Software
Mandrake is kind enough to provide the 3 required RPMs:
The server itself will need ypserv and yp-tools, but
will only need ypbind if it plans on also acting as a client to itself. It
is not usually recommended to allow regular user accounts on your NIS server.
The above RPMs should be installed the same as any RPM,
through a graphical utility such as "kpackage" or "gnorpm", or through a
command-line interface such as "rpm".
Configuration
NIS Domain Name
First off, we must define the NIS domain name. The $NISDOMAIN
variable is created during boot from a line in the /etc/sysconfig/network
file. You can append a line similar to the following to the /etc/sysconfig/network
file, replacing "testdomain" with your NIS domain name"
NISDOMAIN=testdomain
To set a NIS domain name without rebooting, run the
following:
[root@nisserver]# nisdomainname testdomain
Select Maps
NIS is most commonly known for sharing user and password
information across a network, but can also be used for providing other pieces
of information that may be the same from one system to another. Each of these
is called a map.
The /var/yp/Makefile defines the maps that will be built
and shared. Edit it, searching for a section similar to the following:
all: passwd group hosts rpc services netid protocols mail \ # netgrp shadow publickey networks ethers bootparams printcap \ # amd.home auto.master auto.home auto.local passwd.adjunct \ # timezone locale netmasks
For basic user authentication only, on systems using
shadow passwords, changing the above lines to appear as listed below is enough:
all: passwd group shadow \ # hosts rpc services netid protocols mail \ # netgrp publickey networks ethers bootparams printcap \ # amd.home auto.master auto.home auto.local passwd.adjunct \ # timezone locale netmasks
It is important that you keep the format of those lines
intact, as Makefiles are very picky. The above line is read as one continuous
line, and everything after the "#" is commented out, so as not to be activated.
User and Group IDs and Merging Shadow Files
Continuing with the above example of user authentication,
it is now necessary to define the minimum UIDs and GIDs that will be present
in the maps. This will allow a space for local-only users to have an account
on a given system, without interfering with NIS provided user records. It
is common to set the minimum to a fairly high number, such as 1000. Search
through the Makefile for the MINUID and MINGID lines, and set them accordingly.
Below is an example:
MINUID=2000
MINGID=2000
Most modern Linux systems make use of the shadow password
suite. If your NIS server will only be serving shadowed clients, there is
no real reason to merge the password file with the shadow file. I do find
it simpler to merge the group file with the gshadow file, though.
# Should we merge the passwd file with the shadow
file ?
# MERGE_PASSWD=true|false
MERGE_PASSWD=false
# Should we merge the group file with the gshadow
file ?
# MERGE_GROUP=true|false
MERGE_GROUP=true
Generating the Maps
The NIS utilities are located in /usr/lib/yp. To do
an initial map generation, run the following:
[root@nisserver]# /usr/lib/yp/ypinit -m
You will be prompted for the hostnames of your NIS servers
(if you only have one, that's fine). It will then generate the maps.
Starting NIS
Running two commands will start the NIS daemons:
[root@nisserver]# /etc/rc.d/init.d/yppasswdd start
[root@nisserver]# /etc/rc.d/init.d/ypserv start
To ensure that these services start on boot, you may
want to run the following:
[root@nisserver]# chkconfig --add yppasswdd
[root@nisserver]# chkconfig --add ypserv
Set up a client and test it out!
section index top
Software
Mandrake is kind enough to provide the 3 required RPMs:
The client itself will need ypbind and yp-tools, but
will only need ypserv if it plans on also acting as a server. It is not usually
recommended to allow regular user accounts on your NIS server.
The above RPMs should be installed the same as any RPM,
through a graphical utility such as "kpackage" or "gnorpm", or through a
command-line interface such as "rpm".
Configuration
NIS Domain Name
First off, we must define the NIS domain name. The $NISDOMAIN
variable is created during boot from a line in the /etc/sysconfig/network
file. You can append a line similar to the following to the /etc/sysconfig/network
file, replacing "testdomain" with your NIS domain name"
NISDOMAIN=testdomain
To set a NIS domain name without rebooting, run the
following:
[root@nisclient]# nisdomainname testdomain
Select NIS Server
The /etc/yp.conf file determines which NIS server will
be used for a particular NIS domain, and how it will find that server. It
is common to use the broadcast method to search for a NIS server on your
network. Adding the line below will tell NIS to broadcast for a NIS server
in the testdomain domain:
domain testdomain broadcast
Select Maps
NIS is most commonly known for sharing user and password
information across a network, but can also be used for providing other pieces
of information that may be the same from one system to another. Each of these
is called a map.
The /etc/nsswitch.conf file defines what resource will
be polled when a request is made for a particular piece of information. Edit
it, searching for a section similar to the following:
passwd: files nisplus nis shadow: files nisplus nis group: files nisplus nis
For basic user authentication only, on systems using
shadow passwords, the above lines are enough. The system's passwd, shadow,
and group files will be viewed first, and then the NIS maps will be searched.
Starting NIS
Running a command will start the NIS daemon:
[root@nisclient]# /etc/rc.d/init.d/ypbind start
To ensure that this service starts on boot, you may
want to run the following:
[root@nisclient]# chkconfig --add ypbind
section index top
|