SUMMARY: Changing ip address for NIS+ master

From: Jeff Miller (
Date: Wed Dec 06 2000 - 12:27:13 CST

Thanks to all for the suggestions and warnings.
I had a mail server crash right after I sent the message, so
I may have missed some responses.

Thanks to:
Tom Hinze <>
Luke Kanies <>
EG Keizer <>

I believe I will try the following solution.

Article 16402
Synopsis: How to Rebuild a NIS+ ROOTMASTER

Distribution: Public Article type: Infodoc
Submitter: Nori Praveen Country: USA

Status: Issued

Hardware: any
OS: Solaris 2.x Bug ID:
Prd area: Gen. Network Patch ID:
Product: NIS+ Release:

Interest list: nori.praveen@corp network-east@network.east

Submitted: Feb 26 1998 3:28PM Total labor: 0 hrs 20 mins

Sometimes you need to change the NIS+ ROOTMASTER. You might like to move
to a different machine, or change its IP address or domainname. However,
things are built into the NIS+ system and require rebuilding the

This Infodoc assumes that you already have a NIS+ ROOTMASTER (with or
without replicas), and you are able to dump the tables from the root
master/replica, and you need to rebuild the master, for various

The sequence of the steps would be:

Dump the tables from the master.
Remove the NIS+ from the master
Make desired change. (change IP or domainname, or copy files to
    the new master and continue the procedure from there)
Rebuild the NIS+ on the master
Reinitialize the clients.
Reinitialize the replicas.

NOTE: If you already have the information for the NIS+ tables in the
ASCII files, then step 1 is not needed, you only have to copy these
files to /var/nisfiles directory ( create it if not already present).

1) Dump the tables

  rootmaster# mkdir /var/nisfiles
  rootmaster# cd /var/nisfiles

  rootmaster# /usr/lib/nis/nisping -C groups_dir.`domainname`.
  rootmaster# /usr/lib/nis/nisping -C org_dir.`domainname`.
  oldt-master# /usr/lib/nis/nisping -C `domainname`.

  rootmaster# nisaddent -d aliases > aliases
  rootmaster# nisaddent -d bootparams > bootparams
  rootmaster# nisaddent -d ethers > ethers
  rootmaster# nisaddent -d group > group
  rootmaster# nisaddent -d hosts > hosts
  rootmaster# nisaddent -d netgroup > netgroup
  rootmaster# nisaddent -d netid > netid
  rootmaster# nisaddent -d netmasks > netmasks
  rootmaster# nisaddent -d networks > networks
  rootmaster# nisaddent -d passwd > passwd
  rootmaster# nisaddent -d protocols > protocols
  rootmaster# nisaddent -d publickey > publickey
  rootmaster# nisaddent -d rpc > rpc
  rootmaster# nisaddent -d services > services
  rootmaster# nisaddent -d shadow > shadow
  rootmaster# nisaddent -d timezone > timezone
  rootmaster# nisaddent -d -t auto_home.org_dir key-value > auto_home
  rootmaster# nisaddent -d -t auto_master.org_dir key-value > auto_master

 2) Remove the traces of old NIS+ from the machine

  rootmaster# cp /etc/nsswitch.files /etc/nsswitch.conf
  rootmaster# /etc/init.d/rpc stop
  rootmaster# rm -f /etc/.rootkey
  rootmaster# rm -rf /var/nis/*
  rootmaster# rm -rf /etc/defaultdomain
  rootmaster# /etc/init.d/rpc start

(*** REBOOTING is preferred at this point if possible).


3) Build the new master

***[NOTE:** If you want to change NIS+ domainame you provide the new

   rootmaster# nisserver -v -r -d <>

4) Remove the lines related to the master from /var/nisfiles/publickey file

5) Add the master's present publickey to the /var/nisfiles/publickey

   rootmaster# nisaddent -d publickey >> /var/nisfiles/publickey

***[NOTE: If you want to change the ip address of the
          make changes to the /var/nisfiles/hosts file]

6) Populate the tables on the new master.

  rootmaster# cd /var/nisfiles
  rootmaster# nispopulate -v -F

7) Add the old publickeys to the database.

  rootmaster# nisaddent -rv -f /var/nisfiles/publickey publickey

8) Update the database

   rootmaster# nisping -C org_dir
   rootmaster# nisping -C groups_dir
   rootmaster# nisping -C

***[NOTE: If the client's IP address or the NIS+ domainname needs to be
          changed, make changes to respective /etc files ]

9) Copy the /var/nis/NIS_COLD_START from the master into the client's
   /var/tmp and reinitialize the client.

  client# rcp master:/var/nis/NIS_COLD_START /var/tmp
  client# nisinit -C /var/tmp/NIS_COLD_START
  clinet# /etc/init.d/rpc stop
  client# rm /var/nis/*CACHE
  client# /etc/init.d/rpc start

***[NOTE: If the replica's IP address or the NIS+ domainname needs to be
          changed, make changes to respecitve /etc files]

10) Remove NIS+ from the old replicas (step 2 ) and reinitialize as
    clients of the master. You may make it a replica again if desired.

Note: Use the previous NIS+ passwd when requested for NIS+
passwd (RPC/network passwd) in the nisclient command

My original question:
> Admins:
> I have to change the ip address for an NIS+ master and 3 replicas.
> All servers are running Solaris 2.5.1
> Different sources vary widely on how to perform this procedure.
> In one Answerbook collection, it seems ver simple. Just run a few
> "nisupdkeys" commands and you're finished.
> Example (from Answerbook): Can it be this easy?
> -----------------------------------------------
> Updating IP Addresses
> If you change a server's IP address, or add additional addresses,
> you need to run nisupdkeys to update NIS+ address information.
> To update the IP addresses of one or more servers, use the
> nisupdkeys command -a option.
> To update the IP addresses of servers of a given domain
> rootmaster# nisupdkeys -a domain
> To update the IP address of a particular server
> rootmaster# nisupdkeys -a -H server
> -----------------------------------------------
> In one online document located here, it's a hairy looking
> 2 page procedure.
> http://sunsolve.Sun.COM/private-cgi/\
> And in this list's archives, there are numerous ways to do it.
> My question to this group is what's the best way to make this change?
> Are there any online documents that are better than others for it?
> Which procedure really is tested and works?
> Thanks,
> Jeff
> Jeffrey P. Miller
> Systems Administrator
> Eastman Kodak Company
> Phone: (716) 726-0208
sunmanagers mailing list

This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:14:24 CDT