MandrakeUser.Org - Your Mandrake-Linux Knowledge Base!


 
 

* DocIndex - Connectivity

NIS

* The NIS Server
* The NIS Client

Related Resources:

NIS HOWTO

Modified: Oct. 27, 2000
Author: Don Head

 

* NIS Server

Software

Mandrake is kind enough to provide the 3 required RPMs:

  • ypbind
  • yp-tools
  • ypserv

The server itself will need ypserv and yp-tools, but will only need ypbind if it plans on also acting as a client to itself. It is not usually recommended to allow regular user accounts on your NIS server.

The above RPMs should be installed the same as any RPM, through a graphical utility such as "kpackage" or "gnorpm", or through a command-line interface such as "rpm".

Configuration

NIS Domain Name

First off, we must define the NIS domain name. The $NISDOMAIN variable is created during boot from a line in the /etc/sysconfig/network file. You can append a line similar to the following to the /etc/sysconfig/network file, replacing "testdomain" with your NIS domain name"

NISDOMAIN=testdomain

To set a NIS domain name without rebooting, run the following:

[root@nisserver]# nisdomainname testdomain

Select Maps

NIS is most commonly known for sharing user and password information across a network, but can also be used for providing other pieces of information that may be the same from one system to another. Each of these is called a map.

The /var/yp/Makefile defines the maps that will be built and shared. Edit it, searching for a section similar to the following:

all: passwd group hosts rpc services netid protocols mail \
# netgrp shadow publickey networks ethers bootparams printcap \
# amd.home auto.master auto.home auto.local passwd.adjunct \
# timezone locale netmasks

For basic user authentication only, on systems using shadow passwords, changing the above lines to appear as listed below is enough:

all: passwd group shadow \
# hosts rpc services netid protocols mail \
# netgrp publickey networks ethers bootparams printcap \
# amd.home auto.master auto.home auto.local passwd.adjunct \
# timezone locale netmasks

It is important that you keep the format of those lines intact, as Makefiles are very picky. The above line is read as one continuous line, and everything after the "#" is commented out, so as not to be activated.

User and Group IDs and Merging Shadow Files

Continuing with the above example of user authentication, it is now necessary to define the minimum UIDs and GIDs that will be present in the maps. This will allow a space for local-only users to have an account on a given system, without interfering with NIS provided user records. It is common to set the minimum to a fairly high number, such as 1000. Search through the Makefile for the MINUID and MINGID lines, and set them accordingly. Below is an example:

MINUID=2000
MINGID=2000

Most modern Linux systems make use of the shadow password suite. If your NIS server will only be serving shadowed clients, there is no real reason to merge the password file with the shadow file. I do find it simpler to merge the group file with the gshadow file, though.

# Should we merge the passwd file with the shadow file ?
# MERGE_PASSWD=true|false
MERGE_PASSWD=false

# Should we merge the group file with the gshadow file ?
# MERGE_GROUP=true|false
MERGE_GROUP=true

Generating the Maps

The NIS utilities are located in /usr/lib/yp. To do an initial map generation, run the following:

[root@nisserver]# /usr/lib/yp/ypinit -m

You will be prompted for the hostnames of your NIS servers (if you only have one, that's fine). It will then generate the maps.

Starting NIS

Running two commands will start the NIS daemons:

[root@nisserver]# /etc/rc.d/init.d/yppasswdd start
[root@nisserver]# /etc/rc.d/init.d/ypserv start

To ensure that these services start on boot, you may want to run the following:

[root@nisserver]# chkconfig --add yppasswdd
[root@nisserver]# chkconfig --add ypserv

Set up a client and test it out!

* section index * top

* The NIS Client

Software

Mandrake is kind enough to provide the 3 required RPMs:

  • ypbind
  • yp-tools
  • ypserv

The client itself will need ypbind and yp-tools, but will only need ypserv if it plans on also acting as a server. It is not usually recommended to allow regular user accounts on your NIS server.

The above RPMs should be installed the same as any RPM, through a graphical utility such as "kpackage" or "gnorpm", or through a command-line interface such as "rpm".

Configuration

NIS Domain Name

First off, we must define the NIS domain name. The $NISDOMAIN variable is created during boot from a line in the /etc/sysconfig/network file. You can append a line similar to the following to the /etc/sysconfig/network file, replacing "testdomain" with your NIS domain name"

NISDOMAIN=testdomain

To set a NIS domain name without rebooting, run the following:

[root@nisclient]# nisdomainname testdomain

Select NIS Server

The /etc/yp.conf file determines which NIS server will be used for a particular NIS domain, and how it will find that server. It is common to use the broadcast method to search for a NIS server on your network. Adding the line below will tell NIS to broadcast for a NIS server in the testdomain domain:

domain testdomain broadcast

Select Maps

NIS is most commonly known for sharing user and password information across a network, but can also be used for providing other pieces of information that may be the same from one system to another. Each of these is called a map.

The /etc/nsswitch.conf file defines what resource will be polled when a request is made for a particular piece of information. Edit it, searching for a section similar to the following:

passwd: files nisplus nis
shadow: files nisplus nis
group: files nisplus nis

For basic user authentication only, on systems using shadow passwords, the above lines are enough. The system's passwd, shadow, and group files will be viewed first, and then the NIS maps will be searched.

Starting NIS

Running a command will start the NIS daemon:

[root@nisclient]# /etc/rc.d/init.d/ypbind start

To ensure that this service starts on boot, you may want to run the following:

[root@nisclient]# chkconfig --add ypbind

* section index * top

 
Legal: All texts on this site are covered by the GNU Free Documentation License. Standard disclaimers of warranty apply. Copyright LSTB (Tom Berger) and Mandrakesoft 1999-2002.