Date: Mon, 02 Mar 1998 23:04:20 -0600 From: Derek Laufenberg <laufen@wi.net> To: Ian Field <ifield@mstk.com>, freebsd-questions@FreeBSD.ORG Subject: Re: NIS Implementation Message-ID: <34FB8F54.A697920B@wi.net> References: <411B07D1F591D111928500A0C985DE2E01FF04@alpha.mstk.com>
next in thread | previous in thread | raw e-mail | index | archive | help
The NIS isn't trival, but there are a few things which must be done.
On the server:
1) create a /var/yp/master.passwd with entries for each user
2) create /var/yp/servers with name of the server or servers
(I dont think this should be blank)
3) create /var/yp/securenets file (optional but good idea)
here is an example:
#allow local address and all hosts on internal net 10.xxxx
127.0.0.1 255.255.255.255
10.0.0.0 255.0.0.0
4) do a 'make' in /var/yp
5) In /etc/rc.conf on server:
nisdomainname="barnyard.foo" # Set to NIS domain if using NIS (or
NO).
...
# Network Information Services (NIS) options: ###
nis_client_enable="YES" # We're an NIS client (or NO).
nis_client_flags="" # Flags to ypbind (if enabled).
nis_ypset_enable="" # Run ypset at boot time (or NO).
nis_ypset_flags="" # Flags to ypset (if enabled).
nis_server_enable="YES" # We're an NIS server (or NO).
nis_server_flags="" # Flags to ypserv (if enabled).
nis_ypxfrd_enable="NO" # Run rpc.ypxfrd at boot time (or NO).
nis_ypxfrd_flags="" # Flags to rpc.ypxfrd (if enabled).
nis_yppasswdd_enable="YES" # Run rpc.yppasswdd at boot time (or
NO).
nis_yppasswdd_flags="-s -f" # Flags to rpc.yppasswdd (if enabled).
6) Server should be up on with the next reboot.
On the Client side:
1) add + to end of /etc/hosts - not sure if this is needed???Anyone???
2) add +::: to end of /etc/group
3) vipw and add +::::::::: to end of password file
4) allow NIS and disable bind in /etc/host.conf
The NIS server will do the DNS lookup for the client.
5) in etc/rc.conf on client:
nisdomainname="barnyard.foo" # Set to NIS domain if using NIS (or
NO).
...
# Network Information Services (NIS) options: ###
nis_client_enable="YES" # We're an NIS client (or NO).
nis_client_flags="" # Flags to ypbind (if enabled).
nis_ypset_enable="NO" # Run ypset at boot time (or NO).
nis_ypset_flags="" # Flags to ypset (if enabled).
nis_server_enable="NO" # We're an NIS server (or NO).
nis_server_flags="" # Flags to ypserv (if enabled).
nis_ypxfrd_enable="NO" # Run rpc.ypxfrd at boot time (or NO).
nis_ypxfrd_flags="" # Flags to rpc.ypxfrd (if enabled).
nis_yppasswdd_enable="NO" # Run rpc.yppasswdd at boot time (or
NO).
nis_yppasswdd_flags="" # Flags to rpc.yppasswdd (if enabled).
You must also make sure the clients are using the same libcrypt files.
Look
in /usr/lib and make sure. I think the default is MD5, but if you want
to
allow Sun machines in your domain, then use DES.
On each of the machine, I only have a few entries in the
/etc/master.passwd file.
Them being root and the NIS entry +::::::::. All the others are kept on
the
NIS server.
This server also serves the NFS files systems for /home, /usr, and
/spare.
All accounts go on /home/user. THe /usr partition get mounted on all
the
clients and symlinks point to stuff like man pages and /usr/local stuff.
This
saves a lot of disk space. on the clients. Some erformance hits are
taken, but
maintance is much simpler.
I think that covers everything. Try it and let us know.
Derek Laufenberg
Ian Field wrote:
>
> Hi Nadav/list,
>
> I have gone through the manuals, and I agree, it isn't
> trivial... I still need some help. I've searched the archives, to no
> avial, it seems the standard response for NIS-related questions is:
>
> Configure NIS through /etc/rc.conf and see `man yp'. - Doug
> White
>
> Hoping for more than that, here's what I've done and what I
> would like to do:
>
> uncommented relevant nis lines from rc.conf and host.conf on
> both NIS server and clients.
> added domainname
> ran make in /var/yp
> - cameback with errors relating to ypservers file
> created blank ypservers file
> ran make again
> - cameback with errors about blank lines in:
> master.passwd, passwd, networks, etc... but completed.
> copied master.passwd from /etc to /var/yp
> ran make again
> - cameback with some duplicate info errors, and with
> blank line errors for all but master.passwd and passwd.
>
> What am I missing?
>
> Here's what works at this point:
>
> can use yppasswd from NIS clients to change NIS passwd for
> EXISTING local accounts
>
> Here's what I'd like to do:
>
> Configure accounts only once on NIS server
> Single logon for NIS clients
> Single home directory for each user on NIS server
>
> Relevant info:
>
> All machines FreeBSD 2.2.5-RELEASE
> 1 NIS server
> 4 Clients
>
> Thanks in advance people, I will truly appreciate the help on
> this one. Please excuse the lengthy message if you're annoyed by that
> sort of thing...
>
> Ian Field
> ifield@mstk.com
>
> -----Original Message-----
> From: Nadav Eiron [mailto:nadav@barcode.co.il]
> Sent: Monday, March 02, 1998 12:45 AM
> To: Ian Field
> Cc: freebsd-questions@FreeBSD.ORG
> Subject: Re: NIS Implementation
>
> Ian Field wrote:
> >
> > Hello,
> > Can anyone recommend a good source for NIS
> setup/implementation -
> > particularly w/FreeBSD (2.2.5-RELEASE)??
>
> NIS comes as part of the basic system. Have you tried configuring it? It
> is not trivial but the man pages are actuallyp retty well written. Start
> with man yp.
>
> >
> > Thank you
> > Ian Field
> > ifield@mstk.com
> >
>
> Nadav
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?34FB8F54.A697920B>