Re: Need help with NIS

Miquel van Smoorenburg (miquels@cistron.nl)
20 Dec 1999 17:04:42 GMT


In article <cistron.385E4401.3BF472F6@az1.de>,
Aanderas Schindler <schindler@az1.de> wrote:
>To explain the above:
>In my local authorization databases (passwd, group, shadow) there is
>only one 'real' user: root and a couple of 'pseudo users' like
>bin lp daemon etc. All the other REAL users, say Bill, Bob, etc.
>need to be imported via NIS.

Are you using Debian? If so, read /usr/doc/nis/nis.debian.howto.gz

Here's the relevant part from that document:

0. INTRODUCTION.

This HOWTO describes:

1. How to setup a NIS client-only system
2. How to specify what resources to use for NIS
3. How to setup a NIS master server
4. Shadow passwords
5. How to setup a NIS slave server

1. HOW TO SETUP A LOCAL NIS CLIENT

1.1 install the netbase, netstd and nis packages

1.2 The installation procedure will ask for your NIS domainname. This
is just a name which describes the group of systems that use NIS, it
is not a hostname. It is stored in the config file /etc/defaultdomain,
in case you ever want to change it. Unlike DNS hostnames and
domainnames, the NIS domainname is case-sensitive!

1.3 If your NIS server is not "local" to your network, you will have to do
some finetuning. The ypbind process has a configuration file called
/etc/yp.conf. You can hardcode a NIS server there - for more info
see the manual page for ypbind(8).

1.4 Start NIS by typing:

/etc/init.d/nis stop
/etc/init.d/nis start

2. HOW TO SPECIFY WHAT RESOURCES TO USE FOR NIS:

2.1 FOR LIBC6:

Check your /etc/nsswitch.conf file and make sure that the entries for
passwd, group, shadow and netgroup look like this:

passwd: compat
group: compat
shadow: compat
netgroup: nis

At this moment, libc6 has some troubles with reading netgroup data
from files. So do not use "db" or "files" in the entry for netgroup,
all netgroup lookups have to go through the NIS server.

2.2 USERS: Add the following line to /etc/passwd on your NIS
clients:

+::::::

You can also use the + and - characters to include/exclude or change
users. If you want to exclude the user guest just add -guest to your
/etc/passwd file. You want to use a different shell (e.g. ksh) for
the user "linux"? No problem, just add "+linux::::::/bin/ksh"
(without the quotes) to your /etc/passwd. Fields that you don't want
to change have to be left empty.

For example, to only allow login-access to miquels,dth and ed, but to
have the account data of all other users available:

+miquels:::::::
+ed:::::::
+dth:::::::
+:*::::::/etc/NoShell

Note that in Linux you can also override the password field, as we did
in this example.

2.3 GROUPS: Add the following line to /etc/group

+:::

2.4 HOSTS:

Normally you should not do host lookups through NIS, use DNS for that.
If you really must use NIS for it, here's how to do it.

2.4.1 For libc5 applications:

If you want to use the NIS host maps of your NIS server you
have to change your /etc/host.conf file. You just have to add the
word "nis" to the "order" line. A sample host.conf file could look
like this:

order hosts,nis
multi on

2.4.2 For libc6 applications:

Edit /etc/nsswitch.conf and change the hosts entry:

hosts: nis files

-- 
The From: and Reply-To: addresses are internal news2mail gateway addresses.
Reply to the list or to miquels@cistron.nl (Miquel van Smoorenburg)
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@vger.rutgers.edu