Introducing the Network Information Service for Linux

I will describe how to set up NIS on a Linux machine running the Red Hat 4.2 distribution. However, what I cover is generally applicable to any Linux machine running a libc5-based system with the NYS NIS support library included in the libc (as the case is with Red Hat), or a new libc6 system. If you are unfortunate enough not to fall into either of these cases, I suggest upgrading your Linux distributions across the board, or going out and getting a different libc at sunsite.unc.edu. (Upgrading libc is not a task for the faint-of-heart.)

The two packages required to make Red Hat Linux into an NIS client are yp-clients-2.2 and ypbind-3.3. These tools start with the letters “yp” for historical reasons. If you want to get the tar.gz files, they are available at ftp://ftp.uni-paderborn.de/linux/local/yp/. Otherwise, you can use pre-packaged RPMs from any Red Hat FTP site. The yp-clients package is in the standard binary RPMS directory, but the ypbind package is only available in the “contrib/SRPMS” area. You can run NIS without ypbind, but not all features will be available. You will want those features though, so get the RPM or source code, compile it and install.

Once you have those packages installed, verify that you have the portmapper running. The portmapper enables the Remote Procedure Call (RPC) mechanism, which is used by NIS and NFS, among other things. If you are already running NFS, you don't need to worry. Otherwise, install the portmap package for your appropriate distribution; it should be included.

Now that you have the various components installed, you must set up a few configuration files to enable NIS at boot-time. First, you have to determine the NIS domain in which the client will run. This is not the same thing as your DNS domain, although sometimes the name is the same. The traditional location for the NIS domain is in the file /etc/defaultdomain. This file should contain a single line with the name of your NIS domain, for example, econ.yale.edu. However, this file's mere presence does not set the domain name; to actually set the name you must use the domainname command. Usually this is done at boot time from the init scripts. On Red Hat, add the line:

domainname `cat /etc/defaultdomain`

near the top of /etc/rc.d/rc.sysinit. On non-SYSV init systems like Slackware, the appropriate file to change would most likely be /etc/rc.d/rc.inet2. The main objective is to get domainname to run “early” in the boot process, before other network services that might depend on NIS run, but after the network hardware is initialized and the IP address information is set.

Next, you have to start the ypbind daemon, which turns on the NIS client services. If you installed the ypbind RPM referenced above, the proper SYSV-style startup files should be ready to go. Otherwise, you will have to start ypbind yourself. Insert the call to /usr/sbin/ypbind right after the line initializing the NIS domain name.

Third, create the file /etc/yp.conf and include the line:

ypserver

Replace servername with the host name of your NIS master or slave server, whose host name must also be listed in /etc/hosts. You can list multiple servers on separate lines; if one host is down at boot time, the client will try the others. Failure to create this file will not disable NIS, but ypbind will broadcast a request for a server across your entire IP subnet, and this can be a major security hole. Someone can set up a renegade NIS server on your subnet and then feed you false configuration files. Better safe than sorry—create /etc/yp.conf.

That wasn't too bad, was it? Now you're ready to go. Reboot your machine, and when it comes back up, log in and do a few diagnostics. First type domainname without any arguments to be sure that it responds with the proper NIS domain. If not, check that the command to set the domain has run properly. Then type ypwhich, the command to tell you which NIS server you are talking to. If all is well, it will respond with the one you listed in the /etc/yp.conf file. Now it's time to put NIS to work.

There are a number of useful command-line utilities, used to query the NIS system, that come with the yp-clients package. ypwhich tells you what NIS server you are bound to. Typing the command ypcat filename will display the contents of a file served over NIS. For example, ypcat passwd will display the NIS password file. Typing the command ypmatch key filename will match a “key” in the file name specified. For instance, I could do a ypmatch pbrown passwd, and it would return the entry for my account. These commands can be useful in shell scripts, debugging NIS setup troubles and numerous other creative ways.