Network Information Service (NIS) is a protocol developed by Sun to allow one to defer user authentication to a server.
I will be using two Archlinux servers, one as a NIS server and one as aq NIS client:
archlinux1 - NIS server
archlinux2 - NIS client
Update the /etc/hosts file on each host to resolve the name to IP and include the NIS domain name. For ex:
[root@archlinux1 ~]# cat /etc/hosts
#
# /etc/hosts: static lookup table for host names
#
#<ip-address> <hostname.domain.org> <hostname>
127.0.0.1 localhost.localdomain localhost
# /etc/hosts: static lookup table for host names
#
#<ip-address> <hostname.domain.org> <hostname>
127.0.0.1 localhost.localdomain localhost
::1 localhost.localdomain localhost
172.21.11.116 archlinux1.domain.nis archlinux1
# End of file
On Arch Linux the following packages must be installed: ypbind-mt yp-tools ypserv
On the server:
Edit /etc/nisdomain
NISDOMAINNAME="domain.nis"
Edit /etc/ypserv.conf and add the rules. In my case
172.21. : domain.nis : * : port
Next, the /var/yp/Makefile add or remove files NIS will use:
# If you don't want some of these maps built, feel free to comment
# them out from this list.
all: passwd group hosts rpc services netid protocols netgrp mail \
shadow publickey # networks ethers bootparams printcap \
# amd.home auto.master auto.home auto.local passwd.adjunct \
# them out from this list.
all: passwd group hosts rpc services netid protocols netgrp mail \
shadow publickey # networks ethers bootparams printcap \
# amd.home auto.master auto.home auto.local passwd.adjunct \
# timezone locale netmasks
Build the database:
[root@archlinux1 yp]# cd /var/yp
[root@archlinux1 yp]# make
and edit /var/yp/ypservers and add the server FQDN
[root@archlinux1 yp]# cat /var/yp/ypservers
archlinux1.domain.nis
archlinux1.domain.nis
[root@archlinux1 yp]#
or use the following method. This will skip the need to manually edit /var/yp/ypservers.
[root@archlinux1 yp]# /usr/lib/yp/ypinit -m
[root@archlinux1 yp]# /usr/lib/yp/ypinit -m
At this point, we have to construct a list of the hosts which will run NIS
servers. archlinux1.domain.nis is in the list of NIS server hosts. Please continue to add
the names for the other hosts, one per line. When you are done with the
list, type a <control D>.
next host to add: archlinux1.domain.nis
At this point, we have to construct a list of the hosts which will run NIS
servers. archlinux1.domain.nis is in the list of NIS server hosts. Please continue to add
the names for the other hosts, one per line. When you are done with the
list, type a <control D>.
next host to add: archlinux1.domain.nis
next host to add:
The current list of NIS servers looks like this:
archlinux1.evertrust.lan
Is this correct? [y/n: y]
We need a few minutes to build the databases...
Building /var/yp/domain.nis/ypservers...
Running /var/yp/Makefile...
make[1]: Entering directory '/var/yp/domain.nis'
Updating passwd.byname...
failed to send 'clear' to local ypserv: RPC: Program not registeredUpdating passwd.byuid...
failed to send 'clear' to local ypserv: RPC: Program not registeredUpdating group.byname...
failed to send 'clear' to local ypserv: RPC: Program not registeredUpdating group.bygid...
failed to send 'clear' to local ypserv: RPC: Program not registeredUpdating hosts.byname...
failed to send 'clear' to local ypserv: RPC: Program not registeredUpdating hosts.byaddr...
failed to send 'clear' to local ypserv: RPC: Program not registeredmake[1]: Leaving directory '/var/yp/domain.nis'
archlinux1.domain.nis has been set up as a NIS master server.
archlinux1.evertrust.lan
Is this correct? [y/n: y]
We need a few minutes to build the databases...
Building /var/yp/domain.nis/ypservers...
Running /var/yp/Makefile...
make[1]: Entering directory '/var/yp/domain.nis'
Updating passwd.byname...
failed to send 'clear' to local ypserv: RPC: Program not registeredUpdating passwd.byuid...
failed to send 'clear' to local ypserv: RPC: Program not registeredUpdating group.byname...
failed to send 'clear' to local ypserv: RPC: Program not registeredUpdating group.bygid...
failed to send 'clear' to local ypserv: RPC: Program not registeredUpdating hosts.byname...
failed to send 'clear' to local ypserv: RPC: Program not registeredUpdating hosts.byaddr...
failed to send 'clear' to local ypserv: RPC: Program not registeredmake[1]: Leaving directory '/var/yp/domain.nis'
archlinux1.domain.nis has been set up as a NIS master server.
Now you can run ypinit -s archlinux1.domain.nis on all slave server.
Add rules to /var/yp/securenets to restrict access or leave this line uncommented to allow access to all hosts.
# This line gives access to everybody. PLEASE ADJUST!
0.0.0.0 0.0.0.0
Add the domain and hostname to /etc/yp.conf
domain domain.nis
ypserver archlinux1
Start the NIS services:
[root@archlinux1 yp]# systemctl start rpcbind
[root@archlinux1 yp]# systemctl start ypbind
[root@archlinux1 yp]# systemctl start ypserv
On the client:
Install yp-tools and ypbind-mt
Set the domain name:
[root@archlinux2 ~]# ypdomainname domain.nis
Edit /etc/yp.conf
ypserver archlinux1
Add the NIS server to /etc/hosts
Start the services:
[root@archlinux2 ~]# systemctl start rpcbind
[root@archlinux2 ~]# systemctl start ypbind
Run yptest:
[root@archlinux2 ~]# yptest
Test 1: domainname
Configured domainname is "domain.nis"
Test 2: ypbind
Used NIS server: archlinux1.domain.nis
Test 3: yp_match
WARNING: No such key in map (Map passwd.byname, key nobody)
Test 4: yp_first
ovi ovi:$6$jMhm4Eli$hDGJb/rEaV118sJ3OfT4M6RMyvt6bFtO7IHcCLvz/JyzzDI8KbvHwDKVqv9JBrpfKcUAZXiraINWaGICK7ucu/:1000:1000::/home/ovi:/bin/bash
Test 5: yp_next
systemd-journal-upload systemd-journal-upload:!!:999:999:systemd Journal Upload:/:/sbin/nologin
systemd-journal-remote systemd-journal-remote:!!:998:998:systemd Journal Remote:/:/sbin/nologin
Test 6: yp_master
archlinux1.evertrust.lan
Test 7: yp_order
1448638786
Test 8: yp_maplist
hosts.byaddr
passwd.byuid
hosts.byname
group.bygid
passwd.byname
ypservers
group.byname
Test 1: domainname
Configured domainname is "domain.nis"
Test 2: ypbind
Used NIS server: archlinux1.domain.nis
Test 3: yp_match
WARNING: No such key in map (Map passwd.byname, key nobody)
Test 4: yp_first
ovi ovi:$6$jMhm4Eli$hDGJb/rEaV118sJ3OfT4M6RMyvt6bFtO7IHcCLvz/JyzzDI8KbvHwDKVqv9JBrpfKcUAZXiraINWaGICK7ucu/:1000:1000::/home/ovi:/bin/bash
Test 5: yp_next
systemd-journal-upload systemd-journal-upload:!!:999:999:systemd Journal Upload:/:/sbin/nologin
systemd-journal-remote systemd-journal-remote:!!:998:998:systemd Journal Remote:/:/sbin/nologin
Test 6: yp_master
archlinux1.evertrust.lan
Test 7: yp_order
1448638786
Test 8: yp_maplist
hosts.byaddr
passwd.byuid
hosts.byname
group.bygid
passwd.byname
ypservers
group.byname
Test 9: yp_all
nisuser nisuser:$6$KyZKIbkJ$vVnpkL3VLNoLWEfRu95eMEBWH7/EioZWfMzCOZu6PGNKD67x2gnt/aaiFbMx/ir288JgEb/TTSK.Jwtpg4ZHA/:1001:1001::/home/nisuser:/bin/bash
ovi ovi:$6$jMhm4Eli$hDGJb/rEaV118sJ3OfT4M6RMyvt6bFtO7IHcCLvz/JyzzDI8KbvHwDKVqv9JBrpfKcUAZXiraINWaGICK7ucu/:1000:1000::/home/ovi:/bin/bash
systemd-journal-upload systemd-journal-upload:!!:999:999:systemd Journal Upload:/:/sbin/nologin
systemd-journal-remote systemd-journal-remote:!!:998:998:systemd Journal Remote:/:/sbin/nologin
1 tests failed
systemd-journal-upload systemd-journal-upload:!!:999:999:systemd Journal Upload:/:/sbin/nologin
systemd-journal-remote systemd-journal-remote:!!:998:998:systemd Journal Remote:/:/sbin/nologin
1 tests failed
[root@archlinux2 ~]#
Edit /etc/nsswitch.conf to use NIS
passwd: files nis
group: files nis
group: files nis
shadow: files nis
Restart ypbind.
NOTE:
when creating new users, make sure you rebuild the database.
Test login!
NOTE:
If you see
[I have no name!@archlinux2 root]$
and whoami returns
[I have no name!@archlinux2 ~]$ whoami
whoami: cannot find name for user ID 1000
NOTE:
If you see
[I have no name!@archlinux2 root]$
and whoami returns
[I have no name!@archlinux2 ~]$ whoami
whoami: cannot find name for user ID 1000
Start nscd on the client:
[root@archlinux2 ~]# systemctl start nscd