9.1. The Server
This document only describes how to set up the "ypserv" NIS
The NIS server software can be found on:
Site Directory File Name
ftp.kernel.org /pub/linux/utils/net/NIS ypserv-2.9.tar.gz
ftp.kernel.org /pub/linux/utils/net/NIS ypserv-2.9.tar.bz2
You could also look at http://www.linux-nis.org/nis/ for more
The server setup is the same for both traditional NIS and
Compile the software to generate the ypserv and makedbm programs.
ypserv-2.x only supports the securenets file for access
If you run your server as master, determine what files you
require to be available via NIS and then add or remove the
appropriate entries to the "all" rule in /var/yp/Makefile. You always should look at the
Makefile and edit the Options at the beginning of the file.
There was one big change between ypserv 1.1 and ypserv 1.2.
Since version 1.2, the file handles are cached. This means you have
to call makedbm always with the -c option if you create new maps.
Make sure, you are using the new /var/yp/Makefile from ypserv 1.2 or later, or add
the -c flag to makedbm in the Makefile. If you don't do that,
ypserv will continue to use the old maps, and not the updated
Now edit /var/yp/securenets and
/etc/ypserv.conf. For more information,
read the ypserv(8) and ypserv.conf(5) manual pages.
Make sure the portmapper (portmap(8)) is running, and start the
server ypserv. The command
% rpcinfo -u localhost ypserv
should output something like
program 100004 version 1 ready and waiting
program 100004 version 2 ready and waiting
The "version 1" line could be missing, depending on the ypserv
version and configuration you are using. It is only necessary if
you have old SunOS 4.x clients.
Now generate the NIS (YP) database. On the master, run
On a slave make sure that ypwhich -m
works. This means, that your slave must be configured as NIS client
before you could run
% /usr/lib/yp/ypinit -s masterhost
to install the host as NIS slave.
That's it, your server is up and running.
If you have bigger problems, you could start ypserv and ypbind in debug
mode on different xterms. The debug output should show you what
If you need to update a map, run make in
the /var/yp directory on the NIS master.
This will update a map if the source file is newer, and push the
files to the slave servers. Please don't use ypinit for updating a map.
You might want to edit root's crontab *on the slave* server and
add the following lines:
20 * * * * /usr/lib/yp/ypxfr_1perhour
40 6 * * * /usr/lib/yp/ypxfr_1perday
55 6,18 * * * /usr/lib/yp/ypxfr_2perday
This will ensure that most NIS maps are kept up-to-date, even if an
update is missed because the slave was down at the time the update
was done on the master.
You can add a slave at every time later. At first, make sure
that the new slave server has permissions to contact the NIS
master. Then run
% /usr/lib/yp/ypinit -s masterhost
on the new slave. On the master server, add the new slave server
name to /var/yp/ypservers
update the map.
If you want to restrict access for users to your NIS server,
you'll have to setup the NIS server as a client as well by running
ypbind and adding the plus-entries to /etc/passwd _halfway_ the password file. The
library functions will ignore all normal entries after the first
NIS entry, and will get the rest of the info through NIS. This way
the NIS access rules are maintained. An example:
nobody:*:65534:65534:noone at all,,,,:/dev/null:
[ All normal users AFTER this line! ]
tester:*:299:10:Just a test account:/tmp:
miquels:1234567890123:101:10:Miquel van Smoorenburg:/home/miquels:/bin/zsh
Thus the user "tester" will exist, but have a shell of
/etc/NoShell. miquels will have normal access.
Alternatively, you could edit the /var/yp/Makefile file and set NIS to use another
source password file. On large systems the NIS password and group
files are usually stored in /etc/yp/. If
you do this the normal tools to administrate the password file such
as passwd, chfn,
adduser will not work anymore and you need
special homemade tools for this.
However, yppasswd, ypchsh and ypchfn will work