The Network Information Service, or NIS is a client–server directory service protocol for distributing system configuration data such as user and host names between computers on a computer network.
A NIS/YP system maintains and distributes a central directory of user and group information, hostnames, e-mail aliases and other text-based tables of information in a computer network. For example, in a common UNIX environment, the list of users for identification is placed in /etc/passwd, and secret authentication hashes in /etc/shadow. NIS adds another “global” user list which is used for identifying users on any client of the NIS domain.
To configure NIS server you have to install ypserve and yp-tools rpms on the server, and ypbind and yp-tools rpms on the client. Follow the below steps to Configure the NIS server.
NIS Server Configuration1. Verify PortmapPortmap server maps DARPA port to RPC program number. For a NIS client that makes RPC calls to talk to the NIS Server (which is a RPC server), portmapper should be running.
When the NIS server starts, it informs the portmapper on what port it is listening. When NIS client contacts a NIS server, it will first check with the portmapper and get the portnumber where the NIS servers is running, and will send the RPC calls to that port number.
On most Linux distributions, portmap will be running by default. Make sure it is running, and configured to be started when the system is rebooted.
# ps -ef | grep -i portmap
rpc 3624 1 0 Feb23 ? 00:00:00 portmap
root 16908 8658 0 10:35 pts/0 00:00:00 grep -i portmap# chkconfig --list | grep portmap
portmap 0:off 1:off 2:off 3:on 4:on 5:on 6:off2. Install YPServ# yum install ypserv yp-tools ypbind ypserv will be installed under /usr/sbin/ypserv
3. Start ypservCheck to see whether the ypserv is registered with the portmap as shown below.
# rpcinfo -u localhost ypserv
rpcinfo: RPC: Program not registered
program 100004 is not availableThe above output indicates either ypserv is not installed, or ypserv is installed but not started yet. The following quick check indicates that the ypserv is not started yet.
# chkconfig --list | grep yp
ypbind 0:off 1:off 2:off 3:off 4:off 5:off 6:off
yppasswdd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
ypserv 0:off 1:off 2:off 3:off 4:off 5:off 6:off
ypxfrd 0:off 1:off 2:off 3:off 4:off 5:off 6:off# service ypserv status
ypserv is stoppedSet the NISDOMAIN in the /etc/sysconfig/network file as shown below.
# vi /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=server
GATEWAY=192.168.1.1
NISDOMAIN=examplenis.comStart the ypserv as shown below.
# service ypserv start
Setting NIS domain name thegeekstuff.com: [ OK ]
Starting YP server services: [ OK ]There are some NIS server configuration parameters set in the /etc/ypserv.conf file. But, you don’t need to modify the default values in this file.
4. Generate NIS DatabaseOnce the ypserv is installed and started, it is time to generate the NIS database. All the NIS database are stored under /var/yp directory. Before you generate the database you will not see the directory for your domain name under the /var/yp.
# ls -l /var/yp
total 36
drwxr-xr-x 2 root root 4096 May 18 2010 binding
-rw-r--r-- 1 root root 16669 Oct 31 2008 Makefile
-rw-r--r-- 1 root root 185 Jun 6 2007 nicknamesGenerate the NIS database using ypinit program as shown below. You just have to enter the hostname of your NIS server to generate the database.
# /usr/lib64/yp/ypinit -m
At this point, we have to construct a list of the hosts which will run NIS
servers. vps-examplenis.com is in the list of NIS server hosts. Please continue to add
the names for the other hosts, one per line. When you are done with the
list, type a <control D>.
next host to add: vps-examplenis.com
next host to add:
The current list of NIS servers looks like this:
vps-examplenis.com
Is this correct? [y/n: y] y
We need a few minutes to build the databases...
Building /var/yp/examplenis.com/ypservers...
Running /var/yp/Makefile...
gmake[1]: Entering directory `/var/yp/examplenis.com'
Updating passwd.byname...
Updating passwd.byuid...
Updating group.byname...
Updating group.bygid...
Updating hosts.byname...
Updating hosts.byaddr...
Updating rpc.byname...
Updating rpc.bynumber...
Updating services.byname...
Updating services.byservicename...
Updating netid.byname...
Updating protocols.bynumber...
Updating protocols.byname...
Updating mail.aliases...
gmake[1]: Leaving directory `/var/yp/examplenis.com'
vps-examplenis.com has been set up as a NIS master server.
Now you can run ypinit -s vps-examplenis.com on all slave server.After generating the database, you can see a new directory for your domain is created under /var/yp as shown below.
# ls -l /var/yp
total 44
drwxr-xr-x 2 root root 4096 Oct 8 10:59 thegeekstuff.com
drwxr-xr-x 2 root root 4096 May 18 2010 binding
-rw-r--r-- 1 root root 16669 Oct 31 2008 Makefile
-rw-r--r-- 1 root root 185 Jun 6 2007 nicknames
-rw-r--r-- 1 root root 10 Aug 31 10:58 ypservers
The /var/yp/ypservers will contain the name of your NIS server hostname.
# cat /var/yp/ypservers
vps-examplenis.com5. Verify the installationVerify the NIS server installation by checking whether the passwd file can be accessed using the ypcat NIS client program.
# ypcat passwd
No such map passwd.byname. Reason: Can't bind to server which serves this domainYou might get the above error message because ypbind might not running on your system. Just start the ypbind and verify the configuration.
# service ypbind start
# ypcat passwd
bob:R7EFEGJ1mxRGwVLVC.:401:401::/home/bob:/bin/bash
john:QtlRW$Fx.uZvD:402:402::/home/john:/bin/bashIf you don’t like to display the encrypted passwd field in the ypcat passwd output, set the MERGE_PASSWD to false in the /var/yp/Makefile as shown below.
# vi /var/yp/Makefile
MERGE_PASSWD=falseAfter you do the above, the ypcat passwd command will just display a ‘x’ in the passwd file.
# ypcat passwd
bob:x:401:401::/home/bob:/bin/bash
john:x:402:402::/home/john:/bin/bashAnytime you make a change (either updates to the Makefile, or changes to a database). For example, when you add a new user, or modify an existing user account, you should do the following. Without this, the changes will not be reflected to any of your NIS client.
# cd /var/yp
# make
I recommend that you add this to the root cron job on your NIS server to execute this every 15 minutes. This way, you don’t need to worry about running this manually anytime you make some changes to the NIS database.
NIS Client ConfigurationThe following steps needs to be executed on the NIS client. In the above example, we installed NIS server on a servername called vps-examplenis.com. If you want another Linux server to use the /etc/passwd file on the vps-examplenis.com for authentication, you need to do the following steps on the client server (NIS client).
6. Set the Domainname on ClientVerify the domainname is set properly on this server. If this doesn’t return the proper domainname. Execute ‘domainname {your-domain}’ to set the domainname on the server.
# domainname
examplenis.comdomainname command will set the domainname temporarily. i.e if you reboot the system, the domainname will be gone. To make the domainname permanent, update the network file and set the NISDOMAIN parameter as shown below.
# cat /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=client
GATEWAY=192.168.1.4
NISDOMAIN=examplenis.com7. Set the NIS Server Name on ClientAdd the following line to the /etc/yp.conf file. This instructs the NIS client that the NIS server is prod-db. Instead of prod-db below, you can also give the ip-address of the prod-db server.
# vi /etc/yp.conf
domain examplenis.com server vps-examplenis.com8. Start the ypbind on Clientypbind is a NIS binding program. This searches for a NIS server for your NIS domain and maintains NIS binding information.
Make sure ypbind is up and running on the NIS client server. Most Linux distributions has ypbind installed already. If it is not running, start it.
# ps -ef | grep ypbind
# service ypbind startVerify the NIS server installation by checking whether the passwd file can be accessed using the ypcat NIS client program.
# ypcat passwd
bob:x.:401:401::/home/bob:/bin/bash
john:x:402:402::/home/john:/bin/bash 
