Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >

KB-4309: Can netcd be used along with adclient

Authentication Service ,  

12 April,16 at 11:22 AM

Applies to:
All versions of Centrify DirectControl on AIX platforms
AIX 6.1 introduced netcd (network cache daemon) which works like nscd on Linux and Solaris. 
On RHEL/Solaris, the cpu utilization can be reduced on other UNIX platforms by using 'nscd' (Name Service Cache Daemon).
Can this daemon be utilized to reduce DNS traffic and CPU load?.

Can it be configured to work with Centrify NSS/LAM libraries directly for getpwxxx/getgrxxx calls?
The below reference links are provided as a courtesy:
Centrify looked at netcd and it appears not  all maps are supported by netcd
A "man of netcd" that passwd and group maps are only supported by legacy yp (nis).
To support computers and applications that are capable of submitting NIS client requests to a NIS server, Centrify Server Suite provides its
own Network Information Service. The Centrify Network Information Service, adnisd, is an optional process that can be installed on any computer
where adclient is installed.
Once installed and running, the Centrify Network Information Service functions like a  standard NIS server, but it responds to NIS client requests
using the information stored in Active Directory, including any information imported from passwd and group NIS maps or  from /etc/passwd
and /etc/group files. The Centrify Network Information Service has some of the same security limitations as a standard NIS server,
but it does allow you to  provide encrypted authentication and directory service to computers where adclient cannot be installed.
Configuration for netcd provided as a courtesy
1)  Check if netcd is running or not.  It should not be started.
bash-3.00# lssrc -l -s netcd

Subsystem         Group            PID          Status
 netcd            netcd            442424       active
Debug                     Inactive
Configuration File        /etc/netcd.conf
Configured Cache         ulm4cdc services
Configured Cache         ulm4cdc protocols
Configured Cache         ulm4cdc hosts
Configured Cache         ulm4cdc networks
Configured Cache         ulm4cdc netgroup
2) edit netcd.conf
bash-3.00# cat /etc/netcd.conf
cache yp all 1024
where 1024 is the size of hash table for netcd, you can change it according to the record number in maps (i.e. passwd)
3)  start netcd
bash-3.00# startsrc -s netcd
0513-059 The netcd Subsystem has been started. Subsystem PID is 434272.
4) How to setup nis (adnisd)
To configure the NIS client on an AIX computer:
5) Install adnisd for AIX 6.x using script. 
Note: adnisd is part of the suite and the version must match the version of adclient (DirectControl).
6. Stop any running NIS service and remove all files from the /var/yp/binding directory. 
For example, run:
stopsrc –s ypbind
If the computer is not already a NIS client, you can use the System Management Interface Tool (smit) and the mkclient command to add adnisd to the computer.
7 Open the /etc/rc.nfs file and verify that the startsrc command is configured to start the ypbind daemon:
if [ -x /usr/etc/ypbind ]; then
 startsrc -s ypbind
8 Set the client’s NIS domain name to the zone name of the computer where adnisd is running. For example:
domainname zone_name 
9 Start the ypbind service:
startsrc -s ypbind
10 Restart services that rely on the NIS domain or reboot the computer to restart all services. 
11. By running the below commands,  you can find nis/yp record will be kept in netcd hash table.
bash-3.00# ypcat passwd