NIS learning records in AIX

Through learning about NIS, I feel that the NIS domain is very similar to the WINDOWS NT 4.0 Domain. Make an analogy by yourself:
1. Role Comparison
Nis nnt 4.0
Nis master server pdc master Domain Controller)
Nis slave server bdc auxiliary Controller)
Nis client nt member server)
PS: there are common clients such as WIN9x in the domain of NT 4.0, and there is no corresponding role in the NIS domain.
2. There can only be one PDC in NT 4.0 and multiple BDC. There can only be one master server in NIS and multiple SLAVE servers.
3. The Domain Information on the PDC in NT 4.0 can be manually or automatically synchronized to the BDC. The Domain Information on the master server in NIS can also be manually or automatically synchronized to the slave server.
4. Multiple NT 4.0 domains can be created in the same physical network, and different domains do not affect each other. The same is true for NIS ......

About NIS, I have done a few experiments and simply recorded the following machine names and IP addresses. I have replaced them, haha ):
Lab 1
Objective: to verify whether the nis client in different network segments of the nis master server works normally.
Lab environment:
Nis master server: aix0510.104.83.86)
Nis client: aixtest10.101.162.60)
Experiment process description:
Aix05: smitty chypdom, smitty mkmaster
Aixtest: smitty chypdom and smitty mkclient specify the SERVER address)
Lab result: Successful.
Experiment conclusion: you can log on to aixtest with an account that only exists on aix05.
Lab 2
Objective: to verify whether the nis client with the same network segment as the nis master server works normally.
Lab environment:
Nis master server: aaa3p10.101.176.31)
Nis client: aaa3t10.101.176.32)
Experiment process description:
Aaa3p: smitty chypdom, smitty mkmaster
Aaa3t: smitty chypdom, smitty mkclient do not specify the SERVER address, broadcast)
Experiment results: if the SERVER address is not specified, the operation is successful or fails. If the SERVER address is specified, no problem occurs.
Experiment conclusion: Since the SERVER address must be specified, the nis master server and nis client must not be in the same network segment.
Lab 3
Objective: To simulate whether the nis client can use the local/etc/passwd account to log on when the network communication between the nis master server and nis client is interrupted due to a SITE power failure or other reasons.
Lab environment:
Nis master server: aix0510.104.83.86)
Nis client: aixtest10.101.162.60)
Experiment process description:
Aix05: Unplug the network cable
Aixtest: Try to log on via TELNET
Lab result: failed. The "login:" prompt is always unavailable in the new TELNET window. However, if a TELNET window is not closed before, you can log on to the local account after stopsrc-s ypbind.
Experiment conclusion: When network communication is interrupted, no account can log on to the nis client.
Lab 4
Objective: To test whether ypbind on nis client can be remotely disabled.
Lab environment:
Any AIX: aix0410.104.83.85)
Nis client: aixtest10.101.162.60)
Experiment process description:
Aixtest: Modify srcmstr in/etc/inittab to srcmstr-r, modify/etc/hosts, add aix04, modify/etc/hosts. equiv, and add aix04.
Lab result: failed. Under normal circumstances, stopsrc-h aixtest-s ypbind can be used. However, if the network communication between the nis master server and the nis client is interrupted, the preceding command fails. Also, HEALTHCHECK reports:/ETC/HOSTS. EQUIV must not be used as an access control mechanic.
Experiment conclusion: When network communication is interrupted, you cannot remotely disable ypbind on the nis client to log on with a local account.
Lab 5
Tutorial purpose: to test whether the nis client works normally in three similar cases after being upgraded to the nis slave server.
Lab environment:
Nis master server: aix0510.104.83.86)
Nis slave server: aixtest10.101.162.60)
Experiment process description:
Aix05: Unplug the network cable
Aixtest: smitty mkslave, ypset 127.0.0.1
Lab result: Successful.
Experiment conclusion: As the nis client is upgraded to the nis slave server and bound to itself, the SERVER does not need to be verified by the nis master server during account logon, therefore, even if the nis master server fails, the logon process of the nis slave server account is not affected.
Lab 6
Objective: to verify whether the information of nis slave server and nis slave server can be synchronized.
Lab environment:
Nis master server: aix0510.104.83.86)
Nis slave server: aixtest10.101.162.60)
Experiment process description:
Aix05: change the password of an account; make; yppush
Aixtest: use the new password to try TELNET
Lab result: Successful.
Experiment conclusion: You can use the above commands for manual synchronization, or you can use crontab for regular synchronization.
Lab 7
Objective: To test whether a local user can log on to the nis slave server or nis client.
Lab environment:
Nis master server: aix0510.104.83.86)
Nis slave server: aixtest10.101.162.60)
Experiment process description:
Aixtest: mkuser root2; new file/etc/irs. conf
Lab result: Successful.
Experiment conclusion: the second ROOT account can be created on the nis slave server or nis client, and this account can only be used on this machine.
Additional instructions:
1. The content of/etc/irs. conf is as follows:
Passwd nis continue
Passwd local
It verifies the user's password through NIS first. If the password fails, it adopts the local authentication method.
Lab 8
Objective: to verify whether the nis client can log on normally after the nis master server is rectified.
Lab environment:
Nis master server: aix0510.104.83.86)
Nis client: aixtest10.101.162.60)
Experiment process description:
Aix05: Unplug the network cable for a period of time and insert it back.
Aixtest: You can also unplug the network cable for a period of time and insert it back.
Lab result: failed. The "login:" prompt is always unavailable in the new TELNET window.
Experiment conclusion: if all the settings remain unchanged, you only need to unplug the network cable from the nis master server or nis client for a period of time. Even after the network cable is plugged back, the nis client cannot log on.
To sum up, NIS can basically meet the purpose of managing multiple AIX instances with one account. Through the above experiments, I personally think the better way is: You don't have to add all AIX to the NIS domain; if there are no more than 10 AIX servers in the NIS domain), one SERVER is used as the NIS MASTER SERVER, all other servers are used as nis slave servers.

1. Configure the NIS server and client in RHEL 5
2. How to configure an instance for NIS on RHEL
3. RHEL5.1 Master/Slave NIS server configuration and Testing