NIS

From Wikitech
Jump to navigation Jump to search
This is now outdated. We no longer use NIS, or LDAP (for production shell), and manage user accounts and /home access with Puppet.

NIS (formerly YP) is a directory service for Unix databases (passwd, group, hosts, etc). it's like LDAP but more simpler and more limited. we are replacing LDAP with NIS.

we run the NIS server, ypserv, on srv1 (the master) and srv2. the NIS databases are in /var/yp. to make changes, edit ypfiles/* on srv1, and run "make" to rebuild the databases and update slaves.

Adding a user

Goat with unusual horns.jpg

For LDAP, adding the user on srv1 and running ldapsync seems sufficient. This doesn't appear to affect NIS.

  • Edit /var/yp/ypfiles/passwd, group, and shadow and manually add the entries...
  • sacrifice goat
  • run 'make' in /var/yp
  • profit!

Client setup

the NIS client is called ypbind, and runs on each server.

ubuntu:

  • apt-get install nis
  • edit /etc/yp.conf and add:
ypserver srv1.pmtpa.wmnet
ypserver srv2.pmtpa.wmnet
  • edit /etc/nsswitch.conf and change:
passwd:         files nis
group:          files nis
shadow:         files nis
  • make sure /etc/defaultdomain contains "pmtpa.wmnet"
  • /etc/init.d/nis start

fedora:

  • edit /etc/sysconfig/network:
NISDOMAIN=pmtpa.wmnet
  • edit /etc/yp.conf and add:
ypserver srv1.pmtpa.wmnet
ypserver srv2.pmtpa.wmnet
  • edit /etc/nsswitch.conf and change:
passwd:         files nis
group:          files nis
  • chkconfig --level 2345 ypbind on
  • /etc/init.d/ypbind start