How to Setup and Configure NIS/YP Services
Brief overiew
NIS (Network Information Service) also known as Yellow-Pagers or YP is a lookup service that allows distribution of administrative databases (maps) across a series of servers (master, slaves and clients).
NIS maps are associated with the passwd file, groups file, hosts file, and a few others. Essentially, NIS is the primary source of a central repository.
NIS Elements
Element | Comments |
---|---|
NIS domain | Group of machines that share the maps |
NIS daemons | ypserv, ypbind, ypxfrd (high speed map transfer), rpc.yppasswd (passwd update daemon) and rpc.ypupdated (modify other maps) |
NIS utilities | makedbm, ypcat, ypinit, ypmatch, yppoll, yppush, ypset, ypwhich, ypxfr (see man pages) |
NIS maps | are kind of replacement for /etc files and are 2 column tables: key and information about key. Makefile is in /var/yp on master server, running make in that dir causes makedbm to modify maps from input files. |
NIS binding modes | Server list (/var/yp/binding/<domainname> /ypservers file has list of NIS servers) or Broadcast. |
Planning your NIS domain
Before you configure any systems as NIS servers or clients, you must plan the NIS domain.
- Decide which systems will be in your NIS domain. An NIS domain does not have to be congruent with your network. A network can have more than one NIS domain, and there can be machines on your network that are outside of your NIS domain.
- Choose a NIS domainname, which can be 256 characters long. A good practice is to limit domainnames to no more than 32 characters. Domain names are case-sensitive.
- Before a machine can use NIS services, the correct NIS domainname and machine name must be set. A machine's name is set by the machine's
/etc/nodename
file and the machine's domainname is set by the machine's/etc/defaultdomain
file. These files are read at boot time and the contents are used by theuname -S
anddomainname
commands, respectively. - Select one system to be the master server. Decide which system, if any, will be slave servers.
- Decide which system will be NIS clients. Typically all system in your domain are set to be NIS clients, although this is not necessary.
Configuring NIS Master Server
-
NOTE:
- You can only have one master server, but multiple slave servers.
- Limit your NIS domainname to a maximum of 32 characters.
If your NIS Master server is already configured, and you just want to connect a server to an existing NIS domain, skip to the Configure NIS Client section below.
If you do not wish to use the default NIS location (/var/yp/etc
) for your NIS maps, then edit /var/yp/Makefile, changing the lines DIR=
and PWDIR=
to match your new location.
- CAUTION: Do not use
/etc
as your source directory, since this is for local files on the master server.- Copy the following source files into your NIS directory:
auto.home auto.master bootparams ethers group hosts ipnodes netgroup netmasks networks passwd protocol rpc service shadow user_attr
For example:root@nismaster# cd /etc root@nismaster# cp auto.home auto.master bootparams ethers group hosts ipnodes netgroup netmasks networks passwd protocol rpc service shadow user_attr /data/nis-maps
- Run
ypinit -m
to convert these source files into ndbm formatted NIS maps. - Confirm that
/etc/nsswitch.conf
file looks how you want to look. A quick method is to copy/etc/nsswitch.nis
to/etc/nsswitch.conf
(if this works for your setup). - Add the <ip address> and <hostname> of all your NIS servers to
/etc/hosts
. - Build the new maps on the master NIS server:
root@nismaster# /usr/sbin/ypinit -m
If some of the NIS map files are not present you may get a nonfatal error. Review and correct these errors, and rerun theypinit
again. - Start NIS services on your master server, using one of the following methods:
- Using
/usr/lib/netsvc/yp/ypstart
during boot process (simply reboot your server) - Use
svcadm
to enable/disable the NIS services - Run
ypstart
,ypstop
from command-line.
- Using
Configuring NIS Slave Server
- Add all other NIS servers to
/etc/hosts
file on your NIS slave server. - Firstly, initialise the server as a NIS client in order to get NIS maps from the NIS master for the first time before promoting the server to a NIS slave. For example:
root@nisslave# /usr/sbin/ypinit -c
You'll be prompted for list of NIS servers, enter name of local slave you are working on, then master, followed by other slaves. - Start the NIS client service, using:
root@nisslave# svcadm enable -r svc:/network/nis/client
Make sure NIS is running, just restart with:ypstop
/ypstart
. - Initialize this server as a NIS slave server:
root@nisslave# ypinit -s nis_master_server
Configure NIS Client
- Add your NIS servers to
/etc/hosts
file on the client machine. - Confirm
/etc/nsswitch.conf
file looks how you want to look. A quick method is to copy/etc/nsswitch.nis
to/etc/nsswitch.conf
(if this works for your setup). - Inialise server as a NIS client, running:
root@nisclient# /usr/sbin/ypinit -c
- Start NIS client services:
root@nisclient# svcadm enable -r svc:/network/nis/client
- Reboot your NIS client.
Basic NIS Administration
ypwhich
— Returns the name of the NIS server used, or the master server for a given database- Check
ypserv
daemon is running only on the NIS server (this handles requests from clients and send info to them) - Check
ypbind
daemon is running on all servers and clients (check ypservers file and initiate binding to fist server, or any other available) ypinit
— creates maps from input filesypxfr
— pulls maps from remote server to local /var/yp/domain dir - you can run from crontab fileypxfrd
daemon runs only on master server and provides services forypxfr
yppush
— Copies new maps from master to slaves, run it on masteryppoll
— Returns the server name and NIS version for a given database
Examples
ypcat
The ypcat
command prints out the NIS map you specify. You can specify either a map name or a map nickname. Because the ypcat
command uses the NIS service, you do not need to specify a server.
Synopsis
ypcat [ -d <domainname> ] <map>
Examples
- Look at the networkwide password map (passwd.byname):
# ypcat passwd
- Display a map in another NIS domain:
# ypcat -d altdomain passwd
- Find a specific entry (myusername) in the NIS passwd map:
# ypcat passwd | grep myusername
ypmatch
The ypmatch
command displays the values associated with one or more keys within a NIS map.
Synopsis
ypmatch [ -d <domainname> ] <key> <map>
Examples
- Display the value associated with the myusername key in the passwd map:
# ypmatch myusername passwd
- Display the value associated with the myusername key in the passwd map in a specific domain:
# ypmatch -d altdomain myusername passwd