Chat now with support
Chat with Support

Authentication Services 4.2 - Administration Guide

One Identity Privileged Access Suite for Unix Introducing One Identity Authentication Services Unix administration and configuration Identity management Migrating from NIS Managing access control Managing local file permissions Certificate Autoenrollment Integrating with other applications Managing Unix hosts with Group Policy
Authentication Services Group Policy
Group Policy Concepts Unix policies One Identity policies
Display specifiers Troubleshooting

Installing and configuring the AIX NIS client components

You can find the vasyp.bff file in the client directory for your AIX operating system on the installation media.

To install and configure vasyp on AIX

  1. Ensure that the system ypserv and ypbind daemons are stopped by running the following commands as root:
    # stopsrc -s ypbind 
    # stopsrc -s ypserv

    Also ensure that all entries dealing with ypserv and ypbind in /etc/rc.nfs are commented out.

    Note: You do not need to do this if the machine is not configured as a NIS server.

  2. As root, mount the Authentication Services installation CD and change to the aix directory.
  3. Use installp to install the package appropriate for your version of AIX, as follows:
    # installp -ac -d vasyp_AIX_<platform>.<version>.bff all
  4. On AIX 7.1 (and later), create a ypservers file in /var/yp/binding/<NIS_DOMAIN>/ypservers which only contains the following line:
    127.0.0.1
  5. Start vasyp with the following command:
    # /etc/rc.d/init.d/vasypd start

    Note: Do not configure the NIS client using the standard AIX configuration instructions. Normally, you configure the system domain name and enable the NIS client in /etc/rc.nfs. For vasyp to work correctly on AIX, you must disable any NIS configuration in the /etc/rc.nfs file.

    You can now use the NIS utilities like ypwhich and ypcat to query vasyp for NIS map data.

NIS map search locations

By default, the vasyp daemon only searches the Active Directory container, or organizational unit (OU) in which the Unix computer object was created. You can override this search location by configuring the search-base option in vas.conf. This allows you to have different sets of NIS maps for different groups of Unix hosts.

For more information on the search-base option, refer to the vasypd section of the vas.conf man page.

Deploying Authentication Services in a NIS environment

These are the components associated with using Authentication Services in a NIS environment:

  • RFC 2307 NIS Map Import Wizard

    The RFC 2307 Map Import Wizard imports NIS data into Active Directory as RFC 2307 objects either from a NIS server or from a local file. This wizard can also save an import session as an LDIF file that you can import using standard LDAP tools.

  • RFC 2307 NIS Map Editor

    The RFC 2307 NIS Map Editor is the standard Windows tool for modifying RFC 2307 NIS data that has been imported into Active Directory using the import wizard.

  • nisedit

    nisedit is the NIS Map Command Line Administration Utility you run from the host.

  • vasyp

    vasyp runs on a Authentication Services Unix host machine joined to an Active Directory domain. It interprets RFC 2307 objects from Active Directory as standard NIS maps on Unix.

Starting the NIS Map Import Wizard

Using the RFC 2307 NIS Map Import Wizard, you can import directly from local files or from an existing NIS server.

To start the NIS Map Import Wizard

  1. From Windows, start Active Directory Users and Computers.

    By default, NIS Map Objects are only available to Authentication Services clients in the same organizational unit to which they are joined.

    If the client is joined in Unix Personality Mode then only the NIS maps residing in the personality containers NIS OU are accessible.

  2. Right-click on the Computers container in the ADUC or, if in UPM mode, the NIS OU inside the promoted personality OU in ADUC.
  3. Select All Tasks | Unix Tasks | RFC 2307 NIS Map Import Wizard to launch the wizard.
  4. Click Next in the Welcome dialog.
  5. In the Source Selection dialog, select the option to Import NIS Data from Local file or Import NIS Data from the NIS Server.
Related Documents