Is this the reason that you all do this? I thought it was because Corp IT never had reliable NIS services and you were binding to a server that you knew was "blessed" and stable?

Anyways, I'm the Corp IT Manager watching over the LAN, and a boatload of services, including NIS at this time. I know that Duane is installing new NIS servers/slaves per network over in San Tomas to improve the quality of our NIS services.

The questions, though, is that are people going to continue to hardcode in a server, so even if I had 5 NIS servers/slaves per network, it wouldn't make a difference?

(no, we aren't doing 5, ;) but I just threw that out to make a point)

Thanks.

-----Original Message----- From: Jay Sekora [mailto:jay@ccs.neu.edu] Sent: Tuesday, July 06, 1999 9:43 AM To: toasters@mathworks.com Subject: Re: NIS Problems

"Graham C. Knight" grahamk@ast.lmco.com wrote:

After battling this same problem for months i finally put some hooks into my makefile.nis that copies the files locally to all our filers and turned off NIS. You are correct, Netapp's are not good NIS clients.

Another thing to bear in mind is the risk of somebody dropping a laptop on the net with an NIS server claiming to serve your NIS domain. (Think laptop on battery power after a power outage - the legit NIS server is likely to come up after the NetApp, so the intruder's laptop is the only thing there to reply to NIS requests.) If somebody can do that, then they own all the files on the filer. For this reason, we don't broadcast for an NIS server, but explicitly bind to a particular server out of /etc/rc . The problem is that if that machine ever goes down, even for a short time, the NetApp loses its binding to it and we have to re-bind to it by hand. Copying the files to the NetApp would definitely be more robust.

(IP spoofing is another potential problem, of course.)

-j.

Jay Sekora jay@ccs.neu.edu Unix Systems Administrator Northeastern University College of Computer Science