"Graham C. Knight" grahamk@ast.lmco.com wrote:

After battling this same problem for months i finally put some hooks into my makefile.nis that copies the files locally to all our filers and turned off NIS. You are correct, Netapp's are not good NIS clients.

Another thing to bear in mind is the risk of somebody dropping a laptop on the net with an NIS server claiming to serve your NIS domain. (Think laptop on battery power after a power outage - the legit NIS server is likely to come up after the NetApp, so the intruder's laptop is the only thing there to reply to NIS requests.) If somebody can do that, then they own all the files on the filer. For this reason, we don't broadcast for an NIS server, but explicitly bind to a particular server out of /etc/rc . The problem is that if that machine ever goes down, even for a short time, the NetApp loses its binding to it and we have to re-bind to it by hand. Copying the files to the NetApp would definitely be more robust.

(IP spoofing is another potential problem, of course.)

-j.

Jay Sekora jay@ccs.neu.edu Unix Systems Administrator Northeastern University College of Computer Science