Difference between revisions of "NIS"

From ArchWiki
Jump to: navigation, search
(initscripts)
(Install Packages: rm pacman -S)
 
(16 intermediate revisions by 11 users not shown)
Line 1: Line 1:
 
[[Category:Security]]
 
[[Category:Security]]
{{stub}}
+
[[fr:NIS]]
 +
[[ja:NIS]]
 +
Network Information Service (NIS) is a protocol developed by Sun to allow one to defer user authentication to a server. The server software is in the {{Pkg|ypserv}} package, and the client software is in the {{Pkg|yp-tools}} package. {{Pkg|ypbind-mt}} is also available, which is a multi threaded version of the client daemon.
  
NIS is a protocol developed by Sun to allow one to defer user authentication to a server. The server software is in the ypserv package, and the client software is in the yp-tools package. ypbind-mt is also available, which is a multi threaded version of the client daemon.
+
{{note|This article somewhat unfinished. In the future that will change, but in the meantime check the [[#More resources|More resources section]].}}
  
{{note|Obviously this article is far from finished. hopefully in the future that will change, but in the meantime check the [[NIS#More resources|More resources section]].}}
+
== NIS Server ==
  
== NIS Client ==
+
=== Install Packages ===
 +
[[Install]] the {{pkg|ypbind-mt}}, {{pkg|ypserv}}, and {{pkg|yp-tools}} packages.
  
The first step is to install the tools that you need. This provides the configuration files and general tools needed to use NIS.
+
=== Configuration ===
# pacman -S yp-tools ypbind-mt
+
  
Next put your NIS domain name into the file /etc/conf.d/nisdomainname.
+
==== /etc/hosts ====
  
Now edit the /etc/yp.conf file and add your ypserver or nis server.
+
Add your server's '''external''' (not 127.0.0.1) IP address to the hosts file. Make sure it is the first non-commented line in the file, yes, even above the localhost line, like so:
  ypserver your.nis.server
+
#
 +
# /etc/hosts: static lookup table for host names
 +
#
 +
 +
#<ip-address> <hostname.domain.org> <hostname>
 +
  #::1 localhost.localdomain localhost
 +
192.168.1.10  nis_server.domain.com  nis_server
 +
127.0.0.1 localhost.localdomain localhost nis_server
 +
# End of file
  
Start the rpcbind and ypbind daemons (add them to your [[rc.conf]] file if you want it to start automatically).
+
This is due to a peculiarity in ypinit (maybe it's a bug, maybe it's a feature), which will '''always''' add the first line in {{ic|/etc/hosts}} to the list of ypservers.
# /etc/rc.d/rpcbind start
+
# /etc/rc.d/ypbind start
+
  
To test the setup so far you can run the command yptest:
+
==== /etc/nisdomainname ====
# yptest
+
  
If it works you will, among other things, see the contents of the NIS user database (which is printed in the same format as /etc/passwd).
+
Add the domain name to {{ic|/etc/nisdomainname}}:
 
+
To actually use NIS to log in you have to edit /etc/nsswitch.conf.  Modify the lines for passwd, group and shadow to read:
+
passwd: files nis
+
group: files nis
+
shadow: files nis
+
 
+
And then do not forget
+
 
+
# /etc/rc.d/ypbind restart
+
 
+
See [http://www.tldp.org/HOWTO/NIS-HOWTO/settingup_client.html section 7 of The Linux NIS HOWTO] for further information on configuring NIS clients.
+
 
+
== NIS Server ==
+
 
+
== Install Packages ==
+
Make sure packages ypbind-mt, ypserv, and yp-tools are installed:
+
# pacman -S ypbind-mt yp-tools ypserv
+
 
+
== Configuration ==
+
 
+
=== /etc/conf.d/nisdomainname ===
+
 
+
Add the domain name to /etc/conf.d/nisdomainname:
+
  
 
  # NISDOMAINNAME="nis-domain-name"
 
  # NISDOMAINNAME="nis-domain-name"
  
=== /etc/ypserv.conf ===
+
==== /etc/ypserv.conf ====
  
 
Add rules to /etc/ypserv.conf for your your nis clients of this form:
 
Add rules to /etc/ypserv.conf for your your nis clients of this form:
Line 62: Line 46:
 
For more information see {{ic|man ypserv.conf}}.
 
For more information see {{ic|man ypserv.conf}}.
  
=== /var/yp/Makefile ===
+
==== /var/yp/Makefile ====
  
 
Add or remove files you would like NIS to use to /var/yp/Makefile under the "all" rule.
 
Add or remove files you would like NIS to use to /var/yp/Makefile under the "all" rule.
Line 72: Line 56:
 
  #        # amd.home auto.master auto.home auto.local passwd.adjunct \
 
  #        # amd.home auto.master auto.home auto.local passwd.adjunct \
 
  #        # timezone locale netmasks
 
  #        # timezone locale netmasks
 
Due to recent changes in networking in Archlinux you have to change the line:
 
 
# LOCALDOMAIN = `/bin/domainname`
 
 
to
 
 
# LOCALDOMAIN = `/bin/hostname -d`
 
  
 
After that you have to build your NIS database:
 
After that you have to build your NIS database:
Line 86: Line 62:
 
  # make
 
  # make
  
=== /var/yp/securenets ===
+
Or you can do it in a more automated fashion:
 +
 
 +
# /usr/lib/yp/ypinit -m
 +
 
 +
If you use this way you may skip manually adding lines to /var/yp/ypservers.
 +
 
 +
==== /var/yp/securenets ====
  
 
Add rules to /var/yp/securenets to restrict access:
 
Add rules to /var/yp/securenets to restrict access:
Line 96: Line 78:
 
  # 0.0.0.0      0.0.0.0
 
  # 0.0.0.0      0.0.0.0
  
=== /var/yp/ypservers ===
+
==== /var/yp/ypservers ====
  
Add the domain name of your server to /var/yp/ypservers:
+
Add your server to /var/yp/ypservers:
  
 
  # your.nis.server
 
  # your.nis.server
  
== Start NIS Daemons ==
+
==== Set your domain name ====
=== initscripts ===
+
# ypdomainname EXAMPLE.COM
 +
 
 +
Now edit the /etc/yp.conf file and add your ypserver or nis server.
 +
ypserver nis_server
 +
 
 +
=== Start NIS Daemons ===
 
{{note|The daemons MUST be started in this order.}}
 
{{note|The daemons MUST be started in this order.}}
  
Start rpcbind if it isn't already started:
+
[[Start/enable]] the following systemd units:
# systemctl start rpcbind
+
* {{ic|rpcbind.service}}
 +
* {{ic|ypbind.service}}
 +
* {{ic|ypserv.service}}
  
Start ypbind:
+
== NIS Client ==
# systemctl start ypbind
+
  
Start ypserv:
+
===  Install Packages ===
  # systemctl start ypserv
+
The first step is to install the tools that you need. This provides the configuration files and general tools needed to use NIS.
 +
  # pacman -S yp-tools ypbind-mt
  
If you want these to start automatically on startup, then
+
=== Configuration ===
# systemctl enable rpcbind.service
+
==== Set your domain name ====
# systemctl enable ypbind.service
+
  # ypdomainname EXAMPLE.COM
  # systemctl enable ypserv.service
+
  
=== systemd ===
+
You can apply this permanently by editing /etc/nisdomainname and adding:
Simply use the systemctl command to enable and start the ypbind service:
+
  # NISDOMAINNAME="EXAMPLE.COM"
  # systemctl enable ypbind.service
+
  
 +
Now edit the /etc/yp.conf file and add your ypserver or nis server.
 +
ypserver nis_server
 +
 +
==== /etc/hosts ====
 +
It may be a good idea to add your NIS server to /etc/hosts
 +
192.168.1.10  nis_server.domain.com  nis_server
 +
 +
==== Start NIS Daemons ====
 +
{{note|The daemons MUST be started in this order.}}
 +
[[Start/enable]] the {{ic|rpcbind.service}} and {{ic|ypbind.service}} systemd units.
 +
 +
==== Early testing ====
 +
To test the setup so far you can run the command yptest:
 +
# yptest
 +
 +
If it works you will, among other things, see the contents of the NIS user database (which is printed in the same format as /etc/passwd).
 +
 +
==== /etc/nsswitch.conf ====
 +
To actually use NIS to log in you have to edit /etc/nsswitch.conf.  Modify the lines for passwd, group and shadow to read:
 +
passwd: files nis
 +
group: files nis
 +
shadow: files nis
 +
 +
And then do not forget
 +
 +
# systemctl restart ypbind
 +
 +
See [http://www.tldp.org/HOWTO/NIS-HOWTO/settingup_client.html section 7 of The Linux NIS HOWTO] for further information on configuring NIS clients.
 
== More resources ==
 
== More resources ==
 
*[http://www.tldp.org/HOWTO/NIS-HOWTO/ The Linux NIS HOWTO],very helpful and generally applicable to Arch Linux.
 
*[http://www.tldp.org/HOWTO/NIS-HOWTO/ The Linux NIS HOWTO],very helpful and generally applicable to Arch Linux.
 
*[http://www.yolinux.com/TUTORIALS/NIS.html YoLinux NIS tutorial]
 
*[http://www.yolinux.com/TUTORIALS/NIS.html YoLinux NIS tutorial]
 
*[http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch30_:_Configuring_NIS Quick HOWTO, Configuring NIS]
 
*[http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch30_:_Configuring_NIS Quick HOWTO, Configuring NIS]

Latest revision as of 13:26, 6 April 2016

Network Information Service (NIS) is a protocol developed by Sun to allow one to defer user authentication to a server. The server software is in the ypserv package, and the client software is in the yp-tools package. ypbind-mt is also available, which is a multi threaded version of the client daemon.

Note: This article somewhat unfinished. In the future that will change, but in the meantime check the More resources section.

NIS Server

Install Packages

Install the ypbind-mt, ypserv, and yp-tools packages.

Configuration

/etc/hosts

Add your server's external (not 127.0.0.1) IP address to the hosts file. Make sure it is the first non-commented line in the file, yes, even above the localhost line, like so:

#
# /etc/hosts: static lookup table for host names
#

#<ip-address>	<hostname.domain.org>	<hostname>
#::1		localhost.localdomain	localhost
192.168.1.10   nis_server.domain.com   nis_server
127.0.0.1	localhost.localdomain	localhost nis_server
# End of file

This is due to a peculiarity in ypinit (maybe it's a bug, maybe it's a feature), which will always add the first line in /etc/hosts to the list of ypservers.

/etc/nisdomainname

Add the domain name to /etc/nisdomainname:

# NISDOMAINNAME="nis-domain-name"

/etc/ypserv.conf

Add rules to /etc/ypserv.conf for your your nis clients of this form:

# ip-address-of-client : nis-domain-name : rule : security

For example:

# 192.168. : home-domain : * : port

For more information see man ypserv.conf.

/var/yp/Makefile

Add or remove files you would like NIS to use to /var/yp/Makefile under the "all" rule.

Default:

# all:  passwd group hosts rpc services netid protocols netgrp \
#         shadow # publickey networks ethers bootparams printcap mail \
#         # amd.home auto.master auto.home auto.local passwd.adjunct \
#         # timezone locale netmasks

After that you have to build your NIS database:

# cd /var/yp
# make

Or you can do it in a more automated fashion:

# /usr/lib/yp/ypinit -m

If you use this way you may skip manually adding lines to /var/yp/ypservers.

/var/yp/securenets

Add rules to /var/yp/securenets to restrict access:

# 255.255.0.0 192.168.0.0 # Gives access to anyone in 192.168.0.0/16

Be sure to comment out this line, as it gives access to anyone.

# 0.0.0.0      0.0.0.0

/var/yp/ypservers

Add your server to /var/yp/ypservers:

# your.nis.server

Set your domain name

# ypdomainname EXAMPLE.COM

Now edit the /etc/yp.conf file and add your ypserver or nis server.

ypserver nis_server

Start NIS Daemons

Note: The daemons MUST be started in this order.

Start/enable the following systemd units:

  • rpcbind.service
  • ypbind.service
  • ypserv.service

NIS Client

Install Packages

The first step is to install the tools that you need. This provides the configuration files and general tools needed to use NIS.

# pacman -S yp-tools ypbind-mt

Configuration

Set your domain name

# ypdomainname EXAMPLE.COM

You can apply this permanently by editing /etc/nisdomainname and adding:

# NISDOMAINNAME="EXAMPLE.COM"

Now edit the /etc/yp.conf file and add your ypserver or nis server.

ypserver nis_server

/etc/hosts

It may be a good idea to add your NIS server to /etc/hosts

192.168.1.10   nis_server.domain.com   nis_server

Start NIS Daemons

Note: The daemons MUST be started in this order.

Start/enable the rpcbind.service and ypbind.service systemd units.

Early testing

To test the setup so far you can run the command yptest:

# yptest

If it works you will, among other things, see the contents of the NIS user database (which is printed in the same format as /etc/passwd).

/etc/nsswitch.conf

To actually use NIS to log in you have to edit /etc/nsswitch.conf. Modify the lines for passwd, group and shadow to read:

passwd: files nis
group: files nis
shadow: files nis

And then do not forget

# systemctl restart ypbind

See section 7 of The Linux NIS HOWTO for further information on configuring NIS clients.

More resources