ROOTVG

Hello to all  ..
Here is a summery of an attempt to create a redundant NIS environment based on “ypservers” file on the clients (to avoid broadcasting).

OS & Environment
All computers installed with Aix 5.3 TL5 SW3
All computers are located in the same subnet (and the same physical network)

Purpose
Creating a redundant NIS environment for centralized authentication and host resolving procedure.
No broadcasting is allowed since I found out that my clients needs 60 sec binding the slave server in case of a disaster on the NIS master computer.

Actions
1.   Creating the NIS master from SMITTY
2.   ypcat -k ypservers generated output with the name of the NIS master.
3.   ypcat -k ypservers > /tmp/ypservers
4.   /tmp/ypservers was edited to include the slave NIS server
5.   cat /tmp/ypservers | makedbm - /var/yp/`domainname`/ypservers
6.   on the master ypcat -k ypservers generated output with both computers (Nis & Slave)
7.   On the slave server executed /usr/etc/yp/ypinit -s <master> and starting the ypserv daemon with /usr/etc/ypserv command.
8.   on the slave server ypcat -k ypservers generated output with both computers (Nis & Slave)
9.   Setting the domain name on the client computer.
10.   On the client : creating /var/yp/binding/domainname/ypservers file that has both internet addresses of the both NIS servers
11.   Binding the clients to the domain
12.   Notice that the /etc/rc.nfs file does not have a "ypset" line in it to an implicit NIS server.
13.   On the client ypwhich command take some time in the first execution (insinuating the broadcasting procedure that I did not expect to happened) but eventually shows that the client has bound to the NIS master.
14.   Creating another client as described above.
15.   Resolving and Authenticating through NIS tested OK

Testing the redundant NIS environment

16.   Halting the NIS master.
17.   Both clients hangs for about 60 seconds although they have the ip address to the slave NIS server under /var/yp/binding/domainname/ypservers .
18.   After apro'x 60 sec both clients bind to the domain (ypwhich shows that they bounded to the NIS slave)
19.   Resolving and Authenticating through NIS tested OK implicating that the NIS slave is functioning ok and has all the maps that the environment needs.
20.   As written in the a-z nis redbook, I created On both clients the environment variable YPBIND_MAXWAIT and set it to 1
21.         I also created the environment variable YPBIND_SKIP and set it to 1.
22.   Stopped ypbind daemon (stopsrc –s ypbind) on both clients and started them again with the above environment variables.
23.   Same results when halting the NIS master.

Conclusion
Although /var/yp/binding/domainname/ypservers file is exist, Broadcasting accurse  ??? ( or somethig else happened or not happening .. ) while NIS master is halted causing the clients to hang while trying to bind to the domain.

While this is acceptable in our development site (a non time critical environment) this is not acceptable in our operational site which can not be hanged when the NIS master is “passed away”.

Can anyone verify this ?
IBM tech support has nothing to say about this beside "Move to a higher TL ..  ??? but they didn't find any records of this phenomenon in TL's prior to TL 7.. )

Thanks in advance,

Lior

Sorry for my "short" post ..  :D
 

Since we dropped the exercise in HACMP class to use NIS Slaves in the cluster I have not touched NIS.

All I can say is that it worked fine as a protocol, but practically every customer I had moved to LDAP based solutions - as they consider NIS+ too complex, and also not secure enough.

And - I'll just mention that AIX has a built in LDAP solution - but I dont know enough about secondary LDAP servers to say if it has a standby server also built-in.