NIS is a protocol developed by Sun to allow one to defer user authentication to a server. The server software is in the ypserv package, and the client software is in the yp-tools package. ypbind-mt is also available, which is a multi threaded version of the client daemon.
The first step is to install the tools that you need. This provides the configuration files and general tools needed to use NIS.
# pacman -S yp-tools ypbind-mt
Set your domain name:
# ypdomainname EXAMPLE.COM
Now edit the /etc/yp.conf file and add your ypserver or nis server.
It may be a good idea to add your NIS server to /etc/hosts
192.168.1.10 nis_server.domain.com nis_server
Start the rpcbind and ypbind daemons (use systemd enable to make it automatic at boot).
# systemctl start rpcbind # systemctl start ypbind
To test the setup so far you can run the command yptest:
If it works you will, among other things, see the contents of the NIS user database (which is printed in the same format as /etc/passwd).
To actually use NIS to log in you have to edit /etc/nsswitch.conf. Modify the lines for passwd, group and shadow to read:
passwd: files nis group: files nis shadow: files nis
And then do not forget
# systemctl restart ypbind
See section 7 of The Linux NIS HOWTO for further information on configuring NIS clients.
Make sure packages ypbind-mt, ypserv, and yp-tools are installed:
# pacman -S ypbind-mt yp-tools ypserv
Add your server's external (not 127.0.0.1) IP address to the hosts file. Make sure it is the first non-commented line in the file, yes, even above the localhost line, like so:
# # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> #::1 localhost.localdomain localhost 192.168.1.10 nis_server.domain.com nis_server 127.0.0.1 localhost.localdomain localhost nis_server # End of file
This is due to a peculiarity in ypinit (maybe it's a bug, maybe it's a feature), which will always add the first line in /etc/hosts to the list of ypservers.
Add the domain name to /etc/nisdomainname:
Add rules to /etc/ypserv.conf for your your nis clients of this form:
# ip-address-of-client : nis-domain-name : rule : security
# 192.168. : home-domain : * : port
For more information see
Add or remove files you would like NIS to use to /var/yp/Makefile under the "all" rule.
# all: passwd group hosts rpc services netid protocols netgrp \ # shadow # publickey networks ethers bootparams printcap mail \ # # amd.home auto.master auto.home auto.local passwd.adjunct \ # # timezone locale netmasks
After that you have to build your NIS database:
# cd /var/yp # make
Or you can do it in a more automated fashion:
# /usr/lib/yp/ypinit -m
If you use this way you may skip manually adding lines to /var/yp/ypservers.
Add rules to /var/yp/securenets to restrict access:
# 255.255.0.0 192.168.0.0 # Gives access to anyone in 192.168.0.0/16
Be sure to comment out this line, as it gives access to anyone.
# 0.0.0.0 0.0.0.0
Add your server to /var/yp/ypservers:
Start NIS Daemons
Start rpcbind if it isn't already started:
# systemctl start rpcbind
# systemctl start ypbind
# systemctl start ypserv
If you want these to start automatically on startup, then
# systemctl enable rpcbind.service # systemctl enable ypbind.service # systemctl enable ypserv.service