All versions of Centrify DirectControl on AIX platforms
AIX 6.1 introduced netcd (network cache daemon) which works like nscd on Linux and Solaris.
On RHEL/Solaris, the cpu utilization can be reduced on other UNIX platforms by using 'nscd' (Name Service Cache Daemon).
Can this daemon be utilized to reduce DNS traffic and CPU load?.
Can it be configured to work with Centrify NSS/LAM libraries directly for getpwxxx/getgrxxx calls?
The below reference links are provided as a courtesy:
Centrify looked at netcd and it appears not all maps are supported by netcd
A "man of netcd" that passwd and group maps are only supported by legacy yp (nis).
To support computers and applications that are capable of submitting NIS client requests to a NIS server, Centrify Server Suite provides its
own Network Information Service. The Centrify Network Information Service, adnisd, is an optional process that can be installed on any computer
where adclient is installed.
Once installed and running, the Centrify Network Information Service functions like a standard NIS server, but it responds to NIS client requests
using the information stored in Active Directory, including any information imported from passwd and group NIS maps or from /etc/passwd
and /etc/group files. The Centrify Network Information Service has some of the same security limitations as a standard NIS server,
but it does allow you to provide encrypted authentication and directory service to computers where adclient cannot be installed.
Configuration for netcd provided as a courtesy
1) Check if netcd is running or not. It should not be started.
bash-3.00# lssrc -l -s netcd
Subsystem Group PID Status
netcd netcd 442424 active
Configuration File /etc/netcd.conf
Configured Cache ulm4cdc services
Configured Cache ulm4cdc protocols
Configured Cache ulm4cdc hosts
Configured Cache ulm4cdc networks
Configured Cache ulm4cdc netgroup
2) edit netcd.conf
bash-3.00# cat /etc/netcd.conf
cache yp all 1024
where 1024 is the size of hash table for netcd, you can change it according to the record number in maps (i.e. passwd)
3) start netcd
bash-3.00# startsrc -s netcd
0513-059 The netcd Subsystem has been started. Subsystem PID is 434272.
4) How to setup nis (adnisd)
To configure the NIS client on an AIX computer:
5) Install adnisd for AIX 6.x using install.sh script.
Note: adnisd is part of the suite and the version must match the version of adclient (DirectControl).
6. Stop any running NIS service and remove all files from the /var/yp/binding directory.
For example, run:
stopsrc –s ypbind
If the computer is not already a NIS client, you can use the System Management Interface Tool (smit) and the mkclient command to add adnisd to the computer.
7 Open the /etc/rc.nfs file and verify that the startsrc command is configured to start the ypbind daemon:
if [ -x /usr/etc/ypbind ]; then
startsrc -s ypbind
8 Set the client’s NIS domain name to the zone name of the computer where adnisd is running. For example:
9 Start the ypbind service:
startsrc -s ypbind
10 Restart services that rely on the NIS domain or reboot the computer to restart all services.
11. By running the below commands, you can find nis/yp record will be kept in netcd hash table.
bash-3.00# ypcat passwd