Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Programming
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Databases
Mail Systems
openSolaris
Eclipse Documentation
Techotopia.com
Virtuatopia.com

How To Guides
Virtualization
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Windows
Problem Solutions

  




 

 

Linux NIS / NIS+ Tutorial
Previous Page Home Next Page

9. Setting up a NIS Server

9.1. The Server Program ypserv

This document only describes how to set up the "ypserv" NIS server.

The NIS server software can be found on:

  Site               Directory                    File Name

  ftp.kernel.org     /pub/linux/utils/net/NIS     ypserv-2.9.tar.gz
  ftp.kernel.org     /pub/linux/utils/net/NIS     ypserv-2.9.tar.bz2

You could also look at http://www.linux-nis.org/nis/ for more information.

The server setup is the same for both traditional NIS and NYS.

Compile the software to generate the ypserv and makedbm programs. ypserv-2.x only supports the securenets file for access restrictions.

If you run your server as master, determine what files you require to be available via NIS and then add or remove the appropriate entries to the "all" rule in /var/yp/Makefile. You always should look at the Makefile and edit the Options at the beginning of the file.

There was one big change between ypserv 1.1 and ypserv 1.2. Since version 1.2, the file handles are cached. This means you have to call makedbm always with the -c option if you create new maps. Make sure, you are using the new /var/yp/Makefile from ypserv 1.2 or later, or add the -c flag to makedbm in the Makefile. If you don't do that, ypserv will continue to use the old maps, and not the updated one.

Now edit /var/yp/securenets and /etc/ypserv.conf. For more information, read the ypserv(8) and ypserv.conf(5) manual pages.

Make sure the portmapper (portmap(8)) is running, and start the server ypserv. The command

    % rpcinfo -u localhost ypserv

should output something like

    program 100004 version 1 ready and waiting
    program 100004 version 2 ready and waiting

The "version 1" line could be missing, depending on the ypserv version and configuration you are using. It is only necessary if you have old SunOS 4.x clients.

Now generate the NIS (YP) database. On the master, run

    % /usr/lib/yp/ypinit -m

On a slave make sure that ypwhich -m works. This means, that your slave must be configured as NIS client before you could run

    % /usr/lib/yp/ypinit -s masterhost
to install the host as NIS slave.

That's it, your server is up and running.

If you have bigger problems, you could start ypserv and ypbind in debug mode on different xterms. The debug output should show you what goes wrong.

If you need to update a map, run make in the /var/yp directory on the NIS master. This will update a map if the source file is newer, and push the files to the slave servers. Please don't use ypinit for updating a map.

You might want to edit root's crontab *on the slave* server and add the following lines:

      20 *    * * *    /usr/lib/yp/ypxfr_1perhour
      40 6    * * *    /usr/lib/yp/ypxfr_1perday
      55 6,18 * * *    /usr/lib/yp/ypxfr_2perday
This will ensure that most NIS maps are kept up-to-date, even if an update is missed because the slave was down at the time the update was done on the master.

You can add a slave at every time later. At first, make sure that the new slave server has permissions to contact the NIS master. Then run

    % /usr/lib/yp/ypinit -s masterhost
on the new slave. On the master server, add the new slave server name to /var/yp/ypservers and run make in /var/yp to update the map.

If you want to restrict access for users to your NIS server, you'll have to setup the NIS server as a client as well by running ypbind and adding the plus-entries to /etc/passwd _halfway_ the password file. The library functions will ignore all normal entries after the first NIS entry, and will get the rest of the info through NIS. This way the NIS access rules are maintained. An example:

     root:x:0:0:root:/root:/bin/bash
     daemon:*:1:1:daemon:/usr/sbin:
     bin:*:2:2:bin:/bin:
     sys:*:3:3:sys:/dev:
     sync:*:4:100:sync:/bin:/bin/sync
     games:*:5:100:games:/usr/games:
     man:*:6:100:man:/var/catman:
     lp:*:7:7:lp:/var/spool/lpd:
     mail:*:8:8:mail:/var/spool/mail:
     news:*:9:9:news:/var/spool/news:
     uucp:*:10:50:uucp:/var/spool/uucp:
     nobody:*:65534:65534:noone at all,,,,:/dev/null:
     +miquels::::::
     +:*:::::/etc/NoShell
     [ All normal users AFTER this line! ]
     tester:*:299:10:Just a test account:/tmp:
     miquels:1234567890123:101:10:Miquel van Smoorenburg:/home/miquels:/bin/zsh

Thus the user "tester" will exist, but have a shell of /etc/NoShell. miquels will have normal access.

Alternatively, you could edit the /var/yp/Makefile file and set NIS to use another source password file. On large systems the NIS password and group files are usually stored in /etc/yp/. If you do this the normal tools to administrate the password file such as passwd, chfn, adduser will not work anymore and you need special homemade tools for this.

However, yppasswd, ypchsh and ypchfn will work of course.

Linux NIS / NIS+ Tutorial
Previous Page Home Next Page

 
 
  Published under the terms of the Open Publication License Design by Interspire