Linux Unleashed, Third Edition:NIS and YP





-->















Previous
Table of Contents
Next




Chapter 44NIS and YP

by Tim Parker

In This Chapter
•   Setting up the NIS domain
•   NIS daemons
•   Setting up the NIS master
•   Setting up NIS slaves
•   Setting up NIS clients

Network Information Service (NIS) provides network-wide access to files that would normally be local, offering greatly improved access for users and administrators. The primary use of NIS is to keep a network-wide /etc/passwd file so you don’t have to change passwords on each machine individually; instead, you can use the NIS master password files to allow global access to any machine on the network.

Note:  YP stands for yellow pages and was the forerunner to NIS. Because of copyright reasons, the name had to be changed to NIS. There’s a lot of old terminology from YP left in NIS. We still talk about ypmasters and ypslaves instead of the NIS equivalents, for example.

In this chapter, you’ll learn how to set up NIS on a simple network. Many variations of network architecture and configurations exist, some of which get awfully complex for a network administrator. While the principles of setting up NIS and NIS domains are the same for all networks, some extra steps are required on very complex setups. For the most part, this chapter sticks with the basics since most Linux networks are straight-forward.

The files normally handled by NIS are listed in Table 44.1.
Table 44.1. Files handled by NIS.



File
Use



/etc/ethers
Ethernet MAC to IP address mappings

/etc/group
Group access information

/etc/hosts
IP address to host-name mappings

/etc/netmasks
IP network masks

/etc/passwd
User access information

/etc/protocols
Network protocol and number mappings

/etc/rpc
RPC numbers

/etc/services
Port number to TCP/IP protocol mappings



As you set up the NIS master and NIS slave, you will look at the most commonly used files, as well as see what has to be changed on any client machines that want to use NIS.

Setting Up the NIS Domain
NIS uses the concept of a domain to organize machines into logical groups. NIS domains have one system assigned as NIS master and one or more machines designated as NIS slaves. The NIS slaves take over the task of handling NIS requests if the NIS master is unavailable for any reason (such as a system crash or network problem). The overhead involved in setting up an NIS slave is minimal, and you should have at least one slave per network so that logins are not disabled if the master goes down. The NIS slaves can answer requests for login verification as well as the master, if so desired, to minimize the impact of NIS on the master. The master takes care of file changes and sends copies to the slaves when a change occurs.

An NIS domain doesn’t have to be the same as an Internet domain, although for most networks they are identical (in other words, the entire network is the NIS domain). The NIS domain has to have a name, which can also correspond to your Internet domain name if you want. Alternatively, you can set up subsidiary domains for small logical groups in a large corporation, such as domains for accounting, research and development, and marketing.
To set up a NIS domain, you need to decide on the domain name and know the IP address of the NIS master and any NIS slaves. If you have more than one NIS domain established, you need to know which machines are handled by which NIS master. Each machine on the domain (whether one or many domains are established) must be entered into a configuration file to allow the client machine to use NIS.
To set up the NIS domain, you need to log in to each client machine on the network and set up the domain name with the following command, where domain is the domain name the machine will use:


domainname domain


You will need to be logged in as root or an administrative account with access to the root utilities to set these values. Because this type of command is effective only until the machine is rebooted, it is better to enter the domain name in one of the startup rc scripts. These differ for each version of UNIX, so you should check your rc commands to find out where to embed the domain name. Usually it will be in a file under the /etc/rc.d directory.
Some Linux systems use automated scripts to do the same sort of tasks. Caldera OpenLinux, for example, uses a tool that prompts for the NIS domain name and then the IP address of the NIS servers (masters and slaves). With this version of Linux, only three IP addresses can be entered (one master and two slaves).
NIS Daemons
NIS uses a number of daemons on the server and on all clients to enable the NIS system. On the NIS master and any NIS slaves, the daemon is usually called ypserv. The ypserv daemon waits for incoming client requests for service and handles them.
On the clients, the process ypbind is used. This is responsible for connecting with the YP master when the machine boots and determining any resolution steps necessary to handle logins and other network configuration information handled by NIS. The process that ypbind uses to connect to the NIS master and establish procedures is called a binding because the client is bound to the master for requests.
The binding process begins with ypbind sending out a broadcast message for any NIS masters on the network to respond with their IP address and the port number to send requests on. If more than one NIS master responds to the request, only the first received reply is used. If for some reason ypbind finds it isn’t getting replies from the NIS master, it assumes the master has crashed and retransmits a request for a master.
You can find out which NIS master any client machine is bound to with the command ypwhich. It usually responds with the name of the NIS master, such as


$ ypwhich
merlin






Previous
Table of Contents
Next