NIS - Client and Server Configuration

June 13, 2005
This is a short guide on how to configure NIS (Network Information Service) on the server and client machines.

Network Information Service (NIS) is the traditional directory service on Unix/Linux platforms. NIS enables you to create user accounts that can be shared across all systems on your network.

The user account is created only on the NIS server. NIS clients download the necessary user name and password data from the NIS server to verify each user login.

The setup of NIS is relatively simple when compared to other directory services like LDAP. NIS stores administrative files like /etc/passwd, /etc/hosts and so on in Berkeley DB files. This data is made available over the network to all the clients that are connected to the NIS domain.

Drawback of using NIS -
The network connection is not encrypted and all transactions - including passwords - are sent in clear text.


Configuring an NIS Server


Step 1: Make sure the following packages are installed in your machine.

ypserv - This package contains the NIS server daemon - ypserv, and the NIS password daemon yppasswdd.

portmap - This is an RPC daemon upon which NIS runs. This package is mandatory.

The yppasswdd daemon enables the NIS server to change the NIS database and password database information, at the client's request. In order to change your NIS password, the yppasswdd daemon must be running on the master server.

From the client, one must use the command yppasswd to update a password within the NIS domain.


Step 2: Insert the following line in the /etc/sysconfig/network file.

NISDOMAIN=mynisdomain

Step 3: Specify the networks you wish NIS to recognize in /var/yp/securenets.

Here is an example.

# Permit access to localhost:
host 127.0.0.1

#Permit access to xyz.com network:
255.255.255.0 192.168.0.0


Step 4: Insert the following lines in the /var/yp/Makefile :

...
NOPUSH=true # Only if you have only a master NIS server else if you have even one slave server, set it to false
MERGE_GROUP=false # If you have any group passwords in /etc/gshadow that need to be merged into the NIS group map, set it to true.
MERGE_PASSWD=false # Set to true if you want to merge encrypted passwords from /etc/shadow into the NIS passwd map.
...


And uncomment the following line :

all: passwd group hosts netid


Step 5: If you have slave NIS servers then enter their names in /var/yp/ypservers.

Step 6: Finally run the following command:

# /usr/lib/yp/ypinit -m

Configuring a slave NIS server


Step 1: Install ypserv package on the slave server.

Step 2: Make sure you have the name of the slave server listed in /var/yp/ypservers on the master server.

Now issue the command :

# /usr/lib/yp/ypinit -s masterserver

Step 3: Make sure the NOPUSH value in the /var/yp/Makefile on the master server is set to false. Then when the master server's databases are updated, a call to the yppush executable will be made.

yppush is responsible for transferring the updated contents from the master to the slaves. Only transfers within the same domain are made with yppush.


Step 4: Lastly start ypserv and yppasswdd daemons.

# service ypserv start
# service yppasswdd start

Configuring an NIS client


Step 1: Make sure the following packages are installed on your machine:

ypbind - NIS client daemon

authconfig - used for automatic configuration of NIS client.

yp-tools - Contains utilities like ypcat, yppasswd, ypwhich and so on used for viewing and modifying the user account details within the NIS server.

portmap - This package is mandatory.

Step 2: Configure the NIS client.

There are two methods to configure an NIS client.

Method 1: Manual method

Enter the following line in the /etc/sysconfig/network file:

NISDOMAIN=mynisdomain

Next, append the following line in /etc/yp.conf.

domain mynisdomain server 192.168.0.1 # replace this with your NIS server address.

Make sure the following lines contain 'nis' as an option in the file /etc/nsswitch.conf file.

passwd: files nis
shadow: files nis
group: files nis
hosts: files nis dns
networks: files nis
protocols: files nis
publickey: nisplus
automount: files nis
netgroup: files nis
aliases: files nisplus

Finally restart ypbind and portmap.

Method 2: Run authconfig and follow directions.

To check if you have succesfully configured NIS client, execute the following :

# ypcat passwd

The output will be the contents of the /etc/passwd file residing on the NIS server having user IDs greater than or equal to 500.

This article is a bit aged and has not been updated for a while. So please consult other sources of NIS as well.

0 comments: