Novell Documentation: NetWare NFS Services 3.0

Migration

If you already have an UNIX NIS Server (text-based) and you want the new NetWare NIS Server to serve the same data served by the old NIS server, you can copy all those text files into the specified location and then run the migration utility to create NDS entries for a specified domain.

The migration utility creates the Domain object in the default context as well as two other containers in the same context with the names domainname_U and domainname_G. During the migration, the utility searches for existing NDS users and groups under the containers specified by the SEARCH_ROOT configuration parameter (specified in NFS.CFG) and, based on the migration option specified, modifies the UNIX information of those objects. If the objects are not found, the users are migrated to domainname_U and the groups are migrated to domainname_G. The rest of the data is migrated under the Map objects created under the Domain object.

IMPORTANT: The User and Group objects will not be created under the passwd and group Map objects. They will spread across the NDS tree and DomainName_U, DomainName_G depending upon the SEARCH_ROOT configuration parameter.

Maps can be migrated using the following three options:

UPDATE---(Default) Updates all existing objects' information with the new information. If no objects exist, it creates new ones.

REPLACE---Deletes all existing objects and creates new ones. For passwd and group maps, the old objects are not deleted.

MERGE---Retains all existing objects' information and logs them as conflicting records in the MAKENIS.LOG file. If no objects exist, it creates new ones.

NOTE: The password for a migrated UNIX user who already has the password, cannot be set from an NIS client. A password can be set from NIS client only for users who do not have a password.

For more information on UNIX user management, see UNIX User Management using NDS.

File-Based Migration

Migration, by default uses the makefile SYS:ETC/NIS/NISMAKE, which contains the location of the text file for every map. The general syntax of the migration utility is:

makenis [-r resultfilename -[r]d domainname [-n context] [-f nismakefilename] {[mapname -[l|b]p line or byte object in mapname]...}

Makenis now adds users to the Members attribute, gives the user the rights equivalent to that of the group, and updates its Group Membership attribute.

NOTE: All options should be used only in the specified order.

In general, to create a domain and migrate data or to use the existing domain object, use the following format:
makenis -d domainname

The parameter domainname is mandatory.
To capture the results of the migration, use the following format:
makenis -r resultfilename -d domainname
To remove the existing domain data and then migrate, use the following format:
makenis -rd domainname
To specify the context where you want to create your Domain object and data, enter it as the contextname:
makenis -d domainname -x contextname

Edit the context parameter by prefixing each of the dots in the Relative Distinguished Names with a backslash (\) to distinguish them from NDS names.
To specify an NIS makefile other than the default SYS:ETC/NIS/NISMAKE, use the following format:
makenis -d domainname -f makefilepath

To specify the text files that you want to migrate, modify the NIS makefile. The NIS makefile is in the following format:
```
map name    full path    parameters (if any)
```
The comment character is the pound sign (#).

If nothing is specified, all the files in the makefile are migrated.

For each map, you can specify the SECURE parameter so that only requests coming from secure ports are able to access the data. You can also specify the migration options: UPDATE, REPLACE, or MERGE.

For the Password map, you can specify two additional parameters: -u uid (which stops users with a UID less than a particular value from migrating to NDS) and AUTOGEN (which generates a UID from the program itself).

You must specify the text file in the full path in DOS name format.
To migrate specific maps, use the following format:
makenis -d domainname mapname1, mapname2
To migrate a map from a particular offset in a specified map text file, use the following format:
makenis -d domainname mapname -lp lineoffset

Or
makenis -d domainname mapname, -bp byteoffset

Line offset is used to start migration from a particular line from the map text file. If the migration fails while migrating large maps, instead of migrating it again from the beginning, you can specify the byteoffset to start from the offset specified in the migration log file. For more details on this offset, refer to the description of the configuration parameter FILEMARK_LOG_FREQ in NIS.CFG.

ConsoleOne-Based Migration

In the left panel of ConsoleOne, click The Network.
Select the server's tree where you want to manage the domains and maps.
Click the toolbar M icon. The following panel appears.

Figure 6
Migration Panel
To migrate a domain, enter the NetWare Host Name/IP Address, Domain Name, and Domain Context.
To set the NIS Server as master for this specified domain, check Set the Specified Host As Master Server.
In the Master Server Information section, check Clear Existing Maps if you want to clear the maps already present.
Click the radio button for the type of the migration you want to perform: Replace, Update, or Merge.
To set the NIS Server as Slave Server, enter the Master Server Name/IP Address in the Slave Server Information section.
To migrate the domain for default maps, click Migrate.

The available default maps are ethers, hosts, networks, protocols, RPC, services, passwd, group, netgroup, and bootparams. By default, these files should be present in SYS:\ETC\NIS.
To migrate the domain for specific maps, click Advanced to go to the Map Information panel.

Figure 7
Map Information Panel
1. Click either Default Maps or Other Maps.
2. Select the desired maps from the list, deselect the maps you do not want to migrate, and click OK.
To modify an existing map or add a new map, click Add to go to the Add Map panel.

Figure 8
Add Map Panel
1. Enter the Map Name and the Text File name.
2. If you want to enable secure access to the map, click Secure.
3. In the Comment Character box, enter the comment character present in the specified text file and click OK.
  
  The default comment character is #.
Click Migrate.

Managing Users and Groups

You can add and modify the information of a User or Group object that already exists in NDS.

Modifying User Information

In the left panel of the ConsoleOne main menu, click the NDS tree where the object resides.

If you do not find the tree, click Novell Directory Services and then select the tree and log in to it.
Double-click the container named domainname_U, where the User objects reside.

The User objects under this particular container appear.
Right-click the User object whose properties you want to change and click Properties.

The following panel appears, displaying the various tabs that should be specified to add and modify the user information in NDS.

All the tabs except the UNIX Profile tabs are standard forms.

Figure 9
UNIX Profile Tab of User Properties Panel
To modify the UNIX user profile, click UNIX Profile and specify the information in the following fields:
User ID---The users' UNIX UID.
Primary Group---The group ID (GID) of the group this user belongs to. To enter the GID of the user, click Browse and select the appropriate group.
Login Shell---The preferred login shell of the user.
Home Directory---The home directory the user wants to be placed in while logging in to the system.
Comments---Any other comments that the user might want to specify.
Reset UNIX Password---Use to reset the user's UNIX password.
Click Apply > OK.

Modifying Group Information

In the left panel of the ConsoleOne main menu, click the NDS tree where the object resides.

If you do not find the tree, click Novell Directory Services and then select the tree and log in to it.
Double-click the container domainname_G, where the Group objects reside.

The groups under this particular container appear.
Right-click the Group object whose properties you want to change and click Properties.

The following panel appears, showing the various forms which should be specified to add and modify the group information in NDS.

All the forms except the UNIX Profile form are standard forms.

Figure 10
UNIX Profile Tab of Group Properties Panel
To modify the UNIX group profile, click the UNIX Profile tab and specify the information in the following field:
Group ID---The group's UNIX GID.
Click Apply > OK.

Adding a New User or Group

To add a new user, do the following:

In the left panel of the ConsoleOne main menu, click the context where you want to add the new user.
Select File > New, and then click User.
Enter the UNIX Profile of the user.

To add a new group, do the following:

In the left panel of the ConsoleOne main menu, click the context where you want to add the new group.
Select File > New, and then click Group.
Enter the UNIX Profile of the group.

To make this newly added user/group an NIS User and NIS Group record, select the Other Tab and add the attribute nisUserGroupDomain to the object. This attribute holds a list of the domains to which the User/ Group belongs.

IMPORTANT: When any update to a UNIX profile is done from ConsoleOne, execute NFSSTOP and NFSSTART, for NFS server to get the modified UNIX information.

Deleting a User or Group

To delete a user, do the following:

In the left panel of the ConsoleOne main menu, click the context where you want to delete the user from.
To delete the user from all the domains and from NDS, select the user and delete by pressing the Delete key on the keyboard.

Or,

To delete the user from a specific domain, right-click User > Properties > Other Tab > nisUserGroupDomain attribute > Select the domain and delete by clicking the Delete button.

To delete a group, do the following:

In the left panel of the ConsoleOne main menu, click the context where you want to delete the group from.
To delete the user from all the domains and from NDS, select the group and delete by clicking the delete button.

Or

To delete the group from a specific domain, right-click Group > Properties > Other Tab > nisUserGroupDomain attribute > Select the specific domain and delete by clicking the Delete Button.

NIS User/Group Migration from to NetWare NFS Services 3. 0 SP3

Multi Domain Support

NIS in NetWare NFS Services 3.0 SP3 is enabled with multidomain support. Multidomain support displays all the users/groups for a specific domain. The nisUserGroupDomain attribute enables the multidomain support. Every user/group has the nisUserGroupDomain attribute which contains the list of domains under which the user/group is present.

For example, the multi-domain support enabled user user1 with the nisUserGroupDomain attribute has one.dom value and the user2 with the nisUserGroupDomain attribute has one.dom and two.dom values.

NOTE: The user / group's nisUserGroupDomain attribute is updated as part of migration through makenis or ConsoleOne migration wizard. Therefore, there is no need to manually add the nisUserGroupDomain attribute or update its value to add a user/group in a domain.

Migration to NetWare NFS Services 3.0 SP3

The schinst -n is executed as part of the NetWare NFS Services 3.0 SP3 installation.

For example, on adding NewONEuser1 and NewONEuser2 in passwd file and migrating, the following happens:

NewONEuser1 and NewONEuser2 gets added in NDS.
The UNIX profile is set according to the UNIX attributes mentioned in the passwd file.
The nisUserGroupDomain attribute is added and its value will be updated as ONE.dom.

The same sequence of events happens for groups also.

When migrating another set of users/group to a fresh domain, say CSP7.dom with CSP7_user1, CSP7_user2 in passwd file and CSP7_group1, CSP7_group2 in group file, the following things happen automatically:

CSP7_user1, and CSP7_user2 are added to NDS.
The UNIX profile is set according to the UNIX attributes specified in the passwd file.
The nisUserGroupDomain attribute is added and its value will be updated as CSP7.dom.
The CSP7.dom is added to the domain list of NISSERV_ object.

The same sequence of events will happen for the groups CSP7_group1 and CSP7_group2.

Managing Migration Utility Log Files

When the migration utility, makenis is executed, the log file MAKENIS.LOG is created by default in SYS:\ETC\NIS. This file records messages that provide following information:

The containers added such as domainname container, domainname_U (for users), domainname_G (for groups)
The maps added and attached to the container
Parsing statistics for each map. For example, the number of records read, migarated, conflict and invalid records
Conflicting record details are logged