Setting up a NIS server

tested on NetBSD 9

draft – HA with slave not tested

Requirements

On master and slave, backup /var/yp/ before you initialize the NIS service, so you can start from scratch again whenever you want

cd /var/
tar czpf yp.dist.tar.gz yp/

Make sure the master and the slave resolve themselves and each other

vi /etc/hosts

Shared NIS setup (Master AND Slave)

Setup the NIS domain name

domainname DOMAIN.TLD
domainname

cd /etc/
echo DOMAIN.TLD > mydomain
ln -s mydomain domainname
ln -s mydomain defaultdomain

Enable the NIS service

vi /etc/rc.conf

rpcbind=yes
ypserv=yes
ypbind=yes
yppasswdd=yes

#not for the slave?
#yppasswdd=no 

/etc/rc.d/rpcbind restart
/etc/rc.d/ypserv restart
/etc/rc.d/ypbind restart
/etc/rc.d/yppasswdd restart

Master setup

Initialize the NIS databases

ping -c1 nis2
ypinit -m

        next host: nis
        next host: nis2
        next host: [ENTER]

Note that group users with GID 100 is already there on both, Slackware and NetBSD.

cd /var/yp/
vi Makefile.yp

MINUID?=        1000
MINGID?=        1000

make

cd /var/yp/nethence.com/
echo nis2 nis2 >> ypservers
    make ypservers

and check

    makedbm -u ypservers

Slave setup

Now initialize the NIS databases differently, by pointing to the master’s short hostname

ping -c1 nis
ypinit -s nis

    next host: nis2
    next host: nis
    next host: [ENTER]

    cd /var/yp/
make

cd /var/yp/nethence.com/
echo nis2 nis2 >> ypservers
echo nis nis >> ypservers
make ypservers

and check

    makedbm -u ypservers

Client setup

Also configure the master as a client to itself, see nis-client.

Operations

Create a user

useradd -m -g users usercheck1
passwd -d files usercheck1
cd /var/yp/
make

You can also update your Secure Maps NIS password as such

yppasswd usercheck1
#passwd -y
#passwd -d nis

HA acceptance

Now it’s time to validate the Master <-> Slave kind-of-HA.

Disconnect the wire from the Master server and see if the slave SSH service on the NIS user is still responding (of course be careful not to use any diskless system on the slave, or make sure that the diskless nfs server isn’t also the NIS master).

TODO

• securing NIS and NFS with /etc/hosts.*
• need INSECURE (makedbm -s) for sol8 clients?
• what about amd – automount – and ethers?

Resources

23.6.3. Network Information Service (NIS/YP) http://www.netbsd.org/docs/guide/en/chap-net-intro.html#chap-net-intro-nsconcepts-nis

how to set up nfs and nis https://wiki.netbsd.org/tutorials/how_to_set_up_nfs_and_nis/

NIS in NetBSD http://www.silas.net.br/tech/netbsd/nis-in-netbsd.html http://www.silas.net.br/doc.notes/unix/netbsd/nis-in-netbsd.html

more

うにっくすさんの覚え書き - NetBSD - NIS http://www.nognog.com/techmemo/NetBSD_NIS_HOWTO.php

NetBSD Wiki/tutorials/ how to set up nfs and nis http://wiki.netbsd.org/tutorials/how_to_set_up_nfs_and_nis/

Adding a New Slave Server http://docs.oracle.com/cd/E19455-01/806-1387/6jam692cm/index.html

NIS Troubleshooting on Solaris http://www.softpanorama.net/Net/Application_layer/NIS/nis_troubleshooting.shtml

3.3. Files managed under NIS http://docstore.mik.ua/orelly/networking_2ndEd/nfs/ch03_03.htm

Solaris Naming Services Architecture http://www.informit.com/articles/article.aspx?p=24381&seqNum=11

misc

Replacing NIS with Kerberos and LDAP HOWTO http://aput.net/~jheiss/krbldap/howto.html

Samba + NIS http://forum.ubuntu-fr.org/viewtopic.php?id=439878