As my home network expands, the time I spend doing administration tasks on it increases. As machines are added, I am required to add users to each machine, and mount directories so they are backed up on the server. By implementing autofs the problem of users' directories is solved. For users, I decided to implement NIS to centralize user administration.
But, I chose Linux in order to reduce the maintainance requirements for the network, not the other way around.
This articles describes how to centralize user management using NIS on Linux, so as to add or delete users on one machine only, and from there, users can log in from any other client machine, without the need to add them locally to the clients.
Introduction
The NIS system works by designating one (or more) machine in the network as a NIS server, and the rest as NIS clients. The server acts as the central repository for all user names, passwords, and groups. The data is replicated from the regular /etc/passwd file to NIS databases that are normally DBM format.
When a client needs to check the password of someone who is trying to log in, it sends the request to the server, and the server comes back with the result (correct password or not).
Setting up the Server
Installing the software
On the server, you need to install a package called ypserv. This can be done by urpmi on Mandrake, or apt-get on Debian.
Setting the NIS Domain Name
After installing the above package, you have to select and set a NIS Domain Name that will be used by both the server and the client. On some systems you can do so by running the domainname command. On others, you can just add it to a configuration file.
On Mandrake, you need to edit the file: /etc/sysconfig/network and add the following line to it:
NISDOMAIN=somename
Where somename is a name that you choose for the NIS Domain Name for your network.
Initializing NIS files
Then you have to convert the existing passwd, group and shadow files that contain user information and password to the NIS DBM format. You can do this using the following command:
/usr/lib/yp/ypinit -m
Updating the NIS files
From now on, every time you add a user, delete a user, you have to update the NIS database. You can do this using the command:
make -C /var/yp
If you want, you can setup a cron job to run every hour or every day and update the database for you automatically if it detects a change.
Starting the NIS server
Now you have to start the NIS server by entering the following command:
/etc/init.d/ypserv start
The server is now ready to handle authentication requests from the clients.
Setting up the Client machines
Installing the software
On the client, you need the yp-tools package, which depends on the ypbind package.
Configuring the software
First you must setup the NIS Domain Name. See above for how this is done.
Then, you must edit the /etc/yp.conf file, and point it to the appropriate server and domain name. Remember that the domain name must be the same that you set for the server. For example, add the following line:
domain somedomain server somehost
Modifying nsswitch.conf
The /etc/nsswitch.conf file lists the order for how lookups for various things are done, such as DNS lookup, user authentication, and the like. In order to make lookups for user authentication faster, change the following section in this file from:
passwd: files nisplus nis
shadow: files nisplus nis
group: files nisplus nis
To the following:
passwd: nis files nisplus
shadow: nis files nisplus
group: nis files nisplus
Deleting the existing users
If this system had local users before you install NIS, then it is a good idea to delete those users from the local machine before proceeding, provided that they have been added to the server. You can use the administration GUI that comes with your distribution to do this, or the userdel command.
Starting the NIS service
Start the NIS client service by entering:
/etc/init.d/ypbind start
Conclusion
Assuming you have done the above steps correctly, you can now handle all client authentication by using NIS.
Resources
For further reading, check the following:
Comments
Alok Gautam (not verified)
Thank you
Mon, 2006/05/29 - 04:03The steps prove to be of great help in a clean simple way.
Thanks to the creator.
Nick Ha (not verified)
Thanks!
Sat, 2006/06/24 - 23:33Thanks for your clear and concise explanation. Apparently the RHCE book I have left out the add/delete users to NIS server. So what was I suppose to do after I configured the server and client?
karthik (not verified)
thanks!
Mon, 2007/05/28 - 05:41This page proved itself for me in creating the nis server user and client.
Anonymous (not verified)
add-on required
Tue, 2007/08/21 - 11:59this documentation is great but I believe it is missing the fact that /etc/sysconfig/network, should have an NISDOMAIN=[domain address].
Thank you.
Khalid
On Mandrake
Tue, 2007/08/21 - 13:58It is mentioned already, in relation to Mandrake.
Debian/Ubuntu is different, and does not need that. In fact, the /etc/sysconfig directory does not exist on such distros.
--
Khalid Baheyeldin
Anonymous (not verified)
hi - please mention how to delete nis user
Wed, 2008/10/08 - 21:18please mention how to delete nis user.
I tried deleting user by giving userdel, but its throwind an error
"userdel: error deleting shadow password entry"
sam (not verified)
hey nice post on nis
Tue, 2009/07/21 - 15:20hey nice post on nis server
but u can also refer this link
http://www.techviolation.com/how-to-configure-nis-server-in-linux/
Anonymous (not verified)
Thanks a lot..
Fri, 2010/02/05 - 02:38The information is very useful and easy to understand.
Thanks a lot..
Anonymous (not verified)
The concept is good but not
Wed, 2010/04/21 - 12:42The concept is good but not execute properly.....