Network Administration 0890432-050 August 2001 Copyright 2001 by Concurrent Computer Corporation. All rights reserved. This publication or any part thereof is intended for use with Concurrent products by Concurrent personnel, customers, and end–users. It may not be reproduced in any form without the written permission of the publisher. The information contained in this document is believed to be correct at the time of publication. It is subject to change without notice. Concurrent Computer Corporation makes no warranties, expressed or implied, concerning the information contained in this document. To report an error or comment on a specific portion of the manual, photocopy the page in question and mark the correction or comment on the copy. Mail the copy (and any additional comments) to Concurrent Computer Corpora- tion, 2101 W. Cypress Creek Road, Ft. Lauderdale, FL 33309–1892. Mark the envelope “Attention: Publications Department.” This publication may not be reproduced for any other reason in any form without written permission of the publisher. UNIX is a registered trademark, licensed exclusively by X/Open Company Ltd. This document is based on copyrighted documentation from Novell, Inc. and is reproduced with permission. Printed in U. S. A. Revision History: Level: Effective With: Original Release -- August 1994 000 Power UX Version 1.1 Previous Release -- March 1999 040 PowerMAX OS Version 4.3 Current Release -- August 2001 050 PowerMAX OS Version 5.1 Preface About This Book Network Administration is directed to system administrators who are setting up and maintaining PowerMAX OS file sharing capabilities. File sharing refers to the process of making file resources on your local system available to remote systems via a network, and conversely, to the process of accessing file resources on remote systems from your local system. The OS offers a file sharing package, also called a “distributed file system,” called the Network File System (NFS). This guide tells you how to set up and administer NFS, and how to set up and administer Distributed File System (DFS), a software package that provides an interface to NFS. Also included in this guide is documentation that tells you how to set up and administer the OS implementation of TCP/IP, Remote Procedure Call (RPC), and Network Information System (NIS). Information about administering some mail service facilities associated with networking is also provided. TCP/IP is a family of network protocols that determines how data is transferred across net- work media. TCP/IP supports NFS and is provided as the TCP/IP Internet package. It is necessary that you install TCP/IP to run NFS, because NFS requires UDP/IP as its transport. UDP/IP are protocols at the transport layer in the TCP/IP protocol family. Included in TCP/IP at the application layer are a number of RPC commands and programs that allow users to perform remote operations on another host on the network as if were their own host. In addition to providing support for NFS, the RPC mechanism also supports NIS. NIS is a facility for distributed network administration. NOTE This guide is not intended to be an introduction to networking, nor to all the networking features of the OS. How This Book is Organized Because you may be setting up network services using a mix and match of applications and protocols, Network Administration is organized as seven parts that address the major topics listed below. • Part 1, “Network Services Administration” This part provides an overview of networking, together with information about selecting a network, setting up name-to-address mapping, the connection server (which establishes connections for network services that communicate over TLI connection-oriented and dialup connections), using authentication schemes (for Preface-1 Network Administration additional system security), setting up and administering ID mappings (for users on remote systems), administering and using the Basic Networking Utilities (BNU) (for communicating to other systems that support the Basic Networking Utilities), and interactive remote execution (REXEC) utilities (to allow remote administration of a machine). • Part 2, “Mail Service Administration” This part describes administration of the online facility that allows users to exchange messages. Once basic networking is configured, you don't need to do any additional administration to use the mail facility. This part, however, will help you set up some special features, such as establishing a domain name, setting up mail directories to be shared across a networked file system, and setting up a connection to another site that uses the Simple Mail Transfer Protocol (SMTP). Also describes sendmail. Sendmail provides an alternative inter-network mail transport mechanism. • Part 3, “TCP/IP Network Administration” This part provides information needed to set up and run TCP/IP on your system. The discussion includes information about configuring Internet addresses and describes how to use TCP/IP commands and files to implement a wide range of TCP/IP features. First, the part introduces you to important TCP/IP concepts you should be familiar with as an administrator. Next, it steps you through some basic TCP/IP administrative tasks. Finally, it describes some features in depth, such as domain name service and troubleshooting. This part is organized into the following chapters: “Introduction to Administering TCP/IP Networks” describes the concepts you need to understand to effectively do administration for your system. “Setting Up TCP/IP” contains step-by-step procedures for many basic tasks you need to do as an administrator. “Setting Up Routers and Subnetworks” describes how to expand and manage growing systems. “Managing TCP/IP Nodes Using SNMP” tells how to use SNMP to perform network monitoring and management functions. “Using Domain Name Service with TCP/IP” describes concepts and procedures relating to domain name service. “Troubleshooting and Tuning TCP/IP” describes how to diagnose problems and tune your system to improve TCP/IP performance. “Obtaining IP Addresses” describes how to obtain and complete IP address registration forms. “Obtaining Domain Names”, describes how to obtain and complete domain name registration forms. “Network Time Synchronization”, describes how to synchronize time among the machines on your network. • Part 4, “Distributed File System Administration” This part describes the DFS command interface for NFS. For example, the DFS software provides you with the share command, which allows you to share a resource on your system using NFS. DFS Administration is covered in the following chapters: “Introduction to DFS Administration”, “Setting Up DFS”, “Using DFS Commands and Files”, and “DFS sysadm Interface”. • Part 5, “Network File System Administration” This part tells you how to set up and maintain NFS on your system, including how to share and mount resources, how to mount resources automatically using a feature called the automounter, and how to set up Secure NFS. NFS Administration is covered in the following chapters: “Introduction to NFS Administration”, “Setting Up NFS”, “Sharing and Mounting NFS Resources Explicitly”, “Obtaining NFS Information”, “Troubleshooting and Tuning NFS”, “Setting Up Secure NFS”, Preface-2 Preface “Using the NFS Automounter”, “Using the NFS Automounter”, and “Using the NFS sysadm Interface”. • Part 6, “Remote Procedure Call Administration” This part tells you how to administer the files used by RPC, a mechanism for resource sharing between hosts used by NFS and NIS. Information about setting up and establishing secure RPC domains is also provided. • Part 7, “Network Information Service Administration” This part explains how to set up, administer, and update NIS, a distributed database service used for password and host file administration. • Glossary Contains definitions for terms and abbreviations used throughout this guide. Related Documentation The following manuals are referenced in this manual: PowerMAX OS Release Notes 0890454-reln Power Hawk Release Notes 0891058-reln PowerMAXION Release Notes 0891063-reln TurboHawk Release Notes 0891071-reln Users Guide 0890428 Compilation System Volume 1 0890459 Compilation System Volume 2 0890460 System Administration (Volume 1) 0890429 System Administration (Volume 2) 0890430 Console Reference Manuals HN6200 0830047 HN6800 0830045 Power Hawk 0830050 PowerMAXION 0830052 reln = release number Notation Conventions Used in This Book This section describes the notation conventions used in this guide. Preface-3 Network Administration • References to literal computer input and output (such as commands entered by the user or screen messages produced by the system) are shown in a monospace font, as in the following example: $ ls -l report.oct17 -rw-r--r-- 1 jim doc 3239 May 26 11:21 report.oct17 • Commands that are too long to fit on one line are separated by a backslash (\). This is not a character to be typed, but indicates that the command line continues on one line. • Substitutable text elements (that is, text elements that you are expected to replace with specific values) are shown in an italic font, as in the following example: $ cat file The italic font is a signal that you are expected to replace the word file with the name of a file. • Comments in a screen display-that is, asides from the author to the reader, as opposed to text that is not computer output-are shown in an italic font and are indented, as in the following example: . . . command interaction . . . . Press RETURN to continue. • Keyboard references are sometimes shown in a sans-serif font. Enter and Esc are two examples. • Instructions to the reader to type input usually do not include explicit instructions to press the RETURN key at the appropriate times (such as after entering a command or a menu choice) because this instruction is implied for all UNIX system commands and menus. In one circumstance, however, an instruction to press the RETURN key is explicitly provided: when, during an interactive routine, you are expected to press RETURN without having typed any text, an instruction to do so will be provided, as follows: Type any key to continue: RETURN $ • Function key equivalents, which appear at the bottom of menus and are matched to the F keys across the top or side of your keyboard, are shown in ALL CAPITAL letters. MARK and SAVE are examples of function key equivalents. When instructed to press one of these keys, press the F key that corresponds with the label on your computer screen. Preface-4 Preface • Control characters are shown by the string CTRL-char where char is a character such as “d” in the control character CTRL-d. To enter a control character, hold down the CTRL key and press the letter shown. Be sure to type the letter exactly as specified: when a lowercase letter is shown (such as the “d” in the example above), enter that lowercase letter. If a character is shown in uppercase (such as CTRL-D), you should enter an uppercase letter. • The system prompt signs shown in examples of interactive sessions are the standard default prompt signs : - the dollar sign ($) for an ordinary user - the pound sign (#) for the owner of the root login Manual Pages On-line manual pages can be viewed using the man command. References in text to “see manual page in xxx Reference Manual” implies displaying the applicable manual page using the man command. For example, entering “man cat” will display the cat(8) manual page on your terminal. Preface-5 Network Administration Preface-6 Contents Part 1 Network Services Administration Chapter 1 Introduction to Network Services Administration An Overview of Network Services Administration. . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 A Model of Network Administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 Networking Facilities. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2 Procedural Overview of BNU and REXEC Administration. . . . . . . . . . . . . . . . . . . 1-5 Set Up the Network Administrator's Login . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-5 Step 1: Set Up Network Selection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-5 Step 2: Set Up Name-to-Address Mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-6 Step 3: Set Up the listen Port Monitor. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-6 Step 4: Set Up the Connection Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-6 Step 5: Set Up the cr1 Authentication Scheme . . . . . . . . . . . . . . . . . . . . . . . . . 1-7 Step 6: Setting Up ID Mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-7 Step 7: Set Up BNU. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-8 Step 8: Set up REXEC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-8 Using the sysadm Menu Interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-9 Chapter 2 Administering Network Selection Introduction to Network Selection Administration. . . . . . . . . . . . . . . . . . . . . . . . . . 2-1 Network Selection Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2 The /etc/netconfig File. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-3 The NETPATH Environment Variable. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-6 Chapter 3 Administering Name-to-Address Mapping Introduction to Name-to-Address Mapping Administration. . . . . . . . . . . . . . . . . . . 3-1 The tcpip.so Library. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-2 The tcip_nis.so Library. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3 The resolv.so Library . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3 The straddr.so Library . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3 Chapter 4 Administering the Connection Server Introduction to Connection Server Administration. . . . . . . . . . . . . . . . . . . . . . . . . . 4-1 The Connection Server Application Interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2 Connection Server Administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2 Server Machine Administration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2 Registering Authentication Schemes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2 Client Machine Administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3 Maintaining the /etc/iaf/serve.allow File. . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3 Maintaining the /etc/iaf/serve.alias File . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-4 vii Network Administration Setting Up LIDAUTH.map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-4 Examples. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-6 The reportscheme Service. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-7 The Connection Server Authentication Scheme File . . . . . . . . . . . . . . . . . . . . . 4-8 The Connection Server Log File. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-9 The Connection Server Debug File. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-10 Chapter 5 cr1 Bilateral Authentication Scheme Introduction to the cr1 Bilateral Authentication Scheme. . . . . . . . . . . . . . . . . . . . . . 5-1 An Overview of cr1 Administration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-3 Registering cr1 with a Port Monitor. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-6 Registering cr1 with the Connection Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-6 Managing the Daemon and the Master Key. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-7 Starting and Stopping the Daemon. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-7 Creating a Master Key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-8 Setting Up the Key Database. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-8 Chapter 6 Administering ID Mapping Introduction to ID Mapping Administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-1 Setting Up Login Maps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-5 Administering an idata File. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-6 Setting Up the idata File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-7 Adding an Entry to an idata File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-8 Examples. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-9 Deleting an Entry in an idata File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-10 Deleting the idata and uidata Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-10 Checking Files and Fixing File Inconsistencies . . . . . . . . . . . . . . . . . . . . . 6-11 Displaying Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-12 Administering a uidata File. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-12 Setting Up the uidata File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-13 Enabling and Disabling User-Controlled Mapping. . . . . . . . . . . . . . . . . . . 6-14 Adding an Entry to a uidata File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-14 Deleting an Entry in a uidata File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-15 Checking Files and Fixing File Inconsistencies . . . . . . . . . . . . . . . . . . . . . 6-15 Displaying Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-16 Setting Up Attribute Maps. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-16 Setting Up an Attribute Map. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-18 Adding an Entry to an Attribute Map. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-18 Examples. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-19 Deleting an Entry in an Attribute Map. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-20 Deleting an Attribute Map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-20 Checking Files and Fixing File Inconsistencies. . . . . . . . . . . . . . . . . . . . . . . . . 6-20 Displaying Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-21 Setting Up a LID Map on a System Running the ES Utilities. . . . . . . . . . . . . . . . . . 6-22 Setting Up RLID.map. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-22 Examples. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-24 Chapter 7 Administering the Basic Networking Utilities Introduction to Basic Networking Utilities Administration. . . . . . . . . . . . . . . . . . . . 7-1 Overview of BNU . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-2 viii