NIS server configuration

  • Server maintains the authoritative centralized copies of system files and their maps in hashed format, ndbm or gdbm.
  • Both NIS server and client files are contained in NIS package; to install it: 
    apt-get install nis
  • Choose a unique name for NIS domain, for example unisys, and store it in /etc/defaultdomain
  • Modify file /etc/default/nis to enable NIS server: 
    NISSERVER=master
  • Specify the location of the password file and enable change of the login shell in /etc/default/nis: 
    YPPWDDIR=/etc
YPCHANGEOK=chsh

  • To initialize NIS maps in /var/yp directory, run 
    /usr/lib/yp/ypinit -m
  • Modify entry "ALL" in /var/yp/Makefile, specifying only the maps we need to share, for example passwd and group: 
    ALL =   passwd group
#ALL =  passwd group hosts rpc services netid protocols netgrp

  • Start NIS server: 
    /etc/init.d/nis stop
/etc/init.d/nis start
  • Every time /etc/passwd and/or /etc/group is modified, the change should be updated in the NIS maps as follows: 
    cd /var/yp; make
  • Note, for security reasons, the minimum uid and gid included in the NIS maps is defined in the Makefile 
    MINUID=1000
MINGID=1000

  • Restrict access to the NIS maps only from specified subnets and/or hosts in /etc/ypserv.securenets 
    255.0.0.0       127.0.0.0
255.255.255.0   192.168.5.0
255.255.255.255 128.6.238.69

    Previous Pageprevious First Pagetop Next Pagenext