LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices

Reply
 
Search this Thread
Old 08-26-2008, 09:12 AM   #1
linuxbird
Member
 
Registered: Feb 2006
Distribution: Slackware
Posts: 316

Rep: Reputation: 20
Notes: YP / NIS on 12.1


A recent ftp_server threat accellerated my upgrade from Slackware 11.0 to Slackware 12.1. The first problem was that the eth0 and eth1 cards got swapped by udev, which caused me to spend some time trying to figure out why my ISP would not respond to dhcp client requests on my LAN.

The second problem was that while NIS worked fine under 11.0, it did not work under 12.1. I've spent a week googling, reading man pages, tangential forum posts, and lots of unanswered posts by similarily aflicted people.

The Slackware NIS mini howto was my starting guide. What I ended up doing was similar EXECPT:

-The Slackware rc.yp script didn't work, out of the box, for the server.

Here's how I got it to work...which may not be exactly right, but it appears to work:

1. set nisdomainname

2. verify that securenets has 255.255.255.0 for 127.0.0.1 (localhost)

3. start ypbind [noone's instructions called for the server to start ypbind]

4. run the rc.yp script:

sh /etc/rc.d/rc.yp

5. run ypinit:

/usr/lib/yp/ypinit -m

<do the dialog verifyiing your server>


At this point, the clients recognize the server.


Hope this helps the next guy, so that he doesn't have to spend 25 or 30 hours researching, and perhaps ultimately just brute force experimenting, to get things working. Doing so creates such a feeling of ineptitude.

Finally, if someone can provide better guidance, please do. I am unconvinced that I understand the reasons why NIS behances the way it does. I thought there was something not working right with portmapper, iptables and stuff like that, preventing the clients from contacting the server.
 
Old 08-26-2008, 11:45 AM   #2
keefaz
Senior Member
 
Registered: Mar 2004
Distribution: Slackware
Posts: 4,443

Rep: Reputation: 94
Hello, have your read the /etc/rc.d/rc.yp script ?

All commands are commented! It sure can't work as this!
If you take a little time to read the script, it seems that the NIS server and client configuration is explained in the script comments

Last edited by keefaz; 08-26-2008 at 11:48 AM.
 
Old 08-26-2008, 05:17 PM   #3
linuxbird
Member
 
Registered: Feb 2006
Distribution: Slackware
Posts: 316

Original Poster
Rep: Reputation: 20
I absolutely read the script, and found that it didn't work for me with 12.1. That's why I made the post I made.

The script for 11.0 is essentially identical, and yp /nis worked there without any hitches.

My posting outlines the deviations from rc.yp, which included adding ypbind and ypinit -m.
 
Old 08-26-2008, 07:43 PM   #4
niels.horn
Senior Member
 
Registered: Mar 2007
Location: Rio de Janeiro - Brazil
Distribution: Slackware64-current
Posts: 1,004

Rep: Reputation: 89
This is the way I configured NIS on my local network:

First of all, you can choose to use the /etc/yp.conf to configure the address of your NIS server, or you can use the default broadcast method.
Using broadcast won't work if you have a router, nat or firewall separating different computers.

Second, you need to choose a name for your NIS-domain. This does not have to be (and actually should not be for security reasons) your DNS domain.

A - On your server:

1) Edit /etc/yp.conf with this line:
Code:
domain <NAME_OF_YOUR_NISDOMAIN> server 127.0.0.1
2) Edit in /etc/nsswitch.conf the lines that define the order for looking up users and groups:
Code:
passwd:  files nis
shadow:  files nis
group:   files nis
3) Edit /var/yp/securenets to define your local network, for example:
Code:
255.255.255.0    192.168.1.0
4) Set your nis-domainname:
Code:
# domainname <NAME_OF_YOUR_NISDOMAIN>
# domainname > /etc/defaultdomain
5) Edit in /var/yp/Makefile the following lines:
Code:
MERGE_PASSWD=false
MERGE_GROUP=false
6) Now you have to uncomment some lines in /etc/rc.d/rc.yp so that it actually does something:
Code:
... (set nisdomain:)
if [ -r /etc/defaultdomain ]; then
  nisdomainname `cat /etc/defaultdomain`
fi
... (start server:)
if [ -x /usr/sbin/ypserv ]; then
  echo "Starting NIS server:  /usr/sbin/ypserv"
  /usr/sbin/ypserv
fi
... (start password server:)
if [ -x /usr/sbin/rpc.yppasswdd ]; then
  echo "Starting NIS master password server:  /usr/sbin/rpc.yppasswdd"
  /usr/sbin/rpc.yppasswdd
  # echo "Starting NIS master password server:  /usr/sbin/rpc.yppasswdd -e chsh -e chfn"
  # /usr/sbin/rpc.yppasswdd -e chsh -e chfn
fi
... (start client, even on this server:)
if [ -d /var/yp ]; then
  echo "Starting NIS services:  /usr/sbin/ypbind -broadcast"
  /usr/sbin/ypbind -broadcast
fi
7) Make /etc/rc.d/rc.yp executable if it is not already:
Code:
# chmod +x /etc/rc.d/rc.yp
8) Make /etc/rc.c/rc.rpc executable so that yp can use portmapping:
Code:
# chmod +x /etc/rc.d/rc.rpc
9) Start rpc & yp:
Code:
# /etc/rc.d/rc.rpc start
# /etc/rc.d/rc.yp
10) Build the NIS databases:
Code:
make -c /var/yp
11) Check if ypbind is listening to clients:
Code:
# rpcinfo -u localhost ypbind
(Should show something like "100007 ready and waiting")

12) Everytime you add a new user or group, rebuild the yp databases with "make -c /var/yp". You can add this line to the end of the useradd script etc.

B - On your clients:

1) If you cannot use broadcast, edit /etc/yp.conf with this line:
Code:
domain <NAME_OF_YOUR_NISDOMAIN> server <IP_ADDRESS_OF_YOUR_NISSERVER>
2) Edit in /etc/nsswitch.conf the lines that define the order for looking up users and groups and hosts:
Code:
passwd:   files nis
shadow:   files nis
group:    files nis
...
hosts:    files nis
3) Set your nis-domainname:
Code:
# domainname <NAME_OF_YOUR_NISDOMAIN>
# domainname > /etc/defaultdomain
4) Now you have to uncomment some lines in /etc/rc.d/rc.yp so that it actually does something:
Code:
... (set nisdomain:)
if [ -r /etc/defaultdomain ]; then
  nisdomainname `cat /etc/defaultdomain`
fi
... (start client:)
if [ -d /var/yp ]; then
  echo "Starting NIS services:  /usr/sbin/ypbind -broadcast"
  /usr/sbin/ypbind -broadcast
fi
*NOTE*: Remove -broadcast (2x) if you're behind a router, NAT, etc.

5) Make /etc/rc.d/rc.yp executable if it is not already:
Code:
# chmod +x /etc/rc.d/rc.yp
6) Make /etc/rc.c/rc.rpc executable so that yp can use portmapping:
Code:
# chmod +x /etc/rc.d/rc.rpc
7) Start rpc & yp:
Code:
# /etc/rc.d/rc.rpc start
# /etc/rc.d/rc.yp
8) Modify your passwd / group and the two shadow files:
Code:
# echo +:::::: >> /etc/passwd   (6x :)
# echo +::: >> /etc/group	(3x :)
# echo +:::::::: >> /etc/shadow	(8x :)
# echo +::: >> /etc/gshadow	(3x :)
(Not including these ":" can give you some problems with kde sessions I noticed the hard way...)

9) Check if ypbind is listening to clients:
Code:
# rpcinfo -u localhost ypbind
(Should show something like "100007 ready and waiting")

10) Test if your NIS client is communicating with your NIS server:
Code:
# ypcat passwd
This should show you all common users on your NIS server. (That's one reason why NIS is insecure...)

C - More information:
Check out http://tldp.org/HOWTO/NIS-HOWTO/index.html

Happy Slacking!
 
  


Reply

Tags
iptables, nis, portmapper, rpc, startup


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
recovering the notes of sticky notes dissident_goodchild Linux - Software 4 11-12-2007 06:17 PM
NIS: NIS running but users not able to log in with NIS credentials outerspace Linux - Server 3 10-17-2007 08:51 AM
Any utility to write notes and search in notes? VicRic Linux - Newbie 2 08-29-2007 05:01 AM
NIS-Problem - search for NIS-Guru or SuSE Profesional krischeu MEPIS 0 06-16-2005 07:21 AM
How to setup a Solaris NIS client while with a Linux NIS server? ntcm Linux - General 1 03-31-2004 06:10 AM


All times are GMT -5. The time now is 05:58 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration