Installing and configuring the Safeguard Authentication Services NIS components
Migrating from NIS > Installing and configuring the Safeguard Authentication Services NIS components
To ensure that the NIS proxy agent daemon, vasypd, does not cause any system hangs when you install, configure, or upgrade it, follow the steps for each supported Unix platform outlined in this section.
Note: Before installing and configuring the Safeguard Authentication Services NIS components, you should have previously installed the Safeguard Authentication Services agent software and joined the Unix machine to an Active Directory domain.
Installing and configuring the Linux NIS client components
You can find the vasyp.rpm file in the client directory for your Linux operating system on the installation media.
To install and configure vasyp on Linux
- Ensure that the system ypserv daemon is stopped by running the following as root:
# /etc/init.d/ypserv stop
Note: You do not need to do this if you have not previously configured ypserv.
Note: This option is not available on SUSE Linux (11 or later) or on Red Hat.
- Ensure that the system ypserv daemon is not configured to start at system boot time.
The commands for doing this vary for the different supported Linux distributions. Please see your operating system documentation for instructions on disabling system services.
- Ensure that the system ypbind daemon is not running by entering the following command:
# /etc/init.d/ypbind stop
- Ensure that the system ypbind daemon is configured to start at system boot time.
The commands for doing this vary for the different supported Linux distributions. Please see your operating system documentation for instructions on enabling system services.
- As root, mount the Safeguard Authentication Services installation CD, change directories into the linux directory, and run the following command:
# rpm -Uvh vasyp-<version>.<build number>.rpm
As part of the install process, vasyp is registered with chkconfig to start at system boot time.
- Configure the ypbind daemon to only talk to NIS servers on the local network interface by modifying /etc/yp.conf to contain only the following entry:
ypserver localhost
You can use either localhost or the actual hostname.
- Set the system NIS domain name to match the Active Directory domain to which you are joined by running the following command as root:
# domainname example.com
where example.com is the domain to which your machine has been joined.
Set the NIS domain name permanently on Red HatLinux by modifying /etc/sysconfig/network to have the following option:
NIS_DOMAIN="example.com"
where example.com is the Active Directory domain to which the machine is joined.
On SUSE Linux, modify the /etc/defaultdomain file to include only example.com where example.com is the Active Directory domain to which you are joined.
- Start vasyp with the following command:
# /etc/init.d/vasypd start
- Start ypbind with the following command:
# /etc/init.d/ypbind start
You can now use the NIS utilities like ypwhich and ypcat to query vasyp for NIS map data.
Installing and configuring the Oracle Solaris NIS client components
You can find the vasyp.pkg file in the client directory for your Oracle Solaris operating system on the installation media.
To install and configure vasyp on Oracle Solaris
- Stop the system ypserv and ypbind daemons by running the following commands as root:
-
Stop ypbind
# svcadm disable nis/client
-
Stop vasypd
# svcadm disable vasypd
-
Stop ypserv
# svcadm disable network/nis/server
Note: When installing the Safeguard Authentication Services vasypd Unix component on Oracle Solaris 10 (or later), you must have the rpcbind service enabled on the host for this service to start. To enable it, run this command:
# /usr/sbin/svcadm enable -s network/rpc/bind
- As root, mount the installation CD, change to the solaris directory, and run the following command:
# pkgadd -d vasyp_SunOS_<platform>-<version>.pkg all
- Create the /var/yp/binding/example.com directory where example.com is the Active Directory domain to which you are joined.
- Create the /var/yp/binding/example.com/ypservers file and add the following line or modify the existing file to only contain this line:
localhost
- Set the system NIS domain name to match the Active Directory domain to which you are joined by running the following command as root:
# domainname example.com
where example.com is the domain to which your machine has been joined.
Note: This only sets your NIS domain name for the current environment.
- Set the NIS domain name permanently by modifying /etc/defaultdomain to include only the following line:
example.com
where example.com is the Active Directory domain to which you are joined.
- Start vasyp with the following command:
# /etc/init.d/vasypd start
-
Start ypbind with the following command:
# svcadm enable nis/client
You can now use the NIS utilities like ypwhich and ypcat to query vasyp for NIS map data.
Note: For Oracle Solaris 10 (or later), ypbind may not bind to vasyp until some actual NIS requests occur which can take up to 30 seconds.
Installing and configuring the HP-UX NIS client components
You can find the vasyp.depot file in the client directory for your HPUX operating system on the installation media.
To install and configure vasyp on HP-UX
- Stop the system ypserv and ypbind daemons by running the following commands as root:
# /sbin/init.d/nis.server stop
# /sbin/init.d/nis.client stop
To ensure that the system ypserv daemon does not start at boot time, modify /etc/rc.config.d/namesvrs and set the NIS_MASTER_SERVER and NIS_SLAVE_SERVER variables to 0.
Note: You do not need to do this if the machine is not configured as a NIS server.
- As root, mount the Safeguard Authentication Services installation CD and change to the hpux directory.
- To install the depot on an HP-UX client, enter the following command:
# swinstall -s /cdrom/hpux-<platform>/vasyp_<platform>-<version>.depot vasyp
- Create the /var/yp/binding/example.com directory where example.com is the Active Directory domain to which you are joined.
- Create the /var/yp/binding/example.com/ypservers file, and add the following line, or modify the existing file to only contain this line:
localhost
- Set the system NIS domain name to match the Active Directory domain to which you are joined by running the following command as root:
# domainname example.com
where example.com is the domain to which your machine has been joined.
- Set the NIS domain name permanently by modifying /etc/rc.config.d/namesvrs so that the NIS_DOMAIN variable is set to the Active Directory domain to which the Unix machine is joined.
- To ensure that the system NIS client processes starts at boot time, set the NIS_CLIENT variable in /etc/rc.config.d/namesvrs to 1.
- Start vasyp with the following command:
# /sbin/init.d/vasypd start
- (Optional) Start ypbind with the following command:
# /sbin/init.d/nis.client start
You can now use the NIS utilities like ypwhich and ypcat to query vasyp for NIS map data.