Difference between revisions of "NIS"

From ArchWiki
Jump to: navigation, search
m (+link to the french wiki page)
(8 intermediate revisions by 4 users not shown)
Line 1: Line 1:
 
[[Category:Security]]
 
[[Category:Security]]
 +
[[fr:NIS]]
 
{{stub}}
 
{{stub}}
=Introduction=
 
  
 
NIS is a protocol developed by Sun to allow one to defer user authentication to a server. The server software is in the ypserv package, and the client software is in the yp-tools package. ypbind-mt is also available, which is a multi threaded version of the client daemon.
 
NIS is a protocol developed by Sun to allow one to defer user authentication to a server. The server software is in the ypserv package, and the client software is in the yp-tools package. ypbind-mt is also available, which is a multi threaded version of the client daemon.
  
'''Note:''' obviously this article is far from finished. hopefully in the future that will change, but in the meantime check the [[NIS#More resources|More resources section]].
+
{{note|Obviously this article is far from finished. hopefully in the future that will change, but in the meantime check the [[NIS#More resources|More resources section]].}}
  
=How to set up a NIS client=
+
== NIS Client ==
  
 
The first step is to install the tools that you need. This provides the configuration files and general tools needed to use NIS.
 
The first step is to install the tools that you need. This provides the configuration files and general tools needed to use NIS.
 
 
  # pacman -S yp-tools ypbind-mt
 
  # pacman -S yp-tools ypbind-mt
  
Next put your NIS domain name into the file /etc/conf.d/nisdomainname.
+
Set your domain name:
 +
# ypdomainname EXAMPLE.COM
  
 
Now edit the /etc/yp.conf file and add your ypserver or nis server.
 
Now edit the /etc/yp.conf file and add your ypserver or nis server.
 
 
  ypserver your.nis.server
 
  ypserver your.nis.server
  
Start the rpcbind and ypbind daemons (add them to your [[rc.conf]] file if you want it to start automatically).
+
Start the rpcbind and ypbind daemons (use systemd enable to make it automatic at boot).
 
+
  # systemctl start rpcbind
  # /etc/rc.d/rpcbind start
+
  # systemctl start ypbind
  # /etc/rc.d/ypbind start
+
  
 
To test the setup so far you can run the command yptest:
 
To test the setup so far you can run the command yptest:
 
 
  # yptest
 
  # yptest
  
Line 31: Line 28:
  
 
To actually use NIS to log in you have to edit /etc/nsswitch.conf.  Modify the lines for passwd, group and shadow to read:
 
To actually use NIS to log in you have to edit /etc/nsswitch.conf.  Modify the lines for passwd, group and shadow to read:
 
 
  passwd: files nis
 
  passwd: files nis
 
  group: files nis
 
  group: files nis
Line 38: Line 34:
 
And then do not forget
 
And then do not forget
  
  # /etc/rc.d/ypbind restart
+
  # systemctl restart ypbind
  
 
See [http://www.tldp.org/HOWTO/NIS-HOWTO/settingup_client.html section 7 of The Linux NIS HOWTO] for further information on configuring NIS clients.
 
See [http://www.tldp.org/HOWTO/NIS-HOWTO/settingup_client.html section 7 of The Linux NIS HOWTO] for further information on configuring NIS clients.
  
=How to set up a NIS server=
+
== NIS Server ==
 
+
==Install Packages==
+
  
 +
== Install Packages ==
 
Make sure packages ypbind-mt, ypserv, and yp-tools are installed:
 
Make sure packages ypbind-mt, ypserv, and yp-tools are installed:
 
 
  # pacman -S ypbind-mt yp-tools ypserv
 
  # pacman -S ypbind-mt yp-tools ypserv
  
==Editing Configuration Files==
+
== Configuration ==
  
===/etc/conf.d/nisdomainname===
+
=== /etc/conf.d/nisdomainname ===
  
 
Add the domain name to /etc/conf.d/nisdomainname:
 
Add the domain name to /etc/conf.d/nisdomainname:
Line 58: Line 52:
 
  # NISDOMAINNAME="nis-domain-name"
 
  # NISDOMAINNAME="nis-domain-name"
  
===/etc/ypserv.conf===
+
=== /etc/ypserv.conf ===
  
 
Add rules to /etc/ypserv.conf for your your nis clients of this form:
 
Add rules to /etc/ypserv.conf for your your nis clients of this form:
Line 68: Line 62:
 
  # 192.168. : home-domain : * : port
 
  # 192.168. : home-domain : * : port
  
For more information see `man ypserv.conf`.
+
For more information see {{ic|man ypserv.conf}}.
  
===/var/yp/Makefile===
+
=== /var/yp/Makefile ===
  
 
Add or remove files you would like NIS to use to /var/yp/Makefile under the "all" rule.
 
Add or remove files you would like NIS to use to /var/yp/Makefile under the "all" rule.
Line 94: Line 88:
 
  # make
 
  # make
  
===/var/yp/securenets===
+
=== /var/yp/securenets ===
  
 
Add rules to /var/yp/securenets to restrict access:
 
Add rules to /var/yp/securenets to restrict access:
Line 104: Line 98:
 
  # 0.0.0.0      0.0.0.0
 
  # 0.0.0.0      0.0.0.0
  
===/var/yp/ypservers===
+
=== /var/yp/ypservers ===
  
 
Add the domain name of your server to /var/yp/ypservers:
 
Add the domain name of your server to /var/yp/ypservers:
Line 110: Line 104:
 
  # your.nis.server
 
  # your.nis.server
  
==Start NIS Daemons==
+
== Start NIS Daemons ==
 +
=== initscripts ===
 +
{{note|The daemons MUST be started in this order.}}
  
The daemons MUST be started in this order.
+
Start rpcbind if it isn't already started:
 
+
  # systemctl start rpcbind
Start rpcbind (if it isn't already started)
+
 
+
  # rc.d start rpcbind
+
  
 
Start ypbind:
 
Start ypbind:
 
+
  # systemctl start ypbind
  # rc.d start ypbind
+
  
 
Start ypserv:
 
Start ypserv:
 +
# systemctl start ypserv
  
# rc.d start ypserv
+
If you want these to start automatically on startup, then
 
+
# systemctl enable rpcbind.service
If you want these to start automatically on startup, add them to your DAEMONS array in rc.conf:
+
# systemctl enable ypbind.service
 
+
  # systemctl enable ypserv.service
  # DAEMONS=( ... rpcbind ypbind ypserv ... )
+
  
Make sure they go after network in the array.
+
=== systemd ===
 +
Simply use the systemctl command to enable and start the ypbind service:
 +
# systemctl enable ypbind.service
  
=More resources=
+
== More resources ==
 
*[http://www.tldp.org/HOWTO/NIS-HOWTO/ The Linux NIS HOWTO],very helpful and generally applicable to Arch Linux.
 
*[http://www.tldp.org/HOWTO/NIS-HOWTO/ The Linux NIS HOWTO],very helpful and generally applicable to Arch Linux.
 
*[http://www.yolinux.com/TUTORIALS/NIS.html YoLinux NIS tutorial]
 
*[http://www.yolinux.com/TUTORIALS/NIS.html YoLinux NIS tutorial]
 
*[http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch30_:_Configuring_NIS Quick HOWTO, Configuring NIS]
 
*[http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch30_:_Configuring_NIS Quick HOWTO, Configuring NIS]

Revision as of 08:56, 14 September 2013

Tango-document-new.pngThis article is a stub.Tango-document-new.png

Notes: please use the first argument of the template to provide more detailed indications. (Discuss in Talk:NIS#)

NIS is a protocol developed by Sun to allow one to defer user authentication to a server. The server software is in the ypserv package, and the client software is in the yp-tools package. ypbind-mt is also available, which is a multi threaded version of the client daemon.

Note: Obviously this article is far from finished. hopefully in the future that will change, but in the meantime check the More resources section.

NIS Client

The first step is to install the tools that you need. This provides the configuration files and general tools needed to use NIS.

# pacman -S yp-tools ypbind-mt

Set your domain name:

# ypdomainname EXAMPLE.COM

Now edit the /etc/yp.conf file and add your ypserver or nis server.

ypserver your.nis.server

Start the rpcbind and ypbind daemons (use systemd enable to make it automatic at boot).

# systemctl start rpcbind
# systemctl start ypbind

To test the setup so far you can run the command yptest:

# yptest

If it works you will, among other things, see the contents of the NIS user database (which is printed in the same format as /etc/passwd).

To actually use NIS to log in you have to edit /etc/nsswitch.conf. Modify the lines for passwd, group and shadow to read:

passwd: files nis
group: files nis
shadow: files nis

And then do not forget

# systemctl restart ypbind

See section 7 of The Linux NIS HOWTO for further information on configuring NIS clients.

NIS Server

Install Packages

Make sure packages ypbind-mt, ypserv, and yp-tools are installed:

# pacman -S ypbind-mt yp-tools ypserv

Configuration

/etc/conf.d/nisdomainname

Add the domain name to /etc/conf.d/nisdomainname:

# NISDOMAINNAME="nis-domain-name"

/etc/ypserv.conf

Add rules to /etc/ypserv.conf for your your nis clients of this form:

# ip-address-of-client : nis-domain-name : rule : security

For example:

# 192.168. : home-domain : * : port

For more information see man ypserv.conf.

/var/yp/Makefile

Add or remove files you would like NIS to use to /var/yp/Makefile under the "all" rule.

Default:

# all:  passwd group hosts rpc services netid protocols netgrp \
#         shadow # publickey networks ethers bootparams printcap mail \
#         # amd.home auto.master auto.home auto.local passwd.adjunct \
#         # timezone locale netmasks

Due to recent changes in networking in Archlinux you have to change the line:

# LOCALDOMAIN = `/bin/domainname`

to

# LOCALDOMAIN = `/bin/hostname -d`

After that you have to build your NIS database:

# cd /var/yp
# make

/var/yp/securenets

Add rules to /var/yp/securenets to restrict access:

# 255.255.0.0 192.168.0.0 # Gives access to anyone in 192.168.0.0/16

Be sure to comment out this line, as it gives access to anyone.

# 0.0.0.0      0.0.0.0

/var/yp/ypservers

Add the domain name of your server to /var/yp/ypservers:

# your.nis.server

Start NIS Daemons

initscripts

Note: The daemons MUST be started in this order.

Start rpcbind if it isn't already started:

# systemctl start rpcbind

Start ypbind:

# systemctl start ypbind

Start ypserv:

# systemctl start ypserv

If you want these to start automatically on startup, then

# systemctl enable rpcbind.service
# systemctl enable ypbind.service
# systemctl enable ypserv.service

systemd

Simply use the systemctl command to enable and start the ypbind service:

# systemctl enable ypbind.service

More resources