To run any of the software mentioned below you will need to run the program /usr/sbin/rpc.portmap. Some Linux distributions already have the code in /etc/rc.d/rc.inet2 to start up this daemon. All you have to do is comment it out and reboot your Linux machine to activate it.
The RPC portmapper (portmap(8c)) is a server that converts RPC program numbers into TCP/IP (or UDP/IP) protocol port numbers. It must be running in order to make RPC calls (which is what the NIS client software does) to RPC servers (like a NIS server) on that machine. When an RPC server is started, it will tell portmap what port number it is listening to, and what RPC program numbers it is prepared to serve. When a client wishes to make an RPC call to a given program number, it will first contact portmap on the server machine to determine the port number where RPC packets should be sent.
Normally, standard RPC servers are started by inetd(8C), so portmap must be started before inetd is invoked.
To answer this question you have to consider two cases:
In the first case, you only need the client programs (ypbind, ypwhich, ypcat, yppoll, ypmatch). The most important program is ypbind. This program must be running at all times, that is, it should always appear in the list of processes. It's a so-called daemon process and needs to be started from the system's startup file (eg. /etc/rc.local). As soon as ypbind is running, your system has become a NIS client.
In the second case, if you don't have NIS servers, then you will also
need a NIS server program (usually called ypserv). Section 6 describes
how to set up a NIS server on your Linux machine using the "ypserv"
implementation by Peter Eriksson (<pen@lysator.liu.se>). Note
that this implementation does NOT support the master-slave concept
talked about in section 3. Using this software, all your NIS servers
will be master servers. There is also another free NIS server
available, called "yps", written by Tobias Reber in Germany which does
support the master-slave concept, but has other limitations.
The system library "/usr/lib/libc.a" (version 4.4.2 and better) or the shared library "/usr/lib/libc.sa" and its related DLL contain all necessary system calls to succesfully compile the NIS client and server software.
Some people reported that NIS only works with "/usr/lib/libc.a" version 4.5.21 and better so if you want to play it safe don't user older libc's. The NIS client software can be obtained from:
Site Directory File Name
ftp.uni-paderborn.de /pcsoft2/linux/local/yp yp-clients.tar.gz
ftp.funet.fi /pub/OS/Linux/BETA/NYS/clients yp-clients.tar.gz
ftp.lysator.liu.se /pub/NYS/clients yp-clients.tar.gz
sunsite.unc.edu /pub/Linux/system/Network/admin yp-clients.tar.gz
Once you obtained the software, please follow the instructions which come with the software.
Assuming you have succesfully compiled the software you are now ready to install the software. A suitable place for the ypbind daemon is the directory /usr/sbin.
You'll need to do this as root of course. The other binaries (ypwhich, ypcat, yppoll, ypmatch) should go in a directory accessible by all users, for example /usr/etc or /usr/local/bin. It might be a good idea to test ypbind before incorporating it in /etc/rc.d/rc.inet2.
To test ypbind do the following:
/bin/domainname-yp nis.domain
nis.domain should be some string, _NOT_ normally
associated with the domain name of your machine! The reason for
this is that it makes it a little harder for external crackers
to retreive the password database from your NIS servers. If you
don't know what the NIS domain name is on your network, ask
your system/network administrator.
program vers proto port
100000 2 tcp 111 portmapper
100000 2 udp 111 portmapper
100007 2 udp 637 ypbind
100007 2 tcp 639 ypbind
300019 1 udp 660
program 100007 version 2 ready and waiting
Finally, do not forget that for host lookups you must set (or add) "nis" to the lookup order line in your /etc/host.conf file. Please read the manpage "resolv+.8" for more details.
At this point you should be able to use NIS client programs like ypcat, etc... For example, "ypcat passwd" will give you the entire NIS password database.
IMPORTANT: If you skipped the test procedure then make sure you have set the domain name, and created the directory:
/var/yp
This directory MUST exist for ypbind to start up succesfully.
If the test worked you may now want to change the files /etc/rc.d/rc.M and /etc/rc.d/rc.inet2 on your system so that ypbind will be started up at boot time and your system will act as a NIS client. Edit the file /etc/rc.d/rc.M and look for the commands which set the domain name. Change the domain name into the name of your domain. Also, edit the file /etc/rc.d/rc.inet2, comment out the lines which start up the rpc.portmap daemon, and add the following lines just after the place where rpc.portmap is started:
#
# Start the ypbind daemon
#
if [ -f ${NET}/ypbind -a -d /var/yp ]; then
echo -n " ypbind"
${NET}/ypbind
fi
Unlike Sun's implementation of NIS you do not need to edit /etc/passwd and /etc/group to take advantage of NIS. Sun's implementation needs a line "+:*:0:0:::" in /etc/passwd and a line "+:*:0:" in /etc/group to tell NIS to search the NIS password and group databases.
IMPORTANT: Note that the command finger will report "no such user" messages if you do not add the line "+:*:0:0:::" to /etc/passwd. Putting the line "+:*:0:0:::" back in /etc/passwd fixes finger.
Well, that's it. Reboot the machine and watch the boot messages to see if ypbind is actually started.
IMPORTANT: Note that the netgroup feature is implemented starting from libc 4.5.26. Netgroups allow access control for every machine and every user in the NIS domain, and they require an entry like:
+@this_machine_users
in /etc/passwd. But if you have a version of libc erlier than 4.5.26, every user in the NIS password database can access your linux machine if you run "ypbind".
Next Chapter, Previous Chapter
Table of contents of this chapter, General table of contents
Top of the document, Beginning of this Chapter