Difference between revisions of "NIS"

From ArchWiki
Jump to navigation Jump to search
(Start NIS Daemons: rm systemctl start)
(Start NIS Daemons: rm systemctl start)
Line 121: Line 121:
==== Start NIS Daemons ====
==== Start NIS Daemons ====
{{note|The daemons MUST be started in this order.}}
{{note|The daemons MUST be started in this order.}}
Start the rpcbind and ypbind daemons.
[[Start/enable]] the {{ic|rpcbind.service}} and {{ic|ypbind.service}} systemd units.
# systemctl start rpcbind
# systemctl start ypbind
Use systemctl enable instead of start to make the daemons load at every boot.
==== Early testing ====
==== Early testing ====

Revision as of 13:26, 6 April 2016

Network Information Service (NIS) is a protocol developed by Sun to allow one to defer user authentication to a server. The server software is in the ypserv package, and the client software is in the yp-tools package. ypbind-mt is also available, which is a multi threaded version of the client daemon.

Note: This article somewhat unfinished. In the future that will change, but in the meantime check the More resources section.

NIS Server

Install Packages

Make sure packages ypbind-mt, ypserv, yp-tools and make are installed:

# pacman -S ypbind-mt yp-tools ypserv make



Add your server's external (not IP address to the hosts file. Make sure it is the first non-commented line in the file, yes, even above the localhost line, like so:

# /etc/hosts: static lookup table for host names

#<ip-address>	<hostname.domain.org>	<hostname>
#::1		localhost.localdomain	localhost   nis_server.domain.com   nis_server	localhost.localdomain	localhost nis_server
# End of file

This is due to a peculiarity in ypinit (maybe it's a bug, maybe it's a feature), which will always add the first line in /etc/hosts to the list of ypservers.


Add the domain name to /etc/nisdomainname:

# NISDOMAINNAME="nis-domain-name"


Add rules to /etc/ypserv.conf for your your nis clients of this form:

# ip-address-of-client : nis-domain-name : rule : security

For example:

# 192.168. : home-domain : * : port

For more information see man ypserv.conf.


Add or remove files you would like NIS to use to /var/yp/Makefile under the "all" rule.


# all:  passwd group hosts rpc services netid protocols netgrp \
#         shadow # publickey networks ethers bootparams printcap mail \
#         # amd.home auto.master auto.home auto.local passwd.adjunct \
#         # timezone locale netmasks

After that you have to build your NIS database:

# cd /var/yp
# make

Or you can do it in a more automated fashion:

# /usr/lib/yp/ypinit -m

If you use this way you may skip manually adding lines to /var/yp/ypservers.


Add rules to /var/yp/securenets to restrict access:

# # Gives access to anyone in

Be sure to comment out this line, as it gives access to anyone.



Add your server to /var/yp/ypservers:

# your.nis.server

Set your domain name

# ypdomainname EXAMPLE.COM

Now edit the /etc/yp.conf file and add your ypserver or nis server.

ypserver nis_server

Start NIS Daemons

Note: The daemons MUST be started in this order.

Start/enable the following systemd units:

  • rpcbind.service
  • ypbind.service
  • ypserv.service

NIS Client

Install Packages

The first step is to install the tools that you need. This provides the configuration files and general tools needed to use NIS.

# pacman -S yp-tools ypbind-mt


Set your domain name

# ypdomainname EXAMPLE.COM

You can apply this permanently by editing /etc/nisdomainname and adding:


Now edit the /etc/yp.conf file and add your ypserver or nis server.

ypserver nis_server


It may be a good idea to add your NIS server to /etc/hosts   nis_server.domain.com   nis_server

Start NIS Daemons

Note: The daemons MUST be started in this order.

Start/enable the rpcbind.service and ypbind.service systemd units.

Early testing

To test the setup so far you can run the command yptest:

# yptest

If it works you will, among other things, see the contents of the NIS user database (which is printed in the same format as /etc/passwd).


To actually use NIS to log in you have to edit /etc/nsswitch.conf. Modify the lines for passwd, group and shadow to read:

passwd: files nis
group: files nis
shadow: files nis

And then do not forget

# systemctl restart ypbind

See section 7 of The Linux NIS HOWTO for further information on configuring NIS clients.

More resources