Partial SUMMARY: NIS+ woes

From: Rasana P. Atreya (
Date: Tue Jun 11 1996 - 12:44:54 CDT


I posted a problem about installing NIS+. I have 2 sub-domains, so I did not
know which one to choose as the root master.

Thanks to Dixon Ly and Kenneth Simpson and a very special thanks to Daniel J
Blander I have a better idea about how I can handle this. Please see my
original post and the complete responses I got (below).

Now I have another problem. Our current NIS master is a SunOS 4.1.3_U
machine. It does not have a shadow file, but does have a passwd and a
passwd.master (I could not find any documentation on this). I combined the
two files as passwd, copied this file over to the new machine (Solaris 2.5
which I'm trying to setup as the root master of NIS+) and ran the "pwconv"
command. This was after I ran nisserver -Y -r -v -d

I checked that it created a passwd and shadow file.
After that I populated using nispopulate -F -v -d -h athena

I then rebooted the machine. I tried logging in as root when it came back up,
but it would not let me in. I was able to login as myself. I finally had to
get in the cdrom way. What did I screw up?

Thanks a lot for you help,

I posted this once before but I did not get anything which helped me, so I'm
giving this another try.

I'm trying to setup NIS+ on a Solaris 2.5 machine with patches 103279-01 and
103093-02 (on Sparc 2). We already have NIS running on another machine, but
populating from NIS was giving errors, so I tried to populate using files.

UCSF has many subnets, of which we control 2 ( and We have no access to anything else.

If I try and make a machine on the subnet our root master,
nispopulate using:

nispopulate -F -v -d -h EFGH,

these are the errors I get:

Populating the NIS+ credential table for domain
from hosts table.
dumping hosts table...
loading credential table...
nisaddcred: domain of principal ''
does not match destination domain ''.
Should only add DES credential of principal in its home domain
nisaddcred: unable to create credential.

If I make a machine on ckm subnet the root master, I get the same error
messages with the sub-domain reversed.

My /etc/hosts is like this:
128.218.xx.yy ABC DEF

My /etc/netgroup is:
(,,) (,,) \

As an aside: each time I activate NIS+ (this machine is also our INN news
server) I get the following:
Jun 7 09:09:52 helena nnrpd[2743]: ? cant gethostbyaddr Error 0 is our newsfeed.

So my question is this: if I make a machine on one subnet my root master, how
do I handle the other one??

PLEASE let me know if you need further clarification.


Thanks much!
From: Dixon Ly <>

I don't use NIS+ myself, but isn't there something in the NIS+
docs that says you can't use periods to name your machines/users?
A period is reserved for domain naming hierachy or some such thing
(like is a different domain then
So you have, which seems to say
you have a principal 'ABC' in the

Like I said, I don't use NIS+, but I am pretty sure I recall reading
something about the naming convention in the Sun supplied docs.

From: Kenneth Simpson <>

>If I try and make a machine on the subnet our root master,
>and nispopulate using:
>nispopulate -F -v -d -h EFGH,

My advice is to not to do it, i.e., if passing



which is clearly wrong, then don't do it, i.e., loose the


in the nispopulate command. Also, try using

        nisaddent -r -f ....

to populate your tables if you have ASCII files.

>As an aside: each time I activate NIS+ (this machine is also our INN news
>server) I get the following:
>Jun 7 09:09:52 helena nnrpd[2743]: ? cant gethostbyaddr Error 0

If you have a DNS server, add


to your nisswitch.conf file.

-- Ken
From: "Daniel J Blander - Sr. Systems Engineer for ACS" <>

It looks as if you have some domain issues running rampant here...

You have a primary domain for NIS+ that is
and a DNS domain that you have listed in your hosts file
(rather than letting DNS resolve the domain) that is

NIS+ (as well as DNS) will treat every . as a breaking designation
for each domain. Because you have choosen to list your hosts with
their DNS subdomains, then they are put into the NIS+ hosts.org_dir
map with these subdomains appended onto the NIS+ root domain.
NIS+ wants the master server
to be precisely in the ROOT domain ( and in no other
subdomain - a sub-domain root master would be in its own sub-domain...
so having the successive sub-domains listed in your host file is
nuking the install. In addition, since after you start your
NIS+ install your /etc/nsswitch.conf file changed to look up your
info from your NIS+ maps, and since they have started being populated
from this hosts file (it will do hosts last - after NIS+), it is
likely the name of your news server is totally mis-labeled and
can not be found by NIS+ because it now has the tacked
on the end....

If your intention is to have the hosts file list the full domains,
then you should create a seperate hosts file without the domain data
tagged on - unless they truely do reside in sub-domains...and then
load this stripped hosts file into your NIS+ maps instead of the
one you are trying to load.

If you want DNS running inside your organization and NIS+ simultaneously,
then strip the names completely, setup DNS correctly to handle resolving
the domains - instead of the hosts file, and then build your NIS+. Both
services can run simultaeously and a system can belong to both and have
different domains specified in each one (they run independently - unlike
old NIS).

Last possible scenario - in your hosts file, put the fully qualified names
as aliases - I.e. do as I said above - add the simple host name (with no
domain) but put it in your existing hosts file and put it first - before
the fully qualified name. This way when NIS+ reads in the info it will
use that name to set up the hosts.org_dir entry.

Hope this helps....

 The Official Applied Computer Solutions Home Page
             and Tech Tip of the Week:

~ Rasana Atreya Voice: (415) 476-3623 ~
~ Programmer/Analyst and Red Sage Administrator Fax: (415) 476-4653 ~
~ Library & Ctr for Knowledge Mgnt, Univ. of California at San Francisco ~
~ 530 Parnassus Ave, Box 0840, San Francisco, CA 94143-0840 ~

This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:11:01 CDT