Set up a NIS server - client

Network Information Service (NIS) is a protocol developed by Sun to allow one to defer user authentication to a server.



I will be using two Archlinux servers, one as a NIS server and one as aq NIS client:
archlinux1 - NIS server
archlinux2 - NIS client


Update the /etc/hosts file on each host to resolve the name to IP and include the NIS domain name. For ex:

[root@archlinux1 ~]# cat /etc/hosts
#
# /etc/hosts: static lookup table for host names
#

#<ip-address>   <hostname.domain.org>   <hostname>
127.0.0.1       localhost.localdomain   localhost
::1             localhost.localdomain   localhost
172.21.11.116  archlinux1.domain.nis   archlinux1
# End of file


On Arch Linux the following packages must be installed:  ypbind-mt yp-tools ypserv

On the server: 

Edit /etc/nisdomain

NISDOMAINNAME="domain.nis"

Edit /etc/ypserv.conf and add the rules. In my case 

172.21. : domain.nis : * : port

Next, the /var/yp/Makefile add or remove files NIS will use: 

# If you don't want some of these maps built, feel free to comment
# them out from this list.

all:  passwd group hosts rpc services netid protocols netgrp mail \
        shadow publickey # networks ethers bootparams printcap \
        # amd.home auto.master auto.home auto.local passwd.adjunct \
        # timezone locale netmasks


Build the database:

[root@archlinux1 yp]# cd /var/yp
[root@archlinux1 yp]# make

and edit /var/yp/ypservers and add the server FQDN

[root@archlinux1 yp]# cat /var/yp/ypservers
archlinux1.domain.nis
[root@archlinux1 yp]#

or use the following method. This will skip the need to manually edit /var/yp/ypservers.

[root@archlinux1 yp]# /usr/lib/yp/ypinit -m
[root@archlinux1 yp]# /usr/lib/yp/ypinit -m
At this point, we have to construct a list of the hosts which will run NIS
servers.  archlinux1.domain.nis is in the list of NIS server hosts.  Please continue to add
the names for the other hosts, one per line.  When you are done with the
list, type a <control D>.
        next host to add:  archlinux1.domain.nis
        next host to add:

The current list of NIS servers looks like this:

archlinux1.evertrust.lan

Is this correct?  [y/n: y]
We need a few minutes to build the databases...
Building /var/yp/domain.nis/ypservers...
Running /var/yp/Makefile...
make[1]: Entering directory '/var/yp/domain.nis'
Updating passwd.byname...
failed to send 'clear' to local ypserv: RPC: Program not registeredUpdating passwd.byuid...
failed to send 'clear' to local ypserv: RPC: Program not registeredUpdating group.byname...
failed to send 'clear' to local ypserv: RPC: Program not registeredUpdating group.bygid...
failed to send 'clear' to local ypserv: RPC: Program not registeredUpdating hosts.byname...
failed to send 'clear' to local ypserv: RPC: Program not registeredUpdating hosts.byaddr...
failed to send 'clear' to local ypserv: RPC: Program not registeredmake[1]: Leaving directory '/var/yp/domain.nis'

archlinux1.domain.nis has been set up as a NIS master server.
Now you can run ypinit -s archlinux1.domain.nis on all slave server.

Add rules to /var/yp/securenets to restrict access or leave this line uncommented to allow access to all hosts.
# This line gives access to everybody. PLEASE ADJUST!
0.0.0.0         0.0.0.0


Add the domain and hostname to /etc/yp.conf

domain domain.nis
ypserver archlinux1


Start the NIS services:

[root@archlinux1 yp]# systemctl start rpcbind
[root@archlinux1 yp]# systemctl start ypbind
[root@archlinux1 yp]# systemctl start ypserv


On the client:


Install yp-tools and ypbind-mt

Set the domain name:
[root@archlinux2 ~]#  ypdomainname domain.nis

Edit /etc/yp.conf

ypserver archlinux1

Add the NIS server to /etc/hosts

Start the services:


[root@archlinux2 ~]#  systemctl start rpcbind
[root@archlinux2 ~]#  systemctl start ypbind

Run yptest:

[root@archlinux2 ~]# yptest
Test 1: domainname
Configured domainname is "domain.nis"

Test 2: ypbind
Used NIS server: archlinux1.domain.nis

Test 3: yp_match
WARNING: No such key in map (Map passwd.byname, key nobody)

Test 4: yp_first
ovi ovi:$6$jMhm4Eli$hDGJb/rEaV118sJ3OfT4M6RMyvt6bFtO7IHcCLvz/JyzzDI8KbvHwDKVqv9JBrpfKcUAZXiraINWaGICK7ucu/:1000:1000::/home/ovi:/bin/bash

Test 5: yp_next
systemd-journal-upload systemd-journal-upload:!!:999:999:systemd Journal Upload:/:/sbin/nologin
systemd-journal-remote systemd-journal-remote:!!:998:998:systemd Journal Remote:/:/sbin/nologin

Test 6: yp_master
archlinux1.evertrust.lan

Test 7: yp_order
1448638786

Test 8: yp_maplist
hosts.byaddr
passwd.byuid
hosts.byname
group.bygid
passwd.byname
ypservers
group.byname
Test 9: yp_all
nisuser nisuser:$6$KyZKIbkJ$vVnpkL3VLNoLWEfRu95eMEBWH7/EioZWfMzCOZu6PGNKD67x2gnt/aaiFbMx/ir288JgEb/TTSK.Jwtpg4ZHA/:1001:1001::/home/nisuser:/bin/bash
ovi ovi:$6$jMhm4Eli$hDGJb/rEaV118sJ3OfT4M6RMyvt6bFtO7IHcCLvz/JyzzDI8KbvHwDKVqv9JBrpfKcUAZXiraINWaGICK7ucu/:1000:1000::/home/ovi:/bin/bash
systemd-journal-upload systemd-journal-upload:!!:999:999:systemd Journal Upload:/:/sbin/nologin
systemd-journal-remote systemd-journal-remote:!!:998:998:systemd Journal Remote:/:/sbin/nologin
1 tests failed
[root@archlinux2 ~]#

Edit /etc/nsswitch.conf to use NIS

passwd: files nis
group: files nis
shadow: files nis


Restart ypbind.

NOTE:
when creating new users, make sure you rebuild the database.


Test login!
NOTE:

If you see

[I have no name!@archlinux2 root]$

and whoami returns

[I have no name!@archlinux2 ~]$ whoami
whoami: cannot find name for user ID 1000

then nscd is probably not started.

Start nscd on the client:

[root@archlinux2 ~]# systemctl start nscd

and test login again.