Hello,
I have two NIS master servers, on Solaris 10 non global zones. I have been migrating all Solaris and Linux clients from NIS to AD authentication. We don't have 100% accurate inventory. So, even though I moved majority of NIS clients to AD, there may be few Solaris servers, which are still on NIS and it may not be in inventory. I am trying to find a way, if I can track them from NIS master.
I checked "netstat -a", but it seems that IF someone logs into those clients, then I am supposed to see connection in netstat of NIS master.
If there any easy way, I can track from NIS Master server, if there are still any NIS client ?
Thanks
Hello,
The tricky part about logging NIS logins is that since the authentication actually happens on the client, and not the server, you don't really see much in a NIS server's logs to indicate that anything much has happened. All it ever knows is that a given client asked it for a copy of one of its centrally-managed authentication files. What that client did with those files, if anything, and who they authenticated as a result, if anyone, is unknown to the server.
Your best bet here might be to identify the network port that ypserv is running on, and then leave a snoop running to capture all traffic to and from that port. That way, over time, you'll be able to build up a list of all the IP addresses that are still communicating with ypserv on the NIS server.
Hope this helps ! If anyone else knows of a better or fancier way I'm sure they'll chime in, but from my side that's the best way I can think of for now at least.
2 Likes
Perhaps you can fiddle with the nis server start script so ypserv is run with an additional -v argument, and ensure (touch) a file /var/yp/ypserv.log
But it is poorly documented, and I never tried it.
I remember I used a poorly documented snoop command. (And have found it here)
snoop rpc ypprog
BTW other useful snoop commands are
snoop rpc nfs and
snoop port domain (for DNS traffic)
1 Like
Thanks. I guess, I can run this in background and after couple of days I can grep first field and sort
bash-3.2# snoop -d bge1 rpc ypprog
Using device bge1 (promiscuous mode)
e911p-adm1-prod.duperxyz.com -> wksp-dir1-prod NIS C MATCH e911q-db1-prod in ipnodes.byname
wksp-dir1-prod -> e911p-adm1-prod.duperxyz.com NIS R MATCH No such map
e911p-adm1-prod.duperxyz.com -> wksp-dir1-prod NIS C MATCH e911q-db1-prod in ipnodes.byname
wksp-dir1-prod -> e911p-adm1-prod.duperxyz.com NIS R MATCH No such map
pref-e-lsim1-prod.duperxyz.com -> wksp-dir1-prod NIS C DOMAIN pre.duperxyz.com
wksp-dir1-prod -> pref-e-lsim1-prod.duperxyz.com NIS R DOMAIN OK
pref-w-lsim1-prod.duperxyz.com -> wksp-dir1-prod NIS C DOMAIN pre.duperxyz.com
wksp-dir1-prod -> pref-w-lsim1-prod.duperxyz.com NIS R DOMAIN OK
cmudssw-bimg001-prod.duperxyz.com -> wksp-dir1-prod NIS C DOMAIN pre.duperxyz.com
wksp-dir1-prod -> cmudssw-bimg001-prod.duperxyz.com NIS R DOMAIN OK
wksp-dturp-exe1-prod.duperxyz.com -> wksp-dir1-prod NIS C DOMAIN duperxyz.com
wksp-dir1-prod -> wksp-dturp-exe1-prod.duperxyz.com NIS R DOMAIN Fail
wksp-dturp-exe1-prod.duperxyz.com -> wksp-dir1-prod NIS C DOMAIN_NONACK duperxyz.com
wksp-dir1-prod -> wksp-dturp-exe1-prod.duperxyz.com RPC R (#13) XID=1679470436 Garbage arguments
wksp-dturp-exe1-prod.duperxyz.com -> wksp-dir1-prod NIS C DOMAIN_NONACK pre.duperxyz.com (retransmit)
If you really run snoop in the background then redirect the output to a file.
A side note:
This is from a Solaris NIS client that has nis in the ipnodes: entry in /etc/nsswitch.conf.
Remove the nis - ipnodes never comes from NIS!
Got it.. I will do that. Thanks for help. Will keep it running till this weekend and hopefully it should catch all clients.
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.