Thanks to the following for giving me some suggestions: Jay Lessert <jayl@accelerant.net> Gary P Carr <gcarr@lanl.gov> Mr rich cole <rcole0424@yahoo.com> After searching the FAQ some more (http://www.eng.auburn.edu/users/rayh/solaris/NIS+_FAQ.html) and then doing more searched on Sunsolve I found a procedure and it worked... The most damaging condition in a NIS+ environment is the root on the master server unable to authenticate to the nis+. Backups and nisaddent dumps should be performed periodically as there is not surefire method of getting out of this situation. Reinitialising is the quickest and the cleanest way of getting back the root master with clean database. If the root users on the replica services are able to autheticate to NIS+ then nisaddent dump of the database should be performed to backup the table in their natuaral text format. In 50% of the cases reinitialisation is the only possible alternative. The following method can be applied to restore the nis+ credentials for the master, but Sun claims no responsibility for the outcomes. On the NIS+ master server: Do all the following as root in the bourne shell: 1) Kill the nis_cachemgr and rpc.nisd. ***** #kill <PID for rpc.nisd> on all NIS+ servers ***** #kill <PID nis_cachemgr> on all NIS+ servers 2) Restart rpc.nisd with "-S0" option ***** #rpc.nisd -S0 3) Create new credentilas for the master by running 'nisaddred' command ***** nisaddcred -p unix.host@FQDomainname -P host.domainname. des ***** enter the root passwd when prompted for passwd. 4) Update the keys in the directory objects using the nisupdkeys command. ***** NOTE THE TRAILING DOT AT THE END OF THE DOMAINNAME ***** ***** #nisupdkeys domainname. ***** #nisupdkeys org_dir.domainname. ***** #nisupdkeys groups_dir.domainname. 5) Perform check point on all the three directories on the master ***** NOTE THE TRAILING DOT AT THE END OF THE DOMAINNAME ***** ***** #nisping -C domainname. ***** #nisping -C org_dir.domainname. ***** #nisping -C groups_dir.domainname. 6) keylogout with -f option. #keylogout -f 7) Kill the running rpc.nisd and restart with original options (-Y -B if any.) ***** #kill (PID of rpc.nisd ***** #rpc.nisd ***** #nis_cachemgr -i 8) Perform a keylogin -r to update the secret key in the /etc/.rootkey. At this point the root master and the client on the root master know about the updated credentials (as the cold start file onthe master is updated immedately on any change to the directory objects), the clients of the domain need to update their cold start files with the correct master credentilas. 11) Perform the steps spcified below in the "Updating cold start file" section of this SRDB, for the clients to authenticate the nis+ master. ============================================================================== UPDATING COLD START FILE: ------------------------- The cold start file is essential for the client server authentication. It is the original repository of server and server keys for the client. The cache is created based on the cold start file. The cache is use for run time queries and need to be refreshed when ever there are major changes take palace in the domain. The cold start file is only read once while the cache is being created by the nis_cachemgr. Perform following steps to update the coldstart file and the nis+ cache. ----> On all clients and replicas 1) kill the nis_Cachemgr 2) remove the /var/nis/*DIRCACHE files 3) run the 'nisinit' command to create a new cold start file ***** #nisinit -c -H <rootmaster> 4) start the nis_cachemgr. Origial problem: NIS master not responding to NIS requests.... Thanks to all See-ya Mitch -- /####################################################################/ /# Mitchell "Buzz" Baker "To Infinity And Beyond..." #/ /# Sr. Systems/Security Admin Rose-Hulman Institute of Technology #/ /# Mitchell.D.Baker@rose-hulman.edu www.rose-hulman.edu #/ /# For PGP Public key, check out www.keyserver.net #/ /####################################################################/ _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagersReceived on Tue Jan 14 10:52:21 2003
This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:43:01 EST