NIS. Basic install notes. Updated 6/13/06 This documentation is based on the default install of yptools in Slackware 10.0. A. Master Server 1. Fixing files and core config 2. Building YP database information on the master server B. Slave Server 1. Fixing files and core config 2. Synchronizing with the master C. Client 1. Fixing files and core config ---------------------- A. Master Server Building your master server should be the very first step you do. Keep in mind that the Master Server actually doesn't use NIS itself- it relies on its passwd/shadow files to feed the entire NIS domain. Determine what your domain is going to be named. Make sure it's something unique that is distinctly different than your actual DNS domain name. 1. Fixing files and core config * Create the file /etc/defaultdomain and enter your NIS domain name into this file and save it. * Create the file /etc/ypserv.conf . It should contain: #*:*:passwd.byname:port *:*:shadow.byname:port * Fix permissions on yppasswd. This file must be setuid-root. chmod 4755 /usr/bin/yppasswd * Edit /etc/rc.d/rc.yp. Uncomment the "defaultdomain" section. Uncomment the "ypserv" section. Uncomment the "rpc.yppasswdd" section, making sure that it is not started with "-e chsh" or "-e chfn" as options. we don't want users to change this info. Uncomment the "ypxfrd" section. 2. Building YP database information on the master server * run the command "ypdomainname (yourNISdomain goes here)". * edit /var/yp/securenets. It should contain: 255.0.0.0 127.0.0.0 255.255.255.0 10.10.10.0 Where 10.10.10.0/24 is your subnet. * Edit /var/yp/Makefile. Set the following options: B=-b NOPUSH=false MINUID=1000 MINGID=100 MERGE_PASSWD=false MERGE_GROUP=true Down in the "all:" section of the makefile, only build the "passwd", "group", and "shadow". Comment the rest out. * Start ypserv. * Temporarily edit your domain in /etc/resolv.conf to be "priv.vectorstar.net". * run /usr/lib/yp/ypinit -m. Edit the list of NIS servers to your liking and press CTRL-D. Hit Y to verify. It would be wise to use "computer.priv.vectorstar.net" (full hostname) to identify servers. Otherwise some strange stuff can happen. # # This config file doesn't appear to exist anymore. # Looks like the Makefile no longer uses it! # # * Edit /var/yp/ypmake.conf. # Uncomment the "push yes" line. # Edit "domain default" to match your NIS domain. * Add a cron job at your preferred update interval (15 mins) which runs "*/5 * * * * cd /var/yp/vsn;make -f ../Makefile passwd shadow group >/vsn/admin/log/nis.debug 2>&1" Reboot the Master Server. ypserv, rpc.ypxfrd, rpc.yppasswdd should all be running when you start back up. if you run "ypdomainname" you should get your NIS domain name returned back to you. B. Slave Server Strictly speaking, a slave server does not need to be a client of the NIS domain in order to complete its function. However, if this machine also needs to be a client (interact with the users listed in the DB), make it a client as well. 1. Fixing files and core config * Create the file /etc/defaultdomain and enter your NIS domain name into this file and save it. * Create the file /etc/ypserv.conf . It should contain: #*:*:passwd.byname:port *:*:shadow.byname:port * Fix permissions on yppasswd. This file must be setuid-root. chmod 4755 /usr/bin/yppasswd * Edit /etc/rc.d/rc.yp. Uncomment the "defaultdomain" section. Uncomment the "ypserv" section. Uncomment the "ypxfrd" section. (? maybe not needed) 2. Synchronizing with the Master * run the command "ypdomainname (yourNISdomain goes here)". * edit /var/yp/securenets. It should contain: 255.0.0.0 127.0.0.0 255.255.255.0 10.10.10.0 Where 10.10.10.0/24 is your subnet. * Start ypserv. * run /usr/lib/yp/ypinit -s (master NIS server) It will tell you to do some stuff to /etc/passwd and group. Ignore it. It's assuming you want to be a client. Reboot the Slave Server. ypserv, rpc.ypxfrd should all be running when you start back up. if you run "ypdomainname" you should get your NIS domain name returned back to you. C. Client An NIS client is any machine which needs to do password lookups in the NIS database. This normally includes the slave NIS servers, but never includes the master NIS server. When an NIS server dies, any clients which are using it as its main query server will take 30 seconds to realize that the server has timed out, and to start switching to another server. 1. Fixing files and core config * Create the file /etc/defaultdomain and enter your NIS domain name into this file and save it. * Edit the file /etc/yp.conf . domain (yourNISdomain) ypserver NISmaster ypserver NISslave1 ypserver NISslave2 ... * Fix permissions on yppasswd. This file must be setuid-root. chmod 4755 /usr/bin/yppasswd * Move the "passwd" executable around. mv /usr/bin/passwd /usr/bin/localpasswd ln -s /usr/bin/yppasswd /usr/bin/passwd * Edit /etc/rc.d/rc.yp. Uncomment the "defaultdomain" section. Uncomment the "ypbind" section. Remove the "-broadcast" flag from ypbind. * Edit /etc/nsswitch.conf. comment out the old lines: passwd: compat group: compat Add these lines in their place: passwd: nis files db shadow: nis files db group: nis files db Reboot the client machine. ypbind should be running when you start up. Test your NIS connection by doing "ypcat passwd.byuid". If it works or gives you a blank return, it's working. If it's blank, your data's bad and you have a whole different problem. :)