How to setup NIS for a Linux network

As my home network expands, the time I spend doing administration tasks on it increases. As machines are added, I am required to add users to each machine, and mount directories so they are backed up on the server. By implementing autofs the problem of users' directories is solved. For users, I decided to implement NIS to centralize user administration.

But, I chose Linux in order to reduce the maintainance requirements for the network, not the other way around.

This articles describes how to centralize user management using NIS on Linux, so as to add or delete users on one machine only, and from there, users can log in from any other client machine, without the need to add them locally to the clients.

Introduction

The NIS system works by designating one (or more) machine in the network as a NIS server, and the rest as NIS clients. The server acts as the central repository for all user names, passwords, and groups. The data is replicated from the regular /etc/passwd file to NIS databases that are normally DBM format.

When a client needs to check the password of someone who is trying to log in, it sends the request to the server, and the server comes back with the result (correct password or not).

Setting up the Server

Installing the software

On the server, you need to install a package called ypserv. This can be done by urpmi on Mandrake, or apt-get on Debian.

Setting the NIS Domain Name

After installing the above package, you have to select and set a NIS Domain Name that will be used by both the server and the client. On some systems you can do so by running the domainname command. On others, you can just add it to a configuration file.

On Mandrake, you need to edit the file: /etc/sysconfig/network and add the following line to it:

NISDOMAIN=somename

Where somename is a name that you choose for the NIS Domain Name for your network.

Initializing NIS files

Then you have to convert the existing passwd, group and shadow files that contain user information and password to the NIS DBM format. You can do this using the following command:

/usr/lib/yp/ypinit -m

Updating the NIS files

From now on, every time you add a user, delete a user, you have to update the NIS database. You can do this using the command:

make -C /var/yp

If you want, you can setup a cron job to run every hour or every day and update the database for you automatically if it detects a change.

Starting the NIS server

Now you have to start the NIS server by entering the following command:

/etc/init.d/ypserv start

The server is now ready to handle authentication requests from the clients.

Setting up the Client machines

Installing the software

On the client, you need the yp-tools package, which depends on the ypbind package.

Configuring the software

First you must setup the NIS Domain Name. See above for how this is done.

Then, you must edit the /etc/yp.conf file, and point it to the appropriate server and domain name. Remember that the domain name must be the same that you set for the server. For example, add the following line:

domain somedomain server somehost

Modifying nsswitch.conf

The /etc/nsswitch.conf file lists the order for how lookups for various things are done, such as DNS lookup, user authentication, and the like. In order to make lookups for user authentication faster, change the following section in this file from:

passwd:     files nisplus nis
shadow: files nisplus nis
group: files nisplus nis

To the following:

passwd:     nis files nisplus
shadow: nis files nisplus
group: nis files nisplus

Deleting the existing users

If this system had local users before you install NIS, then it is a good idea to delete those users from the local machine before proceeding, provided that they have been added to the server. You can use the administration GUI that comes with your distribution to do this, or the userdel command.

Starting the NIS service

Start the NIS client service by entering:

/etc/init.d/ypbind start

Conclusion

Assuming you have done the above steps correctly, you can now handle all client authentication by using NIS.

Resources

For further reading, check the following:

Contents: 

Comments

Thank you

The steps prove to be of great help in a clean simple way.

Thanks to the creator.

Thanks!

Thanks for your clear and concise explanation. Apparently the RHCE book I have left out the add/delete users to NIS server. So what was I suppose to do after I configured the server and client?

thanks!

This page proved itself for me in creating the nis server user and client.

add-on required

this documentation is great but I believe it is missing the fact that /etc/sysconfig/network, should have an NISDOMAIN=[domain address].

Thank you.

On Mandrake

It is mentioned already, in relation to Mandrake.

Debian/Ubuntu is different, and does not need that. In fact, the /etc/sysconfig directory does not exist on such distros.
--
Khalid Baheyeldin

hi - please mention how to delete nis user

please mention how to delete nis user.
I tried deleting user by giving userdel, but its throwind an error
"userdel: error deleting shadow password entry"

hey nice post on nis

hey nice post on nis server
but u can also refer this link
http://www.techviolation.com/how-to-configure-nis-server-in-linux/

Thanks a lot..

The information is very useful and easy to understand.
Thanks a lot..