Configuring NIS Services in Linux

From Section6wiki

Jump to: navigation, search

Contents
[hide]

• 1 Configuring NIS Services in Linux

o 1.1 What is NIS?
o 1.2 Getting Started
o 1.3 Defining the NIS Domain Name
o 1.4 NIS Server Daemons
o 1.5 Starting The NIS Server Related Daemons
o 1.6 Initializing The NIS Domain
o 1.7 Start The ypbind and ypxfrd Daemons
o 1.8 Verify The Daemons Are Running

o 1.9 Adding New NIS Users

Configuring NIS Services in Linux

author: TBONIUS

What is NIS?
Network Information Service (NIS) is used for keeping a centralized repository of users,
hostnames and other useful information in a computer network. In single server UNIX
environments, the list of users and groups is usually kept in a file such as /etc/passwd.
Using NIS adds a "global" directory which is used for authenticating users from any host
on the network.

Note: In the early days, NIS was called Yellow Pages. The developers had to change the
name after a copyright infringement lawsuit, yet many of the key programs associated
with NIS have kept their original names beginning with yp.

Getting Started
This tutorial covers mostly RPM based distributions of GNU/Linux such as Red Hat,
Fedora, or CentOS. There are also references to Debian based distrbutions such as
Ubuntu. For information pertaining to your particular distrbution, please consult your
documentation.

Defining the NIS Domain Name

Edit the /etc/sysconfig/network file

In Red Hat-based distributions need to add the NIS domain name we wish to use in the
/etc/sysconfig/network file. For this example, we will call the domain "LINUX-NIS".

#/etc/sysconfig/network
NISDOMAIN="LINUX-NIS"

In Debian based distributions we would edit the /etc/defaultdomain file and simply put
in the NIS domain name

#/etc/defaultdomain
LINUX-NIS

Also, in Debian-based distributions, we would edit the /etc/default/nis file and configure
this as a Master NIS server

#/etc/default/nis
NISSERVER=master

Both Linux distributions have a configuration file for YP. We need to edit our
/etc/yp.conf file. NIS servers also need to be NIS clients themselves, so we will have to
edit the yp.conf to point this file towards the server itself, or localhost.

# /etc/yp.conf - ypbind configuration file

ypserver 127.0.0.1

NIS Server Daemons

The following is a list of NIS server daemons and their functionality. We need to know
these individual components in order to troubleshoot NIS issues later on.

DAEMON NAME PURPOSE

portmap The foundation service for RPC
yppasswdd Allows users to change their NIS passwords
ypserv NIS server daemon
ypbind NIS client daemon
ypxfrd The NIS map transfer daemon

Starting The NIS Server Related Daemons

We now need to start a couple of the NIS daemons in the /etc/init.d directory. In this case
we will only be starting the portmap, yppasswdd, and ypserv daemons so that we can
initialize the NIS domain.

On Red Hat we would issue the following commands:

[root@nis-server1]# /etc/init.d/portmap start

Starting portmapper: [ OK ]

[root@nis-server1]# /etc/init.d/yppasswdd start

Starting YP passwd service: [ OK ]

[root@nis-server1]# /etc/init.d/ypserv start

Setting NIS domain name LINUX-NIS: [ OK ]
Starting YP server services: [ OK ]

On Debian we would issue the following commands:

[root@nis-server1]# /etc/init.d/portmap start

Starting portmapper: [ OK ]

[root@nis-server1]# /etc/init.d/nis start

Setting NIS domainname to: LINUX-NIS
Starting NIS services: ypserv yppasswdd ypxfrd ypbind: [ OK ]

Note: The ypxfrd and ypbind daemons start with the all-encompassing nis startup script
for Debian. These daemons will time out on starting due to the fact that the NIS domain
has not been initialized yet. This is expected. NFS domain initialization is covered in the
next section.

With Redhat-based distributions we would use the chkconfig command to configure

these daemons to start after every reboot.

[root@nis-server1]# chkconfig portmap on

[root@nis-server1]# chkconfig yppasswdd on
[root@nis-server1]# chkconfig ypserv on

With Debian-based distributions we would simply invoke the update-rc.d command to

configure these services to start at boot time

[root@nis-server1]# update-rc.d portmap defaults [ OK ]

[root@nis-server1]# update-rc.d nis defaults [ OK ]

We need to make sure these daemons are running before continuing to the next step. We
can use the rpcinfo command to do this:

[root@nis-server1]# rpcinfo -p localhost

program vers proto port
100000 2 tcp 111 portmapper
100000 2 udp 111 portmapper
100009 1 udp 681 yppasswdd
100004 2 udp 698 ypserv
100004 1 udp 698 ypserv
100004 2 tcp 701 ypserv
100004 1 tcp 701 ypserv

The ypbind and ypxfrd might be listed as running, even though they do not start properly
until after the initialization of the NIS domain. If they are running, we will restart these
daemons after the domain initialization is completed.

Initializing The NIS Domain

Now that we have decided on the name of the NIS domain, we will have to use the ypinit
command to create the associated authentication files for the domain. We will be
prompted for the name of the NIS server, which in this case is nis-server.

[root@nis-server1]# /usr/lib/yp/ypinit -m

At this point, we have to construct a list of the hosts which will run NIS servers. nis-
server1 is in the list of NIS server hosts. We must continue to add the names for the other
hosts, one per line. When we are done with the list, simply type "a".

next host to add: nis-server1

next host to add:
The current list of NIS servers looks like this:
nis-server1
Is this correct? [y/n: y] y
We need a few minutes to build the databases...
Building /var/yp/LINUX-NIS/ypservers...
Running /var/yp/Makefile...
gmake[1]: Entering directory `/var/yp/LINUX-NIS'
Updating passwd.byname...
Updating passwd.byuid...
Updating group.byname...
Updating group.bygid...
Updating hosts.byname...
Updating hosts.byaddr...
Updating rpc.byname...
Updating rpc.bynumber...
Updating services.byname...
Updating services.byservicename...
Updating netid.byname...
Updating protocols.bynumber...
Updating protocols.byname...
Updating mail.aliases...
gmake[1]: Leaving directory `/var/yp/LINUX-NIS'
nis-server1 has been set up as a NIS master server.

Now we can run ypinit -s nis-server1 on all slave servers (If we have any slave servers).
Note: Make sure portmap is running before trying this step or you'll get errors, such as:

failed to send 'clear' to local ypserv: RPC: Port mapper

failureUpdating group.bygid...

You will have to delete the /var/yp/LINUX-NIS directory and restart portmap,
yppasswd, and ypserv before you'll be able to do this again successfully.

Start The ypbind and ypxfrd Daemons

On Redhat, you can now start the ypbind and the ypxfrd daemons because the NIS
domain had been initialized and the files have been created.

[root@nis-server1]# /etc/init.d/ypbind start

Binding to the NIS domain: [ OK ]
Listening for an NIS domain server.
[root@nis-server1]# /etc/init.d/ypxfrd start
Starting YP map server: [ OK ]
[root@nis-server1]# chkconfig ypbind on
[root@nis-server1]# chkconfig ypxfrd on

On Debian, you would simply restart the /etc/init.d/nis service:

[root@nis-server1]# /etc/init.d/nis restart

Starting NIS services: ypserv yppasswdd ypxfrd ypbind

Verify The Daemons Are Running

All the NIS daemons use RPC port mapping and, therefore, are listed using the rpcinfo
command when they are running correctly.

[root@nis-server1]# rpcinfo -p localhost

program vers proto port
100000 2 tcp 111 portmapper
100000 2 udp 111 portmapper
100003 2 udp 2049 nfs
100003 3 udp 2049 nfs
100021 1 udp 1024 nlockmgr
100021 3 udp 1024 nlockmgr
100021 4 udp 1024 nlockmgr
100004 2 udp 784 ypserv
100004 1 udp 784 ypserv
100004 2 tcp 787 ypserv
100004 1 tcp 787 ypserv
100009 1 udp 798 yppasswdd
600100069 1 udp 850 fypxfrd
600100069 1 tcp 852 fypxfrd
100007 2 udp 924 ypbind
100007 1 udp 924 ypbind
100007 2 tcp 927 ypbind
100007 1 tcp 927 ypbind
Adding New NIS Users
New NIS users can be created by logging into the NIS server and creating the new user
account. In this case, you'll create a user account called nisuser and give it a new
password.

Once this is complete, you then have to update the NIS domain's authentication files by
executing the make command in the /var/yp directory.

This procedure makes all NIS-enabled, nonprivileged accounts become automatically

accessible via NIS, not just newly created ones. It also exports all the user's
characteristics stored in the /etc/passwd and /etc/group files, such as the login shell, the
user's group, and home directory.

[root@nis-server1]# useradd -g users nisuser

[root@nis-server1]# passwd nisuser
Changing password for user nisuser.
New password: ********
Retype new password: ********
passwd: all authentication tokens updated successfully.

[root@nis-server1]# cd /var/yp
[root@nis-server1]# make
gmake[1]: Entering directory `/var/yp/LINUX-NIS'
Updating passwd.byname...
Updating passwd.byuid...
Updating netid.byname...
gmake[1]: Leaving directory `/var/yp/LINUX-NIS'

You can check to see if the user's authentication information has been updated by using
the ypmatch command, which should return the user's encrypted password string.

[root@nis-server1]# ypmatch nisuser passwd

nisuser:$1$d6E2i79Q$wp3Eo0Qw9nFD/::504:100::/home/nisuser:/bin/bash

You can also use the getent command, which has similar syntax. Unlike ypmatch, getent
doesn't provide an encrypted password when run on an NIS server, it just provides the
user's entry in the /etc/passwd file. On a NIS client, the results are identical with both
showing the encrypted password.

[root@nis-server1]# getent passwd nisuser

nisuser:x:504:100::/home/nisuser:/bin/bash

From here you should be up and going with your new NIS domain. Have fun.

Retrieved from
"http://www.section6.net/wiki/index.php/Configuring_NIS_Services_in_Linux"

Views
 • Article
• Discussion
• View source
• History

Personal tools

• Log in / create account

Navigation

• Main Page
• Community portal
• Current events
• Recent changes
• Random page
• Help
• Donations

Search

Toolbox

• What links here

• Related changes
• Upload file
• Special pages
• Printable version
• Permanent link

• This page was last modified 19:40, 17

November 2005.
• This page has been accessed 7,548 times.
• Content is available under Creative Commons
Attribution-NonCommercial 2.5 License.
• Privacy policy
• About Section6wiki
• Disclaimers