How to install Network Information Service (NIS)

NIS or Network Information Service, is a service that provides information, that has to be known throughout the network, to all machines on the network. NIS is a system that becomes very usefull when you have more than one SME server in your network and you want to be able to log into all with the same username. First we need to install the NIS Master Server and secondary the NIS Client.

NIS Master Server Installation:

First Collect and install the rpm`s from the NIS directory.

[root@sme ]# cd /root [root@sme ]# mkdir NIS_SERVER [root@sme ]# cd NIS_SERVER [root@sme ]# wget http://sme.swerts-knudsen.dk/downloads/NIS/ypserv-2.2-9.i386.rpm [root@sme ]# wget http://sme.swerts-knudsen.dk/downloads/NIS/portmap-4.0-41.i386.rpm [root@sme ]# rpm -ivh *.rpm

Then create a template file where you specify from which network the portmapper can be accessed (change 192.168.100.0 to your network)

[root@sme ]# mkdir -p /etc/e-smith/templates-custom/etc/hosts.allow [root@sme ]# echo "portmap: 192.168.100.0/255.255.255.0" > /etc/e-smith/templates-custom/etc/hosts.allow/portmap [root@sme ]# /sbin/e-smith/expand-template /etc/hosts.allow

Start the portmap service and ensure that it as well as the NIS server (ypserv) start on reboot

[root@sme ]# chkconfig portmap on [root@sme ]# service portmap start [root@sme ]# cd /etc/rc.d/rc7.d [root@sme ]# ln -s /etc/init.d/portmap S92portmap [root@sme ]# ln -s /etc/init.d/ypserv S93ypserv

We need to inform the NIS Server on which domain it acts. Create a template and add your domain name in "yourdomain.com" and start the NIS Server.

[root@sme ]# echo "NISDOMAIN=yourdomain.com" > /etc/e-smith/templates/etc/sysconfig/network/60NISDOMAIN [root@sme ]# /sbin/e-smith/expand-template /etc/sysconfig/network [root@sme ]# /bin/domainname yourdomain.com [root@sme ]# service ypserv start

Now we have to make sure the NIS Server is running. The following command should return this output.

[root@sme ]# rpcinfo -u localhost ypserv program 100004 version 1 ready and waiting program 100004 version 2 ready and waiting

Now were are almost ready to generate the NIS (YP) database but the Makefile needs to be altered a little for the SME Server. Open the /var/yp/Makefile and change the the following statements:

all: passwd group hosts rpc services netid protocols mail \
to
all: passwd group shadow  \

and Mimimum UID and GID to 5000 which is where the SME server starts

MINUID=5000
MINGID=5000


Now on the NIS Master run:

[root@sme ]# /usr/lib/yp/ypinit -m

Now we need to ensure that the NIS database is updated when new users and groups are added/deleted/locked or change password.

[root@sme ]# cd /etc/e-smith/events/actions [root@sme ]# wget -N http://sme.swerts-knudsen.dk/downloads/NIS/nis-update-db [root@sme ]# chmod ugo=rx,o-x nis-update-db [root@sme ]# ln -s ../actions/nis-update-db ../user-create/S95NIS-Update [root@sme ]# ln -s ../actions/nis-update-db ../user-delete/S95NIS-Update [root@sme ]# ln -s ../actions/nis-update-db ../user-lock/S95NIS-Update [root@sme ]# ln -s ../actions/nis-update-db ../user-modify/S95NIS-Update [root@sme ]# ln -s ../actions/nis-update-db ../group-create/S95NIS-Update [root@sme ]# ln -s ../actions/nis-update-db ../group-delete/S95NIS-Update [root@sme ]# ln -s ../actions/nis-update-db ../group-modify/S95NIS-Update [root@sme ]# ln -s ../actions/nis-update-db ../password-modify/S95NIS-Update

That's it, your NIS Master server is up and running. Now its time to get the NIS Client running.

NIS Client Installation:

Log into your client SME Server and download the needed modules from the NIS directory.

[root@sme ]# cd /root [root@sme ]# mkdir NIS_CLIENT [root@sme ]# cd NIS_CLIENT [root@sme ]# wget http://sme.swerts-knudsen.dk/downloads/NIS/yp-tools-2.6-4.i386.rpm [root@sme ]# wget http://sme.swerts-knudsen.dk/downloads/NIS/ypbind-1.10-7.i386.rpm [root@sme ]# wget http://sme.swerts-knudsen.dk/downloads/NIS/portmap-4.0-41.i386.rpm [root@sme ]# rpm -ivh *.rpm

Then create a template file where you specify from which network the portmapper can be accessed (change 192.168.100.0 to your network)

[root@sme ]# mkdir -p /etc/e-smith/templates-custom/etc/hosts.allow [root@sme ]# echo "portmap: 192.168.100.0/255.255.255.0" > /etc/e-smith/templates-custom/etc/hosts.allow/portmap [root@sme ]# /sbin/e-smith/expand-template /etc/hosts.allow

First we need to ensure that the services start after a reboot.

[root@sme ]# cd /etc/rc.d/rc7.d [root@sme ]# ln -s /etc/init.d/portmap S92portmap [root@sme ]# ln -s /etc/init.d/ypbind S94ypbind

Then we need to configure the NIS Client. Open the /etc/yp.conf file and add your NIS domain in the "domain" section.

#domain NISDOMAIN broadcast # Use broadcast on the local net for domain NISDOMAIN # domain yourdomain.com broadcast

We need to inform the NIS Client on which domain it shall listen. Create a template and add your domain name in "yourdomain.com". When that is done we can start the NIS Client.

[root@sme ]# echo "NISDOMAIN=yourdomain.com" > /etc/e-smith/templates/etc/sysconfig/network/60NISDOMAIN [root@sme ]# /sbin/e-smith/expand-template /etc/sysconfig/network [root@sme ]# /bin/domainname yourdomain.com [root@sme ]# service portmap start [root@sme ]# service ypbind start Binding to the NIS domain: [ OK ] Listening for an NIS domain server.

Now check whether the Client is running properly. Issue the command and expect the following output.

[root@sme ]# rpcinfo -p localhost program vers proto port 100000 2 tcp 111 portmapper 100000 2 udp 111 portmapper 100007 2 udp 758 ypbind 100007 1 udp 758 ypbind 100007 2 tcp 761 ypbind 100007 1 tcp 761 ypbind

You may also run rpcinfo -u localhost ypbind. This command should produce something like:

[root@sme ]# rpcinfo -u localhost ypbind program 100007 version 1 ready and waiting program 100007 version 2 ready and waiting

At this point you should be able to use NIS client programs like ypcat, etc... For example, ypcat passwd.byname will give you the entire NIS password database. Now we need to make sure that the SME server uses NIS when validating. All this is configured in the /etc/nsswitch.conf file. This file is already in a SME template and we need to modify it a little. Open /etc/e-smith/templates/etc/nsswitch.conf/10files and modify to match the following lines to ensure users, groups and their respective passwords are checked by NIS.

passwd: nis files shadow: nis files group: nis files   hosts: { ($AccessType eq "off") ? "files" : "files dns" } services: files networks: files protocols: files rpc: files ethers: files netmasks: files bootparams: files automount: files aliases: files

Now we just need to expand the template and restart the NIC Client.

[root@sme home]# /sbin/e-smith/expand-template /etc/nsswitch.conf [root@sme ]# service ypbind restart Shutting down NIS services: [ OK ] Binding to the NIS domain: [ OK ] Listening for an NIS domain server.

Your NIS installation is now complete and you should now be able to log into the Client server with UserIDs and Password stored and distributed from the NIS master. Now you should only add new users on the NIS master and whenever you add or modify a user on the NIS master server.