NIS

Developed at SUN as "Yellow Pages" (see name of commands,configuration files) is a client-server directory service protocol.

Visit a NIS-HOWTO

Configuration

Domain Name: ClusterAEIHannover (on 10.20.40.5).

Server

/etc/default/nis: change NISCLIENT to true and NISSERVER to 'master' for the Server, then restart /etc/init.d/nis (which should imply /usr/lib/yp/ypinit -m) You could edit /etc/yp.conf and /etc/ypserv.conf.

You have got to run 'make' in /var/yp in order to rebuild the nis database from files. Restarting the nis-server is not necessary. In our configuration the nis data-files reside in /var/lib/yp (edit /var/yp/Makefile to change this). We have got a small helper-script for adding users to the passwd/shadow-files nis uses and rebuilding nis db (/var/lib/yp/adduser.pl --help for usage).

Client

1. Add the Servers IP to /etc/yp.conf, otherwise Server will be located via Broadcasts.
2. Add +:::::: to the /etc/passwd, /etc/group and /etc/shadow on the Client node and edit /etc/nsswitch.conf (passwd, group, shadow to "compat" and perhaps hosts, netgroup to "nis").
3. On the other hand setting the passwd, group and shadow entries in /etc/nsswitch.conf to 'nis files' might be the better alternative, for you now wont have to add the +::::::-entries.
4. Restart /etc/init.d/nis and /etc/init.d/nscd
5. On Solaris-NIS-clients "ypinit -c" and "svcadm restart network/nis/client" should do it.

• root/lokal-user is still possible, with nis-server shut down. Login of nis-users produces errors (depending on nscd-caching-policy). A problem might be that tools like useradd fail in that case, which may lead to trouble e.g. with installing some deb-packages etc... Moreover login-process for local users is very slow when the NIS-servers are down and the client trying to find the servers via broadcasts. Adding the servers-ipadresses to yp.conf fixes this problem.

• Add the line "automount: nis" to nsswitch.conf in order to make autofs fetch the auto.master over NIS (of course on the server the corresponding entries in Makefile have to be uncommented for that). Automount-maps can be received over NIS e.g. by using a statement of the following type in master: "/home yp:auto.home"

• TODO: Grid Certificates?

Backup

Files with user information that need to be backuped from master server: /var/lib/yp/* (including auto.home, auto.node_scr, group, hosts, passwd, shadow)

Slave-Server

Install a NIS-client and check that "ypwhich -m" shows all the maps the master-server provides. Then via /usr/lib/yp/ypinit -s 'masterserver-hostname' the masters maps are copied. Edit /etc/default/nis and activate NISCLIENT, NISSERVER and set NISMASTER='masterserver-hostname'. Attention: "ypinit -s" will fail, if you dont use the correct 'masterserver-hostname', which has to be the same string as show by "ypwhich -m", i.e. the hostname of the masterserver.

Creating own maps

Edit the Makefile in /var/yp and copy an example of an existing map. The outcome looks similar to:

  ALL += postfix_virtual
  ...
  postfix_virtual: /etc/postfix/virtual $(YPDIR)/Makefile
          @echo "Updating $@..."
          @$(AWK) '{ if ($$1 != "" && $$1 !~ "#") print $$0 }' \
              /etc/postfix/virtual | $(DBLOAD) -i /etc/postfix/virtual -o $(YPMAPDIR)/$@ - $@
          -@$(NOPUSH) || $(YPPUSH) -d $(DOMAIN) $@

Then 'make' the new dbfile and test it on your client e.g. via 'ypcat postfix_virtual'

Maintain maps

The clear text file of the maps is placed in the direcory

/var/lib/yp

After modifications go into

/var/yp

and call make.