1 #!/bin/sh 2 # 3 # CDDL HEADER START 4 # 5 # The contents of this file are subject to the terms of the 6 # Common Development and Distribution License (the "License"). 7 # You may not use this file except in compliance with the License. 8 # 9 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10 # or http://www.opensolaris.org/os/licensing. 11 # See the License for the specific language governing permissions 12 # and limitations under the License. 13 # 14 # When distributing Covered Code, include this CDDL HEADER in each 15 # file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16 # If applicable, add the following below this CDDL HEADER, with the 17 # fields enclosed by brackets "[]" replaced with your own identifying 18 # information: Portions Copyright [yyyy] [name of copyright owner] 19 # 20 # CDDL HEADER END 21 # 22 # 23 # Copyright 2006 Sun Microsystems, Inc. All rights reserved. 24 # Use is subject to license terms. 25 # 26 #ident "%Z%%M% %I% %E% SMI" 27 # 28 # nisserver -- script to setup NIS+ servers 29 30 nisplus_fmri=network/rpc/nisplus:default 31 32 # 33 # print_usage(): ask user if they want to see detailed usage msg. 34 # 35 print_usage() 36 { 37 echo 38 get_yesno " Do you want to see more information on this command? \\n\ 39 (type 'y' to get a detailed description, 'n' to exit)" 40 if [ $ANS = "n" -o $ANS = "N" ] 41 then 42 echo 43 return 1 44 else 45 print_more 46 fi 47 exit 1 48 } 49 50 51 52 # 53 # print_more(): print the usage message. 54 # 55 print_more() 56 { 57 more << EOF 58 USAGE: 59 o to set up root master server: 60 $PROG -r [-f] [-v] [-x] [-Y] [-d <NIS+_domain>] 61 [-g <NIS+_groupname>] [-l <NIS+_passwd>] 62 63 o to set up non-root master server: 64 $PROG -M [-f] [-v] [-x] [-Y] [-d <NIS+_domain>] 65 [-g <NIS+_groupname>] [-h <NIS+_server_host>] 66 67 o to set up replica server: 68 $PROG -R [-f] [-v] [-x] [-Y] [-d <NIS+_domain>] 69 [-h <NIS+_server_host>] 70 71 OPTIONS: 72 -d <NIS+_domain> 73 specifies the name for the NIS+ domain. The default is your 74 local domain. 75 76 -f forces the NIS+ server setup without prompting for confirmation. 77 78 -g <NIS+_groupname> 79 specifies the NIS+ group name for the new domain. This option is 80 not valid with "-R" option. The default group is admin.<domain>. 81 82 -h <NIS+_server_host> 83 specifies the hostname for the NIS+ server. It must be a 84 valid host in the local domain. Use a fully qualified 85 hostname (for example, hostx.xyz.sun.com.) to specify a host 86 outside of your local domain. The default for non-root master 87 server setup is to use the same list of servers as the parent 88 domain. The default for replica server setup is the local 89 hostname. This option is *ONLY* used for non-root master or 90 replica servers setup. 91 92 -l <network_password> 93 specifies the network password with which to create the 94 credentials for the root master server. This option is *ONLY* 95 used for master root server setup (-r). If this option is not 96 specified, this script will prompt you for the login password. 97 98 -M sets up the specified host as a non-root master server. 99 Make sure that rpc.nisd(1M) is running on the new master server 100 before this command is executed. 101 102 -R sets up the specified host as a replica server. Make sure that 103 rpc.nisd(1M) is running on the new replica server. 104 105 -r sets up the server as a root master server. Use the -R option 106 to set up a root replica server. 107 108 -v runs this script in verbose mode. 109 110 -x turns the "echo" mode on. This script just prints the commands 111 that it would have executed. The commands are printed with 112 leading "+++". Note that the commands are not actually executed. 113 The default is off. 114 115 -Y sets up an NIS+ server with NIS-compatibility mode. The default 116 is to set up the server without NIS-compatibility mode. 117 EOF 118 } 119 120 121 122 # 123 # print MR usage 124 # 125 print_MRr_usage() 126 { 127 if [ "$ERRMRr_OPTION" = "$MRr_OPTION" ] 128 then 129 echo "**WARNING: You have specified the '$MRr_OPTION' option twice." 130 return 0 131 fi 132 echo 133 echo "**ERROR: You have specified the '$ERRMRr_OPTION' option after" 134 echo " having selected the '$MRr_OPTION' option." 135 echo "Please select only one of these options: '-M', '-R', or '-r'." 136 print_usage 137 exit 1 138 } 139 140 141 142 # 144 # Generic Routines: 145 # ----------------- 146 # 147 # This section contains general routines. 148 # get_ans() - prompts the message and waits for an input 149 # get_yesno() - prompts the message and waits for a y or n answer 150 # restart_process() 151 # - kills and starts a specified process 152 # kill_process() - kills a specified process 153 # check_dot() - check if the argument ends with a dot 154 # check_host() - check if the hostname specified is a valid one 155 # tolower(): converts upper to lower case. 156 # 157 158 # 159 # get_ans(): gets an asnwer from the user. 160 # $1 instruction/comment/description/question 161 # $2 default value 162 # 163 get_ans() 164 { 165 if [ -z "$2" ] 166 then 167 echo "$1 \c" 168 else 169 echo "$1 [$2] \c" 170 fi 171 read ANS 172 if [ -z "$ANS" ] 173 then 174 ANS=$2 175 fi 176 } 177 178 179 180 ########## get_yesno constants: 181 ## 182 ## There are two very common phrases passed to get_yesno: 183 ## These have been parameterized to provide "ease of use". 184 ## Thus, there are three message "types" which are possible: 185 ## --$CONTINUE: "Do you want to continue? (type 'y' to continue, 'n' to exit this script)" 186 ## --$CONFIRM: "Is this information correct? (type 'y' to accept, 'n' to change)" 187 ## --actual string is passed. 188 ## 189 ## If the message is $CONTINUE, get_yesno will exit if the response is no. 190 ## 191 ########### 192 CONTINUE=2 193 CONFIRM=1 194 # 195 # get_yesno(): get the yes or no answer. 196 # $1 message type or message. 197 # 198 # 199 # 200 get_yesno() 201 { 202 ANS="X" 203 204 case $1 in 205 $CONTINUE ) 206 INFOTEXT="Do you want to continue? (type 'y' to continue, 'n' to exit this script)" 207 ;; 208 $CONFIRM ) 209 INFOTEXT="Is this information correct? (type 'y' to accept, 'n' to change)" 210 ;; 211 *) INFOTEXT="$1" 212 ;; 213 esac 214 215 while [ "$ANS" != "y" -a "$ANS" != "n" -a "$ANS" != "Y" -a "$ANS" != "N" ] 216 do 217 get_ans "$INFOTEXT" "" 218 done 219 220 if [ "$1" = "$CONTINUE" ]; then 221 if [ $ANS = "n" -o $ANS = "N" ] 222 then 223 exit 224 fi 225 fi 226 227 } 228 229 230 231 # 232 # check_dot(): checks if the argument specified ends with a dot. 233 # $1 argument to be checked 234 # 235 check_dot() 236 { 237 if [ "`echo $1 | sed -e 's/.*\(.\)$/\1/'`" != "." ] 238 then 239 return 1 240 fi 241 return 0 242 } 243 244 245 246 # 247 # check_host(): checks if the host specified is in the credential table of 248 # the its domain. If it's a valid host, then it'll assign the host 249 # principal name to HOSTPRINC. 250 # $1 host name (this can be a fully qualified name) 251 # 252 check_host() 253 { 254 if [ -z "$1" ] 255 then 256 return 1 257 fi 258 259 if check_dot $1; 260 then 261 HOSTPRINC=$1 262 MESS="principal" 263 LDOM=`echo $1 | sed -e 's/[^\.]*\.\(.*\)$/\1/'` 264 else 265 LDOM=`nisdefaults -d` 266 HOSTPRINC=$1.$LDOM 267 MESS="host" 268 fi 269 270 nismatch $HOSTPRINC cred.org_dir.$LDOM > /dev/null 271 if [ $? -eq 0 ] 272 then 273 return 1 274 fi 275 echo "**ERROR: the principal name for host $1 is not defined in domain" 276 echo "\"$LDOM\". You must either add the credential for host $1" 277 echo "in domain \"$LDOM\" or specify a fully qualified hostname (with" 278 echo "the ending dot \".\") if the principal name is defined in a" 279 echo "different domain. Use nisclient -c to create the host credential." 280 return 0 281 } 282 283 284 285 # 286 # tolower_single(): converts upper to lower case and single token. 287 # Single token means the first token if the argument contains "." 288 # dots as in the fully qualified hostname. 289 # $1 string to convert 290 # 291 tolower_single() 292 { 293 echo "$1" | tr '[A-Z]' '[a-z]' | cut -d. -f1 294 } 295 296 297 298 # 299 # tolower(): converts upper to lower case. 300 # $1 string to convert 301 # 302 tolower() 303 { 304 echo "$1" | tr '[A-Z]' '[a-z]' 305 } 306 307 308 # 309 # smf(5) routines 310 # restart_instance() - restart instance or enable if not enabled 311 # 312 313 # 314 # restart_instance [-t] instance_fmri 315 # 316 restart_instance() { 317 if [ "$1" = "-t" ]; then 318 flag=-t 319 shift 320 else 321 flag= 322 fi 323 324 if [ "`/usr/bin/svcprop -p restarter/state $1`" = "disabled" ]; 325 then 326 /usr/sbin/svcadm enable $flag $1 327 else 328 /usr/sbin/svcadm restart $1 329 fi 330 } 331 332 # 334 # Common Routines: 335 # --------------- 336 # 337 # This section contains common routines for master and replica setups for 338 # root and non-root domains. 339 # init() - initializes all the variables 340 # parse_arg() - parses the command line arguments 341 # get_security() - gets the security information 342 # update_info() - updates the setup information 343 # print_info() - prints the setup information 344 # confirm() - confirms the setup information 345 # setup_domain() - sets up the domain 346 # setup_switch() - sets up the switch 347 # nis_server() - get the server's name for a domain 348 # is_server() - checks if the specified host is already a server 349 # for current domain $DOM. 350 # check_perm() - checks for the write permission for an object 351 # nis_chown() - changes the owner for a domain 352 353 354 # 355 # init(): initializes variables and options 356 # 357 init() 358 { 359 360 PROG=`basename $0` 361 VERB='> /dev/null' # NULL or "> /dev/null" 362 ECHO="eval" # eval or echo 363 BACKUP=no_nisplus # backup suffix 364 DOM=`nisdefaults -d` # domainname with DOT 365 NODOT=`echo $DOM | sed -e "s/\.$//"` 366 # domainname without DOT 367 SEC=2 # 2=DES or 3=RSA 368 ACTION="" # master or replica 369 ROOT="nonroot" # nonroot or root 370 FORCE="" # NULL or TRUE 371 GROUP="" # NULL or <group-name> 372 HOST="" # NULL or <hostname> 373 YP="" # NULL or -Y 374 DEFSEC=2 # default security 375 ## The following variable allows for variation in a specific user message: 376 WITHOUT="without" # without YP compatibility 377 378 OS=`uname -r | cut -d. -f1` 379 OSVER=`uname -r | cut -d. -f2` 380 LOCALHOST=`uname -n` 381 PATH=/usr/lib/nis:/usr/sbin:/usr/bin:/usr/lib/netsvc/yp:$PATH; export PATH 382 LOCALHOST=`tolower_single $LOCALHOST` 383 } 384 385 386 387 # 388 # parse_arg(): parses the input arguments. 389 # It returns the number to be shift in the argument list. 390 # 391 parse_arg() 392 { 393 while getopts "d:fg:h:l:MRrvxY" ARG 394 do 395 case $ARG in 396 d) if [ "`echo $OPTARG | sed -e 's/.*\(.\)$/\1/'`" != "." ] 397 then 398 NODOT=$OPTARG 399 DOM=${NODOT}. 400 else 401 DOM=$OPTARG 402 NODOT=`echo $DOM | sed -e "s/\.$//"` 403 fi ;; 404 f) FORCE="TRUE";; 405 g) if [ "`echo $OPTARG | sed -e 's/.*\(.\)$/\1/'`" != "." ] 406 then 407 echo "**ERROR: you must specify a fully qualified groupname." 408 exit 1 409 fi 410 GROUP=$OPTARG;; 411 h) HOST=$OPTARG;; 412 l) PASSWD="-l $OPTARG";; 413 414 M) if [ -z "$ACTION" ] 415 then 416 ACTION="master" 417 MRr_OPTION="-M" 418 else 419 ERRMRr_OPTION="-M" 420 print_MRr_usage 421 fi;; 422 R) if [ -z "$ACTION" ] 423 then 424 ACTION="replica" 425 MRr_OPTION="-R" 426 else 427 ERRMRr_OPTION="-R" 428 print_MRr_usage 429 fi;; 430 r) ROOT="root" 431 if [ -z "$ACTION" ] 432 then 433 ACTION="master" 434 MRr_OPTION="-r" 435 else 436 ERRMRr_OPTION="-r" 437 print_MRr_usage 438 fi;; 439 v) VERB="";; 440 x) ECHO="echo +++";; 441 Y) YP="-Y" 442 WITHOUT="with";; 443 \?) print_usage 444 exit 1;; 445 *) echo "**ERROR: Should never get to this point!!!!!" 446 print_usage 447 exit 1;; 448 esac 449 done 450 return `expr $OPTIND - 1` 451 } 452 453 454 455 # 456 # check_rootgrp(): check if the group name specified is an valid group for 457 # root master server setup. 458 # $1 the groupname to be checked 459 # 460 check_rootgrp() 461 { 462 if [ ! -z "$1" ] 463 then 464 if [ $ROOT = "root" ] 465 then 466 GDOM=`expr "$1" : '[^\.]*\.\(.*\)'` 467 if [ "`tolower $GDOM`" != "`tolower $DOM`" ] 468 then 469 return 1 470 fi 471 fi 472 fi 473 } 474 475 476 477 # 478 # check_domainname(): check validity of a domain name. Currently we check 479 # that it has at least two components. 480 # $1 the domain name to be checked 481 # 482 check_domainname() 483 { 484 if [ ! -z "$1" ] 485 then 486 t=`expr "$1" : '[^.]\{1,\}[.][^.]\{1,\}'` 487 if [ "$t" = 0 ] 488 then 489 echo '**ERROR: invalid domain name ('$1')' 490 echo ' It must have at least two components.' 491 echo ' For example, "company.com.".' 492 print_usage 493 exit 1 494 fi 495 fi 496 } 497 498 499 500 # 501 # get_security(): gets the security information 502 # 503 get_security() 504 { 505 while [ /bin/true ] 506 do 507 get_ans "Security level (2=DES, 3=RSA):" $SEC 508 VALUE=`expr "$ANS" : "\([23]\)"` 509 if [ -z "$VALUE" -o "$VALUE" -lt 2 -o "$VALUE" -gt 3 ] 510 then 511 echo "**ERROR: invalid security level." 512 echo " It must be either 2 or 3." 513 else 514 SEC=$VALUE 515 break 516 fi 517 done 518 SEC=$ANS 519 } 520 521 522 523 # 524 # update_info(): updates the information. 525 # 526 update_info() 527 { 528 echo "" 529 # ...domainname 530 get_ans "Domain name:" $DOM 531 if [ "`echo $ANS | sed -e 's/.*\(.\)$/\1/'`" != "." ] 532 then 533 NODOT=$ANS 534 DOM=${NODOT}. 535 else 536 DOM=$ANS 537 NODOT=`echo $DOM | sed -e "s/\.$//"` 538 fi 539 540 # ...host name 541 if [ $ACTION = "replica" ] 542 then 543 while [ /bin/true ] 544 do 545 get_ans "NIS+ Hostname:" $HOST 546 if [ "$HOST" = "$ANS" ] 547 then 548 break 549 fi 550 if check_host $ANS; 551 then 552 HOST=$ANS 553 break 554 fi 555 done 556 elif [ $ROOT = "nonroot" ] 557 then 558 DEFAULT=${HOST:-"(use ${PAR_DOM} servers)"} 559 while [ /bin/true ] 560 do 561 get_ans "NIS+ Hostname:" "$DEFAULT" 562 if [ "$ANS" = "$DEFAULT" ] 563 then 564 break 565 fi 566 if check_host $ANS; 567 then 568 HOST=$ANS 569 break 570 fi 571 done 572 fi 573 574 # ...group name 575 if [ $ACTION = "master" ] 576 then 577 DEFAULT=${GROUP:-admin.$DOM} 578 while [ /bin/true ] 579 do 580 get_ans "NIS+ group:" $DEFAULT 581 if [ "$ANS" != "$DEFAULT" ] 582 then 583 if check_dot $ANS; 584 then 585 if check_rootgrp $ANS; 586 then 587 GROUP=$ANS 588 break 589 fi 590 echo "**ERROR: invalid group name." 591 echo " It must be a group in the $DOM domain." 592 continue 593 fi 594 echo "**ERROR: NIS+ group name must end with a \".\"." 595 else 596 break 597 fi 598 done 599 fi 600 601 # ...YP compatibility 602 if [ $ACTION = "master" ] 603 then 604 DEFAULT=1 605 if [ -z "$YP" ] 606 then 607 DEFAULT=0 608 fi 609 ANS=2 610 while [ $ANS -ne 0 -a $ANS -ne 1 ] 611 do 612 get_ans "NIS (YP) compatibility (0=off, 1=on):" $DEFAULT 613 done 614 if [ $ANS -eq 1 ] 615 then 616 YP="-Y" 617 echo "" 618 else 619 YP="" 620 fi 621 fi 622 } 623 624 # 625 # print_info(): prints the information on the screen. 626 # 627 print_info() 628 { 629 # ...domainname 630 echo "Domain name : $DOM" 631 632 # ...hostname 633 if [ $ACTION = "replica" ] 634 then 635 USE_HOST=TRUE 636 echo "NIS+ server : $HOST" 637 elif [ $ROOT = "nonroot" ] 638 then 639 USE_HOST=TRUE 640 echo "NIS+ server : "${HOST:-"(use $PAR_DOM servers)"} 641 fi 642 643 # ...admin group 644 if [ $ACTION = "master" ] 645 then 646 MESS="admin.$DOM" 647 echo "NIS+ group : ${GROUP:-$MESS}" 648 fi 649 650 # ...YP compatibility 651 if [ $ACTION = "master" ] 652 then 653 MESS=ON 654 if [ -z "$YP" ] 655 then 656 MESS="OFF" 657 fi 658 echo "NIS (YP) compatibility : $MESS" 659 fi 660 661 # ...security level 662 if [ $ACTION = "master" ] 663 then 664 case $SEC in 665 0) MESS="0=NO_SEC";; 666 1) MESS="1=SYS";; 667 2) MESS="2=DES";; 668 3) MESS="3=RSA";; 669 *) MESS="INVALID";; 670 esac 671 echo "Security level : $MESS" 672 fi 673 } 674 675 676 677 # 678 # confirm(): asks for user confirmation. If declined, then it will step 679 # the user through a question answer session. 680 # 681 confirm() 682 { 683 while [ /bin/true ] 684 do 685 echo "" 686 print_info 687 echo "" 688 689 get_yesno $CONFIRM 690 if [ $ANS = "y" -o $ANS = "Y" ] 691 then 692 return 693 fi 694 695 update_info 696 done 697 } 698 699 700 701 # 702 # setup_domain(): sets up "domainname" and "/etc/defaultdomain" with the 703 # specified domain information. 704 # 705 setup_domain() 706 { 707 echo "setting up domain information \"$DOM\" ..." 708 if [ `nisdefaults -d` != $DOM ] 709 then 710 # NODOT is used to support 4.x YP clients 711 $ECHO domainname $NODOT 712 if [ ! -f /etc/defaultdomain.$BACKUP ] 713 then 714 $ECHO mv /etc/defaultdomain /etc/defaultdomain.$BACKUP 715 fi 716 $ECHO "domainname > /etc/defaultdomain" 717 fi 718 echo "" 719 } 720 721 722 723 # 724 # setup_switch(): copies the nisplus switch configuration file to 725 # nsswitch.conf. 726 # 727 setup_switch() 728 { 729 if [ $OS -eq 5 ] 730 then 731 echo "setting up switch information ..." 732 diff /etc/nsswitch.conf /etc/nsswitch.nisplus > /dev/null 733 if [ $? -eq 0 ] 734 then 735 eval "echo switch configuration file already set to use NIS+. $VERB" 736 restart_instance network/rpc/keyserv:default 737 echo "" 738 return 739 fi 740 741 if [ ! -f /etc/nsswitch.conf.$BACKUP ] 742 then 743 $ECHO mv /etc/nsswitch.conf /etc/nsswitch.conf.$BACKUP 744 fi 745 $ECHO cp /etc/nsswitch.nisplus /etc/nsswitch.conf 746 echo "" 747 fi 748 749 $ECHO "rm -f /etc/.rootkey > /dev/null" 750 restart_instance network/rpc/keyserv:default 751 } 752 753 754 755 # 756 # nis_server(): returns the master server for specified domain. 757 # $1 domain 758 # 759 nis_server() 760 { 761 niscat -M -o $1 > /tmp/$PROG.$$ 762 if [ $? -ne 0 ] 763 then 764 rm -f /tmp/$PROG.$$ > /dev/null 765 exit 1 766 fi 767 ALLSERVERS="" 768 exec < /tmp/$PROG.$$ 769 while read LINE 770 do 771 EA=`echo $LINE | sed -n -e "s/^Name : \([^\'].*\)/\1/p"` 772 if [ ! -z "$EA" ] 773 then 774 ALLSERVERS="${ALLSERVERS} $EA" 775 fi 776 done 777 exec < /dev/tty 778 GROUPSERVER=`sed -n -e "s/Group[ ]*: //p" /tmp/$PROG.$$` 779 MASTER_SERVER=`echo $ALLSERVERS | cut -d' ' -f1` 780 rm -f /tmp/$PROG.$$ > /dev/null 781 eval "echo nis_servers: ALLSERVERS=$ALLSERVERS ... $VERB" 782 } 783 784 785 786 # 787 # is_server(): checks if the specified host is already a server for 788 # current domain $DOM. 789 # $1 server principal 790 # 791 is_server() 792 { 793 V1=`tolower $1` 794 for EA in $ALLSERVERS 795 do 796 if [ "$V1" = "`tolower $EA`" ] 797 then 798 return 0 799 fi 800 done 801 return 1 802 } 803 804 805 806 # 807 # check_perm(): checks if we have write permission to the NIS+ object 808 # This should be replaced with nisaccess command when it's available 809 # $1 the table to be checked. 810 # 811 check_perm() 812 { 813 if [ "$ECHO" = "echo" ] 814 then 815 return 816 fi 817 818 eval "echo checking $1 permission ... $VERB" 819 MYPRINC=`nisdefaults -p` 820 if [ $MYPRINC = "nobody" ] 821 then 822 if nistest -a n=c $1; 823 then 824 return 825 else 826 return 1 827 fi 828 fi 829 830 DUMMY=`nisls -ld $1` 831 if [ $? -ne 0 ] 832 then 833 exit 1 834 fi 835 OWN=`echo $DUMMY | cut -d" " -f3` 836 if [ "$OWN" = $MYPRINC ] 837 then 838 if nistest -a o=c $1; 839 then 840 return 841 else 842 return 1 843 fi 844 fi 845 846 DUMMY=`nisls -ldg $1` 847 if [ $? -ne 0 ] 848 then 849 exit 1 850 fi 851 OWN=`echo $DUMMY | cut -d" " -f3` 852 if [ ! -z "$OWN" ] 853 then 854 if nisgrpadm -t -s "$OWN" $MYPRINC; 855 then 856 if nistest -a g=c $1; 857 then 858 return 859 else 860 return 1 861 fi 862 fi 863 fi 864 865 if nistest -a w=c $1; 866 then 867 return 868 else 869 return 1 870 fi 871 } 872 873 874 875 # 876 # nis_chown(): changes the owner for the entire domain specified. 877 # $1 the new owner's principal 878 # $2 the domain 879 # 880 nis_chown() 881 { 882 if [ "$ECHO" = "echo" ] 883 then 884 return 885 fi 886 887 nisls org_dir.$2 > /tmp/${PROG}_nisls.$$ 888 sed -e "1d" -e "s/^\(.*\)/nischown $1 \1.org_dir.$2/" \ 889 /tmp/${PROG}_nisls.$$ > /tmp/${PROG}_chown.$$ 890 chmod +x /tmp/${PROG}_chown.$$ 891 /tmp/${PROG}_chown.$$ 892 rm -f /tmp/${PROG}_chown.$$ /tmp/${PROG}_nisls.$$ > /dev/null 893 $ECHO nischown $1 org_dir.$2 groups_dir.$2 $2 894 } 895 896 897 898 # 899 # setup_properties(): modifies repository properties such that we run 900 # with the proper options. 901 # $* list of servers 902 # 903 setup_properties() 904 { 905 if [ ! -z "$YP" -o "$SEC" -ne $DEFSEC ]; then 906 if [ -z "$YP" ]; then 907 eval "echo YP emulation disabled ... $VERB" 908 emulyp_active=`/usr/bin/svcprop -p \ 909 application/emulate_yp $nisplus_fmri` 910 [ $? != 0 ] || \ 911 if [ "$emulyp_active" = "true" ]; then 912 /usr/sbin/svccfg -s $nisplus_fmri \ 913 setprop application/emulate_yp = \ 914 boolean: false 915 fi 916 else 917 eval "echo YP emulation enabled ... $VERB" 918 echo "" 919 if /usr/bin/svcprop -q -p application $nisplus_fmri; 920 then :; else 921 /usr/sbin/svccfg -s $nisplus_fmri \ 922 addpg application application 923 fi 924 /usr/sbin/svccfg -s $nisplus_fmri \ 925 setprop application/emulate_yp = boolean: true 926 fi 927 928 if [ "$SEC" -ne $DEFSEC ]; then 929 eval "echo setting security to $SEC ... $VERB" 930 if /usr/bin/svcprop -q -p application $nisplus_fmri; 931 then :; else 932 /usr/sbin/svccfg -s $nisplus_fmri \ 933 addpg application application 934 fi 935 /usr/sbin/svccfg -s $nisplus_fmri \ 936 setprop application/security = count: $SEC 937 else 938 eval "echo using default security ... $VERB" 939 /usr/sbin/svccfg -s $nisplus_fmri \ 940 delprop application/security 941 fi 942 fi 943 944 # Finally, make nis_cachemgr run with -i for the duration of the 945 # current OS instantiation. 946 # 947 # Create application_ovr property group. Suppress 948 # errors as it may already exist. 949 # 950 if /usr/bin/svcprop -q -p application_ovr $nisplus_fmri; then :; else 951 /usr/sbin/svccfg -s $nisplus_fmri \ 952 addpg application_ovr application P 953 fi 954 /usr/sbin/svccfg -s $nisplus_fmri \ 955 setprop application_ovr/clear_cache = boolean: true 956 957 /usr/sbin/svcadm refresh network/rpc/nisplus:default 958 } 959 960 961 # 963 # root master setup Routine: 964 # ------------------------- 965 # 966 # This section contains the routine to setup a ROOT master server. 967 # NOTE: you can only configure your local machine as a root master. You 968 # cannot configure other machines across the net. 969 # root_master() - sets up the local machine as a root master server 970 # 971 972 # 973 # root_master(): sets up a the local machine as the root master server. 974 # 975 root_master() 976 { 977 WHO=`id | sed -e "s/uid=[0-9]*(\([^ )]*\)).*/\1/"` 978 if [ $WHO != "root" ] 979 then 980 echo "This script must be run as root ..." 981 exit 1 982 fi 983 984 if [ ! -z "$HOST" -a "`tolower_single $HOST`" != "$LOCALHOST" ] 985 then 986 echo "**ERROR: you cannot set up $HOST remotely." 987 echo " To set up $HOST as an NIS+ root master server, run" 988 echo " nisserver on $HOST." 989 exit 1 990 fi 991 HOST=$LOCALHOST 992 993 if [ -z "$SEC" ] # NOTE: This conditional currently always false 994 then 995 echo "" 996 echo "You must specify the security level:" 997 eval "echo get security info ... $VERB" 998 get_security 999 echo "" 1000 fi 1001 1002 echo "This script sets up this machine \"$LOCALHOST\" as an NIS+" 1003 echo "root master server for domain $DOM." 1004 1005 if [ -z "$FORCE" ] 1006 then 1007 confirm 1008 else 1009 echo "" 1010 print_info 1011 fi 1012 1013 echo "" 1014 echo "This script will set up your machine as a root master server for" 1015 echo "domain $DOM $WITHOUT NIS compatibility at security level 2." 1016 echo "" 1017 if [ -f /var/nis/NIS_COLD_START ] 1018 then 1019 echo "WARNING: this script removes directories and files" 1020 echo "related to NIS+ under /var/nis directory with the" 1021 echo "exception of the client_info NIS_COLD_START file which" 1022 echo "will be renamed to <file>.${BACKUP}. If you want to save" 1023 echo "these files, you should abort from this script now to" 1024 echo "save these files first." 1025 echo "" 1026 if [ -d /var/nis/data ] 1027 then 1028 echo "WARNING: once this script is executed, you will not be able to" 1029 echo "restore the existing NIS+ server environment. However, you can" 1030 echo "restore your NIS+ client environment using \"nisclient -r\"" 1031 echo "with the proper domain name and server information." 1032 else 1033 echo "Use \"nisclient -r\" to restore your NIS+ client environment." 1034 fi 1035 echo "" 1036 else 1037 echo "Use \"nisclient -r\" to restore your current network service environment." 1038 echo "" 1039 fi 1040 1041 if [ -z "$FORCE" ] 1042 then 1043 get_yesno $CONTINUE 1044 echo "" 1045 fi 1046 1047 setup_domain 1048 1049 setup_switch 1050 1051 eval "echo killing NIS and NIS+ processes ... $VERB" 1052 /usr/sbin/svcadm disable network/nis/client 1053 /usr/sbin/svcadm disable -t network/rpc/nisplus 1054 eval "echo stopping nscd ... $VERB" 1055 /usr/sbin/svcadm disable -t system/name-service-cache 1056 eval "echo '' $VERB" 1057 1058 eval "echo setup NIS_GROUP environment variable ... $VERB" 1059 GROUP=${GROUP:-admin.$DOM} 1060 $ECHO "NIS_GROUP=$GROUP; export NIS_GROUP" 1061 eval "echo '' $VERB" 1062 1063 # Save NIS_COLD_START file 1064 if [ -f /var/nis/NIS_COLD_START ] 1065 then 1066 $ECHO cp /var/nis/NIS_COLD_START /var/nis/NIS_COLD_START.$BACKUP 1067 fi 1068 1069 eval "echo rm /var/nis files ... $VERB" 1070 $ECHO "rm -f /var/nis/NIS_COLD_START > /dev/null" 1071 $ECHO "rm -f /var/nis/NIS_SHARED_DIRCACHE > /dev/null" 1072 $ECHO "rm -f /var/nis/.NIS_PRIVATE_DIRCACHE > /dev/null" 1073 $ECHO "rm -f /var/nis/client_info > /dev/null" 1074 $ECHO "rm -f /var/nis/.pref_servers > /dev/null" 1075 $ECHO "rm -f /var/nis/trans.log > /dev/null" 1076 $ECHO "rm -f /var/nis/data.dict* > /dev/null" 1077 $ECHO "rm -rf /var/nis/data > /dev/null" 1078 eval "echo '' $VERB" 1079 1080 echo "running nisinit ..." 1081 $ECHO "nisinit -r" 1082 if [ $? -ne 0 ] 1083 then 1084 echo "**ERROR: it failed to initialize the root server." 1085 exit 1 1086 fi 1087 echo "" 1088 1089 echo "starting root server at security level 0 to create credentials..." 1090 $ECHO "rpc.nisd -S 0" 1091 echo "" 1092 sleep 2 1093 1094 echo "running nissetup to create standard directories and tables ..." 1095 $ECHO "nissetup $YP" 1096 if [ $? -ne 0 ] 1097 then 1098 echo "**ERROR: it failed to create the tables." 1099 exit 1 1100 fi 1101 if [ $OS -ne 5 -o $OSVER -lt 3 ] 1102 then 1103 $ECHO "nischmod n+r cred.org_dir.$DOM" 1104 fi 1105 echo "" 1106 1107 echo "adding credential for $HOST.$DOM.." 1108 case $SEC in 1109 2) $ECHO "nisaddcred $PASSWD des > /dev/null";; 1110 3) $ECHO "nisaddcred $PASSWD rsa > /dev/null";; 1111 *) ;; 1112 esac 1113 if [ $? -ne 0 ] 1114 then 1115 echo "**ERROR: it failed to add the credential for root." 1116 exit 1 1117 fi 1118 sleep 1 1119 1120 echo "" 1121 echo "creating NIS+ administration group: ${GROUP} ..." 1122 $ECHO "nisgrpadm -c $GROUP > /dev/null" 1123 if [ $? -ne 0 ] 1124 then 1125 echo "**WARNING: failed to create the $GROUP group." 1126 echo " You will need to create this group manually:" 1127 echo " 1. /usr/bin/nisgrpadm -c $GROUP" 1128 echo " 2. /usr/bin/nisgrpadm -a $GROUP $HOST.$DOM" 1129 else 1130 echo "adding principal ${HOST}.${DOM} to $GROUP ..." 1131 $ECHO "nisgrpadm -a $GROUP ${HOST}.${DOM} > /dev/null" 1132 if [ $? -ne 0 ] 1133 then 1134 echo "**WARNING: failed to add new member $HOST.$DOM into" 1135 echo "the $GROUP group." 1136 echo " You will need to add this member manually:" 1137 echo " 1. /usr/bin/nisgrpadm -a $GROUP $HOST.$DOM" 1138 fi 1139 fi 1140 echo "" 1141 1142 eval "echo updating the keys for directories ... $VERB" 1143 $ECHO "nisupdkeys $DOM > /dev/null" 1144 if [ $? -ne 0 ] 1145 then 1146 echo "WARNING: nisupdkeys failed on directory $DOM" 1147 echo " You will need to run nisupdkeys manually:" 1148 echo " 1. /usr/lib/nis/nisupdkeys $DOM" 1149 echo "" 1150 fi 1151 $ECHO "nisupdkeys org_dir.$DOM > /dev/null" 1152 if [ $? -ne 0 ] 1153 then 1154 echo "WARNING: nisupdkeys failed on directory org_dir.$DOM" 1155 echo " You will need to run nisupdkeys manually:" 1156 echo " 1. /usr/lib/nis/nisupdkeys org_dir.$DOM" 1157 echo "" 1158 fi 1159 $ECHO "nisupdkeys groups_dir.$DOM > /dev/null" 1160 if [ $? -ne 0 ] 1161 then 1162 echo "WARNING: nisupdkeys failed on directory groups_dir.$DOM" 1163 echo " You will need to run nisupdkeys manually:" 1164 echo " 1. /usr/lib/nis/nisupdkeys groups_dir.$DOM" 1165 echo "" 1166 fi 1167 eval "echo $VERB" 1168 1169 if [ $OS -ne 5 -o $OSVER -lt 3 ] 1170 then 1171 eval "echo change group owner for $DOM.. $VERB" 1172 $ECHO nischgrp $GROUP $DOM 1173 # ... g=rmcd is just a temporary fix for nisinit bug 1174 eval "echo add read access for nobody ... $VERB" 1175 $ECHO nischmod n+r,g=rmcd $DOM 1176 fi 1177 1178 pkill -z `/sbin/zonename` -x rpc.nisd 1179 1180 setup_properties 1181 1182 echo "restarting NIS+ root master server at security level $SEC ..." 1183 $ECHO /usr/sbin/svcadm enable network/rpc/nisplus 1184 1185 eval "echo starting Name Service Cache Daemon nscd ... $VERB" 1186 $ECHO /usr/sbin/svcadm enable system/name-service-cache 1187 1188 echo "" 1189 echo "This system is now configured as a root server for domain $DOM" 1190 echo "You can now populate the standard NIS+ tables by using the" 1191 echo "nispopulate script or /usr/lib/nis/nisaddent command." 1192 } 1193 1194 1195 1196 # 1198 # Non-root master setup Routine: 1199 # ------------------------------ 1200 # 1201 # This section contains the routine to setup a non-ROOT master server. 1202 # NOTE: If the -h <hostname> is specified, then it will configure the 1203 # specified host as the master of the new domain. Otherwise, it will 1204 # use the same servers information as in the parent domain. 1205 # nonroot_master() 1206 # - sets up a non-root master server. 1207 # 1208 1209 # 1210 # nonroot_master(): sets up a nonroot master server. 1211 # 1212 nonroot_master() 1213 { 1214 # ... local variables 1215 PROMOTE="make" 1216 1217 # ...check parent domain 1218 PAR_DOM=`expr "$DOM" : '[^\.]*\.\(.*\)'` 1219 if nistest -t D $PAR_DOM; 1220 then 1221 : 1222 else 1223 echo "**ERROR: $PAR_DOM does not exist." 1224 exit 1 1225 fi 1226 1227 if [ -z "$SEC" ] # NOTE: This conditional currently always false 1228 then 1229 echo "" 1230 echo "You must specify the security level:" 1231 eval "echo get security info ... $VERB" 1232 get_security 1233 echo "" 1234 fi 1235 1236 if check_host "$HOST"; 1237 then 1238 exit 1 1239 fi 1240 1241 # ...check permission 1242 check_perm $PAR_DOM 1243 if [ $? -ne 0 ] 1244 then 1245 echo "**ERROR: no permission to create directory $DOM" 1246 exit 1 1247 fi 1248 1249 echo "This script sets up a non-root NIS+ master server for domain" 1250 echo "$DOM" 1251 if [ -z "$FORCE" ] 1252 then 1253 confirm 1254 else 1255 echo "" 1256 print_info 1257 fi 1258 1259 echo "" 1260 if [ -z "$HOST" ] 1261 then 1262 HOSTDEF="" 1263 echo "This script will set up an NIS+ non-root master for domain" 1264 echo "$DOM $WITHOUT NIS compatibility, using the same servers for" 1265 echo "domain $PAR_DOM." 1266 nis_server $PAR_DOM 1267 echo "servers: $ALLSERVERS" 1268 else 1269 echo "This script sets up machine \"$HOST\" as an NIS+" 1270 HOSTDEF="yes" 1271 echo "non-root master server for domain $DOM $WITHOUT NIS compatibility." 1272 MASTER_SERVER=$HOST 1273 ALLSERVERS=$HOST 1274 eval "echo $VERB" 1275 eval "echo checking rpc.nisd process on $HOST ... $VERB" 1276 rpcinfo -u $HOST 100300 3 > /dev/null 1277 if [ $? -ne 0 ] 1278 then 1279 echo "**ERROR: NIS+ server is not running on $HOST." 1280 echo " You must do the following before becoming an NIS+ server:" 1281 echo " 1. become an NIS+ client of the parent domain or any domain" 1282 echo " above the domain which you plan to serve. (nisclient)" 1283 echo " 2. start the NIS+ server. (rpc.nisd)" 1284 exit 1 1285 fi 1286 fi 1287 echo "" 1288 1289 if [ -z "$FORCE" ] 1290 then 1291 get_yesno $CONTINUE 1292 echo "" 1293 fi 1294 1295 # ...check domain 1296 if nistest -t D $DOM; 1297 then 1298 echo "**WARNING: domain $DOM already exists." 1299 if [ ! -z "$HOST" ] 1300 then 1301 nis_server $DOM 1302 if [ "`tolower $HOSTPRINC`" = "`tolower $MASTER_SERVER`" ] 1303 then 1304 echo "$HOSTPRINC is already a master server for thisdomain." 1305 echo "If you choose to continue with this script, it will" 1306 echo "try to create the groups_dir and org_dir directories" 1307 echo "for this domain." 1308 IGNORE="yes" 1309 else 1310 is_server $HOSTPRINC 1311 if [ $? -eq 0 ] 1312 then 1313 echo "$HOSTPRINC is already a replica server for this domain." 1314 fi 1315 echo "If you choose to continue with this script, it will" 1316 echo "promote $HOSTPRINC to be the new master for $DOM" 1317 PROMOTE="promote new master for" 1318 fi 1319 else 1320 echo "If you choose to continue with this script, it will" 1321 echo "try to create the groups_dir and org_dir directories" 1322 echo "for this domain." 1323 IGNORE="yes" 1324 fi 1325 1326 echo "" 1327 if [ -z "$FORCE" ] 1328 then 1329 get_yesno $CONTINUE 1330 echo "" 1331 fi 1332 fi 1333 1334 1335 eval "echo setup NIS_GROUP environment variable ... $VERB" 1336 GROUP=${GROUP:-admin.$DOM} 1337 $ECHO "NIS_GROUP=$GROUP; export NIS_GROUP" 1338 eval "echo '' $VERB" 1339 1340 eval "echo running nismkdir ... $VERB" 1341 DEF_PERM="-D access=g=rmcd,n=r" 1342 if [ -z "$HOST" ] 1343 then 1344 $ECHO nismkdir $DEF_PERM $DOM 1345 else 1346 $ECHO nismkdir $DEF_PERM -m $HOSTPRINC $DOM 1347 fi 1348 1349 if [ -z "$IGNORE" -a $? -ne 0 ] 1350 then 1351 echo "**ERROR: it failed to $PROMOTE the $DOM directory." 1352 exit 1 1353 fi 1354 1355 $ECHO "nisupdkeys $DOM > /dev/null" 1356 if [ $? -ne 0 ] 1357 then 1358 echo "**WARNING: nisupdkeys failed on directory $DOM" 1359 echo " This script will not be able to continue." 1360 echo " Please remove the $DOM directory using 'nisrmdir'." 1361 exit 1 1362 fi 1363 1364 $ECHO "nisping $PAR_DOM > /dev/null" 1365 sleep 4 1366 1367 if [ $OS -ne 5 -o $OSVER -lt 3 ] 1368 then 1369 DEF_PERM="-D access=g=rmcd,n=r" 1370 else 1371 DEF_PERM="" 1372 fi 1373 if [ "$PROMOTE" != "make" ] 1374 then 1375 $ECHO nismkdir $DEF_PERM -m $HOSTPRINC org_dir.$DOM 1376 if [ $? -ne 0 ] 1377 then 1378 echo "**ERROR: it failed to $PROMOTE the org_dir.$DOM directory." 1379 exit 1 1380 fi 1381 $ECHO nismkdir $DEF_PERM -m $HOSTPRINC groups_dir.$DOM 1382 if [ $? -ne 0 ] 1383 then 1384 echo "**ERROR: it failed to $PROMOTE the groups_dir.$DOM directory." 1385 exit 1 1386 fi 1387 fi 1388 1389 echo "running nissetup ..." 1390 $ECHO "nissetup $YP $DOM" 1391 if [ -z "$IGNORE" -a $? -ne 0 ] 1392 then 1393 echo "**ERROR: it failed to create the tables." 1394 exit 1 1395 fi 1396 if [ $OS -ne 5 -o $OSVER -lt 3 ] 1397 then 1398 $ECHO "nischmod n+r cred.org_dir.$DOM" 1399 fi 1400 echo "" 1401 1402 if [ `echo $GROUP | cut -d. -f2-` = $DOM ] 1403 then 1404 echo "setting NIS+ group to ${GROUP} ..." 1405 $ECHO "nisgrpadm -c $GROUP > /dev/null" 1406 if [ $? -ne 0 ] 1407 then 1408 echo "**WARNING: failed to create the $GROUP group." 1409 echo " You will need to create this group manually:" 1410 echo " 1. /usr/bin/nisgrpadm -c $GROUP" 1411 echo " 2. /usr/bin/nisgrpadm -a $GROUP $ALLSERVERS" 1412 else 1413 $ECHO "nisgrpadm -a $GROUP $ALLSERVERS > /dev/null" 1414 if [ $? -ne 0 ] 1415 then 1416 echo "**WARNING: failed to add the following members into" 1417 echo "the $GROUP group:" 1418 echo $ALLSERVERS 1419 echo "" 1420 echo " You will need to add this member manually:" 1421 echo " 1. /usr/bin/nisgrpadm -a $GROUP $ALLSERVERS" 1422 else 1423 $ECHO "nisctl -f g $DOM > /dev/null" 1424 fi 1425 fi 1426 fi 1427 echo "" 1428 1429 eval "echo updating the keys for directories ... $VERB" 1430 $ECHO "nisupdkeys org_dir.$DOM > /dev/null" 1431 if [ $? -ne 0 ] 1432 then 1433 echo "WARNING: nisupdkeys failed on directory org_dir.$DOM" 1434 echo " You will need to run nisupdkeys manually:" 1435 echo " 1. /usr/lib/nis/nisupdkeys org_dir.$DOM" 1436 echo "" 1437 fi 1438 $ECHO "nisupdkeys groups_dir.$DOM > /dev/null" 1439 if [ $? -ne 0 ] 1440 then 1441 echo "WARNING: nisupdkeys failed on directory groups_dir.$DOM" 1442 echo " You will need to run nisupdkeys manually:" 1443 echo " 1. /usr/lib/nis/nisupdkeys groups_dir.$DOM" 1444 echo "" 1445 fi 1446 eval "echo $VERB" 1447 1448 if [ ! -z "$HOST" -a "`tolower $HOST`" != "$LOCALHOST" ] 1449 then 1450 eval "echo changing the owner on the directory ... $VERB" 1451 nis_chown $MASTER_SERVER $DOM 1452 eval "echo $VERB" 1453 fi 1454 1455 if [ ! -z "$HOSTDEF" ] 1456 then 1457 setup_properties 1458 echo "" 1459 fi 1460 1461 # start rpc.nispasswdd if setting up on localhost 1462 if [ ! -z "$HOST" -a "`tolower $HOST`" = "$LOCALHOST" ] 1463 then 1464 # check to see if already running... 1465 zone=`/sbin/zonename` 1466 PROC=`pgrep -z $zone rpc.nispasswdd` 1467 if [ -z "$PROC" ] 1468 then 1469 # We are displaying this message for 1470 # compatibility; at present, rpc.nispasswdd(1M) 1471 # was started by our enabling of 1472 # network/rpc/nisplus. It may or may not have 1473 # exited by this point. 1474 eval "echo starting NIS+ password daemon ... $VERB" 1475 else 1476 eval "echo NIS+ password daemon already running ... $VERB" 1477 fi 1478 else 1479 # else need to print message saying start it up 1480 echo "" 1481 echo "**IMPORTANT:" 1482 echo " Be sure to start the NIS+ password daemon (rpc.nispasswdd) on the" 1483 if [ -z "$HOST" ] 1484 then 1485 echo " new NIS+ non-root (subdomain) master server IF NOT ALREADY." 1486 else 1487 echo " new NIS+ non-root (subdomain) master server $HOST IF NOT ALREADY." 1488 fi 1489 echo "" 1490 fi 1491 1492 echo "" 1493 echo "The server(s) for the non-root domain $DOM is(are) now" 1494 echo "configured. You can now populate the standard NIS+ tables by" 1495 echo "using the nispopulate or /usr/lib/nis/nisaddent commands." 1496 } 1497 1498 1499 1500 # 1502 # replica setup Routine: 1503 # ---------------------- 1504 # 1505 # This section contains the routine to setup a replica server. 1506 # NOTE: If the -h <hostname> is specified, then it will configure the 1507 # specified host as a replica of the domain. Otherwise, it will 1508 # configure the local machine as a replica of the domain. 1509 # replica() - sets up replica server. 1510 # 1511 # 1512 # replica(): sets up a replica server. 1513 # 1514 replica() 1515 { 1516 # ...check domain 1517 if nistest -t D $DOM; 1518 then 1519 : 1520 else 1521 echo "**ERROR: $DOM does not exist." 1522 exit 1 1523 fi 1524 1525 if check_host "$HOST"; 1526 then 1527 exit 1 1528 fi 1529 1530 # ...check permission 1531 check_perm $DOM 1532 if [ $? -ne 0 ] 1533 then 1534 echo "**ERROR: no permission to replicate directory $DOM" 1535 exit 1 1536 fi 1537 1538 echo "This script sets up an NIS+ replica server for domain" 1539 echo "$DOM" 1540 1541 if [ -z "$HOST" ] 1542 then 1543 HOST=$LOCALHOST 1544 HOSTPRINC=$HOST.`nisdefaults -d` 1545 fi 1546 1547 if [ -z "$FORCE" ] 1548 then 1549 confirm 1550 else 1551 echo "" 1552 print_info 1553 fi 1554 1555 echo "" 1556 nis_server $DOM 1557 if [ "`tolower $HOSTPRINC`" = "`tolower $MASTER_SERVER`" ] 1558 then 1559 echo "ERROR: $HOST is a master server for this domain." 1560 echo "You cannot demote a master server to replica." 1561 echo "If you really want to demote this master, you should" 1562 echo "promote a replica server to master using nisserver" 1563 echo "with the -M option." 1564 exit 1 1565 fi 1566 1567 is_server $HOSTPRINC 1568 if [ $? -eq 0 ] 1569 then 1570 echo "WARNING: $HOST is already a server for this domain." 1571 echo "If you choose to continue with this script, it will" 1572 echo "try to replicate the groups_dir and org_dir directories" 1573 echo "for this domain." 1574 IGNORE="yes" 1575 else 1576 echo "This script will set up machine \"$HOST\" as an NIS+" 1577 echo "replica server for domain $DOM $WITHOUT NIS compatibility." 1578 echo "The NIS+ server daemon, rpc.nisd, must be running on $HOST" 1579 echo "with the proper options to serve this domain." 1580 fi 1581 echo "" 1582 1583 if [ -z "$FORCE" ] 1584 then 1585 get_yesno $CONTINUE 1586 echo "" 1587 fi 1588 1589 $ECHO "rpcinfo -u $HOST 100300 3 > /dev/null" 1590 if [ $? -ne 0 ] 1591 then 1592 echo "**ERROR: NIS+ server is not running on $HOST." 1593 echo " You must do the following before becoming an NIS+ server:" 1594 echo " 1. become an NIS+ client of the parent domain or any domain" 1595 echo " above the domain which you plan to serve. (nisclient)" 1596 echo " 2. start the NIS+ server. (rpc.nisd)" 1597 exit 1 1598 fi 1599 1600 eval "echo running nismkdir ... $VERB" 1601 $ECHO nismkdir -s $HOSTPRINC $DOM 1602 if [ -z "$IGNORE" -a $? -ne 0 ] 1603 then 1604 echo "**ERROR: it failed to replicate the directory." 1605 exit 1 1606 fi 1607 sleep 3 1608 $ECHO "nisupdkeys $DOM > /dev/null" 1609 if [ $? -ne 0 ] 1610 then 1611 echo "**WARNING: nisupdkeys failed on directory $DOM" 1612 echo " This script will not be able to continue." 1613 echo " Please remove the $DOM directory using 'nisrmdir'." 1614 exit 1 1615 fi 1616 1617 $ECHO nismkdir -s $HOSTPRINC org_dir.$DOM 1618 if [ -z "$IGNORE" -a $? -ne 0 ] 1619 then 1620 echo "**ERROR: it failed to replicate the org_dir directory." 1621 exit 1 1622 fi 1623 sleep 3 1624 $ECHO nismkdir -s $HOSTPRINC groups_dir.$DOM 1625 if [ -z "$IGNORE" -a $? -ne 0 ] 1626 then 1627 echo "**ERROR: it failed to replicate the groups_dir directory." 1628 exit 1 1629 fi 1630 sleep 3 1631 1632 eval "echo updating the keys for directories ... $VERB" 1633 $ECHO "nisupdkeys org_dir.$DOM > /dev/null" 1634 if [ $? -ne 0 ] 1635 then 1636 echo "WARNING: nisupdkeys failed on directory org_dir.$DOM" 1637 echo " You will need to run nisupdkeys manually:" 1638 echo " 1. /usr/lib/nis/nisupdkeys org_dir.$DOM" 1639 echo "" 1640 fi 1641 $ECHO "nisupdkeys groups_dir.$DOM > /dev/null" 1642 if [ $? -ne 0 ] 1643 then 1644 echo "WARNING: nisupdkeys failed on directory groups_dir.$DOM" 1645 echo " You will need to run nisupdkeys manually:" 1646 echo " 1. /usr/lib/nis/nisupdkeys groups_dir.$DOM" 1647 echo "" 1648 fi 1649 eval "echo $VERB" 1650 1651 if [ ! -z "$GROUPSERVER" ] 1652 then 1653 if nisgrpadm -s -t $GROUPSERVER $HOSTPRINC; 1654 then 1655 : 1656 else 1657 eval "echo adding replica principal into group owner ...$VERB" 1658 $ECHO nisgrpadm -a $GROUPSERVER $HOSTPRINC 1659 $ECHO "nisctl -f g $DOM > /dev/null" 1660 fi 1661 fi 1662 1663 eval "echo pinging $DOM directory object on new replica ... $VERB" 1664 $ECHO "nisping -H ${HOST} $DOM > /dev/null" 1665 sleep 10 1666 eval "echo pinging $DOM groups_dir object on new replica ... $VERB" 1667 $ECHO "nisping -H ${HOST} groups_dir.$DOM > /dev/null" 1668 sleep 10 1669 eval "echo pinging $DOM org_dir object on new replica ... $VERB" 1670 $ECHO "nisping -H ${HOST} org_dir.$DOM > /dev/null" 1671 1672 echo "" 1673 echo "The system ${HOST} is now configured as a replica server for" 1674 echo "domain $DOM." 1675 echo "The NIS+ server daemon, rpc.nisd, must be running on $HOST" 1676 echo "with the proper options to serve this domain." 1677 echo "" 1678 echo "If you want to run this replica in NIS (YP) compatibility" 1679 echo "mode, you must ensure that rpc.nisd on $HOST will boot in" 1680 echo "NIS-compatibility mode. Then, restart rpc.nisd with the" 1681 echo "-Y' option. These actions should be taken after this" 1682 echo "script completes." 1683 } 1684 1685 1686 1687 # 1689 # 1690 # * * * MAIN * * * 1691 # 1692 1693 # Display the obsolescence message in all the cases 1694 echo "" 1695 echo "******** ******** WARNING ******** ********" 1696 echo "NIS+ might not be supported in a future release. Tools to aid" 1697 echo "the migration from NIS+ to LDAP are available in the Solaris 9" 1698 echo "operating environment. For more information, visit" 1699 echo "http://www.sun.com/directory/nisplus/transition.html" 1700 echo "******** ******** ******* ******** ********" 1701 echo "" 1702 1703 init 1704 1705 parse_arg $* 1706 shift $? 1707 1708 check_domainname "$DOM" 1709 1710 check_rootgrp "$GROUP" 1711 if [ $? -ne 0 ] 1712 then 1713 echo "**ERROR: invalid group name." 1714 echo " It must be a group in the $DOM domain." 1715 exit 1 1716 fi 1717 1718 1719 case $ACTION in 1720 "master") 1721 ${ROOT}_master;; 1722 "replica") 1723 replica;; 1724 *) 1725 echo "**ERROR: you must specify one of these options: -r, -M or -R" 1726 print_usage 1727 exit 1 1728 esac 1729 1730 # As this operation is likely configuration changing, restart the 1731 # name-services milestone (such that configuration-sensitive services 1732 # are in turn restarted). 1733 /usr/sbin/svcadm restart milestone/name-services 1734
Indexes created Sun Nov 22 11:29:14 UTC 2009
Terms of Use |
Privacy |
Trademarks |
Copyright Policy |
Site Guidelines |
Help
Your use of this web site or any of its content or software indicates your agreement to be bound by these Terms of Use.
Copyright © 1995-2008 Sun Microsystems, Inc.