Server for NIS Step-By-Step Guide

Step-by-Step Guide to Setting Up Server for NIS

Microsoft Corporation

Published: August 2005

Abstract

Server for NIS integrates Windows and Network Information Service (NIS) networks by

giving a Windows–based Active Directory domain controller the ability to act as a master

NIS server for one or more NIS domains. This document contains step-by-step

procedures for setting up Server for NIS on a domain controller.

Information in this document, including URL and other Internet Web site references, is

subject to change without notice. Unless otherwise noted, the example companies,

organizations, products, domain names, e-mail addresses, logos, people, places, and

events depicted herein are fictitious, and no association with any real company,

organization, product, domain name, e-mail address, logo, person, place, or event is

intended or should be inferred. Complying with all applicable copyright laws is the

responsibility of the user. Without limiting the rights under copyright, no part of this

document may be reproduced, stored in or introduced into a retrieval system, or

transmitted in any form or by any means (electronic, mechanical, photocopying,

recording, or otherwise), or for any purpose, without the express written permission of

Microsoft Corporation.

Microsoft may have patents, patent applications, trademarks, copyrights, or other

intellectual property rights covering subject matter in this document. Except as expressly

provided in any written license agreement from Microsoft, the furnishing of this document

does not give you any license to these patents, trademarks, copyrights, or other

intellectual property.

© 2005 Microsoft Corporation. All rights reserved.

Microsoft, Active Directory, Windows, and Windows Server are either registered

trademarks or trademarks of Microsoft Corporation in the United States and/or other

countries.

UNIX® is a registered trademark of The Open Group in the United States and other

countries. Sun, Sun Microsystems, and the Sun Solaris operating system are trademarks

or registered trademarks of Sun Microsystems, Inc. in the United States and other

countries. Oracle is a registered trademark of Oracle Corporation. Red Hat is a registered

trademark of Red Hat, Inc. Linux is a registered trademark of Linus Torvalds. HP-UX

Release 10.20 and later, and HP-UX Release 11.00 and later (in both 32 and 64-bit

configurations) on all HP 9000 computers are Open Group UNIX 95 branded products.

The names of actual companies and products mentioned herein may be the trademarks

of their respective owners.

Contents

Step-by-Step Guide to Setting Up Server for NIS..............................................................5

In this Guide................................................................................................................... 5

Requirements for Installing Server for NIS.....................................................................5

Task 1: Install Server for NIS on a Domain Controller........................................................6

Verify that your computer is a domain controller.............................................................6

Promote your computer to a domain controller...............................................................6

Install Server for NIS......................................................................................................8

To install Server for NIS by using the Windows interface............................................9

To install Server for NIS by using command-line tools................................................9

Continue with Server for NIS Setup..............................................................................10

See Also....................................................................................................................... 10

Task 2: Migrate NIS Maps to Active Directory..................................................................11

Planning for NIS Migration............................................................................................11

Steps in a Typical Migration.......................................................................................11

Read more about NIS Migration................................................................................12

Migrate NIS Maps to a Windows-based Server............................................................12

Using the Windows interface.....................................................................................12

Using a command line...............................................................................................13

Configure UNIX NIS Servers to use Server for NIS as the Master Server....................16

Creating the Structure of Nonstandard Maps...............................................................16

Using the NIS Data Migration Wizard........................................................................16

Using the command line............................................................................................18

Additional Server for NIS Configuration Steps..............................................................19

See Also....................................................................................................................... 19

Task 3: Set the Frequency of Map Propagation...............................................................19

Change the Frequency of Map Updates to UNIX Subordinate NIS servers..................19



Propagating Maps Immediately....................................................................................21

Propagate changed maps now..................................................................................21

Propagate selected maps now..................................................................................23

Completing Server for NIS Configuration......................................................................25

See Also....................................................................................................................... 25

Task 4: Set the Encryption Method for NIS Domains.......................................................26

Setting the Encryption Method for a Domain................................................................26



Completing Server for NIS Configuration Tasks...........................................................28

See Also....................................................................................................................... 29

Step-by-Step Guide to Setting Up Server for NIS

Server for NIS enables a Microsoft Windows–based Active Directory domain controller to

administer UNIX Network Information Service (NIS) networks. This guide describes the

tasks you must perform to install and configure Server for NIS on your network.

In this Guide Task 1: Install Server for NIS on a Domain Controller

Task 2: Migrate NIS Maps to Active Directory

Task 3: Set the Frequency of Map Propagation

Task 4: Set the Encryption Method for NIS Domains

Requirements for Installing Server for NISYou can install Server for NIS on the following Windows Server operating systems:

Windows Server 2003

Windows Server 2003 R2

Windows 2000 Server

Server for NIS is not available for installation except on Active Directory domain

controllers.

You must install Server for NIS on a partition that is formatted with the NTFS file system.

If you are installing Server for NIS as an upgrade to a previous version that was installed

on a partition formatted with the FAT file system, you must convert the FAT partition to

NTFS before you can perform the upgrade. File system operations on FAT partitions are

not supported.

Server for NIS requires 5 MB of free hard disk space. It is recommended that the

computer have at least 16 MB of RAM in addition to the recommended minimum

configuration for the operating system.

Server for NIS cannot be run from a network server. All files must be installed on the local

computer.

5

Task 1: Install Server for NIS on a Domain Controller

Server for Network Information Service (NIS) must be installed on a Windows Server

operating system that is an Active Directory domain controller. The option to install Server

for NIS is unavailable on a computer unless it is a domain controller.

This topic contains the following sections:

Verify that your computer is a domain controller

Promote your computer to a domain controller

Install Server for NIS

Continue with Server for NIS Setup

Verify that your computer is a domain controllerIf you are uncertain whether the computer on which you want to install Server for NIS is a

domain controller, click Start, click Administrative Tools, and then click Manage Your

Server. The Manage Your Server window lists the roles installed on the computer under

the text Your server has been configured with the following roles, and specifies

whether a computer is a domain controller.

Domain controllers also include tools installed with Administrative Tools that are not

available on other computers, such as Active Directory Domains and Trusts, Active

Directory Sites and Services, and Active Directory Users and Computers.

If the computer is not a domain controller, follow the procedure Promote your computer to

a domain controller. Otherwise, proceed to Install Server for NIS.

Promote your computer to a domain controllerIf the computer on which you want to install Server for NIS is not a domain controller,

perform the steps in this section. Otherwise, proceed to Install Server for NIS.

6

Important

Because promoting your computer to a domain controller requires domain

administrator access, and can remove the computer from your network, read

Domain controllers and all related topics, in the Active Directory Help before

promoting your computer to a domain controller.

1. Click Start, click Run, type dcpromo in the text box, and then click OK.

The Active Directory Installation Wizard opens.

2. Click Next.

3. On the Operating System Compatibility page, read the information and then click

Next.

If this is the first time you have installed Active Directory on a server running

Windows Server 2003, click Compatibility Help for more information.

4. On the Domain Controller Type page, click to select one of two options:

Additional domain controller for an existing domain

This option requires that you are a member of the Domain Admins group for the

target domain.

If you choose this option, keep in mind that if Server for NIS is already running as

an NIS master server on a domain controller within the existing domain, then

Server for NIS must function as an NIS subordinate (also known as slave) server

on this computer.

Domain controller for a new domain

If you choose this option, you must configure this installation of Server for NIS as

the NIS master server, until one or more additional domain controllers are

configured within the new domain.

5. Click Next.

If you chose Additional domain controller for an existing domain, follow the

procedure Create an additional domain controller in the Windows Server 2003

Help, starting with Step 4.

If you chose Domain controller for a new domain, go on to the next step in this

section.

6. On the Create New Domain page, choose one of the following options:

7

http://go.microsoft.com/fwlink/?LinkId=49042


Note

If you choose to create a new domain, you must configure this installation of

Server for NIS as the NIS master server, until one or more additional domain

controllers are configured within the new domain.

Child domain in an existing domain tree

You must be a member of the Enterprise Admins group to continue with this

installation.

Domain tree in an existing forest

You must be a member of the Enterprise Admins group to continue with this

installation.

Domain in a new forest

Creating a new forest requires some advance planning. Before creating a new forest,

decide on a practical Domain Name System (DNS) name for this computer, as well

as a NetBIOS name. For more information, see Namespace planning for DNS in

Windows Server 2003 Help.

1. Click Next.

2. Complete setup using the Windows Server 2003 Help procedure for the domain

option you selected in Step 6 of this section.

If you selected Child domain in an existing domain tree, follow the steps from

Step 5 in Create a new child domain.

If you selected Domain tree in an existing forest, follow the steps from Step 5

in Create a new domain tree.

If you selected Domain in a new forest, follow the steps from Step 5 in Create a

new forest.

3. When you have completed the Active Directory Installation Wizard and successfully

configured your domain controller, proceed to Install Server for NIS.

Install Server for NISYou can install Server for NIS using either the Windows interface, or by using command-

line tools.

To install Server for NIS by using the Windows interface

To install Server for NIS by using command-line tools

8






To install Server for NIS by using the Windows interface

Before installing Server for NIS, have your Windows Server 2003 product CD available,

or have available the network path to your Windows Server 2003 R2 installation files. The

Server for NIS installation process may prompt you to locate required files that are stored

on the product CD.

1. Click Start, click Control Panel, and then click Add or Remove Programs.

2. Click Add/Remove Windows Components.

3. When the Windows Components Wizard opens, click to fill the Active Directory

Services check box.

4. With Active Directory Services highlighted, click Details.

5. When the Active Directory Services dialog box opens, click to fill the Identity

Management for UNIX check box.

6. With Identity Management for UNIX highlighted, click Details.

7. When the Identity Management for UNIX dialog box opens, click to fill the Server

for NIS check box.

Because Administration Components are required for Server for NIS operation, this

item is automatically selected for installation when you select Server for NIS.

8. Click OK.

The Windows Components Wizard begins installing the Identity Management for

UNIX components you selected.

9. If you are prompted to locate files required for Server for NIS installation, insert the

Windows Server 2003 R2 product CD, or browse to the network location of your

Windows Server 2003 R2 installation files.

10. If NIS map data compatible with Windows Services for UNIX 3.5 is stored in Active

Directory, the Server for NIS installation process automatically migrates the data, and

uses it to populate Server for NIS maps.

11. When installation completes, restart your computer to begin working with Server for

NIS.

To install Server for NIS by using command-line tools

You can use an answer file to run the Identity Management for UNIX Installation Wizard

without your having to be present for interactive responses. Create the answer file, and

then run it at a command prompt on the installation computer.

9

Have your Windows Server 2003 product CD available for this command-line installation.

Perform the following steps to install Server for NIS by using a command-line

environment:

1. Create an unattended answer file in %windir% with the following contents.

Note

The unattended answer file is a plain text file that Windows Server uses to

respond to prompts about your installation preferences. For more information

about unattended installations, see Unattended Installation Fundamentals in

the Windows Server 2003 Deployment Guide.

[Components]

Snis=on

Psync=on

Idmumgmt=on

2. At a command prompt, type the following, and press Enter.

synocmgr /i:%windir%\inf\sysoc.inf /u:<answerfile.txt> /q

Continue with Server for NIS SetupTo continue setting up Server for NIS, go on to Task 2: Migrate NIS Maps to Active

Directory.

See AlsoChecklist: Installing a domain controller

Installing and uninstalling Server for NIS

How Unattended Installation Works

Unattended Installation Fundamentals

10






Task 2: Migrate NIS Maps to Active Directory

Server for Network Information Service (NIS) allows NIS map data to be migrated to

Active Directory. After the migration, and upon receiving NIS requests from clients or

other servers, Server for NIS searches Active Directory to reply to NIS queries.


Planning for NIS Migration

Migrate NIS Maps to a Windows-based Server

Configure UNIX NIS Servers to use Server for NIS as the Master Server

Creating the Structure of Nonstandard Maps

Additional Server for NIS Configuration Steps

Planning for NIS MigrationBefore beginning NIS migration to Server for NIS, it is strongly recommended that you

read Checklist: NIS migration to Active Directory using the NIS Data Migration wizard.

Steps in a Typical Migration

Migration consists of the following three procedures:

1. Migrate NIS maps to a Windows-based server.

Using a command line

Server for NIS includes a command-line tool called nis2ad to migrate maps from

UNIX-based NIS servers to Active Directory–based Server for NIS.

Using the Windows interface

Server for NIS includes a migration wizard that extracts the information

necessary to perform the migration. Even when using the migration wizard,

however, you must complete steps 2 and 3, which follow.

The migration wizard and the nis2ad command read map data from NIS map source

files, which are the plain text files from which the NIS map databases are compiled.

These source files must be stored in a location that can be accessed by the domain

11


controller during migration, such as on a disk on the domain controller or in a shared

directory accessible by the domain controller.

If the map you want to migrate is a nonstandard NIS map, create the structure using

the procedure Creating the Structure of Nonstandard Maps below.

2. Configure UNIX NIS Servers to Use Server for NIS as the Master Server.

After the migration, the original UNIX-based NIS server must send an update of maps

to all subordinate NIS servers, with the name of the new master server in the maps.

3. Disable the original NIS server.

UNIX-based subordinate NIS servers can continue to work as before; however, they will

receive map updates from the Windows-based computer running Server for NIS instead

of the UNIX-based computer. Client computers running UNIX-based operating systems

can be configured to get NIS maps or data from the new master server.

Read more about NIS Migration

Before you begin migrating NIS map data, it is recommended that you read the following

conceptual topics that discuss NIS migration:

Migrating NIS to Active Directory

Migrating standard and nonstandard maps

Resolving migration conflicts

Handling special users during migration to Active Directory

Migrate NIS Maps to a Windows-based ServerPerform the following steps to migrate NIS maps to a Windows-based server on which

Server for NIS has been installed.




1. Open the Identity Management for UNIX management console by doing one of the

following:

Click Start, click Administrative Tools, and then click Identity Management for

UNIX.

12





Click Start, click Run, type idmumgmt.msc in the Open text box, then click OK.

2. In the hierarchy tree, open the Microsoft Identity Management for UNIX node, and

click to highlight the Server for NIS node.

3. Start the NIS Data Migration Wizard by doing one of the following:

Right-click the Server for NIS node, and then click NIS Data Migration Wizard.

With the Server for NIS node highlighted, click NIS Data Migration Wizard in

the Actions pane.

On the Actions menu, click NIS Data Migration Wizard.

4. Follow the step-by-step directions in the wizard.

Note

Password file entries with names longer than eight characters will not be

migrated.

Windows user accounts created as a result of the migration are disabled. After

performing the migration, you must enable the accounts. For security reasons, it

is recommended that you assign a temporary password to these accounts and

instruct the affected users to change their Windows password as soon as

possible.


1. Open a Command Prompt window in one of the following two ways:

Click Start, and then click Command Prompt on the Start menu.

Click Start, click Run, type cmd in the Open text box, and click OK.

2. At a command prompt, type:

nis2ad -y UNIXNISDomain -a ActiveDirectoryNISDomain [Options] MapfileToMigrate

The following arguments are required:

Argument Description

-y UNIXNISDomain Specifies the name of the NIS domain that

contains the map to migrate.

-a ActiveDirectoryNISDomain Specifies the NIS domain name in Active

Directory.

13


MapfileToMigrate Specifies the name of the NIS map source

file to migrate. NIS map source files are

the plain text files from which the NIS map

databases are compiled.

The nis2ad command accepts the following options.

Option Description

-m Perform the migration. If this option is

omitted, the program finds and reports

conflicts but does not actually perform the

migration.

-c FileName Specifies the file where conflict details are

written. Uses a default file (%windir%\idmu\

nis\conflicts.log) if not specified.

-t TargetContainer Specifies the target container name.

Applicable only when creating a new NIS

domain. If not specified, uses the default or

uses the container of the target domain.

-f FileName Specifies the name of the log file. If not

specified, nis2ad uses a default file (%windir

%\idmu\nis2ad.log).

-r yes|no Replace object in Active Directory with object

being migrated. Default is no.

-n Resolves conflicts by changing the Windows

account name in Active Directory. If objects

of different types have the same name, the

names of both objects are changed before

the data is migrated.

-p Password If needed and if not specified, the user will be

prompted.

-d Directory Specifies the path of the directory that

contains NIS map source files.

14

Option Description

-s Server Specifies the domain controller server

hosting Active Directory. Otherwise use the

current server.

-u User Specifies the name of the user having

administrator privileges on this computer. If

not specified, nis2ad uses the current user.

Even if you specify another user by using the

-u option, the currently logged-on user must

have write permissions for the folder that will

contain the log and conflict files. If

necessary, modify the permissions on the

folder to grant write access to the user who

will be running the nis2ad utility, before

running the utility.

Note

To view the complete syntax for this command, at a command prompt, type

nis2ad /?

You can migrate only one map at a time using nis2ad. To migrate more than one

map at a time, use the NIS Data Migration Wizard.


migrated.

Windows user accounts created as a result of the migration will be disabled. After




possible.

Configure UNIX NIS Servers to use Server for NIS as the Master ServerTo change a UNIX-based NIS server from a master server to a subordinate (also known

as slave) server, follow these steps:

1. Migrate NIS maps to a Windows-based computer running Server for NIS.

15

2. Transfer the maps from the old master server to other subordinate NIS servers by

providing the name of the new Server for NIS for each map. At a command prompt,

type:

ypxfr –hnewserver mapname

where newserver is the name of the new NIS master server, and mapname is the

name of the map to be transferred.

3. Run this command for each map on each of the subordinate servers. After this step,

the UNIX subordinate servers will recognize the new Server for NIS master server.

Creating the Structure of Nonstandard MapsYou can migrate nonstandard maps to Server for NIS using either the Windows-based

NIS Data Migration Wizard, or a command-line environment.

Using the NIS Data Migration Wizard

Using the command line

Important

After the map structure is created using this procedure, there is no way to

remove it.

This structure applies to all NIS domains, so it is important to ensure that the

format is consistent across all NIS domains.

Using the NIS Data Migration Wizard

1. Open the Identity Management for UNIX MMC snap-in by doing one of the following:


UNIX.


2. In the hierarchy tree, open the Microsoft Identity Management for UNIX node, and

click to highlight the Server for NIS node.

3. Start the NIS Data Migration Wizard by doing one of the following:

Right-click the Server for NIS node, and then click NIS Data Migration Wizard.

With the Server for NIS node highlighted, click NIS Data Migration Wizard in

the Actions pane.

16

On the Actions menu, click NIS Data Migration Wizard.

4. Follow the step-by-step directions in the wizard.

5. On the NIS Map Selection panel, click New.

6. In the Add Nonstandard Map dialog box, do the following:

In the Map name string box, enter the name of the existing nonstandard map you

want to migrate to Server for NIS. The map migration process assigns the same

name to a new file containing your map structure.

In the Separator string box, type the single character you want to use to delimit

or separate fields in your map structure. Suggested characters include a

semicolon (;) or a dash (-).

In the Key field string box, type the number of the column you want to use as the

map key. Use Arabic numeral characters; do not spell out the number.

Click Next.

7. In the Location of UNIX NIS Map Source Files window, enter the directory path

name in which the map file you created in Step 6 is located, and then click Next.

8. Click Finish to start migrating map data from the existing nonstandard map to the

new map file.

Note


migrated.

Windows user accounts created as a result of the migration are disabled. After




possible.

Using the command line



Click Start, click Run, type cmd into the Open text box, and click OK.


nismap create –i fieldNumber –g "separator" mapName

17

Note

Do not use the hash character (#) as a field separator because this character is

used in standard maps to mark the beginning of a comment.

The following table shows the acceptable arguments for the nismap create command.


fieldNumber The number of the field that contains the

key to the map.

"separator" The character used to separate fields, in

quotation marks. To specify a space as a

separator, enclose the space in double

quotation marks (" "). For example:

nismap create –i 1 –g " " Phones

creates a map called Phones in which the

key field is the first field and the separator

character is a space. Other white-space

characters, such as tab, are also accepted.

mapName The name of the map.

Note

To view the complete syntax for this command, at a command prompt, type:

nismap /?

Additional Server for NIS Configuration StepsWhen you have successfully completed NIS data migration, proceed to Task 3: Set the

Frequency of Map Propagation to configure the time interval at which you want NIS maps

propagated across the domain.

If you encountered problems during migration, see Server for NIS Troubleshooting.

See AlsoMigrating NIS to Active Directory

Migrating standard and nonstandard maps

18




Remove a nonstandard NIS map

Internet Engineering Task Force Web site

Task 3: Set the Frequency of Map Propagation

After you have completed migrating Network Information Service (NIS) maps to a

Windows-based server running Server for NIS, you can ensure that your maps refresh

across the network at regular intervals by setting how often maps are propagated to

subordinate (also known as slave) servers.


Change the Frequency of Map Updates to UNIX Subordinate NIS servers

Propagating Maps Immediately

Completing Server for NIS Configuration

Change the Frequency of Map Updates to UNIX Subordinate NIS serversPerform the following steps to change the frequency of map updates to UNIX-based

subordinate (also known as slave) NIS servers.





following:


UNIX.


2. If necessary, connect to the computer you want to manage by right-clicking the

Identity Management for UNIX node in the hierarchy pane, and then clicking

Connect to another computer. Otherwise, go on to the next step.

19



3. Click Server for NIS in the hierarchy pane.

4. Open Map Updates by doing one of the following:

Right-click the Server for NIS node, and then click Map Updates.

With the Server for NIS node highlighted, click Map Updates in the Actions

pane.

5. In the Server for NIS Properties dialog box, type the number of days, hours and

minutes you want to lapse between map updates.

6. Click OK to save your changes.






nisadmin config pushint=[[days:]hh:]mm [-s Server] [-u User] [-p Password]

The following table contains the arguments for the nisadmin command.


[[days:]hh:]mm Specifies the interval at which the service

checks changes to NIS maps in Active

Directory and propagates them to

secondary NIS servers for all domains, in

days, hours, and minutes. If hh is

specified, hh must be in the range 0–23

and mm must be in the range 0–59.

Server The master server for the domain.

User The name of the user who has

administrative privileges on the server to be

started, if different from the current user.

20


Password The password of the user who has

administrative privileges on the server to be

started, if different from the current user. If

you type a user name but omit the

password, you will be prompted for the

password.

Note


nisadmin /?

Propagating Maps ImmediatelyYou do not have to wait for the Map Updates interval to expire to refresh maps. You can

propagate maps immediately using one of the following two procedures:

Propagate changed maps now

Propagate selected maps now

Propagate changed maps now

You can propagate any changed maps immediately either by using the Windows

interface, or in a command-line environment.





following:


UNIX.


21



Connect to another computer. Otherwise, go on to step 3.

3. Click Server for NIS in the hierarchy pane.

4. Click Check for updates now.






nisadmin [server] syncall [–u user [–p password]]

The following arguments are acceptable with the nisadmin syncall command.


syncall Propagate all maps.

server The name of the server where the maps

are stored.

user The name of the user who has

administrator permissions on the server, if

different from the current user.

password The password of the user who has

administrator permissions on the server, if

different from the current user. If you type

a user name but omit the password, you

will be prompted for the password.

Note

The nisadmin syncall command propagates maps only on UNIX-based NIS

subordinate servers. It does not propagate maps on NIS subordinate servers

running Windows operating systems. Active Directory updates Windows-based

NIS subordinate servers.


22

nisadmin /?

Propagate selected maps now



following:


UNIX.




Connect to another computer. Otherwise, go on to step 3.

3. In the console tree, expand Server for NIS and view the list of available domains.

4. Expand the domain of interest, and click the NIS Maps object in the hierarchy pane

to view NIS maps in the details pane.

5. In the NIS Maps in this Domain list, click to select a map you want to update

immediately.

Note

To select multiple maps at once, click and drag, or press and hold the Ctrl key

while selecting additional maps.

1. Propagate the selected maps by doing one of the following:

Click Propagate in the Actions pane.

On the Actions menu, click Propagate.

Right-click the selected map object(s), then click Propagate.

2. On the Identity Management for UNIX dialog box, click Yes to begin map

propagation.




23



yppush [-d ActiveDirectoryNISDomain] [-q] [-t Timeout] [-h Hosts] MapName

The following table shows the arguments accepted by the yppush command.


-d ActiveDirectoryNISDomain NIS domain name in Active Directory.

-q Quiet mode. Do not wait for response

from subordinate (slave) servers and

do not report errors.

-t Timeout The number of seconds to wait for a

response from the subordinate server

before sending the next request. Must

be greater than zero. The default value

is 30.

-h Hosts The hosts to notify of changes. Default

is all subordinate servers in the domain.

Can be used multiple times for more

than one computer.

MapName The name of the NIS map to be

transferred.

Note

The yppush command propagates maps only on UNIX-based NIS subordinate

servers. It does not propagate maps on NIS subordinate servers running

Windows operating systems. Active Directory updates Windows-based NIS

subordinate servers.

To view the complete syntax for this command, at a command prompt type:

yppush /?

24

Completing Server for NIS ConfigurationThe final step in initial setup of Server for NIS is to specify an encryption method for user

passwords. To learn how to perform this task, see Task 4: Set the Encryption Method for

NIS Domains.

See AlsoSending periodic map updates to subordinate (slave) NIS servers

Change the frequency of map updates to UNIX subordinate (slave) NIS servers

Manage NIS Maps

Task 4: Set the Encryption Method for NIS Domains

Server for Network Information Service (NIS) provides limited support for keeping

passwords synchronized between a user's Windows and UNIX accounts. Whenever a

user's Windows password is changed, Password Synchronization (which is installed with

Server for NIS for this reason) captures the new password, encrypts it, and then stores

the password in the passwd map in Active Directory. The new password is propagated to

NIS subordinate (also known as slave) servers either during the next scheduled update (if

a propagation interval is configured), or by using commands that propagate maps

immediately. For more information about configuring map propagation, see Task 3: Set

the Frequency of Map Propagation.

When synchronizing passwords, Server for NIS can use either crypt(3) (refers to DES

encryption) or Message Digest 5 (MD5) encryption. Server for NIS can support different

encryption methods for multiple domains, but all UNIX computers in a particular domain

must use the same encryption method.


Setting the Encryption Method for a Domain

Completing Server for NIS Configuration Tasks

25




Setting the Encryption Method for a DomainYou can set the encryption method for a domain either by using the Windows interface, or

working in a command-line environment.





following:


UNIX.




Connect to another computer. Otherwise, go on to Step 3.

3. In the console tree, expand Server for NIS and view the list of NIS domains.

4. Select the domain for which you want to set an encryption method.

5. Open the UNIX Password Encryption Properties dialog box by doing one of the

following:

Click UNIX Password Encryption in the Actions pane.

On the Actions menu, click UNIX Password Encryption.

Right-click the selected domain, then click UNIX Password Encryption.

6. In the Encryption Scheme area, click the drop-down menu to select the encryption

method used by all UNIX computers in the domain.

Note

You can select the MD5 encryption method for a UNIX domain that consists

exclusively of computers running Linux and using MD5 encryption. Domains that

contain one or more computers using the crypt algorithm or that run any other

operating system must use crypt. Although Linux versions 6.2 and later support

MD5 encryption, Identity Management for UNIX is not supported for versions of

Linux prior to version 8.

26






nisadmin [computer] encryptiontype -d domain {crypt | md5} [-u usr [-p pword]]


computer Specifies the remote computer you want

to administer. You can specify the

computer using a WINS or DNS name, or

by Internet Protocol (IP) address.

domain Specifies the name of the domain for

which the change is being made.

usr Specifies the user name of the user

whose credentials are to be used. It might

be necessary to add the domain name to

the user name in the form domain\

username.

pword Specifies the password of the user

specified using the -u option. If you

specify the -u option but omit the -p

option, you are prompted for the user's

password.

Note


nisadmin /?

You can select the MD5 encryption method for a UNIX domain that consists

exclusively of computers running Linux and using MD5 encryption. Domains that

contain one or more computers using crypt or that run any other operating

system must use crypt. Although Linux versions 6.2 and later support MD5

encryption, Identity Management for UNIX is not supported for versions of Linux

prior to version 8.

27

Completing Server for NIS Configuration TasksYou have completed all the tasks for initial setup of Server for NIS. If you want to

configure Server for NIS on another computer, refer to the start of the Step-by-Step

Guide to Setting Up Server for NIS.

See AlsoPassword encryption

Set the encryption method for a domain

28



Server for NIS Step-By-Step Guide

Documents

Transcript of Server for NIS Step-By-Step Guide