Difference between revisions of "NIS"

From ArchWiki
Jump to: navigation, search
(Cleaned up some old references (before systemd) and added important information about /etc/hosts. Also added a simpler way to configure everything.)
(Edited for consistency between server and client, and placed client config after server config.)
Line 6: Line 6:
  
 
{{note|Obviously this article is far from finished. hopefully in the future that will change, but in the meantime check the [[NIS#More resources|More resources section]].}}
 
{{note|Obviously this article is far from finished. hopefully in the future that will change, but in the meantime check the [[NIS#More resources|More resources section]].}}
 
== NIS Client ==
 
 
The first step is to install the tools that you need. This provides the configuration files and general tools needed to use NIS.
 
# pacman -S yp-tools ypbind-mt
 
 
Set your domain name:
 
# ypdomainname EXAMPLE.COM
 
 
Now edit the /etc/yp.conf file and add your ypserver or nis server.
 
ypserver your.nis.server
 
 
It may be a good idea to add your NIS server to /etc/hosts
 
192.168.1.10  nis_server.domain.com  nis_server
 
 
Start the rpcbind and ypbind daemons (use systemd enable to make it automatic at boot).
 
# systemctl start rpcbind
 
# systemctl start ypbind
 
 
To test the setup so far you can run the command yptest:
 
# yptest
 
 
If it works you will, among other things, see the contents of the NIS user database (which is printed in the same format as /etc/passwd).
 
 
To actually use NIS to log in you have to edit /etc/nsswitch.conf.  Modify the lines for passwd, group and shadow to read:
 
passwd: files nis
 
group: files nis
 
shadow: files nis
 
 
And then do not forget
 
 
# systemctl restart ypbind
 
 
See [http://www.tldp.org/HOWTO/NIS-HOWTO/settingup_client.html section 7 of The Linux NIS HOWTO] for further information on configuring NIS clients.
 
  
 
== NIS Server ==
 
== NIS Server ==
  
== Install Packages ==
+
=== Install Packages ===
 
Make sure packages ypbind-mt, ypserv, and yp-tools are installed:
 
Make sure packages ypbind-mt, ypserv, and yp-tools are installed:
 
  # pacman -S ypbind-mt yp-tools ypserv
 
  # pacman -S ypbind-mt yp-tools ypserv
  
== Configuration ==
+
=== Configuration ===
  
=== /etc/hosts ===
+
==== /etc/hosts ====
  
 
Add your server's '''external''' (not 127.0.0.1) IP address to the hosts file. Make sure it is the first non-commented line in the file, yes, even above the localhost line, like so:
 
Add your server's '''external''' (not 127.0.0.1) IP address to the hosts file. Make sure it is the first non-commented line in the file, yes, even above the localhost line, like so:
Line 64: Line 30:
 
This is due to a peculiarity in ypinit (maybe it's a bug, maybe it's a feature), which will '''always''' add the first line in /etc/hosts to the list of ypservers.
 
This is due to a peculiarity in ypinit (maybe it's a bug, maybe it's a feature), which will '''always''' add the first line in /etc/hosts to the list of ypservers.
  
=== /etc/nisdomainname ===
+
==== /etc/nisdomainname ====
  
 
Add the domain name to /etc/nisdomainname:
 
Add the domain name to /etc/nisdomainname:
Line 70: Line 36:
 
  # NISDOMAINNAME="nis-domain-name"
 
  # NISDOMAINNAME="nis-domain-name"
  
=== /etc/ypserv.conf ===
+
==== /etc/ypserv.conf ====
  
 
Add rules to /etc/ypserv.conf for your your nis clients of this form:
 
Add rules to /etc/ypserv.conf for your your nis clients of this form:
Line 82: Line 48:
 
For more information see {{ic|man ypserv.conf}}.
 
For more information see {{ic|man ypserv.conf}}.
  
=== /var/yp/Makefile ===
+
==== /var/yp/Makefile ====
  
 
Add or remove files you would like NIS to use to /var/yp/Makefile under the "all" rule.
 
Add or remove files you would like NIS to use to /var/yp/Makefile under the "all" rule.
Line 104: Line 70:
 
If you use this way you may skip manually adding lines to /var/yp/ypservers.
 
If you use this way you may skip manually adding lines to /var/yp/ypservers.
  
=== /var/yp/securenets ===
+
==== /var/yp/securenets ====
  
 
Add rules to /var/yp/securenets to restrict access:
 
Add rules to /var/yp/securenets to restrict access:
Line 114: Line 80:
 
  # 0.0.0.0      0.0.0.0
 
  # 0.0.0.0      0.0.0.0
  
=== /var/yp/ypservers ===
+
==== /var/yp/ypservers ====
  
 
Add your server to /var/yp/ypservers:
 
Add your server to /var/yp/ypservers:
Line 120: Line 86:
 
  # your.nis.server
 
  # your.nis.server
  
== Start NIS Daemons ==
+
=== Start NIS Daemons ===
=== initscripts ===
+
 
{{note|The daemons MUST be started in this order.}}
 
{{note|The daemons MUST be started in this order.}}
  
Line 133: Line 98:
 
  # systemctl start ypserv
 
  # systemctl start ypserv
  
If you want these to start automatically on startup, then
+
Use systemctl enable instead of start to make the daemons load at every boot.
# systemctl enable rpcbind.service
+
# systemctl enable ypbind.service
+
# systemctl enable ypserv.service
+
  
 +
== NIS Client ==
 +
 +
===  Install Packages ===
 +
The first step is to install the tools that you need. This provides the configuration files and general tools needed to use NIS.
 +
# pacman -S yp-tools ypbind-mt
 +
 +
=== Configuration ===
 +
==== Set your domain name ====
 +
# ypdomainname EXAMPLE.COM
 +
 +
Now edit the /etc/yp.conf file and add your ypserver or nis server.
 +
ypserver nis_server
 +
 +
==== /etc/hosts ====
 +
It may be a good idea to add your NIS server to /etc/hosts
 +
192.168.1.10  nis_server.domain.com  nis_server
 +
 +
==== Start NIS Daemons ====
 +
{{note|The daemons MUST be started in this order.}}
 +
Start the rpcbind and ypbind daemons.
 +
# systemctl start rpcbind
 +
# systemctl start ypbind
 +
 +
Use systemctl enable instead of start to make the daemons load at every boot.
 +
 +
==== Early testing ====
 +
To test the setup so far you can run the command yptest:
 +
# yptest
 +
 +
If it works you will, among other things, see the contents of the NIS user database (which is printed in the same format as /etc/passwd).
 +
 +
==== /etc/nsswitch.conf ====
 +
To actually use NIS to log in you have to edit /etc/nsswitch.conf.  Modify the lines for passwd, group and shadow to read:
 +
passwd: files nis
 +
group: files nis
 +
shadow: files nis
 +
 +
And then do not forget
 +
 +
# systemctl restart ypbind
 +
 +
See [http://www.tldp.org/HOWTO/NIS-HOWTO/settingup_client.html section 7 of The Linux NIS HOWTO] for further information on configuring NIS clients.
 
== More resources ==
 
== More resources ==
 
*[http://www.tldp.org/HOWTO/NIS-HOWTO/ The Linux NIS HOWTO],very helpful and generally applicable to Arch Linux.
 
*[http://www.tldp.org/HOWTO/NIS-HOWTO/ The Linux NIS HOWTO],very helpful and generally applicable to Arch Linux.
 
*[http://www.yolinux.com/TUTORIALS/NIS.html YoLinux NIS tutorial]
 
*[http://www.yolinux.com/TUTORIALS/NIS.html YoLinux NIS tutorial]
 
*[http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch30_:_Configuring_NIS Quick HOWTO, Configuring NIS]
 
*[http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch30_:_Configuring_NIS Quick HOWTO, Configuring NIS]

Revision as of 21:55, 19 October 2013

Tango-document-new.pngThis article is a stub.Tango-document-new.png

Notes: please use the first argument of the template to provide more detailed indications. (Discuss in Talk:NIS#)

NIS is a protocol developed by Sun to allow one to defer user authentication to a server. The server software is in the ypserv package, and the client software is in the yp-tools package. ypbind-mt is also available, which is a multi threaded version of the client daemon.

Note: Obviously this article is far from finished. hopefully in the future that will change, but in the meantime check the More resources section.

NIS Server

Install Packages

Make sure packages ypbind-mt, ypserv, and yp-tools are installed:

# pacman -S ypbind-mt yp-tools ypserv

Configuration

/etc/hosts

Add your server's external (not 127.0.0.1) IP address to the hosts file. Make sure it is the first non-commented line in the file, yes, even above the localhost line, like so:

#
# /etc/hosts: static lookup table for host names
#

#<ip-address>	<hostname.domain.org>	<hostname>
#::1		localhost.localdomain	localhost
192.168.1.10   nis_server.domain.com   nis_server
127.0.0.1	localhost.localdomain	localhost nis_server
# End of file

This is due to a peculiarity in ypinit (maybe it's a bug, maybe it's a feature), which will always add the first line in /etc/hosts to the list of ypservers.

/etc/nisdomainname

Add the domain name to /etc/nisdomainname:

# NISDOMAINNAME="nis-domain-name"

/etc/ypserv.conf

Add rules to /etc/ypserv.conf for your your nis clients of this form:

# ip-address-of-client : nis-domain-name : rule : security

For example:

# 192.168. : home-domain : * : port

For more information see man ypserv.conf.

/var/yp/Makefile

Add or remove files you would like NIS to use to /var/yp/Makefile under the "all" rule.

Default:

# all:  passwd group hosts rpc services netid protocols netgrp \
#         shadow # publickey networks ethers bootparams printcap mail \
#         # amd.home auto.master auto.home auto.local passwd.adjunct \
#         # timezone locale netmasks

After that you have to build your NIS database:

# cd /var/yp
# make

Or you can do it in a more automated fashion:

# /usr/lib/yp/ypinit -m

If you use this way you may skip manually adding lines to /var/yp/ypservers.

/var/yp/securenets

Add rules to /var/yp/securenets to restrict access:

# 255.255.0.0 192.168.0.0 # Gives access to anyone in 192.168.0.0/16

Be sure to comment out this line, as it gives access to anyone.

# 0.0.0.0      0.0.0.0

/var/yp/ypservers

Add your server to /var/yp/ypservers:

# your.nis.server

Start NIS Daemons

Note: The daemons MUST be started in this order.

Start rpcbind if it isn't already started:

# systemctl start rpcbind

Start ypbind:

# systemctl start ypbind

Start ypserv:

# systemctl start ypserv

Use systemctl enable instead of start to make the daemons load at every boot.

NIS Client

Install Packages

The first step is to install the tools that you need. This provides the configuration files and general tools needed to use NIS.

# pacman -S yp-tools ypbind-mt

Configuration

Set your domain name

# ypdomainname EXAMPLE.COM

Now edit the /etc/yp.conf file and add your ypserver or nis server.

ypserver nis_server

/etc/hosts

It may be a good idea to add your NIS server to /etc/hosts

192.168.1.10   nis_server.domain.com   nis_server

Start NIS Daemons

Note: The daemons MUST be started in this order.

Start the rpcbind and ypbind daemons.

# systemctl start rpcbind
# systemctl start ypbind

Use systemctl enable instead of start to make the daemons load at every boot.

Early testing

To test the setup so far you can run the command yptest:

# yptest

If it works you will, among other things, see the contents of the NIS user database (which is printed in the same format as /etc/passwd).

/etc/nsswitch.conf

To actually use NIS to log in you have to edit /etc/nsswitch.conf. Modify the lines for passwd, group and shadow to read:

passwd: files nis
group: files nis
shadow: files nis

And then do not forget

# systemctl restart ypbind

See section 7 of The Linux NIS HOWTO for further information on configuring NIS clients.

More resources