS Services Common Problems with NFS /usr/bin/rpcinfo -u servername mountd If the rpcinfo command returns RPC_TIMED_OUT, the rpc.mountd process may be hung. Issue the following commands on the NFS server to restart rpc.mountd (PID is the process ID returned by the ps command): /usr/bin/ps -ef | /usr/bin/grep mountd /usr/bin/kill PID /usr/sbin/rpc.mountd ❏ You can receive “server not responding” messages when the server or network is heavily loaded and the RPC requests are timing out.
Troubleshooting NFS Services Common Problems with NFS /sbin/init.d/nfs.client start ❏ 292 If the “server not responding” message was followed by RPC_AUTH_ERROR; why=AUTH_BOGUS_CREDENTIAL, this could mean that you (or the user who received the message) are a member of too many groups. On HP-UX release 9.0 or later, you can be a member of up to 16 groups. On HP-UX releases prior to 9.0, you can be a member of up to 8 groups.
Troubleshooting NFS Services Common Problems with NFS If You Receive an “Access Denied” Message ❏ Issue the following command on the NFS client to check that the NFS server is exporting the directory you want to mount: /usr/sbin/showmount -e server_name If the server is not exporting the directory, edit the /etc/exports file on the server so that it allows your NFS client access to the directory. Then, issue the following command to force the server to read its /etc/exports file.
Troubleshooting NFS Services Common Problems with NFS ❏ 294 If rpc.mountd is configured in /etc/inetd.conf on the NFS server, check the server’s /var/adm/inetd.sec file to make sure your NFS client is allowed access to rpc.mountd.
Troubleshooting NFS Services Common Problems with NFS If You Receive a “Permission Denied” Message ❏ Check the mount options in the /etc/fstab file on the NFS client. A directory you are attempting to write to may have been mounted read-only. ❏ Issue the ls -l command to check the HP-UX permissions on the server directory and on the client directory that is the mount point. You may not be allowed access to the directory.
Troubleshooting NFS Services Common Problems with NFS ❏ 296 If you were attempting to run a program when you received the “permission denied” message, issue the ls -l command on the NFS server to check whether the program you tried to run has the setuid bit set. If it does, check /etc/fstab to determine whether the directory was mounted with the nosuid mount option. If necessary, remove the nosuid option from the /etc/fstab file, then unmount and remount the directory.
Troubleshooting NFS Services Common Problems with NFS If You Receive an “Unknown Host” or “Not In Hosts Database” Message ❏ Issue the following command to trace a lookup of the unknown host: /usr/contrib/bin/nsquery hosts hostname The trace will indicate which name services (BIND, NIS, NIS+, or /etc/hosts) were queried and in what order. If your host is not performing lookups the way you want, see “Configuring the Name Service Switch” on page 267 for instructions on configuring the Name Service Switch.
Troubleshooting NFS Services Common Problems with NFS If You Receive a “Device Busy” Message ❏ If you received the “device busy” message while attempting to mount a directory, try to access the mounted directory. If you can access it, then it is already mounted. ❏ If you received the “device busy” message while attempting to unmount a directory, a user or process is currently using the directory. Wait until the process completes, or follow these steps: 1.
Troubleshooting NFS Services Common Problems with NFS If You Receive a “Stale File Handle” Message A “stale file handle” occurs when one client removes an NFS-mounted file or directory that another client has open, as in the following sequence of events: Table 8-1 NFS client 1 1 NFS client 2 % cd /proj1/source 2 % cd /proj1 3 % rm -Rf source 4 % ls .:Stale File Handle If a server stops exporting a directory that a client has mounted, the client will receive a stale file handle error.
Troubleshooting NFS Services Common Problems with NFS allows only one user at a time to modify a file or directory, so one user cannot remove files another user is accessing. Type man 5 rcsintro for more information. ❏ If someone has restored the server’s file systems from backup or issued the fsirand command on the server, follow these steps on each of the NFS clients to prevent stale file handles by restarting NFS: 1.
Troubleshooting NFS Services Common Problems with NFS If a Program Hangs ❏ Check whether the NFS server is up and operating correctly. See “If You Receive an NFS “Server Not Responding” Message” on page 290. If the server is down, wait until it comes back up, or, if the directory was mounted with the intr mount option (the default), you can interrupt the NFS mount, usually with CTRL-C. ❏ If the program uses file locking, issue the following commands (on either the client or the server) to make sure rpc.
Troubleshooting NFS Services Common Problems with NFS 4. Issue the following commands to verify that rpc.statd, rpc.lockd, and nfsd are all running and responding to RPC requests: /usr/bin/rpcinfo /usr/bin/rpcinfo /usr/bin/rpcinfo /usr/bin/rpcinfo /usr/bin/rpcinfo /usr/bin/rpcinfo /usr/bin/rpcinfo /usr/bin/rpcinfo -u -u -u -u -u -u -u -u servername servername servername servername clientname clientname clientname clientname status llockmgr nlockmgr nfs status llockmgr nlockmgr nfs 5.
Troubleshooting NFS Services Common Problems with NFS If Data is Lost Between the Client and the Server ❏ Make sure the directory is exported from the server with the noasync option (the default). If the directory is exported with the async option, the NFS server will acknowledge NFS writes before actually writing data to disk. Changing an exported directory from async to noasync degrades write performance for that directory.
Troubleshooting NFS Services Common Problems with NFS For more information, see the following man pages: mount(1M), open(2), write(2), lockf(2), and biod(1M). If You Cannot Start New Processes ❏ Issue the following command to check your server’s memory utilization: netstat -m If the number of requests for memory denied is high, your server does not have enough memory. Consider adding more memory or using a different host as the NFS server.
Troubleshooting NFS Services Common Problems with NFS If You Receive a “Too Many Levels of Remote in Path” Message This message indicates that you are attempting to mount a directory from a server that has NFS-mounted the directory from another server. You cannot “chain” your NFS mounts this way. You must mount the directory from the server that has it mounted on a local disk.
Troubleshooting NFS Services Common Problems with NIS Common Problems with NIS This section lists the following common problems encountered with NIS and suggests ways to correct them. 306 • If You Receive an NIS “Server Not Responding” Message, see page 307. • If a User Cannot Log In, see page 308. • If You Receive an “Unknown Host” Message, see page 310. • If an NIS Client Cannot Bind to a Server, see page 312. • If NIS Returns Incorrect Information, see page 313.
Troubleshooting NFS Services Common Problems with NIS If You Receive an NIS “Server Not Responding” Message ❏ Issue the /usr/sbin/ping(1M) command on the NIS client to make sure the NIS server is up and is reachable on the network. If the ping command fails, either the server is down, or the network has a problem. If the server is down, reboot it, or wait for it to come back up. For information on troubleshooting network problems, see Installing and Administering LAN/9000 Software.
Troubleshooting NFS Services Common Problems with NIS If a User Cannot Log In ❏ If the user has recently changed passwords, ask the user to try logging in with the old password. If the user can log in using the old password, follow these steps: 1. Issue the ps -ef command on the NIS master server to make sure the yppasswdd daemon is running. If it is not, issue the following command to start all the NIS server processes: /sbin/init.d/nis.server start 2.
Troubleshooting NFS Services Common Problems with NIS If the client has no entry in the passwd database, issue the following command on the NIS server to which the client is bound: /usr/sbin/ypxfr passwd This command transfers the passwd database from the NIS master server to the server where you issue the command. ❏ If the user’s NIS client is bound to a slave server, make sure the slave server is listed in the NIS master server’s ypservers database. Follow these steps: 1.
Troubleshooting NFS Services Common Problems with NIS If You Receive an “Unknown Host” Message ❏ Issue the following command to trace a lookup of the unknown host: /usr/contrib/bin/nsquery hosts hostname The trace will indicate which name services (BIND, NIS, NIS+, or /etc/hosts) were queried and in what order. If your host is not performing lookups the way you want, see “Configuring the Name Service Switch” on page 267 for instructions on configuring the Name Service Switch.
Troubleshooting NFS Services Common Problems with NIS ❏ If the NIS client is bound to a slave server, make sure the slave server is listed in the NIS master server’s ypservers database. Follow these steps: 1. Issue the following command on the NIS client to determine which server the client is bound to: /usr/bin/ypwhich 2. Log in as root to the NIS master server and issue the following command to change to the directory where the domain databases reside: cd /var/yp/domainname 3.
Troubleshooting NFS Services Common Problems with NIS If an NIS Client Cannot Bind to a Server If NIS commands return any of the following messages, ypcat: can’t bind to an NIS server for domain domainname ypmatch: can’t match key. reason: can’t communicate with ypbind ypwhich: clntudp_create error RPC_PROG_NOT_REGISTERED then ypbind is not running on the client. Issue the following command to start all the NIS client processes: /sbin/init.d/nis.
Troubleshooting NFS Services Common Problems with NIS If NIS Returns Incorrect Information ❏ Issue the following command on the NIS client to determine which master server supplies the appropriate NIS map: /usr/bin/ypwhich -m mapname If the server does not respond, see “If You Receive an NIS “Server Not Responding” Message” on page 307.
Troubleshooting NFS Services Common Problems with NIS 2. Log in as root to the NIS master server and issue the following command to change to the directory where the domain databases reside: cd /var/yp/domainname 3. On the NIS master server, issue the following command to write the contents of the ypservers database to a temporary file: /usr/sbin/makedbm -u ypservers > tempfile 4.
Troubleshooting NFS Services Common Problems with NIS+ Common Problems with NIS+ This section lists the following common problems encountered with NIS+ and suggests ways to correct them. • If NIS+ Cannot Find an Object, see page 316. • If You Have Authentication or Permissions Problems, see page 318. • If You Have Insufficient Memory or Disk Space, see page 321. • If You Receive an “Unable to Fork” Message, see page 322. • If a User Cannot Log In, see page 323.
Troubleshooting NFS Services Common Problems with NIS+ If NIS+ Cannot Find an Object 316 ❏ Make sure you typed the name of the object correctly and specified the correct path. The path to a system table must include “org_dir.” The path to an NIS+ group must include “groups_dir,” unless it is an argument to the nisgrpadm command, which cannot find a group if you include “groups_dir” in its path. ❏ Make sure the value of the NIS_PATH variable includes the domain where the object resides.
Troubleshooting NFS Services Common Problems with NIS+ when you create an object, some NIS+ commands take the space as part of the object name. Rename the object, or remove it and recreate it without the extra space. Chapter 8 ❏ A table or log file may have been corrupted. Restore the file from your most recent backup. ❏ If you have changed the name of a domain, many NIS+ operations will fail, because the old domain name is embedded in objects throughout the domain.
Troubleshooting NFS Services Common Problems with NIS+ If You Have Authentication or Permissions Problems ❏ Issue the following command to determine whether you are authenticated: niscat passwd.org_dir If you are authenticated, you should be able to see the encrypted password field for your user ID. If you are not authenticated, the password field for your user ID will display *NP*. ❏ If you are not authenticated, try to keylogin using your login password.
Troubleshooting NFS Services Common Problems with NIS+ If you must be a member of an NIS+ group to access the object, issue the nisgrpadm -l command to make sure your NIS+ principal name is included in the group. If necessary, use the nisgrpadm(1) command to add your principal name to the group. ❏ Issue the ps -ef command to make sure the keyserv(1M) daemon is running. If it is not, start it. Make sure automount, rpc.nisd, and sendmail are running. If they are not, start them.
Troubleshooting NFS Services Common Problems with NIS+ 320 ❏ If a user’s login password is different from the user’s secure RPC password, the user must perform a keylogin after login in order to become authenticated. ❏ If a user logs into a remote host that does not require a password, for example, because it has an entry for the user in a $HOME/.rhosts or /etc/hosts.equiv file, the user must perform a keylogin after login in order to become authenticated.
Troubleshooting NFS Services Common Problems with NIS+ If You Have Insufficient Memory or Disk Space ❏ As a short-term solution to free up memory, kill all unnecessary windows and processes. If necessary, exit your windowing system and work from the terminal command line. Use the ps -el command to check the size of running processes. Sometimes programs develop memory leaks and grow very large.
Troubleshooting NFS Services Common Problems with NIS+ If You Receive an “Unable to Fork” Message ❏ Kill any unnecessary processes on your server host. This message occurs when your host has run out of available processes. ❏ If necessary, follow this procedure to increase the maximum number of inodes on your NIS+ server: 1. Log in as root to the NIS+ server. 2. Type /usr/sbin/sam to start SAM (System Administration Manager). 3. Open Kernel Configuration. 4. Open Configurable Parameters. 5.
Troubleshooting NFS Services Common Problems with NIS+ If a User Cannot Log In Chapter 8 ❏ Have the user issue the keylogin command using the user’s secure RPC password. In most cases, this password should be the same as the user’s login password. If the keylogin does not work, have the user try it with the password “nisplus.” If that doesn’t work, have the user try to keylogin with his or her most recent password.
Troubleshooting NFS Services Common Problems with NIS+ Use nismatch(1) to find the credentials for the user or host in the cred table. If both a Local and a DES credential exist, the credentials are for a non-root user. If only a DES credential exists, the credential is for a root user. If necessary, change the host name. (It is easier to change a host name than to change a user name.) You can set up an alias to map the host’s old name to the new name.
Troubleshooting NFS Services Common Problems with NIS+ If nisping -C Fails or Transaction Logs Are Not Truncated ❏ Issue the following command to check the update status of your replica servers: nisping -u ❏ If you do not issue the nisping -Ca command regularly, your transaction log may grow too large, and you may not have enough disk space to checkpoint it.
Troubleshooting NFS Services Common Problems with NIS+ If a Replica Update Fails ❏ The master server might be busy, or another replica might be performing an update. The update is usually rescheduled automatically and retried later. ❏ The server might be out of child processes to allocate. See “If You Receive an “Unable to Fork” Message” on page 322. ❏ A read-only process might have been requested to dump. Usually, problems with replica updates solve themselves.
Troubleshooting NFS Services Common Problems with NIS+ If You Receive a “Could Not Bind to Server” Message ❏ Issue the following command to make sure your default domain name does not end with a period: domainname ❏ In the /etc/rc.config.d/namesvrs file, make sure the value of the NIS_DOMAIN variable does not end with a period. If You Receive a “Generic System Error” or “Possible Loop Detected” Message ❏ Make sure you are specifying the correct domain for the operation you are trying to perform.
Troubleshooting NFS Services Common Problems with NIS+ If You Receive a “Corrupt Log” or “Corrupt Database” Message ❏ Issue the following command to determine whether you have multiple independent rpc.nisd processes running: ps -ef | grep nisd In normal operation, rpc.nisd may spawn child rpc.nisd processes, and this causes no problem. However, if two parent rpc.nisd processes are running on the same host at the same time, they will overwrite each other’s data and corrupt logs and databases.
Troubleshooting NFS Services Performance Tuning Performance Tuning This section gives suggestions for identifying performance problems in your network and improving NFS performance on your servers and clients. It contains the following sections: Chapter 8 • To Diagnose NFS Performance Problems, see page 330. • To Improve NFS Server Performance, see page 332. • To Adjust the Number of nfsd Processes, see page 334. • To Improve NFS Client Performance, see page 336.
Troubleshooting NFS Services Performance Tuning To Diagnose NFS Performance Problems 1. Issue the following command on several of your NFS clients: nfsstat -rc 2. If the timeout and retrans values displayed by nfsstat -rc are high, but the badxid value is close to zero, packets are being dropped before they get to the NFS server. Try decreasing the values of the wsize and rsize mount options to 4096 or 2048 on the NFS clients. See “To Change the Default Mount Options” on page 46.
Troubleshooting NFS Services Performance Tuning The number of collisions (Coll) divided by the number of output packets (Opkts) is the collision rate. If your collision rate is greater than 10%, consider dividing your network into smaller segments and putting an NFS server on each segment. See Installing and Administering LAN/9000 Software for information on dividing your network.
Troubleshooting NFS Services Performance Tuning To Improve NFS Server Performance ❏ Issue the following command to check your server’s memory utilization: netstat -m If the number of requests for memory denied is high, your server does not have enough memory, and NFS clients will experience poor performance. Consider adding more memory or using a different host as the NFS server. ❏ Put heavily used directories on different disks on your NFS servers so they can be accessed in parallel.
Troubleshooting NFS Services Performance Tuning When a client requests access to a linked file or directory, two requests are sent to the server: one to look up the path to the link, and another to look up the target of the link. You can improve NFS performance by removing symbolic links from exported directories. Do not remove symbolic links in an NFS diskless environment. File sharing in NFS diskless is done by means of symbolic links.
Troubleshooting NFS Services Performance Tuning To Adjust the Number of nfsd Processes 1. Issue the following command on the NFS server: netstat -s If the UDP statistics displayed by the netstat command indicate a large number of socket overflows, as in the following example, then your server is not running enough nfsd daemons. udp: 0 incomplete headers 0 bad data length fields 0 bad checksums 1375 socket overflows 2.
Troubleshooting NFS Services Performance Tuning For more information on how the number of nfsd processes impacts performance, refer to the “NFS performance tuning for HP-UX 11.0 and 11.11 systems” white paper available at http://docs.hp.com/hpux/onlinedocs/1435/NFSPerformanceTuningin HP-UX11.0and11iSystems.pdf.
Troubleshooting NFS Services Performance Tuning To Improve NFS Client Performance ❏ Issue the ps -ef command to make sure four biod processes are running on each client. To start four biod processes, set the NUM_NFSIOD variable to 4 in the /etc/rc.config.d/nfsconf file, and issue the following command: /usr/sbin/biod 4 If your performance bottleneck is a slow server, increasing the number of biod processes beyond four will not improve NFS performance, and it might make it worse.
Troubleshooting NFS Services Performance Tuning thyme:/usr /usr nfs defaults 0 0 basil:/usr/share /usr/share nfs defaults 0 0 sage:/usr/share/lib /usr/share/lib nfs defaults 0 0 Wherever possible, change these “stepping-stone” mounts so that whole directories are mounted from a single NFS server. Stepping-stone (hierarchical) mounts, like the one in the example above, cause more NFS requests than mounts from a single server.
Troubleshooting NFS Services Performance Tuning To Improve NIS+ Performance ❏ Issue the following command to check the size of your transaction log: /usr/lib/nis/nislog | head -10 If your transaction log is fully checkpointed, it will contain only three entries. If it contains many entries, issue the following command to checkpoint it: nisping -Ca 338 ❏ The nisping -C command can cause a long delay if your namespace is large. Do not reboot the system. Do not reenter the nisping command.
Troubleshooting NFS Services Performance Tuning Server busy. Try again. for one of the following reasons: Chapter 8 • The server is busy synchronizing and checkpointing its directories. Just wait until the server is finished checkpointing and try the command again. • The server is out of swap or disk space. Increase the swap space on the server, and then checkpoint the server’s directories with nisping -Ca.
Troubleshooting NFS Services Logging and Tracing of NFS Services Logging and Tracing of NFS Services This section tells you how to start the following tools: 340 • NFS Logging • Automounter Logging • Automounter Tracing • Logging for the Other NFS Services • NIS Logging • NIS+ Logging • Logging With nettl and netfmt • Tracing With nettl and netfmt Chapter 8
Troubleshooting NFS Services Logging and Tracing of NFS Services NFS Logging You can configure logging for the following NFS daemons: • rpc.mountd • rpc.statd • rpc.lockd Each message logged by these daemons can be identified by the date, time, host name, process ID, and name of the daemon that generated the message. You can direct logging messages from all these NFS daemons to the same file. To Control the Size of Log Files Log files grow without bound, using up disk space.
Troubleshooting NFS Services Logging and Tracing of NFS Services To Start and Stop rpc.mountd Logging 1. Issue the following commands to kill the rpc.mountd process and restart it with logging turned on (PID is a process ID returned by the ps command): ps -ef | grep mountd kill PID /usr/sbin/rpc.mountd -l /var/adm/mountd.log 2. If you want rpc.mountd to log mount requests and mount failures as well as errors, add the -t2 option to the rpc.mountd command, as in the following example: /usr/sbin/rpc.
Troubleshooting NFS Services Logging and Tracing of NFS Services To Start and Stop Basic Logging of rpc.statd and rpc.lockd To start basic logging of rpc.statd and rpc.lockd (just errors, warnings, startup, and shutdown), issue the following commands (PID is a process ID returned by the ps command): ps -ef | grep lockd kill PID ps -ef | grep statd kill PID /usr/sbin/rpc.statd -l /var/adm/rpc.statd.log /usr/sbin/rpc.lockd -l /var/adm/rpc.lockd.log NOTE Always start rpc.statd before starting rpc.lockd.
Troubleshooting NFS Services Logging and Tracing of NFS Services Automounter Logging Automounter logs messages through /usr/sbin/syslogd. By default, syslogd writes messages to the file /var/adm/syslog/syslog.log. Type man 1M syslogd for more information on syslogd. For explanations of the automounter log messages, type man 1M automount. To Start Automounter Logging 1. Log in as root to the NFS client. 2.
Troubleshooting NFS Services Logging and Tracing of NFS Services /usr/sbin/automount options -v options is the list of options configured in the AUTO_OPTIONS variable in the /etc/rc.config.d/nfsconf file. You can also source the /etc/rc.config.
Troubleshooting NFS Services Logging and Tracing of NFS Services Automounter Tracing Two levels of automounter tracing are available: Detailed (level 3) Includes traces of all automounter requests and replies, mount attempts, timeouts, and unmount attempts. You can start level 3 tracing while the automounter is running. Basic (level 1) Includes traces of all automounter requests and replies. You must restart the automounter to start level 1 tracing. To Start and Stop Automounter Detailed Tracing 1.
Troubleshooting NFS Services Logging and Tracing of NFS Services 4. For every automounted directory listed by the grep command, issue the following command to determine whether the directory is currently in use: /usr/sbin/fuser -cu local_mount_point This command lists the process IDs and user names of everyone using the mounted directory. 5. Warn any users to cd out of the directory, and kill any processes that are using the directory, or wait until the processes terminate.
Troubleshooting NFS Services Logging and Tracing of NFS Services Logging for the Other NFS Services You can configure logging for the following NFS services: • rpc.rexd • rpc.rstatd • rpc.rusersd • rpc.rwalld • rpc.sprayd Logging is not available for the rpc.quotad daemon. Each message logged by these daemons can be identified by the date, time, host name, process ID, and name of the function that generated the message. You can direct logging messages from all these NFS services to the same file.
Troubleshooting NFS Services Logging and Tracing of NFS Services If you do not specify a log file for the other NFS services (with the -l option), they do not log any messages. The NFS services can all share the same log file. Type man 1M rexd for descriptions of the messages logged by the rpc.rexd daemon. For more information, see the following man pages: rexd(1M), rstatd(1M), rusersd(1M), rwalld(1M), and sprayd(1M).
Troubleshooting NFS Services Logging and Tracing of NFS Services NIS Logging You can configure logging for the following NIS processes: • ypxfr • ypserv • ypbind • yppasswdd Each message logged by these daemons can be identified by the date, time, host name, process ID, and name of the function that generated the message. You can direct logging messages from all these NIS daemons to the same file. To Control the Size of Log Files Log files grow without bound, using up disk space.
Troubleshooting NFS Services Logging and Tracing of NFS Services To Start and Stop Logging of ypserv By default, the ypserv daemon logs messages to the file /var/yp/ypserv.log, if it exists. To start logging of ypserv, issue the following command to make sure the /var/yp/ypserv.log file exists: /usr/bin/touch /var/yp/ypserv.log To stop logging of ypserv, remove the ypserv.log file: /usr/bin/rm /var/yp/ypserv.log If you want to direct ypserv logging to a different file, follow these steps: 1.
Troubleshooting NFS Services Logging and Tracing of NFS Services options is the list of options configured in the YPBIND_OPTIONS variable in the /etc/rc.config.d/namesvrs file. You can also source the /etc/rc.config.d/namesvrs file, and then enter the ypbind command as follows: /usr/lib/netsvc/yp/ypbind $YPBIND_OPTIONS If you do not specify a log file for ypbind (with the -l option), it logs messages to the system console, /dev/console.
Troubleshooting NFS Services Logging and Tracing of NFS Services NIS+ Logging You can log the activities of the NIS+ rpc.nisd daemon with the -A and -v options. 1. On the NIS+ server, add the -A or -v option to the RPC_NISD_OPTIONS variable, as in the following example: RPC_NISD_OPTIONS=”$EMULYP -v” 2. Issue the following commands to restart rpc.nisd: /sbin/init.d/nisplus.server stop /sbin/init.d/nisplus.server start 3.
Troubleshooting NFS Services Logging and Tracing of NFS Services Logging With nettl and netfmt 1. Issue the following command to make sure nettl is running: /usr/bin/ps -ef | grep nettl If nettl is not running, issue the following command to start it: /usr/sbin/nettl -start 2. Issue the following command to start logging: /usr/sbin/nettl -l i w e d -e all The logging classes are specified following the -l option. They are i (informational), w (warning), e (error), and d (disaster).
Troubleshooting NFS Services Logging and Tracing of NFS Services Tracing With nettl and netfmt 1. Issue the following command to make sure nettl is running: /usr/bin/ps -ef | grep nettl If nettl is not running, issue the following command to start it: /usr/sbin/nettl -start 2. Issue the following command to start tracing: /usr/sbin/nettl -tn pduin pduout loopback -e all -s 1024 \ -f tracefile 3. Recreate the event you want to trace. 4.
Troubleshooting NFS Services Normal System Startup Normal System Startup This section explains the system startup sequence and how the NFS, NIS, and NIS+ daemons are started up in a normal system boot. 1. The /sbin/rc script sources all the files in the /etc/rc.config.d directory. The files in /etc/rc.config.d contain environment variables that control the startup and behavior of various processes. 2. The /sbin/rc script runs the scripts in the directories /sbin/rc0.d, /sbin/rc1.d, /sbin/rc2.d, /sbin/rc3.
Troubleshooting NFS Services Normal System Startup All of the startup scripts start rpcbind if it is not already started, but only one rpcbind process should be running at once. Table 8-2 Chapter 8 Startup Scripts for the NFS Services Startup script in /sbin/init.d Processes started Related file in /etc/rc. config.d Environment variable used nfs.core rpcbind(1M) none none nisplus.server rpcbind(1M) domainname(1) keyserv(1M) rpc.nisd(1M) rpc.
Troubleshooting NFS Services Normal System Startup Table 8-2 358 Startup Scripts for the NFS Services (Continued) Startup script in /sbin/init.d Processes started Related file in /etc/rc. config.d Environment variable used nfs.client rpcbind(1M) biod(1M) statd(1M) lockd(1M) automount(1M) mount(1M) swapon(1M) nfsconf NFS_CLIENT NUM_NFSIOD STATD_OPTIONS LOCKD_OPTIONS AUTOMOUNT AUTO_MASTER AUTO_OPTIONS nfs.
A Appendix A NIS+ Error Messages 359
NIS+ Error Messages This section lists alphabetically the more common NIS+ error messages. “Common Problems with NIS+” on page 315 describes various types of problems and their solutions. Error messages may appear in pop-up windows, shell tool command lines, user console window, the syslog file, or in log files. You can raise or lower the severity threshold level for reporting error conditions in your /etc/syslog.conf file.
NIS+ Error Messages command, it means that there are no NIS+ objects that have the specified name, but when it is generated by the nismatch command it means that no table entries were found that meet the search criteria. The error messages in this appendix are sorted alphabetically according to the following rules: • Capitalization is ignored. Thus, messages that begin with “A” and “a” are alphabetized together. • Nonalphabetic symbols are ignored.
NIS+ Error Messages Attempting to free a free rag! This message indicates a software problem with rpc.nisd. The rpc.nisd process should have aborted. Run ps -ef | grep rpc.nisd to see if rpc.nisd is still running. If it is, kill it and restart it. If it is not running, start it. If a core file was dumped in /var/nis, delete it. If you started rpc.nisd with the -Y or -B option, you must also kill the rpc.nisd_resolv daemon.
NIS+ Error Messages authdes_refresh: unable to synch up w/server The client/server clock synchronization has failed. This could be caused by the rpcbind process on the server not responding. Use ps -ef on the server to see if rpcbind is running. If it is not, restart it. If this error message is followed by any timestamp-related message, then you need to use date to manually resync the client clock to the server clock.
NIS+ Error Messages If restarting keyserv fails to correct the problem, it may be that other processes that use secure RPC or make NIS+ calls are not running (for example, automount, rpc.nisd, or sendmail). Check to see whether these processes are running, and if they are not, restart them. See “If You Have Authentication or Permissions Problems” on page 318. authdes_validate: DES decryption failure DES decryption for some authentication data failed.
NIS+ Error Messages The entry returned came from an object cache that has expired. This means that the time to live value has gone to zero and the entry may have changed. If the flag NO_CACHE was passed to the lookup function, then the lookup function will retry the operation to get an unexpired copy of the object. This message is generated by the NIS+ error code constant NIS_CACHEEXPIRED. See the nis_tables(3N) and nis_names(3N) man pages for more information.
NIS+ Error Messages • You may have incorrectly typed the password. • There may be no entry for name in the cred table. • NIS+ could not decrypt the key (possibly because the entry might be corrupt). • The /etc/nsswitch.conf file may be directing the query to a local password in an /etc/passwd file that is different than the NIS+ password recorded in the cred table. See “If You Have Authentication or Permissions Problems” on page 318. checkpoint_log: Called from read only child ignored.
NIS+ Error Messages • The /etc/nsswitch.conf file may have the wrong publickey policy. It may be directing the query to a local password in the /etc/passwd file that is different from the NIS+ password recorded in the cred table. See “If You Have Authentication or Permissions Problems” on page 318.
NIS+ Error Messages Could not generate netname The secure RPC software could not generate the secure RPC netname for your user ID when performing a keylogin. This could be due to the following causes: • You do not have Local credentials in the NIS+ cred table of the host’s home domain. • You have a local entry in /etc/passwd with a user ID that is different from the user ID you have in the NIS+ passwd table.
NIS+ Error Messages Database for table does not exist At attempt to look up a table has failed. See “If NIS+ Cannot Find an Object” on page 316. This message is generated by the NIS+ error code constant NIS_NOSUCHTABLE. See the nis_tables(3N) and nis_names(3N) man pages for additional information. _db_add: child process attempting to add/modify _db_addib: non-parent process attempting an add These messages indicate that a read-only or non-parent process attempted to add or modify an object in the database.
NIS+ Error Messages **ERROR: chkey failed again. Please contact your network administrator to verify your network password. This message indicates that you typed the wrong network password. • If this is the first time you are initializing this machine, contact your network administrator to verify the network password. • If this machine has been initialized before as an NIS+ client of the same domain, try typing the root login password at the secure RPC password prompt.
NIS+ Error Messages **ERROR: domainname does not exist. This message indicates that you are trying to replicate a domain that does not exist. If domainname is spelled incorrectly, rerun the script with the correct domain name. **ERROR: parent-domain does not exist. This message indicates that the parent domain of the domain you typed on the command line does not exist. This message should appear only when you are setting up a non-root master server.
NIS+ Error Messages Error in accessing NIS+ cold start file is NIS+ installed? This message is returned if NIS+ is not installed on a machine, or if for some reason the file /var/nis/NIS_COLD_START could not be found or accessed. Check to see if there is a /var/nis/NIS_COLD_START file. If the file exists, make sure your path is set correctly and that NIS_COLD_START has the proper permissions. Then rename or remove the old coldstart file and rerun the nisclient script to install NIS+ on the machine.
NIS+ Error Messages **ERROR: it failed to initialize the root server. The NIS+ command nisinit -r failed to initialize the root master server. Check your system console for system error messages. If there is a system error message, fix the problem described in the error message and rerun nisserver. **ERROR: it failed to make the domainname directory The NIS+ command nismkdir failed to make the new directory domainname when running nisserver to create a non-root master.
NIS+ Error Messages This message indicates that you used an invalid group name while trying to configure a root master server. Rerun nisserver -r with a valid group name for root-domain. **ERROR: invalid name “client-name” It is neither an host nor an user name. This message indicates that you typed an invalid client name. • If the client-name was spelled incorrectly, rerun nisclient -c with the correct client-name.
NIS+ Error Messages **ERROR: NIS+ server is not running on remote-host. You must do the following before becoming a NIS+ server: 1. become a NIS+ client of the parent domain or any domain above the domain which you plan to serve. (nisclient) 2. start the NIS+ server. (rpc.nisd) This message indicates that rpc.nisd is not running on the remote machine that you are trying to convert to an NIS+ server.
NIS+ Error Messages **ERROR: table tablename.org_dir. domain does not exist. “tablename table will not be loaded.” The script did not find the NIS+ table tablename. • If tablename is spelled incorrectly, rerun the script with the correct table name. • If the tablename table does not exist, and tablename is one of the standard NIS+ tables, use nissetup to create the table. Or use nistbladm to create the private table tablename. Then rerun the script to populate this table.
NIS+ Error Messages **ERROR: you must specify both the NIS domainname (-y) and the NIS server hostname (-h). This message indicates that you failed to type either the NIS domain name or the NIS server host name. Type the NIS domain name and the NIS server host name at the prompt or on the command line. **ERROR: you must specify one of these options: -c, -i, -u, -r.
NIS+ Error Messages This message is generated by the NIS+ error code constant NIS_SYSTEMERROR. See the nis_tables(3N) and nis_names(3N) man pages for more information. Illegal object type for operation The fields of the object do not conform to the fields of the table to which it is being added. This message is generated by the NIS+ error code constant DB_BADOBJECT. insufficient permission to update credentials.
NIS+ Error Messages Link Points to illegal name The passed name resolved to a LINK type object and the contents of the object pointed to an invalid name. This message is generated by the NIS+ error code constant NIS_LINKNAMEERROR. See the nis_tables(3N) and nis_names(3N) man pages for more information. Load limit of numeric-variable reached! An attempt has been made to create a child process when the maximum number of child processes has already been created on this server.
NIS+ Error Messages _map_addr: RPC timed out. A process or application could not contact NIS+ within its default time limit to get necessary data or resolve host names. In most cases, this problem will solve itself after a short wait. See “To Improve NIS+ Performance” on page 338 for information about performance problems. Master server busy full dump rescheduled This message indicates that a replica server has been unable to update itself with a full dump from the master server because the master is busy.
NIS+ Error Messages Other possible causes are as follows: • Coldstart file corruption. Delete the /var/nis/NIS_COLD_START file and then reboot. • Cache problem such as the local cache being out of date. Kill the nis_cachemgr and remove /var/nis/NIS_SHARD_DIR_CACHE, and then reboot. If the problem is not in the root directory, you may be able to simply kill the domain cache manager and try the command again. • Someone removed the directory from a replica.
NIS+ Error Messages NIS+ operation failed This generic error message should be rarely seen. Usually it indicates a minor software problem that the system can correct on its own. If it appears frequently, or if it appears to indicate a problem that the system is not successfully dealing with, call your HP support contact. This message is generated by the NIS+ error code constant NIS_FAIL. String-variable: NIS+ server busy try again later. NIS+ server busy try again later. Try the command later.
NIS+ Error Messages • Bad or incorrect parameters. Check the syntax and accuracy of whatever command you most recently entered. • An attempt to allocate system memory failed. See “If You Have Insufficient Memory or Disk Space” on page 321. If your command syntax is correct, and your system does not seem to be short of memory, call your HP support contact. nis_checkpoint_svc: readonly child instructed to checkpoint ignored.
NIS+ Error Messages # nistbladm -u -p passwd.org_dir.remote-domain passwd.org_dir The remote-domain must be the same domain that you specified with the -d option when you ran nispopulate. Rerun the script to populate the passwd table. No file space on server See “If You Have Insufficient Memory or Disk Space” on page 321. This message is generated by the NIS+ error code constant NIS_NOFILESPACE.
NIS+ Error Messages If the user is not listed in the passwd table, use nistbladm or nisaddent to add the user to the passwd table before creating the credential. Non NIS+ namespace encountered The name could not be completely resolved. This usually indicates that the name passed to the function resolves to a namespace that is outside the NIS+ name tree. In other words, the name is contained in an unknown directory. When this occurs, this error is returned with an NIS+ object of type DIRECTORY.
NIS+ Error Messages Not master server for this domain This message may mean that an attempt was made to directly update the database on a replica server. This message may also mean that a change request was made to a server that serves the name, but it is not the master server. This can occur when a directory object changes and it specifies a new master server.
NIS+ Error Messages • There may be no entry for name in the cred table. • NIS+ could not decrypt the key (possibly because the entry might be corrupt). • The /etc/nsswitch.conf file may be directing the query to a local password in an /etc/passwd file that is different from the NIS+ password recorded in the cred table. See “If You Have Authentication or Permissions Problems” on page 318.
NIS+ Error Messages Table context: even though the request was successful, a table in the search path was not able to be searched, so the result may not be the same as the one you would have received if that table had been accessible. This message is generated by the NIS+ error code constant NIS_S_SUCCESS. See the nis_tables(3N) and nis_names(3N) man pages for more information.
NIS+ Error Messages replica_update: nis dump result nis_perror error string This message indicates a problem (identified by the error string) in carrying out a dump to a replica. See “If a Replica Update Fails” on page 326. replica_update: number updates number errors A status message indicating a successful update. replica_update: WARNING: last_update (directoryname) returned 0! An NIS+ process could not find the last update timestamp in the transaction log for that directory.
NIS+ Error Messages This message is generated by the NIS+ error code constant NIS_TRYAGAIN. See the nis_tables(3N) and nis_names(3N) man pages for more information. Server out of memory In most cases this message indicates a fatal result. It means that the server ran out of heap space. See “If You Have Insufficient Memory or Disk Space” on page 321. This message is generated by the NIS+ error code constant NIS_NOMEMORY. See the nis_tables(3N) and nis_names(3N) man pages for more information.
NIS+ Error Messages • The client’s key pair has been changed and the client has not run keylogin on the client system so that system is still sending the client’s old secret key to the server, which is now using the client’s new public key. Naturally, the two do not match. Run keylogin again on both client and server. • Network corruption of data. Try the command again. If that does not work, investigate and correct any network problems. Then run keylogin again on both server and client.
NIS+ Error Messages • The server principal (host) does not have credentials. Run nismatch hostname.domainname.cred.org_dir on the client’s home domain cred table. Create new credentials if necessary. • keyserv may have been restarted, in which case certain long-running applications, such as rpc.nisd, sendmail, and automount, also need to be restarted. • DES encryption failure. Call your HP support contact. _svcauth_des: no public key for principal-name The server cannot get the client’s public key.
NIS+ Error Messages _svcauth_des: timestamp is earlier than the one previously seen from principal-name The time stamp received from the client on a subsequent call is earlier than one seen previously from that client. The severity of this message depends on what level of security you are running. At a low security level, this message is primarily for your information; at a higher level, you may have some corrective action as described below.
NIS+ Error Messages Unable to authenticate NIS+ client This message is generated when a server attempts to execute the callback procedure of a client and gets a status of RPC_AUTHERR from the RPC clnt_call. This is usually caused by out-of-date authentication information.
NIS+ Error Messages Unable to create callback. The server was unable to contact the callback service on your machine. This results in no data being returned. See the nis_tables(3N) man page for more information. Unable to create process on server This error is generated if the NIS+ service routine receives a request for a procedure number it does not support. This message is generated by the NIS+ error code constant NIS_NOPROC. String-variable: Unable to decrypt secret key for name.
NIS+ Error Messages WARNING: db::checkpoint: could not dump database: No such file or directory This message indicates that the system was unable to open a database file during a checkpoint. Possible causes are as follows: • The database file was deleted. • The server is out of file descriptors. • There is a disk problem • You or the host do not have correct permissions. WARNING: db_dictionary::add_table: could not initialize database from scheme The database table could not be initialized.
NIS+ Error Messages **WARNING: failed to add new member NIS+_principal into the groupname group. You will need to add this member manually: 1. /usr/sbin/nisgrpadm -a groupname NIS+_principal The NIS+ command nisgrpadm failed to add a new member into the NIS+ group groupname. Use the nisgrpadm command to add this NIS+ principal manually. **WARNING: failed to populate tablename table. The nisaddent command was unable to load the NIS+ tablename table.
NIS+ Error Messages **WARNING: alias-hostname is an alias name for host canonical_hostname. You cannot create credential for host alias. This message indicates that you have typed a host alias in the name list for nisclient -c. The script asks you if you want to create the credential for the canonical host name, since you should not create credentials for host alias names. **WARNING: file directory-path/tablename does not exist! tablename table will not be loaded.
NIS+ Error Messages WARNING: nisupdkeys failed on directory directory-name You will need to run nisupdkeys manually: 1. /usr/lib/nis/nisupdkeys directory-name The NIS+ command nisupdkeys failed to update the keys in the listed directory object. Use the nisupdkeys command to update the keys manually. **WARNING: once this script is executed, you will not be able to restore the existing NIS+ server environment.
NIS+ Error Messages You (string-variable) do not have secure RPC credentials in NIS+ domain 'string-variable' This message could be caused by trying to run nispasswd on a server that does not have the credentials required by the command. Keep in mind that servers running at security level 0 do not create or maintain credentials. See “If You Have Authentication or Permissions Problems” on page 318. verify_table_exists: cannot create table for string nis_perror message.
Index Symbols $ (dollar sign) in NIS_PATH, 237 $HOME/.rhosts file, 129, 285, 320 * (asterisk) in /etc/group, 175, 183 in /etc/passwd, 174, 309 *NP* in NIS+ table output, 238 + (plus sign) in $HOME/.rhosts file, 129 in /etc/hosts.
Index C CacheFS, 138 automounted directories, 143 configuring, 141 creating directory, 141 whether to use, 138 caching attributes see attribute caching, 56 can’t bind message, ypcat, 312 cant match key message, ypmatch, 312 cfsadmin, 141 checkpoint, NIS+, 205, 215, 226, 321, 338 failed, 325 chkey, 192, 195, 196, 253, 264, 319 client connections, 58 client, NFS, 22, 36 restarting, 300 starting, 45, 89, 121 stopping, 57, 300 too slow, 336 verifying configuration, 46 client, NIS, 148, 181 binding, 148 binding
Index E EMULYP variable, 225, 229 environment variables in automounter maps, 77 , 113 in rc.config.d directory, 357 error messages, NIS+, 360 /etc/.
Index admin group, 219, 246, 319 recursive, 338 removing, 257 removing members, 258 types of members, 258 groups_dir directory, NIS+, 204 in path name, 316 grpid mount option, 52 H hard mount option, 35, 47, 303, 336 hierarchical mounts, automounter, 85, 118 home directories, automounting, 78, 80, 83, 114, 116 home domain, NIS+, 230 $HOME/.
Index M mail aliases, 147 make, 125, 161, 164, 165, 166, 167, 170, 193, 308, 310 , 313 makedbm, 165, 168, 169, 170, 196, 309, 311, 314 Makefile, NIS, 161, 165, 167 maps, automounter in NIS+, 217, 254, 316, 323 maps, NIS, 147, 148 adding, 165 automounter, 165, 167 determining server for, 159, 186, 313 listing contents of, 163, 225, 313 modifying, 164 pushing to slaves, 179, 187, 308 removing, 167 master map , 69, 73, 103, 107, 147 master server, NIS, 148 choosing a host, 152, 212 configuring, 154 /etc/gro
Index in /etc/passwd, 130 in NIS, 125, 147 netid database, 147, 164 netmasks file, 171 netnames, 147, 192, 193, 194 netstat, 330 , 334 nettl, 354, 355 network see LAN, 23 Network File System see NFS, 18 Network Information Service see NIS, 18 Network Information Service Plus see NIS+, 18 network map, NIS, 153 networks file, 147 newkey, 193, 194, 195, 196 NFS, 18 see also client, NFS, 22 see also server, NFS, 22 client, 22, 36 further reading, 16 installing the software, 17 logging, 341 secure NFS, 191 serve
Index determining number of servers, 212 directories, 204, 205 disadvantages, 202 disk space required, 212, 321, 325 domain search order, 237 domain structure, 204, 205 error messages, 360 files managed by, 206 further reading, 200 groups, 204, 219, 257, 258 home domain, 230 initializing users, 224 links, 256, 326 list of commands, 264 listing table contents, 238 logging, 353 memory required , 212, 321 modifying table entries, 243, 244 NIS compatibility mode, 210, 214, 222, 225 , 323 object properties, 232
Index nisrm, 265 nisrmdir, 260, 261, 265, 325 nisserver, 214, 223, 226, 265, 316, 323 nissetup, 265, 316, 323 nisshowcache, 265 nisstat, 223, 265 nistbladm, 234, 240, 242, 243, 245, 247, 254, 255, 256 , 266 nistest, 266 nisupdkeys, 251, 266 noac mount option, 53, 56, 303, 333 noasync export option, 55, 303 nobody, 29, 174, 182, 192, 193, 209, 295, 318 nocto mount option, 53 nodevs mount option, 49 nointr mount option, 35, 48 NOPUSH option, make, 166 nosuid mount option, 45, 47, 63, 99, 296 not in hosts dat
Index R rc script, 356 rc.config.d directory, 356, 357 rc0.d directory, 356 rc1.d directory, 356 rc2.d directory, 356 rc3.d directory, 356 rc4.
Index S SAM , 22, 26, 36, 63, 200, 219, 233, 234, 236, 238, 240 , 242, 243, 246, 257 , 304, 322 /sbin/init.d directory see init.d directory, 357 /sbin/init.d/nfs.client see nfs.client script, 30 /sbin/init.d/nfs.core see nfs.core script, 30 /sbin/init.d/nfs.server see nfs.server script, 30 /sbin/init.d/nis.client see nis.client script, 30 /sbin/init.d/nis.server see nis.server script, 30 /sbin/init.d/nisplus.client see nisplus.client script, 30 /sbin/init.d/nisplus.server see nisplus.
Index START_MOUNTD variable, 30, 290, 357 startup scripts, 356, 357 statd, 18, 290, 357 checking for hung process, 301 logging, 342, 343 restarting, 301, 302, 342, 343 STATD_OPTIONS variable, 357 status monitor see statd, 18 subdirectory notation, automounter, 86 subdomains, NIS+, 225 SUCCESS, in nsswitch.conf file, 272 suid mount option, 47 Sun ONC/NFS Makefile vs.
Index see Makefile, 161 /var/yp/securenets file see securenets file, 162 /var/yp/secureservers file see secureservers file, 188 VHE, 148 vmstat, 332 W WAIT_FOR_NIS_SERVER variable, 357 warm cache, 139 wildcards in automounter maps, 78, 83, 114, 116 world, in NIS+ permissions string, 209 write access see read/write access, 28 wsize mount option, 51, 330, 336 Y ypbind, 178, 312, 357 logging, 351 restarting, 351 YPBIND_OPTIONS variable, 178, 189, 351, 357 ypcat, 163, 196, 225, 313 cant bind message, 312 ypin
