FNS and Enterprise-Level Naming Services
Enterprise-level naming services are used to name objects within an enterprise. FNS currently supports three enterprise-level naming services: NIS, NIS+, and local files.
Choosing an Enterprise-Level Name Service
When you initially set up and configure your FNS namespace with the fncreate command., See "Preparing the Namespace for FNS" for information on how to set up the namespace. the correct default name service is automatically selected for each machine.
If you later change a machine's primary enterprise-level name service, you should run the fnselect command on that machine. See "Selecting a Naming Service" for details.
FNS and Naming Service Consistency
As a system administrator one of your tasks is to maintain consistency between FNS and the underlying naming service by ensuring that the contents of FNS contexts and the files, maps, or tables of the underlying naming service correspond.
When you initially set up and configure your FNS namespace with the fncreate command as described in "Preparing the Namespace for FNS", fncreate ensures that FNS contexts are correctly created and are consistent with the underlying naming service data. After the FNS contexts have been set up, this correspondence needs to be maintained as users, hosts, printers, and so forth are added to and removed from the system. The following sections describe how to maintain FNS and name service consistency.
FNS and Solstice AdminSuite
If you have the Solstice AdminSuite product, you can use it to add, change, or delete user and host information in the underlying name service. This is a recommended method because the AdminSuite tools update the corresponding FNS namespace automatically.
Checking Naming Inconsistencies
When updates to FNS or the primary name service are made independent of the Solstice AdminSuite product, the resulting inconsistencies are resolved by the use of the FNS tool, fncheck. The fncheck command checks for inconsistencies between the FNS hostname and user contexts, and:
NIS+. The NIS+ hosts.org_dir and passwd.org_dir system tables.
NIS. The NIS hosts.byname and passwd.byname maps.
The fncheck command lists those host and user names that are in the FNS namespace but not in the name service data, and those host and user names that are in the name service data but not in the FNS namespace.
fncheck [-r][-s][-u][-t hostname|username][domain_name] |
Table 25-21 fncheck Command Options
Option | Description |
|---|---|
domain | Apply the command to an NIS+ domain other than the one in which you are running the command. |
-t | Specifies the type of context to check. Allowed types are hostname or username. |
-s | Lists host or user names from the namespace dataset that are not in the FNS namespace |
-r | Lists host or user names from the FNS namespace that do not have entries in the corresponding namespace dataset |
-u | Updates the FNS namespace based on information in the relevant namespace dataset |
The -t option is used to specify the contexts to check (host or user). If you omit the -t option, both the hostname and username contexts are checked.
When the -r option is used with the -u option, items that appear only in the FNS context are removed from the FNS context. When the -s option is used with the -u option, items that appear only in the namespace dataset are added to the FNS context. If neither -r or -s are specified, items are added and removed from the FNS context to make it consistent with the corresponding namespace data.
Selecting a Naming Service
When FNS constructs the bindings in the initial context for a machine, it does so on the basis of a particular naming service.
You can choose which name service FNS is to use with the fnselect command. The name service setting you specify with fnselect affects the entire machine, all applications running on that machine, and all users logged in to that machine.
Only root can run fnselect. The command syntax is:
fnselect [-D] [namesvc] |
Table 25-22 fnselect Command Options
Option | Description |
|---|---|
namesvc | The naming service you want to select. Must be one of: default, nisplus, nis, or files. |
-D | Display the naming service used to generate the FNS initial context. |
For example, to select NIS+ as a machine's name service:
#fnselect nisplus |
For example, to select the default as a machine's name service and print the name of the service used to generate the FNS initial context:
#fnselect -D default |
Default Naming Service
If you do not designate a naming service with fnselect, FNS uses the default naming service. The default naming service is determined by FNS based on the name service that the machine is using. If the machine is an NIS+ client, FNS uses NIS+ as the name service. If the machine is an NIS client, FNS uses NIS. If the machine is neither an NIS+ nor an NIS client, FNS uses /etc files as the machine's default name service.
When NIS+ and NIS Coexist
In rare cases you may need to access both NIS+ and NIS-based contexts. For example, you might have an NIS server running that is itself an NIS+ client. In this situation, you use the fnselect command to select the enterprise-level naming service that you want to work with.
Advanced FNS and NIS+ Issues
This section provides detailed information on the relationship between NIS+ objects and FNS objects. This information is useful when you must change the access control of FNS objects.
Note - See:
Mapping FNS Contexts to NIS+ Objects
FNS contexts are stored as NIS+ objects. All contexts associated with an organization are stored under the FNS ctx_dir directory of the associated NIS+ domain. The ctx_dir directory resides at the same level as the org_dir directory of the same domain. In other words, when running in conjunction with FNS, for every NIS+ domain or subdomain, there are corresponding org_dir, groups_dir and ctx_dir directory objects.
Use the -v option for the fnlookup or fnlist command to see the detailed description of references. The internal name field displays the name of the corresponding NIS+ object.
Browsing FNS Structures Using NIS+ Commands
The NIS+ command, nisls, can be used to list the NIS+ objects used by FNS. For example, the following commands list the contents of the NIS+ domain directory and its ctx_dir subdirectory.
# nisls doc.com. doc.com.: manf sales groups_dir org_dir ctx_dir |
# nisls ctx_dir.doc.com. ctx_dir.DOC.COM.: fns fns_user fns_host fns_host_alto fns_host_mladd fns_host_elvira fns_user_jjones fns_user_jsmith fns_user_aw |
Use the niscat command to list the contents of the fns_hosts table.
# niscat fns_host.ctx_dir altair *BINARY* *BINARY* cygnus *BINARY* *BINARY* centauri *BINARY* *BINARY* |