Hello:
I’m trying to set up an openSUSE 11.2 host as NIS client and I would like to know
whether or not it can be client of two (or more) NIS domains. The reason is that
some users are authenticated on server1 (nis-domain1) and some others on server2
(nis-domain2).
Trawling the web, I found a HP document stating that a client can belong to one NIS domain only. However, the yast NIS client interface allows adding NIS domains/servers to the seemingly default one. I’m totally confused.
I made the following experiment:
declaring nis-domain1 in /etc/defaultdomain and server1 in /etc/yp.conf: ypwhich returns server1, ypcat passwd lists the users on server1.
in the yast interface, I added nis-domain2 and server2; in /etc/yp.conf, there is an extra line “domain nis-domain2 server server2”. After reboot, ypwhich
returns server2, ypcat passwd lists the users on server2. But now the maps from server1 are no longer available.
If a client can belong to more than 1 domain, should the NIS servers in each domain be configured in a special way ? Have I missed something on the client side ?
AFAIK a NIS client can only join one NIS domain. You need to investigate master and slave configs for NIS. Again AFAIK one of them needs to be the master, the other one the slave. That way all users are in one nis domain, though connecting to different servers. I’, quite experienced in the do’s and don’ts of NIS, but I have no experience in master/slave setups. Still, that’s where you have to look.
I am administering a NIS-Environment under HP-UX for more then 10 years now.
One machine can only join one NIS-Domain.
Of course you can enter several slave-servers of this NIS-Domain to be known to the client, but it is always the same Domain.
If you have 2 NIS-Domains you can setup NIS-Tables from one Domain to be a sub-set in the other domain. Thats how we do it between different countries.
One “Master”-Domain and the other NIS-(Country)-Domains are using subsets of the “Master”-Domain.
But actually they are all stand-alone NIS-Domains in which each client is bound to one, and only one, NIS-Slave-Server in one single NIS-Domain.
>
> Hello:
> I’m trying to set up an openSUSE 11.2 host as NIS client and I would
> like to know
> whether or not it can be client of two (or more) NIS domains.
In general, with what is out there… just one domain.
However, because of the simplicity of NIS, it’s probably not hard to write
workarounds to go against multiple domains (with some assumptions and
limitations).
Consider this (off the top of my head)… if you have 3 machines… one
joined to one domain, one joined to another… the 3rd machine can use ssh
(for example) to ypcat (etc) from either machine’s NIS info… and
therefore, you can now create a multi-NIS scheme (make sense?).
Again… that was just off the top of my head… just wanted you to see how
easy it would be to implement… with a little bit of work. Yes… using 3
machines was an easy way to get around some work.
If you haven’t guessed… I already do this with regards to auths to a wiki
I run. I have the ability to query against AD, NIS, and anything else…
(e.g. other NIS, raw password files, etc.) In my case, it was just for
username / password… again, it’s not terribly hard to do this… esp if
you can take the easy route (e.g. have machines on each domain in question).