michael@vision.mit.edu (Michael J. Wargo) (03/14/89)
Boy, do I need help! First, the background. I set up a 386i as a master server on a subnet of MIT's campus network (18.82 within 18). When I "just turned on the second 386i to automatically configure it".... It was given a default name, 'oak', that I didn't want. After working to get the name that we wanted, 'bohr', (guess what we teach), I found out that, yes, it had connected to the existing YP domain (YP.emg.mit.edu) but after adding the first user at bohr, the next user's home directory (that I wanted to add to bohr) had to be added (by SNAP) to my original 386i (YP master, agricola). Trying to add it to bohr resulted in an error message indicating that there were security problems, and that I should check the /var/adm/messages file on bohr. The file said that there might be a problem with the publickey file on the YP master, agricola. 'oak' was still there in pubickey. I killed it and remade the YP database, but it didn't help in letting me add another user to bohr. (Same error message from SNAP.) I had (I, thought) RTFM, but when things started going south, I re-read (read) the 'Sun386i Administrator's & Developer's Notes - December 1988', p.6 where it said that there was a problem with user accounts, public credentials, secure RPC and the rest of the known universe. The last thing it says in the section (p. 7), is that "you must delete the /etc/.rootkey file on that system, along with /etc/keystore, before you reboot the system". After doing just this, and rebooting, the system (bohr) informed me that secure RPC's could not be provided since /etc/.rootkey was missing! Time Passes .....*further RTFM*..... In the "Security Features Guide", 'Secure Networking, 6.1 #4, p.72, it says: "Administrators should take care not to delete /etc/keystore and /etc/.rootkey (the latter file contains the private key for root)." Have I really screwed up, or is there an elegant guru's out to this? Is this a case of 'catch 22' (manual writer's non-communication with themselves) or have I not *really* RTFM? **SECOND AND THIRD QUESTIONS** There seems to be no indication in TFM as to how to loadc SunOS Applications onto a 386i without a tape drive (bohr) from one with one (agricola). One more question. Is there a way to add a new 386i to our YP domain if it's outside our subnet. i.e. add a 386i (babel) in 18.80.**.** to my 386i YP master (agricola) in 18.82.**.**? This option exists in the start-up on a new 386i ('add to an existing YP network'), but when you provide the YP domain (YP.emg.mit.edu) at the prompt, the new system cannot go through the intervening gateways (2 of 'em) to get to my YP master. Thanks for all the help, I've just been a listener so far. Mike ARPA: michael@vision.mit.edu 'the Masscomp that works' michael@agricola.mit.edu 'the 386i that should' USPS: Michael J. Wargo 'ma bell': 617-253-3295 MIT, Room 13-4057 Cambridge, MA 02139