LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Slackware (http://www.linuxquestions.org/questions/slackware-14/)
-   -   Notes: YP / NIS on 12.1 (http://www.linuxquestions.org/questions/slackware-14/notes-yp-nis-on-12-1-a-665519/)

linuxbird 08-26-2008 09:12 AM
Notes: YP / NIS on 12.1
 
A recent ftp_server threat accellerated my upgrade from Slackware 11.0 to Slackware 12.1. The first problem was that the eth0 and eth1 cards got swapped by udev, which caused me to spend some time trying to figure out why my ISP would not respond to dhcp client requests on my LAN.

The second problem was that while NIS worked fine under 11.0, it did not work under 12.1. I've spent a week googling, reading man pages, tangential forum posts, and lots of unanswered posts by similarily aflicted people.

The Slackware NIS mini howto was my starting guide. What I ended up doing was similar EXECPT:

-The Slackware rc.yp script didn't work, out of the box, for the server.

Here's how I got it to work...which may not be exactly right, but it appears to work:

1. set nisdomainname

2. verify that securenets has 255.255.255.0 for 127.0.0.1 (localhost)

3. start ypbind [noone's instructions called for the server to start ypbind]

4. run the rc.yp script:

sh /etc/rc.d/rc.yp

5. run ypinit:

/usr/lib/yp/ypinit -m

<do the dialog verifyiing your server>


At this point, the clients recognize the server.


Hope this helps the next guy, so that he doesn't have to spend 25 or 30 hours researching, and perhaps ultimately just brute force experimenting, to get things working. Doing so creates such a feeling of ineptitude.

Finally, if someone can provide better guidance, please do. I am unconvinced that I understand the reasons why NIS behances the way it does. I thought there was something not working right with portmapper, iptables and stuff like that, preventing the clients from contacting the server.

keefaz 08-26-2008 11:45 AM
Hello, have your read the /etc/rc.d/rc.yp script ?

All commands are commented! It sure can't work as this!
If you take a little time to read the script, it seems that the NIS server and client configuration is explained in the script comments

linuxbird 08-26-2008 05:17 PM
I absolutely read the script, and found that it didn't work for me with 12.1. That's why I made the post I made.

The script for 11.0 is essentially identical, and yp /nis worked there without any hitches.

My posting outlines the deviations from rc.yp, which included adding ypbind and ypinit -m.

niels.horn 08-26-2008 07:43 PM
This is the way I configured NIS on my local network:

First of all, you can choose to use the /etc/yp.conf to configure the address of your NIS server, or you can use the default broadcast method.
Using broadcast won't work if you have a router, nat or firewall separating different computers.

Second, you need to choose a name for your NIS-domain. This does not have to be (and actually should not be for security reasons) your DNS domain.

A - On your server:

1) Edit /etc/yp.conf with this line:
Code:
domain <NAME_OF_YOUR_NISDOMAIN> server 127.0.0.1
2) Edit in /etc/nsswitch.conf the lines that define the order for looking up users and groups:
Code:
passwd:  files nis
shadow:  files nis
group:  files nis
3) Edit /var/yp/securenets to define your local network, for example:
Code:
255.255.255.0    192.168.1.0
4) Set your nis-domainname:
Code:
# domainname <NAME_OF_YOUR_NISDOMAIN>
# domainname > /etc/defaultdomain
5) Edit in /var/yp/Makefile the following lines:
Code:
MERGE_PASSWD=false
MERGE_GROUP=false
6) Now you have to uncomment some lines in /etc/rc.d/rc.yp so that it actually does something:
Code:
... (set nisdomain:)
if [ -r /etc/defaultdomain ]; then
  nisdomainname `cat /etc/defaultdomain`
fi
... (start server:)
if [ -x /usr/sbin/ypserv ]; then
  echo "Starting NIS server:  /usr/sbin/ypserv"
  /usr/sbin/ypserv
fi
... (start password server:)
if [ -x /usr/sbin/rpc.yppasswdd ]; then
  echo "Starting NIS master password server:  /usr/sbin/rpc.yppasswdd"
  /usr/sbin/rpc.yppasswdd
  # echo "Starting NIS master password server:  /usr/sbin/rpc.yppasswdd -e chsh -e chfn"
  # /usr/sbin/rpc.yppasswdd -e chsh -e chfn
fi
... (start client, even on this server:)
if [ -d /var/yp ]; then
  echo "Starting NIS services:  /usr/sbin/ypbind -broadcast"
  /usr/sbin/ypbind -broadcast
fi
7) Make /etc/rc.d/rc.yp executable if it is not already:
Code:
# chmod +x /etc/rc.d/rc.yp
8) Make /etc/rc.c/rc.rpc executable so that yp can use portmapping:
Code:
# chmod +x /etc/rc.d/rc.rpc
9) Start rpc & yp:
Code:
# /etc/rc.d/rc.rpc start
# /etc/rc.d/rc.yp
10) Build the NIS databases:
Code:
make -c /var/yp
11) Check if ypbind is listening to clients:
Code:
# rpcinfo -u localhost ypbind
(Should show something like "100007 ready and waiting")

12) Everytime you add a new user or group, rebuild the yp databases with "make -c /var/yp". You can add this line to the end of the useradd script etc.

B - On your clients:

1) If you cannot use broadcast, edit /etc/yp.conf with this line:
Code:
domain <NAME_OF_YOUR_NISDOMAIN> server <IP_ADDRESS_OF_YOUR_NISSERVER>
2) Edit in /etc/nsswitch.conf the lines that define the order for looking up users and groups and hosts:
Code:
passwd:  files nis
shadow:  files nis
group:    files nis
...
hosts:    files nis
3) Set your nis-domainname:
Code:
# domainname <NAME_OF_YOUR_NISDOMAIN>
# domainname > /etc/defaultdomain
4) Now you have to uncomment some lines in /etc/rc.d/rc.yp so that it actually does something:
Code:
... (set nisdomain:)
if [ -r /etc/defaultdomain ]; then
  nisdomainname `cat /etc/defaultdomain`
fi
... (start client:)
if [ -d /var/yp ]; then
  echo "Starting NIS services:  /usr/sbin/ypbind -broadcast"
  /usr/sbin/ypbind -broadcast
fi
*NOTE*: Remove -broadcast (2x) if you're behind a router, NAT, etc.

5) Make /etc/rc.d/rc.yp executable if it is not already:
Code:
# chmod +x /etc/rc.d/rc.yp
6) Make /etc/rc.c/rc.rpc executable so that yp can use portmapping:
Code:
# chmod +x /etc/rc.d/rc.rpc
7) Start rpc & yp:
Code:
# /etc/rc.d/rc.rpc start
# /etc/rc.d/rc.yp
8) Modify your passwd / group and the two shadow files:
Code:
# echo +:::::: >> /etc/passwd  (6x :)
# echo +::: >> /etc/group        (3x :)
# echo +:::::::: >> /etc/shadow        (8x :)
# echo +::: >> /etc/gshadow        (3x :)
(Not including these ":" can give you some problems with kde sessions I noticed the hard way...)

9) Check if ypbind is listening to clients:
Code:
# rpcinfo -u localhost ypbind
(Should show something like "100007 ready and waiting")

10) Test if your NIS client is communicating with your NIS server:
Code:
# ypcat passwd
This should show you all common users on your NIS server. (That's one reason why NIS is insecure...)

C - More information:
Check out http://tldp.org/HOWTO/NIS-HOWTO/index.html

Happy Slacking!


All times are GMT -5. The time now is 06:45 AM.