HP-UX/Tru64 UNIX System Administration Interoperability phần 5 pot

The Exported Local File Systems dialog box opens... Network AdministrationNetworked File Systems Configuration The default is to allow access from all systems.. Selecting the Selected Sy

Network Administration

Domain Name Service Configuration

b Select Delete A confirmation dialog box opens

c Select Yes The confirmation dialog box closes The list in the Name Server dialog box is updated

12 Select Next> The Create DNS Database dialog box opens

You ca use this dialog box to create the DNS database from a specific file

13 Optionally select the Create the DNS database from the following hosts file check box if you want to create the DNS database

14 Optionally change the Hosts File entry

15 Select Next> The Named Daemon dialog box opens

Use this dialog box to start the named daemon, the Internet Name Server Daemon

16 Select the check box

Network Administration

Domain Name Service Configuration

17 Select Next> The Summary dialog box opens

18 Select Finish The application configures the DNS Master Server

Network Administration

Networked File Systems Configuration

Networked File Systems Configuration

Networked File System (NFS) is based on the client-server model

An NFS server is a machine that makes local directories available for client machines to mount using NFS

On the NFS client, these mounted files and directories look to users like part of the client's local file system

An NFS server can also be an NFS client

This section describes the configuration of an NFS server on both operating systems

Configuring NFS (HP-UX)

Use the following procedure to configure an NFS Server on an HP-UX system

1 Log in as superuser (root)

2 Invoke SAM

3 Select the Networking and Communications icon

4 Select the Networked File Systems icon

5 Select the Exported Local File Systems icon The Exported Local File Systems dialog box opens

Network Administration

Networked File Systems Configuration

6 Select Actions->Add Exported File System The Add Exported File System dialog box opens

7 Enter the name of the local directory, which must also be a file system, in the Local-Directory Name field

8 Decide how an unknown user should be treated by selecting the appropriate radio button:

• When an unknown user accesses the directory, the unknown user ID is used

• Unknown users are prevented from accessing the directory

• A specific user ID is used for unknown users When this radio button is selected, a field appears to the right so that you can enter that user ID

9 Choose the radio button that either allows asynchronous writes or prevents them

Network Administration

Networked File Systems Configuration

10 Optionally, you can specify whether to allow access from all or selected systems and specify the type of access by selecting Specify User Access The User Access dialog box opens

Network Administration

Networked File Systems Configuration

The default is to allow access from all systems Selecting the Selected Systems radio button transforms this dialog box as follows:

You can specify an access list of various remote systems that you name with read-write or read-only access Specifying the Read-mostly Access Type at the top of the dialog box allows you to set individual access types for each system

Select Add to add each system to the list After there is a least one system on the list, you are able to modify or remove it

Be sure to select OK to close this dialog box and return to the Add Exported File System dialog box

Network Administration

Networked File Systems Configuration

11 Optionally you can select Specify Root-User Access to name those remote systems whose root users are allowed access to the file system The Root-User Access dialog box opens

This dialog box lets you enter the names of remote systems in the Remote-System Name field and select Add to list them After there is at least one remote system name in the list, you can modify or remove the list

Be sure to select OK to close this dialog box and return to the Add Exported File System dialog box

12 Select OK in the Add Exported File System dialog box This dialog box closes

13 Select Actions->Enable NFS Server

14 Select File->Exit

Configuring NFS (Tru64 UNIX)

Use the following procedure to configure an NFS Server on a Tru64 UNIX system

1 Log in as superuser (root)

2 Invoke the SysMan Menu

3 Select Networking

4 Select Configure Additional Network Services

5 Select Network File System (NFS)

Network Administration

Networked File Systems Configuration

6 Select Configure system as an NFS Server The Configure NFS Server main window opens

7 Enter the Number of TCP (Transmission Control Protocol) Server Threads to be run

8 Enter the Number of UDP (User Datagram Protocol) Server Threads to be run

9 Optionally select Enable Property List Daemon to configure the daemon

10 Optionally select Enable Locking if you want to specify locking configuration

11 Set the Enable PC NFS daemon to on if PC NFS daemon should be enabled to handle NFS requests from PCs

12 Select Allow Nonroot Mounts to let users other than root mount the file systems

13 Select Internet Address Verification to enable verification of IP addresses

14 Select Internet Address Verification & Domain Checking to enable verification that the host requesting a mount or unmount operation is in the server's domain

15 Select Internet Address Verification & Subdomain Checking to on to enable verification that the host requesting a mount or unmount operation is in the server's subdomain

Network Administration

Networked File Systems Configuration

16 Optionally select Share Local Directories to share directories on the local server with NFS client machines The Share Local Directories dialog box opens

This dialog box lists directories that are exported to NFS clients You can add a new entry as well as change or delete an existing entry

To add a name server:

Select Add The Add Name Server dialog box opens

Enter the Host Name of the name server

Enter the IP Address of the name server

Select OK The Add Name Server dialog box closes The list in the Name Server dialog box is updated

To add a directory:

a Select a directory in the list

Network Administration

Networked File Systems Configuration

b Select Add The Add Local Directory dialog box opens

c Enter the full path name of the directory in the Share this Directory field

d Select the Read/Write check box to give read and write access to the directory Here you can also specify that only selected users on client systems have access to the directory, or you can give

everyone Read/Write access by selecting All Be sure to select Add to

e Select the Read-Only check box to give read-only privilege to those hosts listed in Selected Hosts with Access Here you can also specify that only selected users on client systems have read-only access to the directory, or you can give everyone Read/Write access by selecting All

f Select OK The Add Local Directory dialog box closes The list in the Share Local Directory dialog box

is updated

To modify an existing entry:

a Select a directory in the list

b Select Modify The Modify Local Directory dialog box opens

c Edit the fields as necessary

d Select OK The Modify Local Directory dialog box closes

To delete an entry:

a Select a directory in the list

b Select Delete A confirmation dialog box opens

c Select Yes The confirmation dialog box closes The list of shared directories is updated

17 Select OK The Add/Modify Share Local Directory dialog box closes

18 The Share Local Directory dialog box closes

Network Administration

Network Information Service Configuration

Network Information Service Configuration

Network Information Service (NIS) allows you to administer the configuration of many hosts from a central location Common configuration information, which would have to be maintained separately on each host in a network without NIS, can be stored and maintained in a central location and propagated to all the nodes in the network Earlier versions of NIS were called YP (for Yellow Pages)

By default, NIS manages the following configuration files:

The information in these files is put into NIS databases automatically when you create an NIS master server Other system files may be managed by NIS, if you wish to customize your configuration

Structure of the NIS Network

/etc/hosts The file that maps internet addresses to host

names

/etc/passwd This file contains a list of the users on your system,

along with their passwords, home directories, and other information

/etc/group This file is a list of groups of users

/etc/netgroup This file is a list of NFS netgroups, which are

groups of host names or user names used for allowing or denying access to systems and services

/etc/services This file associates network services with their

port numbers and protocols

/etc/protocols This file associates network protocols with protocol

/etc/auto_master This file is an NFS automounter map that lists the

direct and indirect automounter maps and their mount points

/etc/mail/aliases This file is a list of sendmail aliases

/etc/publickey This file is a list of secure RPC encryption keys

/etc/netid This file is a list of secure RPC netnames

(unix.UID@domainname or

unix.hostname@domainname) for users and hosts

outside your NIS domain

Network Administration

Network Information Service Configuration

NIS Structure

The center of the NIS network is the NIS master server When you create an NIS master server, the

configuration files on that host are used to create NIS maps, which are hashed database versions of the configuration files After the NIS network is set up, any changes to the maps must be made on the master server

In addition to the master server, you can create backup servers, called NIS slave servers, to take some load off the master server and to substitute for the master server when it is down When you create an NIS slave server, the maps on the master server are transferred to the slave server Whenever a change is made to a map on the master server, the modified map must be transferred to the slave servers

Typically, all the hosts in the network, including the master and slave servers, are NIS clients Whenever a process on an NIS client requests configuration information, it calls NIS instead of looking in its local configuration files (For group and password information and mail aliases, the /etc files may be consulted first, and NIS may be consulted if the requested information is not found in the /etc files.)

The set of maps shared by the servers and clients is called the NIS domain The master copies of the maps are located on the NIS master server Each slave server has an identical directory containing the same set of maps

When a client starts up, it broadcasts a request for a server that serves its domain Any server that has the set of maps for the client's domain may answer the request The client binds to the first server to answer its request, and that server answers all its NIS queries

Configuring NIS (HP-UX)

Use the following procedure to configure NIS on an HP-UX system:

1 Log in as superuser (root)

2 Invoke SAM

3 Select the Networking and Communications icon

Network Administration

Network Information Service Configuration

4 Select the NIS icon The NIS Configuration dialog box opens

5 Select Actions->Configure Master Server The Configure Master Server dialog box opens

6 Enter the Domain Name

7 You can add, modify, or remove a slave system

To add a slave system:

Network Administration

Network Information Service Configuration

b Select Specify Slave Servers The Specify Slave Servers dialog box opens

c Select Slave’s Host Name The Host Name dialog box opens

d Select a host name from the list on the Host Name dialog box and select OK The Host name dialog box closes

e Select Add The list is updated

To modify a slave system:

a Select a slave system in the list The name appears in the field to the right of Slave’s Host Name

b Edit the host name in that field

c Select Modify The entry in the list is updated

To remove a slave system:

a Select a slave system in the list

Network Administration

Network Information Service Configuration

b Select Remove The list is updated

8 Select either Allow All Access or Allow Selected Access for the Access to Master Server option

Selecting Allow Selected Access exposes the Configure Selected Access button which opens the

Configure Selected Access dialog box

9 Select OK The Specify Slave Servers dialog box closes

10 Select the client listed on the Configure Master Server dialog box

11 Select Actions->Enable Client

12 Select File->Exit

Configuring NIS (Tru64 UNIX)

Follow this procedure to configure NIS on a Tru64 UNIX system:

1 Log in as superuser (root)

2 Ensure that the local system is connected to a local area network and that the network is configured and running

3 Copy the local /etc files that you intend to make into NIS maps for distribution into the /var/yp/src

directory

4 Optionally, create the /var/yp/src/mail.aliases file If you already have a

/var/adm/sendmail/aliases file on your local system, you can copy it to the /var/yp/src directory and edit it as necessary See the aliases(4) reference page for information on the format of this file

5 Optionally, create the /var/yp/src/netgroup file See the netgroup(4) reference page for information on the format of this file

6 Edit the /var/yp/Makefile file

If you are using the NIS master server to serve the /etc/auto.master and /etc/auto.home maps for Automount or AutoFS, remove the comment sign (#) from the beginning of each of the following lines.

#all: passwd group hosts networks rpc services protocols netgroup \

# aliases auto.home auto.master

7 Place a comment sign (#) in front of the following lines:

all: passwd group hosts networks rpc services protocols netgroup \

aliases

8 Invoke the SysMan Menu

9 Select Networking

10 Select Configure Additional Network Services

11 Select Configure Network Information Service (NIS) A terminal window opens and the nissetup utility is run

12 Enter c to continue The nissetup script describes nissetup

13 Press Return The nissetup explains the three types of systems in an NIS domain

14 Press Return

15 Enter and confirm your system's case-sensitive NIS domain name

16 Choose option 1 to indicate that you are configuring the master server The nissetup script explains that there can be only one master server configured for each NIS domain

17 Enter c and indicate whether or not you want to run the yppasswdd daemon The yppasswdd daemon should be run on the NIS master server

18 Indicate whether or not you intend to use enhanced security with NIS

19 Indicate whether or not you want your NIS maps to be maintained as btree files

Network Administration

Network Information Service Configuration

20 Enter the names of hosts that will be slave servers for this domain If you enter a host name that is not listed in the master server's /etc/hosts file, the nissetup script prompts you for its IP address

21 Enter the names of the SLAVE servers in the test_domain domain Press Return to terminate the list

22 The nissetup script displays the list of servers that you entered You can redo the list to correct errors or continue with the setup procedure

23 The nissetup script then creates the default NIS maps, displaying messages as it does

24 Indicate whether or not you want to use the -s security option

If you choose to run NIS with the -s option, the ypbind process runs in a secure mode It is best to use this option

25 Indicate whether or not you want to use the -S security option

It is best to use this option If you choose to run NIS with the -S option, you must enter the names of up to four NIS servers

If you enter the name of a server that is not listed in the system's /etc/hosts file, the nissetup script prompts for its IP address When you are done entering the list of servers, press Return on a blank Server name field and enter c to continue configuring NIS on your system

26 Indicate whether or not you want to allow ypset requests on your system

It is best to disallow all ypset requests Press Return to accept the default, and confirm you choice

27 Indicate whether or not you want your system to use all the NIS databases served by the master server

It is best to use all the NIS databases

If you choose to use all the NIS databases, the nissetup script edits the /etc/svc.conf file to include the string yp for each database It also edits the /etc/passwd and /etc/group files to include a plus sign followed

by a colon (+:) at the end of each file This enables your system to use NIS for each database listed This symbol enables the files to be distributed by NIS Continue with step 30

If you choose not to use all the NIS databases, enter n and continue with the next step

28 Indicate whether or not you want to add a plus sign followed by a colon (+:) to the end of the local

/etc/passwd or /etc/group files

For your system to use the NIS-served passwd database, group database, or both, +: must be the last line

in the file or files you want served by NIS This applies to the passwd and group databases only

NOTE The service order selection for the passwd and group databases is handled by the Security

Integration Architecture (SIA) If BSD is selected for passwd and group information in the /etc/sia/matrix.conf file, only the +: is required for your system to search NIS

29 Indicate whether or not you want the nissetup script to invoke the svcsetup script

If you answer no, the nissetup script continues You must edit the svc.conf file later if you want your system to use NIS to obtain database information other than passwd and group information

If you answer yes, the nissetup script invokes the svcsetup script, which allows you to modify the

database services selection file (the svc.conf file)

30 Indicate whether or not to start the NIS daemons automatically

All NIS commands and functions are prefixed by the letters yp; NIS+ commands and functions are prefixed

by the letters nis

NIS+ allows you to maintain configuration information for many hosts in a set of distributed databases You can read or modify these databases from any host in the network, if you have the proper credentials and access permissions Common configuration information, which would have to be maintained separately on each host in a network without NIS+, can be stored and maintained in a single location and propagated to all the hosts in the network

NIS+ has the following advantages over NIS:

• NIS+ supports a hierarchical domain structure called the NIS+ namespace You can create a separate domain for each workgroup or department in your organization Each domain can be managed

independently of the others Hosts in any domain may have access to information in all the other domains

in the namespace

• The NIS+ namespace can grow with your organization Because information may be distributed over multiple domains, each with its own servers, the size of the NIS+ namespace is not limited by the capacity

of any single server

• NIS+ is not limited by subnet boundaries NIS+ clients do not broadcast requests, so you do not need a server on every subnet

• NIS+ is secure It uses a private key/public key authentication scheme with DES encryption Every user and host in the namespace has its own unique credentials, and you can decide which users and hosts will

be allowed to read or modify the information in each NIS+ domain

• You can modify the information in an NIS+ table from any host in the namespace Modifications are made directly to the NIS+ table, so you do not have to rebuild the table from a file

• Replica servers in NIS+ domains receive each table update as it is made You do not have to push whole tables to the replica servers

• An NIS+ table may contain many columns, and you can search for entries based on the information in any column

NIS+ has the following disadvantages:

• NIS+ is difficult to administer It requires dedicated system administrators trained in NIS+

administration NIS+ administration is very different from NIS administration

• The NIS+ databases are not automatically backed up to flat files The system administrator must create and maintain a backup strategy for NIS+ databases, which includes dumping them to flat files and backing up the files

You can use SAM to configure NIS+ on an HP-UX system Configuration includes Adding Groups, Adding Tables, Changing Domains, and Setting Default Owner and Permissions See the HP-UX manual titled

Installing and Administering NFS Services for additional information.