Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-4309: Can netcd be used along with adclient

Centrify DirectControl ,  

12 April,16 at 11:22 AM

Applies to:
 
All versions of Centrify DirectControl on AIX platforms
 
Question:
 
AIX 6.1 introduced netcd (network cache daemon) which works like nscd on Linux and Solaris. 
 
On RHEL/Solaris, the cpu utilization can be reduced on other UNIX platforms by using 'nscd' (Name Service Cache Daemon).
 
Can this daemon be utilized to reduce DNS traffic and CPU load?.

Can it be configured to work with Centrify NSS/LAM libraries directly for getpwxxx/getgrxxx calls?
 
The below reference links are provided as a courtesy:
 
 
http://www-01.ibm.com/support/docview.wss?uid=isg3T1010925
http://www.redbooks.ibm.com/redbooks/pdfs/sg247559.pdf
http://www-01.ibm.com/support/docview.wss?uid=swg21500565
http://www-01.ibm.com/support/docview.wss?uid=isg3T1010925
 
Answer:
 
Centrify looked at netcd and it appears not  all maps are supported by netcd
 
A "man of netcd" that passwd and group maps are only supported by legacy yp (nis).
 
To support computers and applications that are capable of submitting NIS client requests to a NIS server, Centrify Server Suite provides its
own Network Information Service. The Centrify Network Information Service, adnisd, is an optional process that can be installed on any computer
where adclient is installed.
 
Once installed and running, the Centrify Network Information Service functions like a  standard NIS server, but it responds to NIS client requests
using the information stored in Active Directory, including any information imported from passwd and group NIS maps or  from /etc/passwd
and /etc/group files. The Centrify Network Information Service has some of the same security limitations as a standard NIS server,
but it does allow you to  provide encrypted authentication and directory service to computers where adclient cannot be installed.
 
Configuration for netcd provided as a courtesy
 
1)  Check if netcd is running or not.  It should not be started.
 
bash-3.00# lssrc -l -s netcd

Subsystem         Group            PID          Status
 netcd            netcd            442424       active
Debug                     Inactive
 
Configuration File        /etc/netcd.conf
Configured Cache         ulm4cdc services
Configured Cache         ulm4cdc protocols
Configured Cache         ulm4cdc hosts
Configured Cache         ulm4cdc networks
Configured Cache         ulm4cdc netgroup
 
2) edit netcd.conf
 
bash-3.00# cat /etc/netcd.conf
cache yp all 1024
 
where 1024 is the size of hash table for netcd, you can change it according to the record number in maps (i.e. passwd)
 
3)  start netcd
 
bash-3.00# startsrc -s netcd
 
0513-059 The netcd Subsystem has been started. Subsystem PID is 434272.
 
4) How to setup nis (adnisd)
 
To configure the NIS client on an AIX computer:
 
5) Install adnisd for AIX 6.x using install.sh script. 
 
Note: adnisd is part of the suite and the version must match the version of adclient (DirectControl).
 
6. Stop any running NIS service and remove all files from the /var/yp/binding directory. 
 
For example, run:
stopsrc –s ypbind
 
If the computer is not already a NIS client, you can use the System Management Interface Tool (smit) and the mkclient command to add adnisd to the computer.
 
7 Open the /etc/rc.nfs file and verify that the startsrc command is configured to start the ypbind daemon:
 
if [ -x /usr/etc/ypbind ]; then
 startsrc -s ypbind
fi
 
8 Set the client’s NIS domain name to the zone name of the computer where adnisd is running. For example:
domainname zone_name 
 
9 Start the ypbind service:
startsrc -s ypbind
 
10 Restart services that rely on the NIS domain or reboot the computer to restart all services. 
 
11. By running the below commands,  you can find nis/yp record will be kept in netcd hash table.
 
bash-3.00# ypcat passwd
 
test::!:123213:123213:test:/home/test:/usr/bin/ksh
test2:!:1235:1235:test2:/home/test2:/usr/bin/ksh
 
 

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.