Step-by-Step Guide to Setting Up Server for NIS

Microsoft Corporation Published: August 2005

Abstract
Server for NIS integrates Windows and Network Information Service (NIS) networks by giving a Windowsbased Active Directory domain controller the ability to act as a master NIS server for one or more NIS domains. This document contains step-by-step procedures for setting up Server for NIS on a domain controller.

Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. 2005 Microsoft Corporation. All rights reserved. Microsoft, Active Directory, Windows, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. UNIX is a registered trademark of The Open Group in the United States and other countries. Sun, Sun Microsystems, and the Sun Solaris operating system are trademarks or registered trademarks of Sun Microsystems, Inc. in the United States and other countries. Oracle is a registered trademark of Oracle Corporation. Red Hat is a registered trademark of Red Hat, Inc. Linux is a registered trademark of Linus Torvalds. HP-UX Release 10.20 and later, and HP-UX Release 11.00 and later (in both 32 and 64bit configurations) on all HP 9000 computers are Open Group UNIX 95 branded products. The names of actual companies and products mentioned herein may be the trademarks of their respective owners.

Contents
Step-by-Step Guide to Setting Up Server for NIS..............................................................1 Contents............................................................................................................................. 3 Step-by-Step Guide to Setting Up Server for NIS .................................................5 In this Guide.................................................................................................................... 5 Requirements for Installing Server for NIS......................................................................5 Task 1: Install Server for NIS on a Domain Controller ...........................................6 Verify that your computer is a domain controller.............................................................6 Promote your computer to a domain controller...............................................................6 Install Server for NIS....................................................................................................... 8 Continue with Server for NIS Setup..............................................................................10 See Also........................................................................................................................ 10 Task 2: Migrate NIS Maps to Active Directory .....................................................10 Planning for NIS Migration............................................................................................11 Migrate NIS Maps to a Windows-based Server............................................................12 Configure UNIX NIS Servers to use Server for NIS as the Master Server....................15 Creating the Structure of Nonstandard Maps................................................................16 Additional Server for NIS Configuration Steps..............................................................18 See Also........................................................................................................................ 18 Task 3: Set the Frequency of Map Propagation ..................................................19 Change the Frequency of Map Updates to UNIX Subordinate NIS servers..................19 Propagating Maps Immediately....................................................................................21 Completing Server for NIS Configuration......................................................................25 See Also........................................................................................................................ 25 Task 4: Set the Encryption Method for NIS Domains ...........................................25 Setting the Encryption Method for a Domain................................................................26 Completing Server for NIS Configuration Tasks............................................................28 See Also........................................................................................................................ 28

Step-by-Step Guide to Setting Up Server for NIS

Server for NIS enables a Microsoft Windowsbased Active Directory domain controller to administer UNIX Network Information Service (NIS) networks. This guide describes the tasks you must perform to install and configure Server for NIS on your network.

In this Guide
Task 1: Install Server for NIS on a Domain Controller Task 2: Migrate NIS Maps to Active Directory Task 3: Set the Frequency of Map Propagation Task 4: Set the Encryption Method for NIS Domains

Requirements for Installing Server for NIS

You can install Server for NIS on the following Windows Server operating systems: Windows Server2003 Windows Server2003R2 Windows2000 Server

Server for NIS is not available for installation except on Active Directory domain controllers. You must install Server for NIS on a partition that is formatted with the NTFS file system. If you are installing Server for NIS as an upgrade to a previous version that was installed on a partition formatted with the FAT file system, you must convert the FAT partition to NTFS before you can perform the upgrade. File system operations on FAT partitions are not supported. Server for NIS requires 5 MB of free hard disk space. It is recommended that the computer have at least 16 MB of RAM in addition to the recommended minimum configuration for the operating system. Server for NIS cannot be run from a network server. All files must be installed on the local computer.

Task 1: Install Server for NIS on a Domain Controller

Server for Network Information Service (NIS) must be installed on a Windows Server operating system that is an Active Directory domain controller. The option to install Server for NIS is unavailable on a computer unless it is a domain controller. This topic contains the following sections: Verify that your computer is a domain controller Promote your computer to a domain controller Install Server for NIS Continue with Server for NIS Setup

Verify that your computer is a domain controller

If you are uncertain whether the computer on which you want to install Server for NIS is a domain controller, click Start, click Administrative Tools, and then click Manage Your Server. The Manage Your Server window lists the roles installed on the computer under the text Your server has been configured with the following roles , and specifies whether a computer is a domain controller. Domain controllers also include tools installed with Administrative Tools that are not available on other computers, such as Active Directory Domains and Trusts, Active Directory Sites and Services, and Active Directory Users and Computers. If the computer is not a domain controller, follow the procedure Promote your computer to a domain controller. Otherwise, proceed to Install Server for NIS.

Promote your computer to a domain controller

If the computer on which you want to install Server for NIS is not a domain controller, perform the steps in this section. Otherwise, proceed to Install Server for NIS. Important Because promoting your computer to a domain controller requires domain administrator access, and can remove the computer from your network, read

7 Domain controllers and all related topics, in the Active Directory Help before promoting your computer to a domain controller. 1. Click Start, click Run, type dcpromo in the text box, and then click OK. The Active Directory Installation Wizard opens. 2. Click Next. 3. On the Operating System Compatibility page, read the information and then click Next. If this is the first time you have installed Active Directory on a server running Windows Server 2003, click Compatibility Help for more information. 4. On the Domain Controller Type page, click to select one of two options: Additional domain controller for an existing domain

This option requires that you are a member of the Domain Admins group for the target domain. If you choose this option, keep in mind that if Server for NIS is already running as an NIS master server on a domain controller within the existing domain, then Server for NIS must function as an NIS subordinate (also known as slave) server on this computer. Domain controller for a new domain

If you choose this option, you must configure this installation of Server for NIS as the NIS master server, until one or more additional domain controllers are configured within the new domain. 5. Click Next. If you chose Additional domain controller for an existing domain, follow the procedure Create an additional domain controller in the Windows Server 2003 Help, starting with Step 4. If you chose Domain controller for a new domain, go on to the next step in this section. 6. On the Create New Domain page, choose one of the following options: Note If you choose to create a new domain, you must configure this installation of Server for NIS as the NIS master server, until one or more additional domain controllers are configured within the new domain. Child domain in an existing domain tree

8 You must be a member of the Enterprise Admins group to continue with this installation. Domain tree in an existing forest

You must be a member of the Enterprise Admins group to continue with this installation. Domain in a new forest

Creating a new forest requires some advance planning. Before creating a new forest, decide on a practical Domain Name System (DNS) name for this computer, as well as a NetBIOS name. For more information, see Namespace planning for DNS in Windows Server 2003 Help. 1. Click Next. 2. Complete setup using the Windows Server 2003 Help procedure for the domain option you selected in Step 6 of this section. If you selected Child domain in an existing domain tree, follow the steps from Step 5 in Create a new child domain. If you selected Domain tree in an existing forest, follow the steps from Step 5 in Create a new domain tree. If you selected Domain in a new forest, follow the steps from Step 5 in Create a new forest. 3. When you have completed the Active Directory Installation Wizard and successfully configured your domain controller, proceed to Install Server for NIS.

Install Server for NIS

You can install Server for NIS using either the Windows interface, or by using commandline tools. To install Server for NIS by using the Windows interface To install Server for NIS by using command-line tools

To install Server for NIS by using the Windows interface

Before installing Server for NIS, have your Windows Server2003 product CD available, or have available the network path to your Windows Server 2003 R2 installation files. The Server for NIS installation process may prompt you to locate required files that are stored on the product CD.

9 1. Click Start, click Control Panel, and then click Add or Remove Programs. 2. Click Add/Remove Windows Components. 3. When the Windows Components Wizard opens, click to fill the Active Directory Services check box. 4. With Active Directory Services highlighted, click Details. 5. When the Active Directory Services dialog box opens, click to fill the Identity Management for UNIX check box. 6. With Identity Management for UNIX highlighted, click Details. 7. When the Identity Management for UNIX dialog box opens, click to fill the Server for NIS check box. Because Administration Components are required for Server for NIS operation, this item is automatically selected for installation when you select Server for NIS. 8. Click OK. The Windows Components Wizard begins installing the Identity Management for UNIX components you selected. 9. If you are prompted to locate files required for Server for NIS installation, insert the Windows Server 2003 R2 product CD, or browse to the network location of your Windows Server 2003 R2 installation files. 10. If NIS map data compatible with Windows Services for UNIX 3.5 is stored in Active Directory, the Server for NIS installation process automatically migrates the data, and uses it to populate Server for NIS maps. 11. When installation completes, restart your computer to begin working with Server for NIS.

To install Server for NIS by using command-line tools

You can use an answer file to run the Identity Management for UNIX Installation Wizard without your having to be present for interactive responses. Create the answer file, and then run it at a command prompt on the installation computer. Have your Windows Server 2003 product CD available for this command-line installation. Perform the following steps to install Server for NIS by using a command-line environment: 1. Create an unattended answer file in %windir% with the following contents.

10 Note The unattended answer file is a plain text file that Windows Server uses to respond to prompts about your installation preferences. For more information about unattended installations, see Unattended Installation Fundamentals in the Windows Server 2003 Deployment Guide. [Components] Snis=on Psync=on Idmumgmt=on 2. At a command prompt, type the following, and press Enter. synocmgr /i:%windir%\inf\sysoc.inf /u:<answerfile.txt> /q

Continue with Server for NIS Setup

To continue setting up Server for NIS, go on to Task 2: Migrate NIS Maps to Active Directory.

See Also
Checklist: Installing a domain controller Installing and uninstalling Server for NIS How Unattended Installation Works Unattended Installation Fundamentals

Task 2: Migrate NIS Maps to Active Directory

Server for Network Information Service (NIS) allows NIS map data to be migrated to Active Directory. After the migration, and upon receiving NIS requests from clients or other servers, Server for NIS searches Active Directory to reply to NIS queries. This topic contains the following sections: Planning for NIS Migration

11 Migrate NIS Maps to a Windows-based Server Configure UNIX NIS Servers to use Server for NIS as the Master Server Creating the Structure of Nonstandard Maps Additional Server for NIS Configuration Steps

Planning for NIS Migration

Before beginning NIS migration to Server for NIS, it is strongly recommended that you read Checklist: NIS migration to Active Directory using the NIS Data Migration wizard.

Steps in a Typical Migration

Migration consists of the following three procedures: 1. Migrate NIS maps to a Windows-based server. Using a command line

Server for NIS includes a command-line tool called nis2ad to migrate maps from UNIX-based NIS servers to Active Directorybased Server for NIS. Using the Windows interface

Server for NIS includes a migration wizard that extracts the information necessary to perform the migration. Even when using the migration wizard, however, you must complete steps 2 and 3, which follow. The migration wizard and the nis2ad command read map data from NIS map source files, which are the plain text files from which the NIS map databases are compiled. These source files must be stored in a location that can be accessed by the domain controller during migration, such as on a disk on the domain controller or in a shared directory accessible by the domain controller. If the map you want to migrate is a nonstandard NIS map, create the structure using the procedure Creating the Structure of Nonstandard Maps below. 2. Configure UNIX NIS Servers to Use Server for NIS as the Master Server. After the migration, the original UNIX-based NIS server must send an update of maps to all subordinate NIS servers, with the name of the new master server in the maps. 3. Disable the original NIS server. UNIX-based subordinate NIS servers can continue to work as before; however, they will receive map updates from the Windows-based computer running Server for NIS instead

12 of the UNIX-based computer. Client computers running UNIX-based operating systems can be configured to get NIS maps or data from the new master server.

Read more about NIS Migration

Before you begin migrating NIS map data, it is recommended that you read the following conceptual topics that discuss NIS migration: Migrating NIS to Active Directory Migrating standard and nonstandard maps Resolving migration conflicts Handling special users during migration to Active Directory

Migrate NIS Maps to a Windows-based Server

Perform the following steps to migrate NIS maps to a Windows-based server on which Server for NIS has been installed. Using the Windows interface Using a command line

Using the Windows interface

1. Open the Identity Management for UNIX management console by doing one of the following: Click Start, click Administrative Tools, and then click Identity Management for UNIX. Click Start, click Run, type idmumgmt.msc in the Open text box, then click OK. 2. In the hierarchy tree, open the Microsoft Identity Management for UNIX node, and click to highlight the Server for NIS node. 3. Start the NIS Data Migration Wizard by doing one of the following: Right-click the Server for NIS node, and then click NIS Data Migration Wizard. With the Server for NIS node highlighted, click NIS Data Migration Wizard in the Actions pane. On the Actions menu, click NIS Data Migration Wizard.

13 4. Follow the step-by-step directions in the wizard. Note Password file entries with names longer than eight characters will not be migrated. Windows user accounts created as a result of the migration are disabled. After performing the migration, you must enable the accounts. For security reasons, it is recommended that you assign a temporary password to these accounts and instruct the affected users to change their Windows password as soon as possible.

Using a command line

1. Open a Command Prompt window in one of the following two ways: Click Start, and then click Command Prompt on the Start menu. Click Start, click Run, type cmd in the Open text box, and click OK.

2. At a command prompt, type: nis2ad -y UNIXNISDomain -a ActiveDirectoryNISDomain [Options] MapfileToMigrate The following arguments are required: Argument -y UNIXNISDomain -a ActiveDirectoryNISDomain MapfileToMigrate Description Specifies the name of the NIS domain that contains the map to migrate. Specifies the NIS domain name in Active Directory. Specifies the name of the NIS map source file to migrate. NIS map source files are the plain text files from which the NIS map databases are compiled.

The nis2ad command accepts the following options.

14 Option -m Description Perform the migration. If this option is omitted, the program finds and reports conflicts but does not actually perform the migration. Specifies the file where conflict details are written. Uses a default file (%windir %\idmu\nis\conflicts.log) if not specified. Specifies the target container name. Applicable only when creating a new NIS domain. If not specified, uses the default or uses the container of the target domain. Specifies the name of the log file. If not specified, nis2ad uses a default file (%windir %\idmu\nis2ad.log). Replace object in Active Directory with object being migrated. Default is no. Resolves conflicts by changing the Windows account name in Active Directory. If objects of different types have the same name, the names of both objects are changed before the data is migrated. If needed and if not specified, the user will be prompted. Specifies the path of the directory that contains NIS map source files. Specifies the domain controller server hosting Active Directory. Otherwise use the current server.

-c FileName

-t TargetContainer

-f FileName

-r yes|no -n

-p Password -d Directory -s Server

15 Option -u User Description Specifies the name of the user having administrator privileges on this computer. If not specified, nis2ad uses the current user. Even if you specify another user by using the -u option, the currently logged-on user must have write permissions for the folder that will contain the log and conflict files. If necessary, modify the permissions on the folder to grant write access to the user who will be running the nis2ad utility, before running the utility.

Note To view the complete syntax for this command, at a command prompt, type nis2ad /? You can migrate only one map at a time using nis2ad. To migrate more than one map at a time, use the NIS Data Migration Wizard. Password file entries with names longer than eight characters will not be migrated. Windows user accounts created as a result of the migration will be disabled. After performing the migration, you must enable the accounts. For security reasons, it is recommended that you assign a temporary password to these accounts and instruct the affected users to change their Windows password as soon as possible.

Configure UNIX NIS Servers to use Server for NIS as the Master Server
To change a UNIX-based NIS server from a master server to a subordinate (also known as slave) server, follow these steps: 1. Migrate NIS maps to a Windows-based computer running Server for NIS. 2. Transfer the maps from the old master server to other subordinate NIS servers by providing the name of the new Server for NIS for each map. At a command prompt, type: ypxfr hnewserver mapname

16 where newserver is the name of the new NIS master server, and mapname is the name of the map to be transferred. 3. Run this command for each map on each of the subordinate servers. After this step, the UNIX subordinate servers will recognize the new Server for NIS master server.

Creating the Structure of Nonstandard Maps

You can migrate nonstandard maps to Server for NIS using either the Windows-based NIS Data Migration Wizard, or a command-line environment. Using the NIS Data Migration Wizard Using the command line Important After the map structure is created using this procedure, there is no way to remove it. This structure applies to all NIS domains, so it is important to ensure that the format is consistent across all NIS domains.

Using the NIS Data Migration Wizard

1. Open the Identity Management for UNIX MMC snap-in by doing one of the following: Click Start, click Administrative Tools, and then click Identity Management for UNIX. Click Start, click Run, type idmumgmt.msc in the Open text box, then click OK. 2. In the hierarchy tree, open the Microsoft Identity Management for UNIX node, and click to highlight the Server for NIS node. 3. Start the NIS Data Migration Wizard by doing one of the following: Right-click the Server for NIS node, and then click NIS Data Migration Wizard. With the Server for NIS node highlighted, click NIS Data Migration Wizard in the Actions pane. On the Actions menu, click NIS Data Migration Wizard.

17 4. Follow the step-by-step directions in the wizard. 5. On the NIS Map Selection panel, click New. 6. In the Add Nonstandard Map dialog box, do the following: In the Map name string box, enter the name of the existing nonstandard map you want to migrate to Server for NIS. The map migration process assigns the same name to a new file containing your map structure. In the Separator string box, type the single character you want to use to delimit or separate fields in your map structure. Suggested characters include a semicolon (;) or a dash (-). In the Key field string box, type the number of the column you want to use as the map key. Use Arabic numeral characters; do not spell out the number. Click Next.

7. In the Location of UNIX NIS Map Source Files window, enter the directory path name in which the map file you created in Step 6 is located, and then click Next. 8. Click Finish to start migrating map data from the existing nonstandard map to the new map file. Note Password file entries with names longer than eight characters will not be migrated. Windows user accounts created as a result of the migration are disabled. After performing the migration, you must enable the accounts. For security reasons, it is recommended that you assign a temporary password to these accounts and instruct the affected users to change their Windows password as soon as possible.

Using the command line

1. Open a Command Prompt window in one of the following two ways: Click Start, and then click Command Prompt on the Start menu. Click Start, click Run, type cmd into the Open text box, and click OK.

2. At a command prompt, type: nismap create i fieldNumber g "separator" mapName

18 Note Do not use the hash character (#) as a field separator because this character is used in standard maps to mark the beginning of a comment. The following table shows the acceptable arguments for the nismap create command. Argument fieldNumber "separator" Description The number of the field that contains the key to the map. The character used to separate fields, in quotation marks. To specify a space as a separator, enclose the space in double quotation marks (" "). For example: nismap create i 1 g " " Phones creates a map called Phones in which the key field is the first field and the separator character is a space. Other white-space characters, such as tab, are also accepted. mapName The name of the map.

Note To view the complete syntax for this command, at a command prompt, type: nismap /?

Additional Server for NIS Configuration Steps

When you have successfully completed NIS data migration, proceed to Task 3: Set the Frequency of Map Propagation to configure the time interval at which you want NIS maps propagated across the domain. If you encountered problems during migration, see Server for NIS Troubleshooting.

See Also
Migrating NIS to Active Directory Migrating standard and nonstandard maps

19 Remove a nonstandard NIS map Internet Engineering Task Force Web site

Task 3: Set the Frequency of Map Propagation

After you have completed migrating Network Information Service (NIS) maps to a Windows-based server running Server for NIS, you can ensure that your maps refresh across the network at regular intervals by setting how often maps are propagated to subordinate (also known as slave) servers. This topic contains the following sections: Change the Frequency of Map Updates to UNIX Subordinate NIS servers Propagating Maps Immediately Completing Server for NIS Configuration

Change the Frequency of Map Updates to UNIX Subordinate NIS servers

Perform the following steps to change the frequency of map updates to UNIX-based subordinate (also known as slave) NIS servers. Using the Windows interface Using a command line

Using the Windows interface

1. Open the Identity Management for UNIX management console by doing one of the following: Click Start, click Administrative Tools, and then click Identity Management for UNIX. Click Start, click Run, type idmumgmt.msc in the Open text box, then click OK.

20 2. If necessary, connect to the computer you want to manage by right-clicking the Identity Management for UNIX node in the hierarchy pane, and then clicking Connect to another computer. Otherwise, go on to the next step. 3. Click Server for NIS in the hierarchy pane. 4. Open Map Updates by doing one of the following: Right-click the Server for NIS node, and then click Map Updates.

With the Server for NIS node highlighted, click Map Updates in the Actions pane. 5. In the Server for NIS Properties dialog box, type the number of days, hours and minutes you want to lapse between map updates. 6. Click OK to save your changes.

Using a command line

1. Open a Command Prompt window in one of the following two ways: Click Start, and then click Command Prompt on the Start menu. Click Start, click Run, type cmd into the Open text box, and click OK.

2. At a command prompt, type: nisadmin config pushint=[[days:]hh:]mm [-s Server] [-u User] [-p Password] The following table contains the arguments for the nisadmin command. Argument [[days:]hh:]mm Description Specifies the interval at which the service checks changes to NIS maps in Active Directory and propagates them to secondary NIS servers for all domains, in days, hours, and minutes. If hh is specified, hh must be in the range 023 and mm must be in the range 059. The master server for the domain. The name of the user who has administrative privileges on the server to be started, if different from the current user.

Server User

21 Argument Password Description The password of the user who has administrative privileges on the server to be started, if different from the current user. If you type a user name but omit the password, you will be prompted for the password.

Note To view the complete syntax for this command, at a command prompt, type: nisadmin /?

Propagating Maps Immediately

You do not have to wait for the Map Updates interval to expire to refresh maps. You can propagate maps immediately using one of the following two procedures: Propagate changed maps now Propagate selected maps now

Propagate changed maps now

You can propagate any changed maps immediately either by using the Windows interface, or in a command-line environment. Using the Windows interface Using a command line

Using the Windows interface

1. Open the Identity Management for UNIX management console by doing one of the following: Click Start, click Administrative Tools, and then click Identity Management for UNIX. Click Start, click Run, type idmumgmt.msc in the Open text box, then click OK.

22 2. If necessary, connect to the computer you want to manage by right-clicking the Identity Management for UNIX node in the hierarchy pane, and then clicking Connect to another computer. Otherwise, go on to step 3. 3. Click Server for NIS in the hierarchy pane. 4. Click Check for updates now.

Using a command line

1. Open a Command Prompt window in one of the following two ways: Click Start, and then click Command Prompt on the Start menu. Click Start, click Run, type cmd into the Open text box, and click OK.

2. At a command prompt, type: nisadmin [server] syncall [u user [p password]] The following arguments are acceptable with the nisadmin syncall command. Argument syncall server user Description Propagate all maps. The name of the server where the maps are stored. The name of the user who has administrator permissions on the server, if different from the current user. The password of the user who has administrator permissions on the server, if different from the current user. If you type a user name but omit the password, you will be prompted for the password.

password

Note The nisadmin syncall command propagates maps only on UNIX-based NIS subordinate servers. It does not propagate maps on NIS subordinate servers running Windows operating systems. Active Directory updates Windows-based NIS subordinate servers. To view the complete syntax for this command, at a command prompt, type:

23 nisadmin /?

Propagate selected maps now

Using the Windows interface
1. Open the Identity Management for UNIX management console by doing one of the following: Click Start, click Administrative Tools, and then click Identity Management for UNIX. Click Start, click Run, type idmumgmt.msc in the Open text box, then click OK. 2. If necessary, connect to the computer you want to manage by right-clicking the Identity Management for UNIX node in the hierarchy pane, and then clicking Connect to another computer. Otherwise, go on to step 3. 3. In the console tree, expand Server for NIS and view the list of available domains. 4. Expand the domain of interest, and click the NIS Maps object in the hierarchy pane to view NIS maps in the details pane. 5. In the NIS Maps in this Domain list, click to select a map you want to update immediately. Note To select multiple maps at once, click and drag, or press and hold the Ctrl key while selecting additional maps. 1. Propagate the selected maps by doing one of the following: Click Propagate in the Actions pane. On the Actions menu, click Propagate. Right-click the selected map object(s), then click Propagate.

2. On the Identity Management for UNIX dialog box, click Yes to begin map propagation.

Using a command line

1. Open a Command Prompt window in one of the following two ways:

24 Click Start, and then click Command Prompt on the Start menu. Click Start, click Run, type cmd into the Open text box, and click OK.

2. At a command prompt, type: yppush [-d ActiveDirectoryNISDomain] [-q] [-t Timeout] [-h Hosts] MapName The following table shows the arguments accepted by the yppush command. Argument -d ActiveDirectoryNISDomain -q Description NIS domain name in Active Directory. Quiet mode. Do not wait for response from subordinate (slave) servers and do not report errors. The number of seconds to wait for a response from the subordinate server before sending the next request. Must be greater than zero. The default value is 30. The hosts to notify of changes. Default is all subordinate servers in the domain. Can be used multiple times for more than one computer. The name of the NIS map to be transferred.

-t Timeout

-h Hosts

MapName

Note The yppush command propagates maps only on UNIX-based NIS subordinate servers. It does not propagate maps on NIS subordinate servers running Windows operating systems. Active Directory updates Windows-based NIS subordinate servers. To view the complete syntax for this command, at a command prompt type: yppush /?

25

Completing Server for NIS Configuration

The final step in initial setup of Server for NIS is to specify an encryption method for user passwords. To learn how to perform this task, see Task 4: Set the Encryption Method for NIS Domains.

See Also
Sending periodic map updates to subordinate (slave) NIS servers Change the frequency of map updates to UNIX subordinate (slave) NIS servers Manage NIS Maps

Task 4: Set the Encryption Method for NIS Domains

Server for Network Information Service (NIS) provides limited support for keeping passwords synchronized between a user's Windows and UNIX accounts. Whenever a user's Windows password is changed, Password Synchronization (which is installed with Server for NIS for this reason) captures the new password, encrypts it, and then stores the password in the passwd map in Active Directory. The new password is propagated to NIS subordinate (also known as slave) servers either during the next scheduled update (if a propagation interval is configured), or by using commands that propagate maps immediately. For more information about configuring map propagation, see Task 3: Set the Frequency of Map Propagation. When synchronizing passwords, Server for NIS can use either crypt(3) (refers to DES encryption) or Message Digest 5 (MD5) encryption. Server for NIS can support different encryption methods for multiple domains, but all UNIX computers in a particular domain must use the same encryption method. This topic contains the following sections: Setting the Encryption Method for a Domain Completing Server for NIS Configuration Tasks

26

Setting the Encryption Method for a Domain

You can set the encryption method for a domain either by using the Windows interface, or working in a command-line environment. Using the Windows interface Using a command line

Using the Windows interface

1. Open the Identity Management for UNIX management console by doing one of the following: Click Start, click Administrative Tools, and then click Identity Management for UNIX. Click Start, click Run, type idmumgmt.msc in the Open text box, then click OK. 2. If necessary, connect to the computer you want to manage by right-clicking the Identity Management for UNIX node in the hierarchy pane, and then clicking Connect to another computer. Otherwise, go on to Step 3. 3. In the console tree, expand Server for NIS and view the list of NIS domains. 4. Select the domain for which you want to set an encryption method. 5. Open the UNIX Password Encryption Properties dialog box by doing one of the following: Click UNIX Password Encryption in the Actions pane. On the Actions menu, click UNIX Password Encryption. Right-click the selected domain, then click UNIX Password Encryption.

6. In the Encryption Scheme area, click the drop-down menu to select the encryption method used by all UNIX computers in the domain. Note You can select the MD5 encryption method for a UNIX domain that consists exclusively of computers running Linux and using MD5 encryption. Domains that contain one or more computers using the crypt algorithm or that run any other operating system must use crypt. Although Linux versions 6.2 and later support MD5 encryption, Identity Management for UNIX is not supported for versions of Linux prior to version 8.

27

Using a command line

1. Open a Command Prompt window in one of the following two ways: Click Start, and then click Command Prompt on the Start menu. Click Start, click Run, type cmd into the Open text box, and click OK.

2. At a command prompt, type: nisadmin [computer] encryptiontype -d domain {crypt | md5} [-u usr [-p pword]] Argument computer Description Specifies the remote computer you want to administer. You can specify the computer using a WINS or DNS name, or by Internet Protocol (IP) address. Specifies the name of the domain for which the change is being made. Specifies the user name of the user whose credentials are to be used. It might be necessary to add the domain name to the user name in the form domain\username. Specifies the password of the user specified using the -u option. If you specify the -u option but omit the -p option, you are prompted for the user's password.

domain usr

pword

Note To view the complete syntax for this command, at a command prompt, type: nisadmin /? You can select the MD5 encryption method for a UNIX domain that consists exclusively of computers running Linux and using MD5 encryption. Domains that contain one or more computers using crypt or that run any other operating system must use crypt. Although Linux versions 6.2 and later support MD5 encryption, Identity Management for UNIX is not supported for versions of Linux prior to version 8.

28

Completing Server for NIS Configuration Tasks

You have completed all the tasks for initial setup of Server for NIS. If you want to configure Server for NIS on another computer, refer to the start of the Step-by-Step Guide to Setting Up Server for NIS.

See Also
Password encryption Set the encryption method for a domain