Aqua Phoenix
     >>  References >>  Operating Systems  
 

Navigator
   
 
       
   

1.5 NIS and YP Setup

NIS (Network Information Name Service) and YP (Yellow Pages) are used to share information, such as username/passwords, groups, uid, gid, etc. among a network of computers. When a user is added, modified, or deleted the information is then changed for the entire network of computers, as opposed to making the change to each computer individually.

NIS requires a server that maintains the main database of users, hosts, etc., and a number of clients that make use of this database. In addition, one or more slave servers can provide copies of the server database (also called maps, e.g. user map, host map, etc.).

Example used:

NIS Server name: amethyst.stones.com

Slaves: beryl.stones.com

Clients: chrysolite.supply.com, diolite.supply.com, emerald.mine.com

1.5.1 NIS Server Setup

Become superuser (root) and make sure that any file created by root are not writable by group or others:

umask 022 Choose a domainname. The domainname must not be the same as the machine's or network's domain name. It may be entirely victitious, and is used only to identify all of the machines for a particular NIS network. Hence, machines with entirely different real domainnames can be included in a NIS network. For this example, the domainname shall be: precious.stones.incorporated:

domainname precious.stones.incorporated Enter the domainname in the file /etc/domainname:

precious.stones.incorporated Several files from the /etc directory will be used to create the initial maps for users, passwords, hosts, etc. It is recommended that these files be located in a new directory, so that they do not interfere with the ones in /etc. Moreover, security steps can be taken to disallow access to this new directory.

mkdir /var/yp/etc Maps are now generated from files located in this directory. A makefile used to create these maps is located in /var/yp. It must be modified to use the new source directory /var/yp/etc. Two fields in /var/yp/Makefile need to be changed:

DIR=/etc becomes DIR=/var/yp/etcand

PWDIR=/etc becomes PWDIR=/var/yp/etcFiles from /etc and other locations can now be copied into /var/yp/etc to establish the source files. If any of these files do not exist, they can be created with no content using:

touch /somedir/somefile Source Files:

cp /etc/auto_home /var/yp/etc
cp /etc/auto_master /var/yp/etc
touch /var/yp/etc/bootparams
touch /var/yp/etc/ethers
cp /etc/group /var/yp/etc
cp /etc/hosts /var/yp/etc
cp /etc/inet/ipnodes /var/yp/etc
touch /var/yp/etc/netgroup
cp /etc/netmasks /var/yp/etc
cp /etc/networks /var/yp/etc
cp /etc/passwd /var/yp/etc
cp /etc/protocols /var/yp/etc
cp /etc/rpc /var/yp/etc
cp /etc/services /var/yp/etc
cp /etc/shadow /var/yp/etc
cp /etc/user_attr /var/yp/etc
cp /etc/security/audit_user /var/yp/etc
cp /etc/TIMEZONE /var/yp/etc/timezone
cp /etc/publickey /var/yp/etc
 Edit /var/yp/etc/hosts and add all hosts in the NIS network:

127.0.0.1    localhost
10.20.30.10  amethyst.stones.com    amethyst
10.20.30.10  amethyst.stones.con    loghost

10.20.30.11  beryl.stones.com      beryl
10.20.30.12  chrysolite.supply.com  chrysolite
10.20.30.13  diolite.supply.com    diolite
10.20.30.14  emerald.mine.com      emerald
 With all hosts added, the machines can now be addressed using only the nodename (e.g. beryl), as opposed to the full name (e.g. beryl.stones.com).

Edit /var/yp/etc/netgroup and configure netgroups, if so desired:

stoneMachines (amethyst,,) (beryl,,) (chrysolite,,) (diolite,,) (emerald,,)
 Edit /var/yp/etc/passwd and /var/yp/etc/shadow and remove all system accounts, such as: root, daemon, bin, sys, adm, lp, uucp, nuucp, smmsp, nobody, noaccess, nobody4, and possibly others. Only real users that log into the network of machines should appear in this file.

Edit /etc/aliases to create redirects for e-mail accounts. Sendmail expects the aliases file to be in the /etc directory, which is why this file was not copied to /var/yp/etc. Mail re-directs are useful so that mail sent to any of the machines in the NIS network is re-directed to the correct mail server in that network. Add one line at the end of the file aliases for each user account:

joeuser:joeuser@amethyst.stones.com
...
 At this point all the file setup is complete. To start using NIS, the following steps are required:

This step is temporary and will be undone in a later step:

cp /etc/nsswitch.files /etc/nsswitch.conf To set-up the master NIS:

/usr/sbin/ypinit -m When asked whether to stop at the first non-fatal error, type in y. This way, corrections can be made before the final maps are created.

cp /etc/nsswitch.nis /etc/nsswitch.conf To start YP:

/usr/lib/netsvc/yp/ypstart To stop YP:

/usr/lib/netsvc/yp/ypstop Once configured, YP will be started automatically at boot time.

When new users, hosts, etc. are added, the following command must be run to update the configuration:

cd /var/yp For new users:

make passwd For new netgroups:

make netgroup For all:

make When a user changes a password, these steps are not required!

1.5.2 NIS Slave Setup

Become superuser (root) and make sure that any file created by root are not writable by group or others:

umask 022 Set the domainname:

domainname precious.stones.incorporated Enter the domainname in the file /etc/domainname:

precious.stones.incorporated It is good practice to enter the master (server) name in /etc/hosts, so that the nodename as opposed to the full name can be used:

...
10.20.30.10  amethyst.stones.com  amethyst

cd /var/yp Configure the machine to become a client first, so that it can retrieve the maps from the server:

/usr/sbin/ypinit -c When asked to enter the NIS master, enter the name of the master and any other slaves in the NIS network:

amethyst
...
 Stop ypbind, if it is running:

/usr/lib/netsvc/yp/ypstop
 Start ypbind:

/usr/lib/netsvc/yp/ypstart
 Configure this machine to become a slave:

/usr/sbin/ypinit -s amethyst
 where amethyst is the name of the NIS master.

1.5.3 NIS Client Setup

In case there exists a binding for an old NIS master server, remove that binding by deleting the file /var/yp/binding/DOMAINNAME/ypservers, where DOMAINNAME is the domainname for the NIS network, e.g. precious.stones.incorporated.

Set the domainname:

domainname precious.stones.incorporated Enter the domainname in the file /etc/domainname:

precious.stones.incorporated It is good practice to enter the master (server) name in /etc/hosts, so that the nodename as opposed to the full name can be used:

...
10.20.30.10  amethyst.stones.com  amethyst
 Make sure that usernames, passwords, hostnames, etc. are retrieved from the NIS maps:

cp /etc/nsswitch.nis /etc/nsswitch.conf
Configure this machine to become a client:

ypinit -c
 Enter the Slave and/or Master servers.

Start YP:

/usr/lib/netsvc/yp/ypbind
Install a startup script in /etc/rc2.d to start ypbind at boot time. The script may look like this:

#!/sbin/sh

case "$1" in
'start')
        /usr/lib/netsvc/yp/ypstart
        ;;

'stop')
        /usr/lib/netsvc/yp/ypstop
        ;;

*)
        echo "Usage: $0 { start | stop }"
        exit 1
        ;;
esac
exit 0