https://wiki.archlinux.org/api.php?action=feedcontributions&user=Sbtkd85&feedformat=atomArchWiki - User contributions [en]2024-03-28T21:20:21ZUser contributionsMediaWiki 1.41.0https://wiki.archlinux.org/index.php?title=NIS&diff=256363NIS2013-05-08T13:03:18Z<p>Sbtkd85: Updated Client section to use systemd & added domain set command</p>
<hr />
<div>[[Category:Security]]<br />
{{stub}}<br />
<br />
NIS is a protocol developed by Sun to allow one to defer user authentication to a server. The server software is in the ypserv package, and the client software is in the yp-tools package. ypbind-mt is also available, which is a multi threaded version of the client daemon.<br />
<br />
{{note|Obviously this article is far from finished. hopefully in the future that will change, but in the meantime check the [[NIS#More resources|More resources section]].}}<br />
<br />
== NIS Client ==<br />
<br />
The first step is to install the tools that you need. This provides the configuration files and general tools needed to use NIS.<br />
# pacman -S yp-tools ypbind-mt<br />
<br />
Set your domain name:<br />
# ypdomainname EXAMPLE.COM<br />
<br />
Now edit the /etc/yp.conf file and add your ypserver or nis server.<br />
ypserver your.nis.server<br />
<br />
Start the rpcbind and ypbind daemons (use systemd enable to make it automatic at boot).<br />
# systemctl start rpcbind<br />
# systemctl start ypbind<br />
<br />
To test the setup so far you can run the command yptest:<br />
# yptest<br />
<br />
If it works you will, among other things, see the contents of the NIS user database (which is printed in the same format as /etc/passwd).<br />
<br />
To actually use NIS to log in you have to edit /etc/nsswitch.conf. Modify the lines for passwd, group and shadow to read:<br />
passwd: files nis<br />
group: files nis<br />
shadow: files nis<br />
<br />
And then do not forget<br />
<br />
# systemctl restart ypbind<br />
<br />
See [http://www.tldp.org/HOWTO/NIS-HOWTO/settingup_client.html section 7 of The Linux NIS HOWTO] for further information on configuring NIS clients.<br />
<br />
== NIS Server ==<br />
<br />
== Install Packages ==<br />
Make sure packages ypbind-mt, ypserv, and yp-tools are installed:<br />
# pacman -S ypbind-mt yp-tools ypserv<br />
<br />
== Configuration ==<br />
<br />
=== /etc/conf.d/nisdomainname ===<br />
<br />
Add the domain name to /etc/conf.d/nisdomainname:<br />
<br />
# NISDOMAINNAME="nis-domain-name"<br />
<br />
=== /etc/ypserv.conf ===<br />
<br />
Add rules to /etc/ypserv.conf for your your nis clients of this form:<br />
<br />
# ip-address-of-client : nis-domain-name : rule : security<br />
<br />
For example:<br />
<br />
# 192.168. : home-domain : * : port<br />
<br />
For more information see {{ic|man ypserv.conf}}.<br />
<br />
=== /var/yp/Makefile ===<br />
<br />
Add or remove files you would like NIS to use to /var/yp/Makefile under the "all" rule.<br />
<br />
Default:<br />
<br />
# all: passwd group hosts rpc services netid protocols netgrp \<br />
# shadow # publickey networks ethers bootparams printcap mail \<br />
# # amd.home auto.master auto.home auto.local passwd.adjunct \<br />
# # timezone locale netmasks<br />
<br />
Due to recent changes in networking in Archlinux you have to change the line:<br />
<br />
# LOCALDOMAIN = `/bin/domainname`<br />
<br />
to<br />
<br />
# LOCALDOMAIN = `/bin/hostname -d`<br />
<br />
After that you have to build your NIS database:<br />
<br />
# cd /var/yp<br />
# make<br />
<br />
=== /var/yp/securenets ===<br />
<br />
Add rules to /var/yp/securenets to restrict access:<br />
<br />
# 255.255.0.0 192.168.0.0 # Gives access to anyone in 192.168.0.0/16<br />
<br />
Be sure to comment out this line, as it gives access to anyone.<br />
<br />
# 0.0.0.0 0.0.0.0<br />
<br />
=== /var/yp/ypservers ===<br />
<br />
Add the domain name of your server to /var/yp/ypservers:<br />
<br />
# your.nis.server<br />
<br />
== Start NIS Daemons ==<br />
=== initscripts ===<br />
{{note|The daemons MUST be started in this order.}}<br />
<br />
Start rpcbind if it isn't already started:<br />
# systemctl start rpcbind<br />
<br />
Start ypbind:<br />
# systemctl start ypbind<br />
<br />
Start ypserv:<br />
# systemctl start ypserv<br />
<br />
If you want these to start automatically on startup, then<br />
# systemctl enable rpcbind.service<br />
# systemctl enable ypbind.service<br />
# systemctl enable ypserv.service<br />
<br />
=== systemd ===<br />
Simply use the systemctl command to enable and start the ypbind service:<br />
# systemctl enable ypbind.service<br />
<br />
== More resources ==<br />
*[http://www.tldp.org/HOWTO/NIS-HOWTO/ The Linux NIS HOWTO],very helpful and generally applicable to Arch Linux.<br />
*[http://www.yolinux.com/TUTORIALS/NIS.html YoLinux NIS tutorial]<br />
*[http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch30_:_Configuring_NIS Quick HOWTO, Configuring NIS]</div>Sbtkd85