NIS stands for Network Information Service.NIS is also called as YP. YP stands for Yellow Pages.
NIS is a lookup service for set of databases. The databases in this cases can be a passwd file, group file, hosts file, etc. This is primarily used as a central repository to hold all username and passwords (i.e /etc/passwd), and different servers can authenticate against this server for the username and password.
This is very helpful for system administrators who has to manage several servers. Instead of creating useraccount for your users on each and every Linux servers, you can just create the account on one server that is configured to run NIS server. All other servers can be configured as NIS client, which will authenticate against this central NIS server repository.
#yum install ypserv rpcbind
Check to see whether the ypserv is registered with the portmap as shown below.
#rpcinfo -u localhost ypserv
rpcinfo: RPC: Program not registered
program 100004 is not available
The above output indicates either ypserv is not installed, or ypserv is installed but not started yet. The following quick check indicates that the ypserv is not started yet.
Set the NISDOMAIN in the /etc/sysconfig/network file as shown below.
As a NIS server also has to be a NIS client, the
/etc/yp.conf file must be edited to point to the NIS server. The IP address of
127.0.0.1 is used in place of the proper IP address of the server. The
/etc/yp.conf should look like this:
#vi /etc/yp.conf ypserver 127.0.0.1
Start the ypserv as shown below.
#chkconfig rpcbind on
#chkconfig yppasswdd on
#chkconfig ypserv on
#service rpcbind start #service yppasswdd start #service ypserv start
Once the ypserv is installed and started, it is time to generate the NIS database. All the NIS database are stored under /var/yp directory. Before you generate the database you will not see the directory for your domain name under the /var/yp.
Generate the NIS database using ypinit program as shown below. You just have to enter the hostname of your NIS server to generate the database.
Creating a NIS User
The server is now ready to create a NIS user. As shown in the above section, a NIS passwd file is created when the ypinit program is run, therefore when running the ypcat passwd command, it might be expected to return at least the root user as the /etc/passwd file is used as the source file. However, as shown below this doesn’t happen:
Running the following command will add a local user to the server and by updating the NIS maps the local user will also become a NIS user:
#useradd -g users nisuser #passwd nisuser Changing password for user nisuser. New UNIX password: Retype new UNIX password: passwd: all authentication tokens updated successfully.
/etc/passwd file will now contain the user
#grep nisuser /etc/passwd nisuser:x:500:500::/home/nisuser:/bin/bash
At the moment,
nisuser is just a local user, to become a valid NIS user account the NIS map,
passwd must be rebuilt, this is done by running the following command:
Anytime you make a change (either updates to the Makefile, or changes to a database). For example, when you add a new user, or modify an existing user account, you should do the following. Without this, the changes will not be reflected to any of your NIS client.
#cd /var/yp #make
Verify the NIS server installation by checking whether the passwd file can be accessed using the ypcat NIS client program.
#ypcat passwd No such map passwd.byname. Reason: Can't bind to server which serves this domain
You might get the above error message because ypbind might not running on your system. Just start the ypbind and verify the configuration.
#service ypbind start
#ypcat passwd nisuser:R7EFEGJ1mxRGwVLVC.:401:401::/home/nisuaer:/bin/bash sathish:QtlRW$Fx.uZvD:402:402::/home/sathish:/bin/bash
If you don’t like to display the encrypted passwd field in the ypcat passwd output, set the MERGE_PASSWD to false in the /var/yp/Makefile as shown below.
#vi /var/yp/Makefile MERGE_PASSWD=false
After you do the above, the ypcat passwd command will just display a ‘x’ in the passwd file.
#ypcat passwd nisuser:x:501:501::/home/nisuser:/bin/bash sathish:x:500:500::/home/sathish:/bin/bash
Configuring a NIS Client
The procedure for configuring a NIS client is extremely similar to that of configuring a NIS server. The following packages need to be installed:
# yum install ypbind yp-tools
The easiest method of getting the client to use NIS is to run the authconfig applet. NIS should be selected as the option in the User Information section ofauthconfig as shown below:
After clicking the
authconfig will exit and restart the
ypbind daemon. Running the
ypcat passwd command as a quick test will confirm whether the client has been correctly configured:
# ypcat passwd nisuser:$1$5XpJTIcT$4IXIeIg7RUuUUFn7bYRwW1:500:100::/home/nisuser:/bin/bash
Remember, the above command should be run on the NIS client. As a quick test this is ideal, however, a better test would be to login to the client as the usernisuser. This can either be done on the clients console, or using the ssh from a remote host. In the example below, the user nisuser used ssh:
# ssh firstname.lastname@example.org
Everything worked, except for the user not being able to see their home directory, /home/nisuser. Because of this, nisuser is dumped in the / directory. This can be fixed by using autofs to automatically map the users home directory when they log into a NIS client.
The authconfig program also modifies the /etc/nsswitch file which is used for name lookups:
passwd: files nis
shadow: files nis
group: files nis
Changing a NIS password
One of the first things a NIS user should be recommended to do is to change their password from whatever is was set to when the account was created. In the section above the standard Unix passwd tool was used. This is fine for local accounts, but will not work for NIS accounts as NIS passwords are stored in a different file to the one passwd modifies. The yp-tools packages installs a NIS specific version of the passwd tool called yppasswd. An example of changing a NIS password is hown below:
Changing NIS account information for nisuser on sathisharthar.com
Please enter old password:
Changing NIS password for nisuser on sathisharthar.com.
Please enter new password:
Please retype new password:
The NIS password has been changed sathisharthar.com.