Difference between revisions of "NIS"

From ArchWiki
Jump to: navigation, search
(categorizing uncategorized page)
Line 39: Line 39:
  
 
  # /etc/rc.d/ypbind restart
 
  # /etc/rc.d/ypbind restart
 
  
 
See [http://www.tldp.org/HOWTO/NIS-HOWTO/settingup_client.html section 7 of The Linux NIS HOWTO] for further information on configuring NIS clients.
 
See [http://www.tldp.org/HOWTO/NIS-HOWTO/settingup_client.html section 7 of The Linux NIS HOWTO] for further information on configuring NIS clients.
 +
 +
==How to set up a NIS server==
 +
 +
Make sure packages ypbind-mt, ypserv, and yp-tools are installed:
 +
 +
# sudo pacman -S ypbind-mt yp-tools ypserv
 +
 +
Add the domain name to /etc/conf.d/nisdomainname:
 +
 +
# NISDOMAINNAME="nis-domain-name"
 +
 +
Add rules to /etc/ypserv.conf for your your nis clients of this form:
 +
 +
# ip-address-of-client : nis-domain-name : rule : security
 +
 +
For example:
 +
 +
# 192.168. : home-domain : * : port
 +
 +
For more information see `man ypserv.conf`.
 +
 +
Add or remove files you would like NIS to use to /var/yp/Makefile under the "all" rule.
 +
 +
Default:
 +
 +
# all:  passwd group hosts rpc services netid protocols netgrp \
 +
#        shadow # publickey networks ethers bootparams printcap mail \
 +
#        # amd.home auto.master auto.home auto.local passwd.adjunct \
 +
#        # timezone locale netmasks
 +
 +
Add rules to /var/yp/securenets to restrict access:
 +
 +
# 255.255.0.0 192.168.0.0 # Gives access to anyone in 192.168.0.0/16
 +
 +
Be sure to comment out this line, as it gives access to anyone.
 +
 +
# 0.0.0.0      0.0.0.0
 +
 +
Add the domain name of your server to /var/yp/ypservers:
 +
 +
# my.nis.server
  
 
==More resources==
 
==More resources==

Revision as of 21:31, 13 October 2011

Tango-document-new.pngThis article is a stub.Tango-document-new.png

Notes: please use the first argument of the template to provide more detailed indications. (Discuss in Talk:NIS#)

Introduction

NIS is a protocol developed by Sun to allow one to defer user authentication to a server. The server software is in the ypserv package, and the client software is in the yp-tools package. ypbind-mt is also available, which is a multi threaded version of the client daemon.

Note: obviously this article is far from finished. hopefully in the future that will change, but in the meantime check the More resources section.

How to set up a NIS client

The first step is to install the tools that you need. This provides the configuration files and general tools needed to use NIS.

# pacman -S yp-tools ypbind-mt

Next put your NIS domain name into the file /etc/conf.d/nisdomainname.

Now edit the /etc/yp.conf file and add your ypserver or nis server.

ypserver your.nis.server

Start the rpcbind and ypbind daemons (add them to your rc.conf file if you want it to start automatically).

# /etc/rc.d/rpcbind start
# /etc/rc.d/ypbind start

To test the setup so far you can run the command yptest:

# yptest

If it works you will, among other things, see the contents of the NIS user database (which is printed in the same format as /etc/passwd).

To actually use NIS to log in you have to edit /etc/nsswitch.conf. Modify the lines for passwd, group and shadow to read:

passwd: files nis
group: files nis
shadow: files nis

And then do not forget

# /etc/rc.d/ypbind restart

See section 7 of The Linux NIS HOWTO for further information on configuring NIS clients.

How to set up a NIS server

Make sure packages ypbind-mt, ypserv, and yp-tools are installed:

  1. sudo pacman -S ypbind-mt yp-tools ypserv

Add the domain name to /etc/conf.d/nisdomainname:

  1. NISDOMAINNAME="nis-domain-name"

Add rules to /etc/ypserv.conf for your your nis clients of this form:

  1. ip-address-of-client : nis-domain-name : rule : security

For example:

  1. 192.168. : home-domain : * : port

For more information see `man ypserv.conf`.

Add or remove files you would like NIS to use to /var/yp/Makefile under the "all" rule.

Default:

  1. all: passwd group hosts rpc services netid protocols netgrp \
  2. shadow # publickey networks ethers bootparams printcap mail \
  3. # amd.home auto.master auto.home auto.local passwd.adjunct \
  4. # timezone locale netmasks

Add rules to /var/yp/securenets to restrict access:

  1. 255.255.0.0 192.168.0.0 # Gives access to anyone in 192.168.0.0/16

Be sure to comment out this line, as it gives access to anyone.

  1. 0.0.0.0 0.0.0.0

Add the domain name of your server to /var/yp/ypservers:

  1. my.nis.server

More resources