How to Setup and Configure NIS/YP Services

Published   Read time 5 min(s) 40 sec(s)   (475 views).  Solaris  

Brief overiew

NIS (Network Information Service) also known as Yellow-Pagers or YP is a lookup service that allows distribution of administrative databases (maps) across a series of servers (master, slaves and clients).

NIS maps are associated with the passwd file, groups file, hosts file, and a few others. Essentially, NIS is the primary source of a central repository.

NIS Elements

ElementComments
NIS domain Group of machines that share the maps
NIS daemons ypserv, ypbind, ypxfrd (high speed map transfer), rpc.yppasswd (passwd update daemon) and rpc.ypupdated (modify other maps)
NIS utilities makedbm, ypcat, ypinit, ypmatch, yppoll, yppush, ypset, ypwhich, ypxfr (see man pages)
NIS maps are kind of replacement for /etc files and are 2 column tables: key and information about key. Makefile is in /var/yp on master server, running make in that dir causes makedbm to modify maps from input files.
NIS binding modes Server list (/var/yp/binding/<domainname>/ypservers file has list of NIS servers) or Broadcast.

Planning your NIS domain

Before you configure any systems as NIS servers or clients, you must plan the NIS domain.

  • Decide which systems will be in your NIS domain. An NIS domain does not have to be congruent with your network. A network can have more than one NIS domain, and there can be machines on your network that are outside of your NIS domain.
  • Choose a NIS domainname, which can be 256 characters long. A good practice is to limit domainnames to no more than 32 characters. Domain names are case-sensitive.
  • Before a machine can use NIS services, the correct NIS domainname and machine name must be set. A machine's name is set by the machine's /etc/nodename file and the machine's domainname is set by the machine's /etc/defaultdomain file. These files are read at boot time and the contents are used by the uname -S and domainname commands, respectively.
  • Select one system to be the master server. Decide which system, if any, will be slave servers.
  • Decide which system will be NIS clients. Typically all system in your domain are set to be NIS clients, although this is not necessary.

Configuring NIS Master Server

    NOTE:
  • You can only have one master server, but multiple slave servers.
  • Limit your NIS domainname to a maximum of 32 characters.

If your NIS Master server is already configured, and you just want to connect a server to an existing NIS domain, skip to the Configure NIS Client section below.

If you do not wish to use the default NIS location (/var/yp/etc) for your NIS maps, then edit /var/yp/Makefile, changing the lines DIR= and PWDIR= to match your new location.

    CAUTION: Do not use /etc as your source directory, since this is for local files on the master server.

  1. Copy the following source files into your NIS directory: 
    auto.home auto.master bootparams ethers group hosts ipnodes netgroup netmasks networks passwd protocol rpc service shadow user_attr
    For example: 
    root@nismaster# cd /etc
root@nismaster# cp auto.home auto.master bootparams ethers group hosts ipnodes netgroup netmasks networks passwd protocol rpc service shadow user_attr /data/nis-maps
  2. Run ypinit -m to convert these source files into ndbm formatted NIS maps.
  3. Confirm that /etc/nsswitch.conf file looks how you want to look. A quick method is to copy /etc/nsswitch.nis to /etc/nsswitch.conf (if this works for your setup).
  4. Add the <ip address> and <hostname> of all your NIS servers to /etc/hosts.
  5. Build the new maps on the master NIS server: 
    root@nismaster# /usr/sbin/ypinit -m
    If some of the NIS map files are not present you may get a nonfatal error. Review and correct these errors, and rerun the ypinit again.
  6. Start NIS services on your master server, using one of the following methods:
    • Using /usr/lib/netsvc/yp/ypstart during boot process (simply reboot your server)
    • Use svcadm to enable/disable the NIS services
    • Run ypstart, ypstop from command-line.

Configuring NIS Slave Server

  1. Add all other NIS servers to /etc/hosts file on your NIS slave server.
  2. Firstly, initialise the server as a NIS client in order to get NIS maps from the NIS master for the first time before promoting the server to a NIS slave. For example: 
    root@nisslave# /usr/sbin/ypinit -c
    You'll be prompted for list of NIS servers, enter name of local slave you are working on, then master, followed by other slaves.
  3. Start the NIS client service, using: 
    root@nisslave# svcadm enable -r svc:/network/nis/client
    Make sure NIS is running, just restart with: ypstop / ypstart.
  4. Initialize this server as a NIS slave server: 
    root@nisslave# ypinit -s nis_master_server

Configure NIS Client

  1. Add your NIS servers to /etc/hosts file on the client machine.
  2. Confirm /etc/nsswitch.conf file looks how you want to look. A quick method is to copy /etc/nsswitch.nis to /etc/nsswitch.conf (if this works for your setup).
  3. Inialise server as a NIS client, running: 
    root@nisclient# /usr/sbin/ypinit -c
  4. Start NIS client services: 
    root@nisclient# svcadm enable -r svc:/network/nis/client
  5. Reboot your NIS client.

Basic NIS Administration

  • ypwhich — Returns the name of the NIS server used, or the master server for a given database
  • Check ypserv daemon is running only on the NIS server (this handles requests from clients and send info to them)
  • Check ypbind daemon is running on all servers and clients (check ypservers file and initiate binding to fist server, or any other available)
  • ypinit — creates maps from input files
  • ypxfr — pulls maps from remote server to local /var/yp/domain dir - you can run from crontab file
  • ypxfrd daemon runs only on master server and provides services for ypxfr
  • yppush — Copies new maps from master to slaves, run it on master
  • yppoll — Returns the server name and NIS version for a given database

Examples

ypcat

The ypcat command prints out the NIS map you specify. You can specify either a map name or a map nickname. Because the ypcat command uses the NIS service, you do not need to specify a server.

Synopsis

ypcat [ -d <domainname> ]  <map>

Examples

  • Look at the networkwide password map (passwd.byname): 
    # ypcat passwd
  • Display a map in another NIS domain: 
    # ypcat -d altdomain passwd
  • Find a specific entry (myusername) in the NIS passwd map: 
    # ypcat passwd | grep myusername

ypmatch

The ypmatch command displays the values associated with one or more keys within a NIS map.

Synopsis

ypmatch [ -d <domainname> ]  <key>  <map>

Examples

  • Display the value associated with the myusername key in the passwd map: 
    # ypmatch myusername passwd
  • Display the value associated with the myusername key in the passwd map in a specific domain: 
    # ypmatch -d altdomain myusername passwd