As my home network expands, the time I spend doing administration tasks on it increases. As machines are added, I am required to add users to each machine, and mount directories so they are backed up on the server. By implementing autofs the problem of users' directories is solved. For users, I decided to implement NIS to centralize user administration.
But, I chose Linux in order to reduce the maintainance requirements for the network, not the other way around.
This articles describes how to centralize user management using NIS on Linux, so as to add or delete users on one machine only, and from there, users can log in from any other client machine, without the need to add them locally to the clients.
The NIS system works by designating one (or more) machine in the network as a NIS server, and the rest as NIS clients. The server acts as the central repository for all user names, passwords, and groups. The data is replicated from the regular /etc/passwd file to NIS databases that are normally DBM format.
When a client needs to check the password of someone who is trying to log in, it sends the request to the server, and the server comes back with the result (correct password or not).
Setting up the Server
Installing the software
On the server, you need to install a package called ypserv. This can be done by urpmi on Mandrake, or apt-get on Debian.
Setting the NIS Domain Name
After installing the above package, you have to select and set a NIS Domain Name that will be used by both the server and the client. On some systems you can do so by running the domainname command. On others, you can just add it to a configuration file.
On Mandrake, you need to edit the file: /etc/sysconfig/network and add the following line to it:
Where somename is a name that you choose for the NIS Domain Name for your network.
Initializing NIS files
Then you have to convert the existing passwd, group and shadow files that contain user information and password to the NIS DBM format. You can do this using the following command:
Updating the NIS files
From now on, every time you add a user, delete a user, you have to update the NIS database. You can do this using the command:
make -C /var/yp
If you want, you can setup a cron job to run every hour or every day and update the database for you automatically if it detects a change.
Starting the NIS server
Now you have to start the NIS server by entering the following command:
The server is now ready to handle authentication requests from the clients.
Setting up the Client machines
Installing the software
On the client, you need the yp-tools package, which depends on the ypbind package.
Configuring the software
First you must setup the NIS Domain Name. See above for how this is done.
Then, you must edit the /etc/yp.conf file, and point it to the appropriate server and domain name. Remember that the domain name must be the same that you set for the server. For example, add the following line:
domain somedomain server somehost
The /etc/nsswitch.conf file lists the order for how lookups for various things are done, such as DNS lookup, user authentication, and the like. In order to make lookups for user authentication faster, change the following section in this file from:
passwd: files nisplus nis
shadow: files nisplus nis
group: files nisplus nis
To the following:
passwd: nis files nisplus
shadow: nis files nisplus
group: nis files nisplus
Deleting the existing users
If this system had local users before you install NIS, then it is a good idea to delete those users from the local machine before proceeding, provided that they have been added to the server. You can use the administration GUI that comes with your distribution to do this, or the userdel command.
Starting the NIS service
Start the NIS client service by entering:
Assuming you have done the above steps correctly, you can now handle all client authentication by using NIS.
For further reading, check the following: