Groups and Users


If necessary, i.e. to allow more than 2 concurrent users, change the number of licensed users (64 or larger, AIX <=4.2 only ?):
smit - System Environments - Change / Show Number of Licensed Users

  Maximum number of FIXED licenses                   [64]                      #
  FLOATING licensing                                  off                     +

Local groups and users

Use smitty (or edit /etc/group) to create groups. Use smitty to create users.

NIS managed groups and users

NIS client

  1. smit - Communications Applications and Services - NFS - Network Information Service (NIS) - Change NIS Domain Name of this Host
    * Domain name of this host                           [BIOxxxx_NIS]
    * CHANGE domain name take effect                      both                    +
       now, at system restart or both?
    
  2. If the machine should receive NIS client services:
    smit - Communications Applications and Services - NFS - Network Information Service (NIS) - Configure / Modify NIS - Configure this Host as a NIS Client
    * START the NIS client now,                           both                    +
       at system restart, or both?
      NIS server - required if there are no              []                       +
       NIS servers on this subnet
    
    Then a directory /var/yp/binding should contain the two files BIOxxxx_NIS.1 and BIOxxxx_NIS.2. Be patient, this might take some time.
  3. To avoid NIS client hangs when NIS server unavailable, in /etc/environment
    YPBIND_MAXWAIT=5          # 5 seconds wait, then quit
    
  4. /etc/passwd
    on a NIS client should contain only root stuff and end with one of the entries:
    +::0:0:::
    +::::::
    
  5. /etc/security/passwd
    on a NIS client should contain only root stuff.
  6. /etc/group
    on a NIS client should contain only root stuff and end with:
    +:
    
    which forces lookup on the NIS master or slave server whenever a password is requested.
    On a GSI NIS server it should define the groups bio, loadl, biodev, thdev, thoper.

NIS master

Set up a new master host for users, groups:
  1. Of course inetd and portmap must run and /usr/sbin must be in $PATH
  2. /etc/passwd, /etc/security/passwd, /etc/group must exist and contain all necessary authentication information.
    Note that a record in a NIS map is limited to 1024 byte, which can be exceeded already by a number of users per group of 100-something. In this case a group entry in /etc/group must be modified:
    grp:!:1007:user1,user2,user3   
                                 # same group ID, new dummy name:
    grp:!:1007:user1,user2
    grp1:!:1007:user3
    
  3. If the host currently is a NIS client or slave, use smitty to remove the old configuration.
  4. Set the new NIS domain name (e.g. BIOxxxx_NIS):
    smitty chypdom
    
  5. Build the NIS maps (in /var/yp/BIOxxxx_NIS) with
    smitty mkmaster 
    
    select start for the daemons ypupdated, yppasswdd.
  6. In case of future changes of users/passwords, the NIS maps have to be re-made and redistributed to potenial slave servers, use
    cd /var/yp
    make         # for e.g. a new user
    make passwd  # for a mere password change 
    
    There's also the yppush command to distribute maps.

NIS slave servers

Receive replicates of the master's maps. Set up in a similar fashion as the master, except that they are defined by
smitty mkslave     # rather than mkmaster
If this NIS slave server is not on same IP network as the NIS master server that is, a gateway router is positioned between the slave server and the master server), you must explicitly identify the NIS master server
ypset <IP-addr-of-master-server>
If the slave server should also be client, it must be configured as such as well.
Do not forget to inform the master server about the existence of its slaves.
Last updated: 16-Jun-2008, M.Kraemer