This document only describes how to set up the "ypserv" NIS server.
The NIS server software can be found on:
Site Directory File Name ftp.kernel.org /pub/linux/utils/net/NIS ypserv-1.2.7.tar.gz waaug.erols.com /pub/net/nis ypserv-1.2.7.tar.gz
You could also look at http://www-vt.uni-paderborn.de/~kukuk/linux/nis.html for more information and the latest sources.
The server setup is the same for both traditional NIS and NYS.
Compile the software to generate the "ypserv" and "makedbm"
programs. If you run your server as master, determine what files you
require to be available via NIS and then add or remove the appropriate
entries to the
Now edit /var/yp/securenets and /etc/ypserv.conf. For more information, read the ypserv(8) and ypserv.conf(5) manual pages.
Make sure the portmapper (portmap(8)) is running, and start the server "ypserv". The command
% rpcinfo -u localhost ypserv
should output something like
program 100004 version 2 ready and waiting
Now generate the NIS (YP) database. On the master, run
% /usr/lib/yp/ypinit -m
on a slave, make sure that ypwhich -m works. Then run
% /usr/lib/yp/ypinit -s masterhost
That's it, your server is up and running.
You might want to edit root's crontab *on the slave* server and add the following lines:
This will ensure that most NIS maps are kept up-to-date, even if an update is missed because the slave was down at the time the update was done on the master.
20 * * * * /usr/lib/yp/ypxfr_1perhour 40 6 * * * /usr/lib/yp/ypxfr_1perday 55 6,18 * * * /usr/lib/yp/ypxfr_2perday
If you want to restrict access to your NIS server, you'll have to setup the NIS server as a client as well by running ypbind and adding the plus-entries to /etc/passwd _halfway_ the password file. The library functions will ignore all normal entries after the first NIS entry, and will get the rest of the info through NIS. This way the NIS access rules are maintained. example:
root:x:0:0:root:/root:/bin/bash daemon:*:1:1:daemon:/usr/sbin: bin:*:2:2:bin:/bin: sys:*:3:3:sys:/dev: sync:*:4:100:sync:/bin:/bin/sync games:*:5:100:games:/usr/games: man:*:6:100:man:/var/catman: lp:*:7:7:lp:/var/spool/lpd: mail:*:8:8:mail:/var/spool/mail: news:*:9:9:news:/var/spool/news: uucp:*:10:50:uucp:/var/spool/uucp: nobody:*:65534:65534:noone at all,,,,:/dev/null: +miquels:::::: +:*:::::/etc/NoShell [ All normal users AFTER this line! ] tester:*:299:10:Just a test account:/tmp: miquels:1234567890123:101:10:Miquel van Smoorenburg:/home/miquels:/bin/zsh
The user tester will exist, but have a shell of /etc/NoShell. miquels will have normal access.
Alternatively, you could edit the /var/yp/Makefile file and set NIS to use another source password file. On big systems, the NIS password and group files are usually stored in /var/yp/ypfiles/. If you do this the normal tools to administrate the password file such as "passwd", "chfn", "adduser" will not work anymore and you will need special homemade tools for this.
However yppasswd, ypchsh and ypchfn will work ofcourse.
To set up the "yps" NIS server please refer to the previous paragraph. The "yps" server setup is similar, _but_ not exactly the same so beware if you try to apply the "ypserv" instructions to "yps"! "yps" is not supported by any author, and contains some security leaks. You shouldn't really use it !
The "yps" NIS server software can be found on:
Site Directory File Name ftp.kernel.org /pub/linux/utils/net/NIS yps-0.21.tar.gz ftp.lysator.liu.se /pub/NYS/servers yps-0.21.tar.gz
Whenever users change their passwords, the NIS password database and probably other NIS databases, which depend on the NIS password database, should be updated. The program "rpc.yppasswdd" is a server that handles password changes and makes sure that the NIS information will be updated accordingly. rpc.yppasswdd is now integrated in ypserv 1.2.7. You don't need the older, separate yppasswd-0.9.tar.gz or yppasswd-0.10.tar.gz, and you shouldn't use them any longer. The rpc.yppasswdd in ypserv 1.2.7 has full shadow support. yppasswd is now part of yp-tools-1.4.tar.gz,
You need to start rpc.yppasswdd only on the NIS master server. By default, users are not allowed to change their full name or the login shell. You could allow this with the -e chfn or -e chsh option.