Setting up NIS consists of three general procedures: setting up the master server, setting up the slave servers, and setting up the clients. The instructions in this chapter explain how to set up NIS by guiding you through procedures on sample NIS systems in a sample NIS domain.
This chapter contains these sections:
This sample setup in this chapter is representative of what must be done to set up NIS on any network, regardless of its specific characteristics. It assumes that NSD is running on all machines involved. When you use these instructions, substitute your own values for the ones shown in our examples. In our examples, NIS entities have these names:
The domain name is shapes.
The master server name is circles.
Slave server names are slave1 and slave2.
There are four parts to the procedure for setting up the NIS master server.
Setting the master server's domain name.
Building the master maps.
Starting NIS on the master server.
Testing the NIS master server.
Set the system's domain name based on your site's configuration. Recall that the domain name for this example is shapes. As you do this step, replace shapes with the domain name you chose for your site.
If your site configuration consists of only NIS domains and/or the NIS domain names are not the same as the Internet domain names, do the following:
Set the domain name as follows:
circles# echo shapes > /var/yp/ypdomain circles# domainname shapes
Verify the domain name setting with the domainname command, as follows:
circles# domainname shapes
If the domain name is correctly set, the domainname command returns the domain name you specified in step1 of this procedure. If your output is not correct, reissue the commands in step1.
If your site configuration consists of NIS domains and Internet domains with the same names, do the following (the example assumes that the NIS and Internet domains are both named widgets.com):
The /var/yp/ypdomain file is not required if the domain names for the NIS and Internet domains are the same. Also, the domain name must be part of the official host name set in the /etc/sys_id file. If a /var/yp/ypdomain file exists, the domain name set in the /var/yp/ypdomain file overrides the domain name specified in the /etc/sys_id file.
The command ypinit builds NIS maps using the text files with /var/yp/mdbm_parse. (See Chapter 2, “Preparing to Manage NIS”, for a list of the default files that are converted to maps in this step. See also the ypinit (1M) man page for details of the ypinit command.)
Start building the master NIS maps using the ypinit command on host circles:
circles# cd /var/yp circles# ./ypinit -m We now need to contruct a list of hosts which run NIS servers. Enter the names or addresses of these hosts one at a time, excluding this host, then simply hit <Enter> to end the list. Name (<Enter> to exit): squares Name (<Enter> to exit): triangles Name (<Enter> to exit): Parsing configuration files into databases.
The –m flag denotes that circles is an NIS master server.
If there is any doubt about the integrity of the database maps, always go and rebuild the maps from scratch.
If you are creating a new master server for an already existing domain with functioning slave servers, you must run yppush to propagate the new maps to the slave servers (see Chapter 5, “Maintaining NIS”, for details on changing a master server).
The NIS service is available to clients as soon as you start it on the master server. You can start NIS by any one of these methods:
Give the following command to start the daemons manually:
circles# /usr/etc/rpc.passwd /etc/passwd.nis -m passwd |
Note that the rpc.passwd process initiated in this command sequence assumes the existence of a specific NIS password file called /etc/passwd.nis. See “ Selecting the NIS Master Server” in Chapter 3 for details on setting up a nonstandard NIS password file. See also the rpc.passwd(1M) man page for more information on the command.
NIS master machines must be configured with the chkconfig command set on for ypserv and ypmaster. NIS slave servers must be configured with the chkconfig command set on for ypserv. Finally, run nsadmin to restart the daemon.
To set the flags on and restart the nsd daemon, give these commands:
circles# /etc/chkconfig ypmaster on circles# /etc/chkconfig ypserv on circles# nsadmin restart |
Finally, to ensure that NIS services are functioning properly on the NIS master server, enter the ypwhich command. Since the NIS master server is also a client, it should return with the name of the server to which it is bound. Remember, an NIS master server is bound to itself, and it returns its own name.
Example:
circles# ypwhich circles.widgets.com |
The response localhost indicates that nsd is correctly bound to the NIS server on the local system. Instead of localhost, it may return its name as reported by hostname. For further details, refer to the ypwhich(1M), nsd(1M), and hostname(1) man pages.
Use the following procedure to set up the NIS slave server. If you have more than one NIS slave server, repeat each part of the procedure for each slave server.
Set the slave server's domain name (see “ Setting the Slave Server's Domain Name ”).
Enter the following command:
chkconfig yp on
Enter the following command:
chkconfig ypserv on
Bind to an NIS server (see “ Binding to Another NIS Server ”).
Build the duplicate maps (see “ Building the Duplicate Maps”).
Start NIS on the slave server (see “ Starting NIS on the Slave Server”).
Test the NIS slave server (see “Testing the NIS Slave Server”).
Follow the instructions in “ Setting the Master Server's Domain Name” in this chapter to complete this step.
To propagate NIS database maps from the NIS master server to a NIS slave server, the slave server must be bound to a valid NIS server in its domain.
In the following examples, since circles is a valid NIS server, this slave server binds to circles. Binding need not be to a master server, however.
If the slave is not on the same network as circles, verify that the master server has an entry in the /etc/hosts file on the slave server:
slave1# grep circles /etc/hosts 192.0.2.4 circles.rad.sgx.com circles
Whether or not the slave is on the same network as circles, you should halt any existing nsd command, and start the binding process with the specified attribute of nsd, as follows:
slave1# killall -TERM nsd slave1# /usr/etc/nsd -a nis_security=local
Give the ypset command to point NSD at the server circles.
slave1# ypset circles
Verify that the server is bound by giving the ypwhich command:
slave1# ypwhich circles
The output of ypwhich returns the name of the NIS server to which this server is currently bound. The example shows that this slave server is successfully bound to circles.
The command ypinit builds the duplicate database maps by transferring a copy of the original maps from the NIS master server.
Determine which system is the master server by using the ypwhich command:
slave1# ypwhich -m
Start building NIS slave server maps with the ypinit command. In this example the –s flag specifies that this system is to be an NIS slave server, and circles is the master server:
slave1# cd /var/yp slave1# ./ypinit -s circles
Each line of the ypinit output contains the name of a map and the name of the master server where the map was created.
Transferring map networks.byname from server circles.shapes. Transferring map services.byname from server circles.shapes. Transferring map passwd.byname from server circles.shapes. Transferring map hosts.byaddr from server circles.shapes. Transferring map ktools from server circles.shapes. Transferring map ypservers from server circles.shapes. Transferring map hosts.byname from server circles.shapes. Transferring map networks.byaddr from server circles.shapes. Transferring map protocols.byname from server circles.shapes. Transferring map group.byname from server circles.shapes. Transferring map netgroup from server circles.shapes. Transferring map mail.aliases from server circles.shapes. Transferring map ethers.byname from server circles.shapes. Transferring map protocols.bynumber from server circles.shapes. Transferring map netgroup.byhost from server circles.shapes. Transferring map group.bygid from server circles.shapes. Transferring map passwd.byuid from server circles.shapes. Transferring map ethers.byaddr from server circles.shapes. Transferring map netgroup.byuser from server circles.shapes.
The NIS service is available to clients as soon as you start it on this slave server. You can start NIS by any one of these methods:
Give the following command to start the daemons manually:
slave1# ./ypinit -s circles |
The NIS maps are now available from the server slave1 in the domain shapes.
Finally, to ensure that NIS services are functioning properly on the NIS slave server, enter the ypwhich command. Since the NIS slave server is also a client, it should return with the name of the server to which it is bound. This server can be bound to either itself or to the NIS master server you set up in the previous section: either result is acceptable. Example:
slave1# ypwhich localhost |
The response, localhost, indicates that nsd is correctly bound to the NIS server on the local system. The response could have also been the name of another NIS server within the same domain on the same local area network.
Use the following procedure for setting up the NIS client. Repeat these steps for each NIS client you need to set up. Each step is described in the sections that follow.
Set the domain.
Configure NIS on the client.
Start NIS on the client.
Test the NIS client.
Follow the instructions in “ Setting the Master Server's Domain Name” to complete this step.
If the NIS service is to start automatically when this client (triangles) is booted, the NIS environment must be configured using the chkconfig command. The yp flag allows this system to access NIS database information from an NIS server. To set the flag on, enter this command:
triangles# /etc/chkconfig yp on |
Edit the /etc/nsswitch.conf file, using any standard editor, by adding NIS to the hosts line:
hosts: files nis dns |
The NIS service operates on this client as soon as you start it. You can start NIS by any one of these methods: rebooting this client, stopping and restarting the network with the /etc/init.d/network script, or starting the NSD daemon manually by performing one of the following commands:
triangles# nsadmin restart triangles# ypinit -c |
To ensure that the NIS services are functioning properly on the NIS client, give the ypwhich command. It should return with the name of the server to which it is bound, for example:
# ypwhich squares |
The client can be bound to any NIS server on the same network as the request is broadcast. This client is currently bound to the server squares, which means that squares must be on the same network as the client. If more than one NIS server is on the same network, the client binds to the server that responds first.