Introduction to NIS
Network Information Services (NIS) allows you to create user accounts that can be shared across all systems on your network. The user account is created only on the NIS server. NIS clients download the necessary username and password data from the NIS server to verify each user login.
An advantage of NIS is that users only need to change their passwords on the NIS server, instead of every system on the network. This makes NIS popular in computer training labs, distributed software development projects or any other situation where groups of people have to share many different computers.
The disadvantage is that NIS doesn’t encrypt the username/password information sent to the clients with each login and all users have access to the encrypted passwords stored on the NIS server.
NIS uses a client-server arrangement. NIS servers provide services to NIS clients. The principal servers are called master servers, and for reliability, they have backup, or slave servers.
Both master and slave servers use the NIS information retrieval software and both store NIS maps.
NIS uses domains to arrange the machines, users, and networks in its namespace. However, it does not use a domain hierarchy; an NIS namespace is flat
An NIS domain cannot be connected directly to the Internet using just NIS. You can use NIS to manage all local information and use DNS for Internet host lookup.
NIS provides a forwarding service that forwards host lookups to DNS if the information cannot be found in an NIS map.
The Solaris operating environment also allows you to set up the nsswitch.conf file so that hosts lookup requests go only to DNS, or to DNS and then NIS if not found by DNS, or to NIS and then DNS if not found by NIS.
NIS Machine Types
There are three types of NIS machines:
Clients of NIS servers
Any machine can be an NIS client, but only machines with disks should be NIS servers, either master or slave. Servers are also clients, typically of themselves.
The NIS server does not have to be the same machine as the NFS file server.
NIS servers come in two varieties, master and slave. The machine designated as master server contains the set of maps that the system administrator creates and updates as necessary.
Each NIS domain must have one, and only one, master server, which can propagate NIS updates with the least performance degradation. You can designate additional NIS servers in the domain as slave servers.
A slave server has a complete copy of the master set of NIS maps. Whenever the master server maps are updated, the updates are propagated among the slave servers.
Slave servers can handle any overflow of requests from the master server, minimizing “server unavailable” errors. Normally, the system administrator designates one master server for all NIS maps.
However, because each individual NIS map has the machine name of the master server encoded within it, you could designate different servers to act as master and slave servers for different maps.
NIS clients run processes that request data from maps on the servers. Clients do not make a distinction between master and slave servers, since all NIS servers should have the same information.
The NIS naming service is composed of the following elements:
NIS Command Set
The NIS Domain
An NIS domain is a collection of machines which share a common set of NIS maps. Each domain has a domain name and each machine sharing the common set of maps belongs to that domain.
Any machine can belong to a given domain, as long as there is a server for that domain’s maps in the same network. An NIS client machine obtains its domain name and binds to an NIS server as part of its boot process.
Configuring the NFS server for NIS
Here are the steps to configure the NFS server in this scenario: Edit the /etc/exports file to allow NFS mounts of the /home directory with read/write access.
Let NFS read the /etc/exports file for the new entry and make /home available to the network with the export fs command.
[root@wilshire ~]# exportfs -a
Make sure the required NFS, NFS lock and port mapper daemons are both running and configured to start after the next reboot.
[root@wilshire~]# chkconfig nfslock on [root@wilshire~]# chkconfig nfs on [root@wilshire~]# chkconfig portmap on [root@wilshire~]# service portmap start Starting portmapper: [ OK ] [root@wilshire~]# service nfslock start Starting NFS statd: [ OK ] [root@wilshire~]# service nfs start Starting NFS services: [ OK ] Starting NFS quotas: [ OK ] Starting NFS daemon: [ OK ] Starting NFS mountd: [ OK ] [root@wilshire~]#
Configuring the NFS client for NIS
You’ll also need to configure the NFS clients to mount their /home directories on the NFS server. The procedure below will archive the /home directory. In a production environment in which the /home directory would be actively used, you’d have to force the users to log off, backup the data, restore it to the NFS server and then follow the steps below. Make sure the required netfs, NFS lock and port mapper daemons are both running and configured to start after the next reboot.
[root@wilshire~]# chkconfig nfslock on [root@wilshire~]# chkconfig netfs on [root@wilhire~]# chkconfig portmap on [root@wilshire~]# service portmap start Starting portmapper: [ OK ] [root@wilshire~]# service netfs start Mounting other filesystems: [ OK ] [root@wilshire~]# service nfslock start Starting NFS statd: [ OK ]
Configuring the NIS server
In early days, NIS was called “Yellow Pages”. The developers had to change the name after a copyright infringement lawsuit, yet many of key programs associated with NIS have kept their original names beginning with “yp”.
Edit Your /etc/sysconfig/network File
You need to add the NIS domain you wish to use in the /etc/sysconfig/network file. In the case below, we’ve called the domain “NIS-HOME_NETWORK”.
Initialize your NIS domain
Now that you have decided on the name of the NIS domain, you’ll have to use the ypinit command to create the associated authentication files for the domain. You will be prompted for the name of the NIS server, which in this case is ―wilshire". With this procedure, all non privileged accounts will automatically be accessible via NIS.
[root@wilshire~]# /usr/lib/yp/ypinit -m
At this point, we have to construct a list of the hosts which will run NIS servers. wilshire is in the list of NIS server hosts.
Managing NIS server
Adding New NIS Users
New NIS users can be created by logging into the NIS server and creating the new user account. In this case we’ll create a user account called “nisuser” and give it a new password. Once this is complete, you will then have to update the NIS domain’s authentication files by executing the make command in the /var/yp directory.
This procedure will make all NIS enabled, non privileged accounts become automatically accessible via NIS, not just newly created ones. It will also export all the user’s characteristics stored in the /etc/passwd and /etc/group files such as the login shell, the user’s group and home directory.
Configuring the NIS client
Now that the NIS server has been configured, it’s time to configure the NIS clients. There are a number of related configuration files that you’ll need to edit to get it to work. The procedure can be seen below:
The authconfig program will automatically configure your NIS files after prompting you for the IP address and domain of the NIS server.
Once finished, it should create a /etc/yp.conf file that defines, amongst other things, the IP address of the NIS server for a particular domain. It will also edit the /etc/sysconfig/network file to define the NIS domain to which the NIS client belongs.
# /etc/yp.conf - ypbind configuration file domain DESTINY.COM server 184.108.40.206 #vi/etc/sysconfig/network NISDOMAIN=DESTINY.CO
The authconfig program also updates the /etc/nisswitch.conf file which lists the order in which certain data sources should be searched for name lookups like those in DNS, LDAP and NIS. Here we can see where NIS entries have been added for the important login files.
#vi/etc/nisswitch.conf passwd: shadow: group: files nis files nis files nis