Network Information Service (NIS)

[This is somewhat out of date; I have currently disabled NIS, and only use it occasionally. -- rgr, 18-Dec-04.]

Home : Linux resources : "Howto" : NIS


After changing one of the configuration files (e.g. /etc/hosts), the NIS maps need to be rebuilt by doing make in the domain master directory. For example, here's what I did after editing /etc/group to add a new group:

rgrjr:~ # cd /var/yp
rgrjr:/var/yp # make -f ../Makefile all
Updating group.byname...
Updating group.bygid...
Updating netid.byname...
rgrjr:/var/yp # 
After this update, the new group was immediately available to ypmatch on all machines. [I have no idea what netid.byname is used for, nor why it needed rebuilding then. -- rgr, 7-Aug-01.]

Steps to setting up ypserv and ypbind on a fresh machine:

  1. Pick an NISDOMAIN name, e.g. ESS-MA. This has nothing to do with DNS domains, and should be different from same.
  2. Do "nisdomainname name" to initialize it.
  3. Update the right config file to initialize the NIS domain name at boot time. (This is in /etc/sysconfig/network on RH 6.x, and in /etc/defaultdomain on SuSE 8.0.)
  4. Edit /etc/yp/Makefile and /etc/yp/securenets, following instructions in the file comments. [In /etc/yp/securenets, note that the subnet mask comes before the address. -- rgr, 19-Oct-02.]
  5. Start the server: "/etc/init.d/ypserv start"
  6. Verify that the server is up and running: "rpcinfo -u localhost ypserv".
  7. Make sure the server gets started on reboot: "chkconfig --add ypserv"
  8. [ypinit to build the maps]
  9. If required, start yppasswdd:
           /etc/init.d/yppasswdd start
           chkconfig --add yppasswdd
    
  10. Full testing requires a running client, but you can do "rpcinfo -p localhost" to verify that the server is listening. The output should include something like the following:
       program vers proto   port
        100004    2   udp    905  ypserv
        100004    1   udp    905  ypserv
        100004    2   tcp    908  ypserv
        100004    1   tcp    908  ypserv
           
    The numbers are arbitrary, except that ypserv version 2 should be listed for both TCP and UDP.
The following steps are necessary to set up the ypbind client on the server machine:
  1. Set the machine up as a client by putting a "ypserver" line in /etc/yp.conf:
           ypserver 192.168.57.1
    
    A fixed IP address is best.
  2. Start the client: "/etc/init.d/ypbind start"
  3. Make sure the client gets started on reboot: "chkconfig --add ypbind"
  4. Ensure that the client and server are talking to each other:
           rogers@localhost> ypmatch rgr hosts
           192.168.57.1	rgr.rgrjr.com	rgr
           rogers@localhost> ypmatch staff group
           staff:*:500:
           rogers@localhost> ypmatch rogers passwd
           rogers:Rn0LxKrY3l2ou:503:500::/home/rogers:/bin/bash
           rogers@localhost>
    

The following steps are necessary to set up the ypbind client on a machine other than the server:

  1. Do "nisdomainname name" to initialize the NIS domain name. This must be the same name you told the server to use.
  2. Update the right config file to initialize the NIS domain name at boot time, just as for the server.
  3. Set the machine up as a client by putting a "ypserver" line in /etc/yp.conf:
           ypserver 192.168.57.1
    
    A fixed IP address is best.
  4. Start the client: "/etc/init.d/ypbind start"
  5. Make sure the client gets started on reboot: "chkconfig --add ypbind"
  6. Note that under SuSE (at least 8.0), it is necessary to run yast2 to finish initialization, or people won't be able to log in to NIS users. The correct information should already be there (or you can enter it via the GUI), but something it does after you click "Finish" is required. [Maybe changing /etc/nsswitch.conf? Or putting "+" lines in /etc/passwd, /etc/group, and /etc/shadow? -- rgr, 30-Oct-02.]
  7. Ensure that the client and server are talking to each other:
           rogers@localhost> ypmatch rgr hosts
           192.168.57.1	rgr.rgrjr.com	rgr
           rogers@localhost> ypmatch staff group
           staff:*:500:
           rogers@localhost> ypmatch rogers passwd
           rogers:Rn0LxKrY3l2ou:503:500::/home/rogers:/bin/bash
           rogers@localhost>
    
    [This will actually work before yast2 initialization, but users still won't be able to log in. -- rgr, 30-Oct-02.]

[troubleshooting? -- rgr, 19-Oct-02.]

Resources:


Bob Rogers <rogers@rgrjr.dyndns.org>
$Id$