Previous Next Contents

8. Setting up a NIS Server

8.1 The Server Program ypserv

This document only describes how to set up the "ypserv" NIS server.

The NIS server software can be found on:

  Site                   Directory                     File Name         /pub/linux/utils/net/NIS      ypserv-1.2.7.tar.gz        /pub/net/nis                  ypserv-1.2.7.tar.gz

You could also look at for more information and the latest sources.

The server setup is the same for both traditional NIS and NYS.

Compile the software to generate the "ypserv" and "makedbm" programs. If you run your server as master, determine what files you require to be available via NIS and then add or remove the appropriate entries to the /var/yp/Makefile.

Now edit /var/yp/securenets and /etc/ypserv.conf. For more information, read the ypserv(8) and ypserv.conf(5) manual pages.

Make sure the portmapper (portmap(8)) is running, and start the server "ypserv". The command

    % rpcinfo -u localhost ypserv

should output something like

    program 100004 version 2 ready and waiting

Now generate the NIS (YP) database. On the master, run

    % /usr/lib/yp/ypinit -m

on a slave, make sure that ypwhich -m works. Then run

    % /usr/lib/yp/ypinit -s masterhost

That's it, your server is up and running.

You might want to edit root's crontab *on the slave* server and add the following lines:

      20 *    * * *    /usr/lib/yp/ypxfr_1perhour
      40 6    * * *    /usr/lib/yp/ypxfr_1perday
      55 6,18 * * *    /usr/lib/yp/ypxfr_2perday
This will ensure that most NIS maps are kept up-to-date, even if an update is missed because the slave was down at the time the update was done on the master.

If you want to restrict access to your NIS server, you'll have to setup the NIS server as a client as well by running ypbind and adding the plus-entries to /etc/passwd _halfway_ the password file. The library functions will ignore all normal entries after the first NIS entry, and will get the rest of the info through NIS. This way the NIS access rules are maintained. example:

     nobody:*:65534:65534:noone at all,,,,:/dev/null:
     [ All normal users AFTER this line! ]
     tester:*:299:10:Just a test account:/tmp:
     miquels:1234567890123:101:10:Miquel van Smoorenburg:/home/miquels:/bin/zsh

The user tester will exist, but have a shell of /etc/NoShell. miquels will have normal access.

Alternatively, you could edit the /var/yp/Makefile file and set NIS to use another source password file. On big systems, the NIS password and group files are usually stored in /var/yp/ypfiles/. If you do this the normal tools to administrate the password file such as "passwd", "chfn", "adduser" will not work anymore and you will need special homemade tools for this.

However yppasswd, ypchsh and ypchfn will work ofcourse.

8.2 The Server Program yps

To set up the "yps" NIS server please refer to the previous paragraph. The "yps" server setup is similar, _but_ not exactly the same so beware if you try to apply the "ypserv" instructions to "yps"! "yps" is not supported by any author, and contains some security leaks. You shouldn't really use it !

The "yps" NIS server software can be found on:

  Site                Directory                         File Name      /pub/linux/utils/net/NIS          yps-0.21.tar.gz  /pub/NYS/servers                  yps-0.21.tar.gz

8.3 The Program rpc.yppasswdd

Whenever users change their passwords, the NIS password database and probably other NIS databases, which depend on the NIS password database, should be updated. The program "rpc.yppasswdd" is a server that handles password changes and makes sure that the NIS information will be updated accordingly. rpc.yppasswdd is now integrated in ypserv 1.2.7. You don't need the older, separate yppasswd-0.9.tar.gz or yppasswd-0.10.tar.gz, and you shouldn't use them any longer. The rpc.yppasswdd in ypserv 1.2.7 has full shadow support. yppasswd is now part of yp-tools-1.4.tar.gz,

You need to start rpc.yppasswdd only on the NIS master server. By default, users are not allowed to change their full name or the login shell. You could allow this with the -e chfn or -e chsh option.

Previous Next Contents