Go to TogaWare.com Home Page. GNU/Linux Desktop Survival Guide
by Graham Williams
Duck Duck Go

Using NIS


Subsections

NIS is used to share password files among a collection of machines. This ensures all users have access to all machines and have the same user id and group ids. The group of machines is referred to with a domain name (nothing to do with a network domain name though). One machine in the group must be a master server and the rest are nis clients of that server. You can also have slave servers but we'll ignore that one for now.

To set up the master NIS server on Caravan (117.19):



  caravan$ wajig install nis

You will be asked to name the nis domain. You can call it anything and later edit it in /etc/defaultdomain. Let's call it ktnet (it has no formal relationship to the network domain name).

In the file /etc/default/nis set NISSERVER=master to identify caravan as the master server.

To restrict who can access you NIS server add your local network number to the file /etc/ypserv.securenets:



  # Restrict to local network
  255.255.255.0 192.168.0.0

The password files on the server do not need to be changed.

Now restart the NIS server:



  $ wajig restart nis

Set up the server:



  # /usr/lib/yp/ypinit -m

You will be asked to list all of your servers (just caravan for now).

This essentially builds the maps from the current password file on caravan. Note that you can't use the nis maps on caravan itself - don't remove the users from caravan's password file!

To set up the NIS client on Festival (117.24):



  festival$ wajig install netbase portmap nis

You will be asked the name of the nis domain. You must use the name you supplied to the master server (ktnet). It is stored in /etc/defaultdomain.

Specify the NIS server address in /etc/yp.conf:



  ypserver 192.168.0.4

Restart the client:



  $ wajig restart nis

You can test that the client can access the server with:

  $ ypcat passwd

This should list the users available from the server.

Now edit the passwd, shadow, group and gshadow files. In passwd remove all the users (anyone with a user id in the 1000's) and add:



+::::::

And in shadow:



+::::::::

Then in groups and gshadow files, similarly remove the users and add:



+:::

NIS should now be working. Certainly ypcat passwd should show the users in NIS.

When adding a new user, add the user on the server (with adduser) and then you may need to rerun /usr/lib/yp/ypinit -m, or perhaps it is make -C /var/yp.

Copyright © 1995-2018 Togaware Pty Ltd
Support further development through the purchase of the PDF version of the book.
Brought to you by Togaware and the author of the open source software Rattle and wajig.
Also the author of Data Mining with Rattle and Essentials of Data Science.