Server for NIS Step-By-Step Guide
-
Upload
drajbhatnagar -
Category
Documents
-
view
58 -
download
6
Transcript of Server for NIS Step-By-Step Guide
Step-by-Step Guide to Setting Up Server for NIS
Microsoft Corporation
Published: August 2005
Abstract
Server for NIS integrates Windows and Network Information Service (NIS) networks by
giving a Windows–based Active Directory domain controller the ability to act as a master
NIS server for one or more NIS domains. This document contains step-by-step
procedures for setting up Server for NIS on a domain controller.
Information in this document, including URL and other Internet Web site references, is
subject to change without notice. Unless otherwise noted, the example companies,
organizations, products, domain names, e-mail addresses, logos, people, places, and
events depicted herein are fictitious, and no association with any real company,
organization, product, domain name, e-mail address, logo, person, place, or event is
intended or should be inferred. Complying with all applicable copyright laws is the
responsibility of the user. Without limiting the rights under copyright, no part of this
document may be reproduced, stored in or introduced into a retrieval system, or
transmitted in any form or by any means (electronic, mechanical, photocopying,
recording, or otherwise), or for any purpose, without the express written permission of
Microsoft Corporation.
Microsoft may have patents, patent applications, trademarks, copyrights, or other
intellectual property rights covering subject matter in this document. Except as expressly
provided in any written license agreement from Microsoft, the furnishing of this document
does not give you any license to these patents, trademarks, copyrights, or other
intellectual property.
© 2005 Microsoft Corporation. All rights reserved.
Microsoft, Active Directory, Windows, and Windows Server are either registered
trademarks or trademarks of Microsoft Corporation in the United States and/or other
countries.
UNIX® is a registered trademark of The Open Group in the United States and other
countries. Sun, Sun Microsystems, and the Sun Solaris operating system are trademarks
or registered trademarks of Sun Microsystems, Inc. in the United States and other
countries. Oracle is a registered trademark of Oracle Corporation. Red Hat is a registered
trademark of Red Hat, Inc. Linux is a registered trademark of Linus Torvalds. HP-UX
Release 10.20 and later, and HP-UX Release 11.00 and later (in both 32 and 64-bit
configurations) on all HP 9000 computers are Open Group UNIX 95 branded products.
The names of actual companies and products mentioned herein may be the trademarks
of their respective owners.
Contents
Step-by-Step Guide to Setting Up Server for NIS..............................................................5
In this Guide................................................................................................................... 5
Requirements for Installing Server for NIS.....................................................................5
Task 1: Install Server for NIS on a Domain Controller........................................................6
Verify that your computer is a domain controller.............................................................6
Promote your computer to a domain controller...............................................................6
Install Server for NIS......................................................................................................8
To install Server for NIS by using the Windows interface............................................9
To install Server for NIS by using command-line tools................................................9
Continue with Server for NIS Setup..............................................................................10
See Also....................................................................................................................... 10
Task 2: Migrate NIS Maps to Active Directory..................................................................11
Planning for NIS Migration............................................................................................11
Steps in a Typical Migration.......................................................................................11
Read more about NIS Migration................................................................................12
Migrate NIS Maps to a Windows-based Server............................................................12
Using the Windows interface.....................................................................................12
Using a command line...............................................................................................13
Configure UNIX NIS Servers to use Server for NIS as the Master Server....................16
Creating the Structure of Nonstandard Maps...............................................................16
Using the NIS Data Migration Wizard........................................................................16
Using the command line............................................................................................18
Additional Server for NIS Configuration Steps..............................................................19
See Also....................................................................................................................... 19
Task 3: Set the Frequency of Map Propagation...............................................................19
Change the Frequency of Map Updates to UNIX Subordinate NIS servers..................19
Using the Windows interface.....................................................................................20
Using a command line...............................................................................................20
Propagating Maps Immediately....................................................................................21
Propagate changed maps now..................................................................................21
Propagate selected maps now..................................................................................23
Completing Server for NIS Configuration......................................................................25
See Also....................................................................................................................... 25
Task 4: Set the Encryption Method for NIS Domains.......................................................26
Setting the Encryption Method for a Domain................................................................26
Using the Windows interface.....................................................................................26
Using a command line...............................................................................................27
Completing Server for NIS Configuration Tasks...........................................................28
See Also....................................................................................................................... 29
Step-by-Step Guide to Setting Up Server for NIS
Server for NIS enables a Microsoft Windows–based Active Directory domain controller to
administer UNIX Network Information Service (NIS) networks. This guide describes the
tasks you must perform to install and configure Server for NIS on your network.
In this Guide Task 1: Install Server for NIS on a Domain Controller
Task 2: Migrate NIS Maps to Active Directory
Task 3: Set the Frequency of Map Propagation
Task 4: Set the Encryption Method for NIS Domains
Requirements for Installing Server for NISYou can install Server for NIS on the following Windows Server operating systems:
Windows Server 2003
Windows Server 2003 R2
Windows 2000 Server
Server for NIS is not available for installation except on Active Directory domain
controllers.
You must install Server for NIS on a partition that is formatted with the NTFS file system.
If you are installing Server for NIS as an upgrade to a previous version that was installed
on a partition formatted with the FAT file system, you must convert the FAT partition to
NTFS before you can perform the upgrade. File system operations on FAT partitions are
not supported.
Server for NIS requires 5 MB of free hard disk space. It is recommended that the
computer have at least 16 MB of RAM in addition to the recommended minimum
configuration for the operating system.
Server for NIS cannot be run from a network server. All files must be installed on the local
computer.
5
Task 1: Install Server for NIS on a Domain Controller
Server for Network Information Service (NIS) must be installed on a Windows Server
operating system that is an Active Directory domain controller. The option to install Server
for NIS is unavailable on a computer unless it is a domain controller.
This topic contains the following sections:
Verify that your computer is a domain controller
Promote your computer to a domain controller
Install Server for NIS
Continue with Server for NIS Setup
Verify that your computer is a domain controllerIf you are uncertain whether the computer on which you want to install Server for NIS is a
domain controller, click Start, click Administrative Tools, and then click Manage Your
Server. The Manage Your Server window lists the roles installed on the computer under
the text Your server has been configured with the following roles, and specifies
whether a computer is a domain controller.
Domain controllers also include tools installed with Administrative Tools that are not
available on other computers, such as Active Directory Domains and Trusts, Active
Directory Sites and Services, and Active Directory Users and Computers.
If the computer is not a domain controller, follow the procedure Promote your computer to
a domain controller. Otherwise, proceed to Install Server for NIS.
Promote your computer to a domain controllerIf the computer on which you want to install Server for NIS is not a domain controller,
perform the steps in this section. Otherwise, proceed to Install Server for NIS.
6
Important
Because promoting your computer to a domain controller requires domain
administrator access, and can remove the computer from your network, read
Domain controllers and all related topics, in the Active Directory Help before
promoting your computer to a domain controller.
1. Click Start, click Run, type dcpromo in the text box, and then click OK.
The Active Directory Installation Wizard opens.
2. Click Next.
3. On the Operating System Compatibility page, read the information and then click
Next.
If this is the first time you have installed Active Directory on a server running
Windows Server 2003, click Compatibility Help for more information.
4. On the Domain Controller Type page, click to select one of two options:
Additional domain controller for an existing domain
This option requires that you are a member of the Domain Admins group for the
target domain.
If you choose this option, keep in mind that if Server for NIS is already running as
an NIS master server on a domain controller within the existing domain, then
Server for NIS must function as an NIS subordinate (also known as slave) server
on this computer.
Domain controller for a new domain
If you choose this option, you must configure this installation of Server for NIS as
the NIS master server, until one or more additional domain controllers are
configured within the new domain.
5. Click Next.
If you chose Additional domain controller for an existing domain, follow the
procedure Create an additional domain controller in the Windows Server 2003
Help, starting with Step 4.
If you chose Domain controller for a new domain, go on to the next step in this
section.
6. On the Create New Domain page, choose one of the following options:
7
Note
If you choose to create a new domain, you must configure this installation of
Server for NIS as the NIS master server, until one or more additional domain
controllers are configured within the new domain.
Child domain in an existing domain tree
You must be a member of the Enterprise Admins group to continue with this
installation.
Domain tree in an existing forest
You must be a member of the Enterprise Admins group to continue with this
installation.
Domain in a new forest
Creating a new forest requires some advance planning. Before creating a new forest,
decide on a practical Domain Name System (DNS) name for this computer, as well
as a NetBIOS name. For more information, see Namespace planning for DNS in
Windows Server 2003 Help.
1. Click Next.
2. Complete setup using the Windows Server 2003 Help procedure for the domain
option you selected in Step 6 of this section.
If you selected Child domain in an existing domain tree, follow the steps from
Step 5 in Create a new child domain.
If you selected Domain tree in an existing forest, follow the steps from Step 5
in Create a new domain tree.
If you selected Domain in a new forest, follow the steps from Step 5 in Create a
new forest.
3. When you have completed the Active Directory Installation Wizard and successfully
configured your domain controller, proceed to Install Server for NIS.
Install Server for NISYou can install Server for NIS using either the Windows interface, or by using command-
line tools.
To install Server for NIS by using the Windows interface
To install Server for NIS by using command-line tools
8
To install Server for NIS by using the Windows interface
Before installing Server for NIS, have your Windows Server 2003 product CD available,
or have available the network path to your Windows Server 2003 R2 installation files. The
Server for NIS installation process may prompt you to locate required files that are stored
on the product CD.
1. Click Start, click Control Panel, and then click Add or Remove Programs.
2. Click Add/Remove Windows Components.
3. When the Windows Components Wizard opens, click to fill the Active Directory
Services check box.
4. With Active Directory Services highlighted, click Details.
5. When the Active Directory Services dialog box opens, click to fill the Identity
Management for UNIX check box.
6. With Identity Management for UNIX highlighted, click Details.
7. When the Identity Management for UNIX dialog box opens, click to fill the Server
for NIS check box.
Because Administration Components are required for Server for NIS operation, this
item is automatically selected for installation when you select Server for NIS.
8. Click OK.
The Windows Components Wizard begins installing the Identity Management for
UNIX components you selected.
9. If you are prompted to locate files required for Server for NIS installation, insert the
Windows Server 2003 R2 product CD, or browse to the network location of your
Windows Server 2003 R2 installation files.
10. If NIS map data compatible with Windows Services for UNIX 3.5 is stored in Active
Directory, the Server for NIS installation process automatically migrates the data, and
uses it to populate Server for NIS maps.
11. When installation completes, restart your computer to begin working with Server for
NIS.
To install Server for NIS by using command-line tools
You can use an answer file to run the Identity Management for UNIX Installation Wizard
without your having to be present for interactive responses. Create the answer file, and
then run it at a command prompt on the installation computer.
9
Have your Windows Server 2003 product CD available for this command-line installation.
Perform the following steps to install Server for NIS by using a command-line
environment:
1. Create an unattended answer file in %windir% with the following contents.
Note
The unattended answer file is a plain text file that Windows Server uses to
respond to prompts about your installation preferences. For more information
about unattended installations, see Unattended Installation Fundamentals in
the Windows Server 2003 Deployment Guide.
[Components]
Snis=on
Psync=on
Idmumgmt=on
2. At a command prompt, type the following, and press Enter.
synocmgr /i:%windir%\inf\sysoc.inf /u:<answerfile.txt> /q
Continue with Server for NIS SetupTo continue setting up Server for NIS, go on to Task 2: Migrate NIS Maps to Active
Directory.
See AlsoChecklist: Installing a domain controller
Installing and uninstalling Server for NIS
How Unattended Installation Works
Unattended Installation Fundamentals
10
Task 2: Migrate NIS Maps to Active Directory
Server for Network Information Service (NIS) allows NIS map data to be migrated to
Active Directory. After the migration, and upon receiving NIS requests from clients or
other servers, Server for NIS searches Active Directory to reply to NIS queries.
This topic contains the following sections:
Planning for NIS Migration
Migrate NIS Maps to a Windows-based Server
Configure UNIX NIS Servers to use Server for NIS as the Master Server
Creating the Structure of Nonstandard Maps
Additional Server for NIS Configuration Steps
Planning for NIS MigrationBefore beginning NIS migration to Server for NIS, it is strongly recommended that you
read Checklist: NIS migration to Active Directory using the NIS Data Migration wizard.
Steps in a Typical Migration
Migration consists of the following three procedures:
1. Migrate NIS maps to a Windows-based server.
Using a command line
Server for NIS includes a command-line tool called nis2ad to migrate maps from
UNIX-based NIS servers to Active Directory–based Server for NIS.
Using the Windows interface
Server for NIS includes a migration wizard that extracts the information
necessary to perform the migration. Even when using the migration wizard,
however, you must complete steps 2 and 3, which follow.
The migration wizard and the nis2ad command read map data from NIS map source
files, which are the plain text files from which the NIS map databases are compiled.
These source files must be stored in a location that can be accessed by the domain
11
controller during migration, such as on a disk on the domain controller or in a shared
directory accessible by the domain controller.
If the map you want to migrate is a nonstandard NIS map, create the structure using
the procedure Creating the Structure of Nonstandard Maps below.
2. Configure UNIX NIS Servers to Use Server for NIS as the Master Server.
After the migration, the original UNIX-based NIS server must send an update of maps
to all subordinate NIS servers, with the name of the new master server in the maps.
3. Disable the original NIS server.
UNIX-based subordinate NIS servers can continue to work as before; however, they will
receive map updates from the Windows-based computer running Server for NIS instead
of the UNIX-based computer. Client computers running UNIX-based operating systems
can be configured to get NIS maps or data from the new master server.
Read more about NIS Migration
Before you begin migrating NIS map data, it is recommended that you read the following
conceptual topics that discuss NIS migration:
Migrating NIS to Active Directory
Migrating standard and nonstandard maps
Resolving migration conflicts
Handling special users during migration to Active Directory
Migrate NIS Maps to a Windows-based ServerPerform the following steps to migrate NIS maps to a Windows-based server on which
Server for NIS has been installed.
Using the Windows interface
Using a command line
Using the Windows interface
1. Open the Identity Management for UNIX management console by doing one of the
following:
Click Start, click Administrative Tools, and then click Identity Management for
UNIX.
12
Click Start, click Run, type idmumgmt.msc in the Open text box, then click OK.
2. In the hierarchy tree, open the Microsoft Identity Management for UNIX node, and
click to highlight the Server for NIS node.
3. Start the NIS Data Migration Wizard by doing one of the following:
Right-click the Server for NIS node, and then click NIS Data Migration Wizard.
With the Server for NIS node highlighted, click NIS Data Migration Wizard in
the Actions pane.
On the Actions menu, click NIS Data Migration Wizard.
4. Follow the step-by-step directions in the wizard.
Note
Password file entries with names longer than eight characters will not be
migrated.
Windows user accounts created as a result of the migration are disabled. After
performing the migration, you must enable the accounts. For security reasons, it
is recommended that you assign a temporary password to these accounts and
instruct the affected users to change their Windows password as soon as
possible.
Using a command line
1. Open a Command Prompt window in one of the following two ways:
Click Start, and then click Command Prompt on the Start menu.
Click Start, click Run, type cmd in the Open text box, and click OK.
2. At a command prompt, type:
nis2ad -y UNIXNISDomain -a ActiveDirectoryNISDomain [Options] MapfileToMigrate
The following arguments are required:
Argument Description
-y UNIXNISDomain Specifies the name of the NIS domain that
contains the map to migrate.
-a ActiveDirectoryNISDomain Specifies the NIS domain name in Active
Directory.
13
Argument Description
MapfileToMigrate Specifies the name of the NIS map source
file to migrate. NIS map source files are
the plain text files from which the NIS map
databases are compiled.
The nis2ad command accepts the following options.
Option Description
-m Perform the migration. If this option is
omitted, the program finds and reports
conflicts but does not actually perform the
migration.
-c FileName Specifies the file where conflict details are
written. Uses a default file (%windir%\idmu\
nis\conflicts.log) if not specified.
-t TargetContainer Specifies the target container name.
Applicable only when creating a new NIS
domain. If not specified, uses the default or
uses the container of the target domain.
-f FileName Specifies the name of the log file. If not
specified, nis2ad uses a default file (%windir
%\idmu\nis2ad.log).
-r yes|no Replace object in Active Directory with object
being migrated. Default is no.
-n Resolves conflicts by changing the Windows
account name in Active Directory. If objects
of different types have the same name, the
names of both objects are changed before
the data is migrated.
-p Password If needed and if not specified, the user will be
prompted.
-d Directory Specifies the path of the directory that
contains NIS map source files.
14
Option Description
-s Server Specifies the domain controller server
hosting Active Directory. Otherwise use the
current server.
-u User Specifies the name of the user having
administrator privileges on this computer. If
not specified, nis2ad uses the current user.
Even if you specify another user by using the
-u option, the currently logged-on user must
have write permissions for the folder that will
contain the log and conflict files. If
necessary, modify the permissions on the
folder to grant write access to the user who
will be running the nis2ad utility, before
running the utility.
Note
To view the complete syntax for this command, at a command prompt, type
nis2ad /?
You can migrate only one map at a time using nis2ad. To migrate more than one
map at a time, use the NIS Data Migration Wizard.
Password file entries with names longer than eight characters will not be
migrated.
Windows user accounts created as a result of the migration will be disabled. After
performing the migration, you must enable the accounts. For security reasons, it
is recommended that you assign a temporary password to these accounts and
instruct the affected users to change their Windows password as soon as
possible.
Configure UNIX NIS Servers to use Server for NIS as the Master ServerTo change a UNIX-based NIS server from a master server to a subordinate (also known
as slave) server, follow these steps:
1. Migrate NIS maps to a Windows-based computer running Server for NIS.
15
2. Transfer the maps from the old master server to other subordinate NIS servers by
providing the name of the new Server for NIS for each map. At a command prompt,
type:
ypxfr –hnewserver mapname
where newserver is the name of the new NIS master server, and mapname is the
name of the map to be transferred.
3. Run this command for each map on each of the subordinate servers. After this step,
the UNIX subordinate servers will recognize the new Server for NIS master server.
Creating the Structure of Nonstandard MapsYou can migrate nonstandard maps to Server for NIS using either the Windows-based
NIS Data Migration Wizard, or a command-line environment.
Using the NIS Data Migration Wizard
Using the command line
Important
After the map structure is created using this procedure, there is no way to
remove it.
This structure applies to all NIS domains, so it is important to ensure that the
format is consistent across all NIS domains.
Using the NIS Data Migration Wizard
1. Open the Identity Management for UNIX MMC snap-in by doing one of the following:
Click Start, click Administrative Tools, and then click Identity Management for
UNIX.
Click Start, click Run, type idmumgmt.msc in the Open text box, then click OK.
2. In the hierarchy tree, open the Microsoft Identity Management for UNIX node, and
click to highlight the Server for NIS node.
3. Start the NIS Data Migration Wizard by doing one of the following:
Right-click the Server for NIS node, and then click NIS Data Migration Wizard.
With the Server for NIS node highlighted, click NIS Data Migration Wizard in
the Actions pane.
16
On the Actions menu, click NIS Data Migration Wizard.
4. Follow the step-by-step directions in the wizard.
5. On the NIS Map Selection panel, click New.
6. In the Add Nonstandard Map dialog box, do the following:
In the Map name string box, enter the name of the existing nonstandard map you
want to migrate to Server for NIS. The map migration process assigns the same
name to a new file containing your map structure.
In the Separator string box, type the single character you want to use to delimit
or separate fields in your map structure. Suggested characters include a
semicolon (;) or a dash (-).
In the Key field string box, type the number of the column you want to use as the
map key. Use Arabic numeral characters; do not spell out the number.
Click Next.
7. In the Location of UNIX NIS Map Source Files window, enter the directory path
name in which the map file you created in Step 6 is located, and then click Next.
8. Click Finish to start migrating map data from the existing nonstandard map to the
new map file.
Note
Password file entries with names longer than eight characters will not be
migrated.
Windows user accounts created as a result of the migration are disabled. After
performing the migration, you must enable the accounts. For security reasons, it
is recommended that you assign a temporary password to these accounts and
instruct the affected users to change their Windows password as soon as
possible.
Using the command line
1. Open a Command Prompt window in one of the following two ways:
Click Start, and then click Command Prompt on the Start menu.
Click Start, click Run, type cmd into the Open text box, and click OK.
2. At a command prompt, type:
nismap create –i fieldNumber –g "separator" mapName
17
Note
Do not use the hash character (#) as a field separator because this character is
used in standard maps to mark the beginning of a comment.
The following table shows the acceptable arguments for the nismap create command.
Argument Description
fieldNumber The number of the field that contains the
key to the map.
"separator" The character used to separate fields, in
quotation marks. To specify a space as a
separator, enclose the space in double
quotation marks (" "). For example:
nismap create –i 1 –g " " Phones
creates a map called Phones in which the
key field is the first field and the separator
character is a space. Other white-space
characters, such as tab, are also accepted.
mapName The name of the map.
Note
To view the complete syntax for this command, at a command prompt, type:
nismap /?
Additional Server for NIS Configuration StepsWhen you have successfully completed NIS data migration, proceed to Task 3: Set the
Frequency of Map Propagation to configure the time interval at which you want NIS maps
propagated across the domain.
If you encountered problems during migration, see Server for NIS Troubleshooting.
See AlsoMigrating NIS to Active Directory
Migrating standard and nonstandard maps
18
Remove a nonstandard NIS map
Internet Engineering Task Force Web site
Task 3: Set the Frequency of Map Propagation
After you have completed migrating Network Information Service (NIS) maps to a
Windows-based server running Server for NIS, you can ensure that your maps refresh
across the network at regular intervals by setting how often maps are propagated to
subordinate (also known as slave) servers.
This topic contains the following sections:
Change the Frequency of Map Updates to UNIX Subordinate NIS servers
Propagating Maps Immediately
Completing Server for NIS Configuration
Change the Frequency of Map Updates to UNIX Subordinate NIS serversPerform the following steps to change the frequency of map updates to UNIX-based
subordinate (also known as slave) NIS servers.
Using the Windows interface
Using a command line
Using the Windows interface
1. Open the Identity Management for UNIX management console by doing one of the
following:
Click Start, click Administrative Tools, and then click Identity Management for
UNIX.
Click Start, click Run, type idmumgmt.msc in the Open text box, then click OK.
2. If necessary, connect to the computer you want to manage by right-clicking the
Identity Management for UNIX node in the hierarchy pane, and then clicking
Connect to another computer. Otherwise, go on to the next step.
19
3. Click Server for NIS in the hierarchy pane.
4. Open Map Updates by doing one of the following:
Right-click the Server for NIS node, and then click Map Updates.
With the Server for NIS node highlighted, click Map Updates in the Actions
pane.
5. In the Server for NIS Properties dialog box, type the number of days, hours and
minutes you want to lapse between map updates.
6. Click OK to save your changes.
Using a command line
1. Open a Command Prompt window in one of the following two ways:
Click Start, and then click Command Prompt on the Start menu.
Click Start, click Run, type cmd into the Open text box, and click OK.
2. At a command prompt, type:
nisadmin config pushint=[[days:]hh:]mm [-s Server] [-u User] [-p Password]
The following table contains the arguments for the nisadmin command.
Argument Description
[[days:]hh:]mm Specifies the interval at which the service
checks changes to NIS maps in Active
Directory and propagates them to
secondary NIS servers for all domains, in
days, hours, and minutes. If hh is
specified, hh must be in the range 0–23
and mm must be in the range 0–59.
Server The master server for the domain.
User The name of the user who has
administrative privileges on the server to be
started, if different from the current user.
20
Argument Description
Password The password of the user who has
administrative privileges on the server to be
started, if different from the current user. If
you type a user name but omit the
password, you will be prompted for the
password.
Note
To view the complete syntax for this command, at a command prompt, type:
nisadmin /?
Propagating Maps ImmediatelyYou do not have to wait for the Map Updates interval to expire to refresh maps. You can
propagate maps immediately using one of the following two procedures:
Propagate changed maps now
Propagate selected maps now
Propagate changed maps now
You can propagate any changed maps immediately either by using the Windows
interface, or in a command-line environment.
Using the Windows interface
Using a command line
Using the Windows interface
1. Open the Identity Management for UNIX management console by doing one of the
following:
Click Start, click Administrative Tools, and then click Identity Management for
UNIX.
Click Start, click Run, type idmumgmt.msc in the Open text box, then click OK.
21
2. If necessary, connect to the computer you want to manage by right-clicking the
Identity Management for UNIX node in the hierarchy pane, and then clicking
Connect to another computer. Otherwise, go on to step 3.
3. Click Server for NIS in the hierarchy pane.
4. Click Check for updates now.
Using a command line
1. Open a Command Prompt window in one of the following two ways:
Click Start, and then click Command Prompt on the Start menu.
Click Start, click Run, type cmd into the Open text box, and click OK.
2. At a command prompt, type:
nisadmin [server] syncall [–u user [–p password]]
The following arguments are acceptable with the nisadmin syncall command.
Argument Description
syncall Propagate all maps.
server The name of the server where the maps
are stored.
user The name of the user who has
administrator permissions on the server, if
different from the current user.
password The password of the user who has
administrator permissions on the server, if
different from the current user. If you type
a user name but omit the password, you
will be prompted for the password.
Note
The nisadmin syncall command propagates maps only on UNIX-based NIS
subordinate servers. It does not propagate maps on NIS subordinate servers
running Windows operating systems. Active Directory updates Windows-based
NIS subordinate servers.
To view the complete syntax for this command, at a command prompt, type:
22
nisadmin /?
Propagate selected maps now
Using the Windows interface
1. Open the Identity Management for UNIX management console by doing one of the
following:
Click Start, click Administrative Tools, and then click Identity Management for
UNIX.
Click Start, click Run, type idmumgmt.msc in the Open text box, then click OK.
2. If necessary, connect to the computer you want to manage by right-clicking the
Identity Management for UNIX node in the hierarchy pane, and then clicking
Connect to another computer. Otherwise, go on to step 3.
3. In the console tree, expand Server for NIS and view the list of available domains.
4. Expand the domain of interest, and click the NIS Maps object in the hierarchy pane
to view NIS maps in the details pane.
5. In the NIS Maps in this Domain list, click to select a map you want to update
immediately.
Note
To select multiple maps at once, click and drag, or press and hold the Ctrl key
while selecting additional maps.
1. Propagate the selected maps by doing one of the following:
Click Propagate in the Actions pane.
On the Actions menu, click Propagate.
Right-click the selected map object(s), then click Propagate.
2. On the Identity Management for UNIX dialog box, click Yes to begin map
propagation.
Using a command line
1. Open a Command Prompt window in one of the following two ways:
Click Start, and then click Command Prompt on the Start menu.
23
Click Start, click Run, type cmd into the Open text box, and click OK.
2. At a command prompt, type:
yppush [-d ActiveDirectoryNISDomain] [-q] [-t Timeout] [-h Hosts] MapName
The following table shows the arguments accepted by the yppush command.
Argument Description
-d ActiveDirectoryNISDomain NIS domain name in Active Directory.
-q Quiet mode. Do not wait for response
from subordinate (slave) servers and
do not report errors.
-t Timeout The number of seconds to wait for a
response from the subordinate server
before sending the next request. Must
be greater than zero. The default value
is 30.
-h Hosts The hosts to notify of changes. Default
is all subordinate servers in the domain.
Can be used multiple times for more
than one computer.
MapName The name of the NIS map to be
transferred.
Note
The yppush command propagates maps only on UNIX-based NIS subordinate
servers. It does not propagate maps on NIS subordinate servers running
Windows operating systems. Active Directory updates Windows-based NIS
subordinate servers.
To view the complete syntax for this command, at a command prompt type:
yppush /?
24
Completing Server for NIS ConfigurationThe final step in initial setup of Server for NIS is to specify an encryption method for user
passwords. To learn how to perform this task, see Task 4: Set the Encryption Method for
NIS Domains.
See AlsoSending periodic map updates to subordinate (slave) NIS servers
Change the frequency of map updates to UNIX subordinate (slave) NIS servers
Manage NIS Maps
Task 4: Set the Encryption Method for NIS Domains
Server for Network Information Service (NIS) provides limited support for keeping
passwords synchronized between a user's Windows and UNIX accounts. Whenever a
user's Windows password is changed, Password Synchronization (which is installed with
Server for NIS for this reason) captures the new password, encrypts it, and then stores
the password in the passwd map in Active Directory. The new password is propagated to
NIS subordinate (also known as slave) servers either during the next scheduled update (if
a propagation interval is configured), or by using commands that propagate maps
immediately. For more information about configuring map propagation, see Task 3: Set
the Frequency of Map Propagation.
When synchronizing passwords, Server for NIS can use either crypt(3) (refers to DES
encryption) or Message Digest 5 (MD5) encryption. Server for NIS can support different
encryption methods for multiple domains, but all UNIX computers in a particular domain
must use the same encryption method.
This topic contains the following sections:
Setting the Encryption Method for a Domain
Completing Server for NIS Configuration Tasks
25
Setting the Encryption Method for a DomainYou can set the encryption method for a domain either by using the Windows interface, or
working in a command-line environment.
Using the Windows interface
Using a command line
Using the Windows interface
1. Open the Identity Management for UNIX management console by doing one of the
following:
Click Start, click Administrative Tools, and then click Identity Management for
UNIX.
Click Start, click Run, type idmumgmt.msc in the Open text box, then click OK.
2. If necessary, connect to the computer you want to manage by right-clicking the
Identity Management for UNIX node in the hierarchy pane, and then clicking
Connect to another computer. Otherwise, go on to Step 3.
3. In the console tree, expand Server for NIS and view the list of NIS domains.
4. Select the domain for which you want to set an encryption method.
5. Open the UNIX Password Encryption Properties dialog box by doing one of the
following:
Click UNIX Password Encryption in the Actions pane.
On the Actions menu, click UNIX Password Encryption.
Right-click the selected domain, then click UNIX Password Encryption.
6. In the Encryption Scheme area, click the drop-down menu to select the encryption
method used by all UNIX computers in the domain.
Note
You can select the MD5 encryption method for a UNIX domain that consists
exclusively of computers running Linux and using MD5 encryption. Domains that
contain one or more computers using the crypt algorithm or that run any other
operating system must use crypt. Although Linux versions 6.2 and later support
MD5 encryption, Identity Management for UNIX is not supported for versions of
Linux prior to version 8.
26
Using a command line
1. Open a Command Prompt window in one of the following two ways:
Click Start, and then click Command Prompt on the Start menu.
Click Start, click Run, type cmd into the Open text box, and click OK.
2. At a command prompt, type:
nisadmin [computer] encryptiontype -d domain {crypt | md5} [-u usr [-p pword]]
Argument Description
computer Specifies the remote computer you want
to administer. You can specify the
computer using a WINS or DNS name, or
by Internet Protocol (IP) address.
domain Specifies the name of the domain for
which the change is being made.
usr Specifies the user name of the user
whose credentials are to be used. It might
be necessary to add the domain name to
the user name in the form domain\
username.
pword Specifies the password of the user
specified using the -u option. If you
specify the -u option but omit the -p
option, you are prompted for the user's
password.
Note
To view the complete syntax for this command, at a command prompt, type:
nisadmin /?
You can select the MD5 encryption method for a UNIX domain that consists
exclusively of computers running Linux and using MD5 encryption. Domains that
contain one or more computers using crypt or that run any other operating
system must use crypt. Although Linux versions 6.2 and later support MD5
encryption, Identity Management for UNIX is not supported for versions of Linux
prior to version 8.
27
Completing Server for NIS Configuration TasksYou have completed all the tasks for initial setup of Server for NIS. If you want to
configure Server for NIS on another computer, refer to the start of the Step-by-Step
Guide to Setting Up Server for NIS.
See AlsoPassword encryption
Set the encryption method for a domain
28