ypcat (group, passwd) ypstart # linux ypbind ypinit # client, specify machines to bind to # server, specify whether master or slave ypwhich # tell what NIS server machine is bound to. passwd yppasswd (obsolete, for combatibility only) ypcat -k auto.master (-k to display the key name too!) ypcat -k auto.direct (the direct map, use /-) /var/yp/binding/DOMAIN/
ypservers # list of ypservers that can be used (non broadcast mode) passwd pwconv update shadow file based on new user additon to passwd (does not set password) passwd [uid] change password for user chown [uid]:[gid] /home/[user] change user home dir ownership shadow fields (all numbers are in days): eg: username:cV5MnNBnaUIbM:13362: 0:99999:7::: [---1--] [-----2-----] [-3-] 4 [-5-] 6 (78) 1: username 2: encrypted password 3: last password change - days since 1970/01/01. Substract this number by: 12775 = days since 2005/01/01 13140 = days since 2006/01/01 13505 = days since 2007/01/01 4: password next change - 0 means password can change at any time. 5: password req change in X days - 99999 means next life time :) 6: warning for expiration 7: account disactivation in X days - usually empty 8: acc expiration - usually empty 9: reserved w change : allowed next change : --- NIS+ nismatch -M name=tin passwd.org_dir nismatch tinh passwd nismatch grpname netgroup.org_dir nisgrep ...
NIS server setup
vi map files make (eg /var/ypmaps, /var/yp). NIS client /etc/defaultdomain /etc/hosts list of all nis servers ypinit -c setup NIS client. Use a predefined list nis servers, thus avoid the need to use broadcast. NOTE: a user can belongs to a max of 16 groups, surplus will not be recongnized by the system and suffer non group membership error. Client OS specific, defined in limits.h :: limits.h:#define NGROUPS_MAX 16 /* max number of groups for a user */ --- master server domainname NISdomainName ypinit -m ypserv removing old slaves, p69: ypcat -k ypservers | grep -v oldsvr | makedbm - /var/yp/`domainname`/ypservers Hon's approach (-u = undo) /usr/lib/yp/makedbm -u ypservers /tmp/ypservers vi /tmp/ypservers # update file, need all slave and master makdebm /tmp/ypservers ypservers # recreate the ypservers map makdebm ypservers /tmp/ypservers # not sure of param seq # at the end, ypcat -k ypservers need to list the master server as well. in practice, I did: cat /var/ypmaps/yp_slave.txt | makedbm - ypservers or cd /var/yp/arbor..com cat yp_slave.txt | makedbm - ypservers ypstop; ypstart # maybe needed, kill all yp* process, expecially yppush and that will recreate ypservers.pag and timestamp ypservers.dir yp_slave.txt is a text file that I create myself. List all the slave servers, hostname should be okay if they are in /etc/hosts, but sometime used IP. update the db w/o pushing the maps to the clients, which maybe down: ./make NOPUSH=true passwd 2004/01 getting issues about after update NIS master passwd, make and stuff client don't see the latest changes, even if they appear on ypcat. Seems to be client side resolver, editing nsswitch remove/readd nis seems to reset things. Not sure if cuz NIS master need to timestamp other things. 1996/11/03 geneusa ypservers.txt need to have key and actual entry, so file needed to be: (and no # comments, # is not treated specially) verso verso.geneusa.com papp-bapp1 papp-bapp1.geneusa.com pdir-nis01 pdir-nis01.geneusa.com and watch out for tailing space at the end of the line, which will be incorporated into the server name! and result in host not found!! cat ypservers.txt | /usr/lib/yp/makedbm - ypservers the final dbdump file named ypservers need to be in the folder of the domain name, eg /var/yp/tularik.com/ypservers Hmm... very strange... more testing using make reveals that the makdebm for ypservers is not needed! all that make wants is that there is a plain text file in /var/yp/ypservers one host per line, no other format. make depend on this to do push. eg: # cat ypservers # the orig file verso.geneusa.com firth.geneusa.com --- setting up slave server domainname ... ypinit -s MASTER-hostname ypserv don't forget /etc/nsswitch.conf Linux: http://www.linux.org/docs/ldp/
howto/NIS-HOWTO/ypserv.html /etc/sysconfig/network /etc/yp.conf need to be setup correctly to be in NIS DOMAIN to begin with. get ypserv rpm /usr/lib/yp/ypinit -s MASTER_SVR_HOSTNAME start ypserv (from init.d, may need to link rc3.d...) rpcinfo -u localhost ypserv # test it update slave's crontab to grp info using ypxfr --- Adding new maps. On master server, edit auto_master plus any additional files, such as auto_products Then, need to update Makefile to create dbm file out of the source. Remember the pickiness of Makefile req Tab as separator in many places! Then, after the Makefile is updated, the slave servers need to be updated also. On the NIS slave, redo ypinit -s so that it will reread what maps are available and load them all. Otherwise, they will never get the new maps!! ---- NIS client setup for RH9 in brio. (2003/07) vi /etc/sysconfig/network : HOSTNAME= NISDOMAIN=brio.com DOMAINNAME=brio.com vi /etc/nsswitch.conf, edit lines to match the following: passwd: files nis shadow: files nis group: files nis automount: files nis # create startup scripts cd /etc/rc.d/rc3.d ln -s ../init.d/ypbind ./S27ypbind cd /etc/rc.d/rc5.d ln -s ../init.d/ypbind ./S27ypbind start NIS client: /etc/init.d/ypbind start start automounter: /etc/init.d/autofs start restart ssh daemon (if you forget to do this, NIS user will NOT be able to loing!): /etc/init.d/sshd restart