Today we will explore NIS. Note that if you have extra time, I strongly recommend that you catch up on other labs.
The first step in setting up your system to use NIS services is to set your NIS domain name. A system can only be in a single NIS domain at a time, and once set, the NIS domain is typically not changed. It is not possible to use one domain for one set of files and a different one for other files. In general, you set your NIS domain name as follows:
domainname eecs.lehigh.edu
You can use domainname by itself to verify your current settings. And in this case, DHCP has already set it for you.The ypbind daemon is responsible for sending NIS queries to the NIS server to which it is bound. To establish a binding, it can broadcast a request to find an NIS server, and once bound, it will be able to submit queries for data bound by that server. Start the daemon by simplying running ypbind. Verify using ps that ypbind is running.
The rpcinfo command is a diagnostic tool that returns information about RPC services -- it can be used to determine if an RPC server is responsive. Use the command below to test if the ypbind RPC service is functioning. If it is, rpcinfo will report back the RPC service port number for the service.
rpcinfo -u localhost ypbind
Look up the program number in /etc/rpc. What RPC service does it correspond to?The ypwhich command will output the name of the NIS server to which your system is bound. Run ypwhich to determine your NIS server.
Configure the /etc/nsswitch.conf file to allow the system to obtain NIS served data. As we discussed in class, the UNIX libraries can access a number of different databases to look up information such as passwords, groups, hostnames, etc. This is controlled by settings in the /etc/nsswitch.conf file. Edit your file -- look for lines beginning with passwd, shadow, and group, and add nis to the end of the line, making it look like:
passwd: files nis
Your system should now be configured to find login information from /etc/passwd, and if not there, then via NIS. Using yum, install finger, and then run finger bdd3 to test the use of NIS -- if it succeeds, and you see my name, then you have successfully set up a client to use a remote NIS server, since it first attempted to look up info in /etc/passwd for bdd3 and failing that, found it in NIS and then showed it to you. Note that while people can now log into your machine using their CSE/ECE accounts (!), they will not have home directories (since we are not mounting them), and as a result would get an error during log in.Once NIS seems to be working, you can examine the NIS databases being served. The ypcat program is similar to the cat program -- it dumps the specified database. Use ypcat to dump the passwd file being served by your domain.
Dumping an entire database can be expensive since the entire database is sent across the network, and databases such as hosts or passwd can be quite large. It is better to use the ypmatch program to look up a single record from a database (rather than ypcat | grep). Use ypmatch to obtain the entry for bdd3 from the passwd database. The syntax is similar to grep:
ypmatch bdd3 passwd
Did you notice the security problem here?The configuration of an NIS server occurs in the /var/yp directory. Change to it now.
Every NIS server (just like the clients) must have an NIS domain name. Set your domain name now to your last name (if it is unique in the class).
The NIS server daemon, ypserv, is not installed by default. Use yum to install it, and afterwards, run it.
The Makefile in this directory controls the rebuilding of the NIS databases, and decides which databases it will serve. Change your Makefile by searching for the all target, commenting it out, and adding a new all line that only includes hosts. Note that every time a change is made to an included plaintext database, this Makefile should be re-run to update the NIS databases.
Start the NIS client daemon, ypbind, since this machine can be a client of its own services. Note that to use alternative domain servers, you'll need to comment out the entries in /etc/yp.conf so that broadcast will be employed (rather than explicit entries). (NOTE: If that doesn't work, you will want to specify your NIS server's ip address in yp.conf.)
The NIS database now needs to be initialized. This is done with the ypinit -m command. You only run this command once. The script will ask you for a list of slave servers (don't set any additional servers).
You should now have a new subdirectory /var/yp/domainname where domainname is the name of the NIS domain you set previously. Verify that the right host files are in this new directory.This time, verify that /etc/nsswitch.conf is configured to use NIS for just the hosts database. Also make sure that your /etc/hosts has something unique in it (e.g., a hostname from a previous lab).
Once your system can use its own NIS databases, other NIS clients may use them as well. Ask someone else in the lab to set up their system to access yours as NIS server. They'll need to set their NIS domain name to the one you used, and restart ypbind.