Back to the main page
What
NIS - Network Information Service,
allow distribution of administrative databases (maps) among other servers (master, slaves and clients)
See table for better understanding:
Namespace |
Flat |
Data |
2 column maps |
Servers |
Master and slave |
Security |
None |
Communication |
RPC |
Scale |
LAN |
In more details
NIS Elements
- NIS domain - group of machines that share the maps
- NIS daemons: makedbm, ypserv, ypbind, ypxfrd (high speed map transfer), rpc.yppasswd (passwd update daemon) and rpc.ypupdated (modify other maps)
- NIS utilities: makedbm, ypcat, ypinit, ypmatch, yppoll, yppush, ypset, ypwhich, ypxfr (see man pages)
- NIS maps - are kind of replacement for /etc files and are 2 column tables: key and information about key. Makefile is in /var/yp on master server, running make in that dir causes makedbm to modify maps from input files.
- NIS binding modes - Server list (/var/yp/binding/domainname/ypservers file has list of NIS servers) or Broadcast.
Check on this also:
- ypserv daemon is running only on the server (handle request from clients and send info to them)
- ypbind daemon is running on all servers and clients (check ypservers file and initiate binding to fist server, or any other available)
- ypinit create maps from input files
- ypxfr pulls maps from remote server to local /var/yp/domain dir - you can run from crontab file
- ypxfrd daemon runs only on master server and provides services for ypxfr
- yppush copy new maps from master to slaves, run it on master
- yppoll tells which version of NIS is running on server
- ypcat example : ypcat group | grep vg-license
- ypmatch example : ypmatch vg-license group
Need some planning first
Planning NIS domain
- Limit domain name to max 32 characters
- For convenience, use your company name
- Create file /etc/defaultdomain with NIS domain name, like yourcompany.ca
- You can have only one master server, and many slave ones (you may want to have slaves in remote offices for example)
... and preparation/installation
Preparing Master Server
- Don't use /etc as source files directory, since this is for local files on master server, so use for example /var/yp/etc
- So Makefile in /var/yp should have line DIR=/var/yp/etc
- /etc/passwd and /etc/shadow format can be used to build NIS maps, but copy them to /var/yp/etc and remove root account
- In Makefile setup PWDIR=/var/yp/etc
- Copy all required source files to /var/yp/etc (files are auto.home, auto.master, bootparams, ethers, group, hosts, ipnodes, netgroup, netmasks, networks, passwd, protocol, rpc, service, shadow, user_attr - note that this may not be same for everyone, like you)
- Convert these source files to ndbm format maps used by NIS. How? The ypinit calls make which uses Makefile in /var/yp and Makefile transform source files into ndbm format maps.
- Check /etc/nsswitch.conf file that looks how you want to look
- Fill /etc/hosts file with IP/names of all NIS servers
- Build new maps on master with : /usr/sbin/ypinit -m
- If some of map files are not present you can get nonfatal error, deal with it according the situation.
- So ypinit will construct list of servers and run make which will call makedbm and create maps
- You can also copy /etc/nsswitch.nis to /etc/nsswitch.conf (if this works for your setup)
- There are three ways for start/stop NIS server:
- script /usr/lib/netsvc/yp/ypstart during boot process
- svcadm enable/disable
- ypstart, ypstop from CLI
Preparing Slave Server
- Add other NIS servers to /etc/hosts file
- First set it up as NIS client in order to get maps from master for the first time. Run : /usr/sbin/ypinit -c
- You'll be prompted for list of NIS servers, enter name of local slave you are working on, then master, followed by other slaves.
- Start client with "svcadm enable -r svc:/network/nis/client"
- Make sure NIS is running, just restart with: ypstop ; ypstart
- Initialize machine as slave "ypinit -s nis_master_server"
Preparing NIS client
- Add NIS servers to /etc/hosts file
- Make sure you populate /etc/defaultdomain with NIS domain name
- Reboot if needed, probably yes
- Run "/usr/sbin/ypinit -c"
- Start client with "svcadm enable -r svc:/network/nis/client"
- Add account to the bottom of /etc/passwd like +username
- The last file in /etc/passwd should be +:x:::::/no/shell
- Add + at the and of /etc/group file
- Add line to end of /etc/shadow file +username::::::::
- If required add machine to required netgroup
- Also if needed make sure autofs is running
Back to the main page