Nethence Documentation Lab Webmail Your IP BBDock  


Those documents are obsolete, please use the Nethence Documentation instead.

HomeUnixWindowsOracleObsoleteHardwareDIYMechanicsScriptsConfigsPrivate

Setting up NIS and NFS on NetBSD
 
Introduction and requirements
On master and slave, backup /var/yp/ before you initialize the NIS service so you can start from scratch again whenever you want,
cd /var/
tar czpf yp.dist.tar.gz yp/
Note. Otherwise you could restore Makefile.main Makefile.yp and nicknames from the distribution 'etc.tgz' set.
 
Make sure the master and the slave resolve themselfs and each other (fixed address in /etc/hosts ist very much recommended, with or without DNS),
cd /etc/
vi hosts
 
Version used: NetBSD 6.x, but this is so old school it will work on any version.
 
Configuring the NIS master
Setup the NIS domain name,
nisdomain=nisexample 
cd /etc/
cat > mydomain <<EOF9
$nisdomain
EOF9
ln -sf mydomain domainname
ln -sf mydomain defaultdomain
domainname $nisdomain
domainname
unset nisdomain
 
Now initialize the NIS databases as NIS master,
cd ~/
rm -rf /var/yp/
mkdir -p /var/yp/binding/
ypinit -m
note that it is only binding as client to itself for now, so answer,
next host: lilith
next host: [ENTER]
(...)
Is this correct? [y/n: n] y
Can we destroy the existing /var/yp/nisexample
and its contents? [y/n: n] y
apply (generates *.time and *.db files),
cd /var/yp/
make
 
Enable the NIS service on the master,
cd /etc/
cat >> rc.conf <<EOF9
rpcbind=yes
ypserv=yes
ypbind=yes
yppasswdd=yes 
EOF9
/etc/rc.d/rpcbind restart
/etc/rc.d/ypserv restart
/etc/rc.d/ypbind restart
/etc/rc.d/yppasswdd restart
 
Configure the master as a client to itself,
cd /etc/
mv nsswitch.conf nsswitch.conf.dist
sed '/^$/d;
/^#/d;
s/group:[[:space:]]*compat/group: files nis/;
s/passwd:[[:space:]]*compat/passwd: files nis/;
' nsswitch.conf.dist > nsswitch.conf
 
Configuring the NIS slave
Setup the NIS domain name,
nisdomain=nisexample 
cd /etc/
cat > mydomain <<EOF9
$nisdomain
EOF9
ln -sf mydomain domainname
ln -sf mydomain defaultdomain
domainname $nisdomain
domainname
unset nisdomain
 
Now initialize the NIS databases as NIS slave (pointing to the master SHORT network address),
ping -c1 lilith 
ypinit -s lilith 
note that it is also and respectively only binding as client to itself for now, so answer,
next host: client.example.local
next host: [ENTER]
(...)
Is this correct? [y/n: n] y
Can we destroy the existing /var/yp/nisexample
and its contents? [y/n: n] y
 
Enable the NIS service on the slave,
cd /etc/
cat >> rc.conf <<EOF9
rpcbind=yes
ypserv=yes
ypbind=yes
yppasswdd=no 
EOF9
/etc/rc.d/rpcbind start
/etc/rc.d/ypserv start
/etc/rc.d/ypbind start
 
Configure the slave as a client to itself,
cd /etc/
mv nsswitch.conf nsswitch.conf.dist
sed '/^$/d;
/^#/d;
s/group:[[:space:]]*compat/group: files nis/;
s/passwd:[[:space:]]*compat/passwd: files nis/;
' nsswitch.conf.dist > nsswitch.conf
 
Ready to go
Register the slave server(s) on the master,
cd /var/yp/example/
cat >> ypservers <<EOF9
client.example.local client.example.local
EOF9
make ypservers
check the modification is understood by the master server,
makedbm -u ypservers
now create a user,
useradd -s /bin/ksh -m -g users usercheck1
passwd usercheck1
cd /var/yp/
make
and check you can see it on the slave,
getent passwd | grep check
 
Now try to login as usercheck1 on the slave machine:
1) on the console,
2) remotely though e.g. SSH.
 
You can update your NIS password doing,
yppasswd
#or passwd -y
and you should get the success message,
The NIS password has been changed on lilith, the master NIS passwd server.
 
Now it's time to validate the Master <-> Slave kind-of-HA. Disconnect the wire from the Master server and see if the slave SSH service on the NIS user is still responding (of course be careful not to use any diskless system on the slave, or make sure that the diskless nfs server isn't also the NIS master).
 
Setting up the NFS service for home directories
Configure your shared dirs,
cd /etc/
vi exports
like,
/home -maproot=nobody:nobody -network=192.168.0.0/24 
Note. The export on the NFS server, the password file on the NIS master server and the fstab parameters must all point to the same folder. So if it's /home on the NIS master, keep it up anywhere.
 
Enable the daemons,
cd /etc/
cat >> rc.conf <<EOF9
rpcbind=yes
mountd=yes
nfs_server=yes
lockd=yes
statd=yes
nfs_client=yes
EOF9
apply,
/etc/rc.d/rpcbind restart
/etc/rc.d/mountd restart
/etc/rc.d/nfslocking restart
/etc/rc.d/nfsd restart
and verify,
showmount -e 127.0.0.1
 
Configuring NIS and NFS clients
NIS client
cd /etc/
cat > mydomain <<EOF9
example
EOF9
ln -sf mydomain domainname
ln -sf mydomain defaultdomain
domainname example
domainname

cd ~/
find /var/yp/
ypinit -c

cd /etc/
cat >> rc.conf <<EOF9
rpcbind=yes
ypserv=no 
ypbind=yes
yppasswdd=no 
EOF9
/etc/rc.d/rpcbind start
/etc/rc.d/ypbind start

cd /etc/
[[ ! -f nsswitch.conf.dist ]] && mv nsswitch.conf nsswitch.conf.dist
sed '/^$/d;
/^#/d;
s/group:[[:space:]]*compat/group: files nis/;
s/passwd:[[:space:]]*compat/passwd: files nis/;
' nsswitch.conf.dist > nsswitch.conf
 
NFS client
Enable NFS as client,
cd /etc/
cat >> rc.conf <<EOF9
rpcbind=yes
nfs_client=yes
lockd=yes
statd=yes
EOF9
and apply,
/etc/rc.d/rpcbind restart
/etc/rc.d/nfslocking restart
 
Mount user's home base directory,
cd /etc
cat >> fstab <<EOF9
192.168.0.1:/export/client/home /home nfs rw 0 0
EOF9
mount /home/
 
Usage and maintenance
You can update your NIS password doing,
yppasswd
#or passwd -y
and you should get the success message,
The NIS password has been changed on lilith, the master NIS passwd server.
 
You may want to backup the NIS databases once in a while, e.g.,
cd /var/
tar czpf yp.`date +%s`.tar.gz yp/
 
TODO
- securing NIS and NFS with /etc/hosts.*
- need INSECURE (makedbm -s) for sol8 clients?
- what about amd -- automount -- and ethers?
 
References about NIS
23.6.3. Network Information Service (NIS/YP)
うにっくすさんの覚え書き - NetBSD - NIS: http://www.nognog.com/techmemo/NetBSD_NIS_HOWTO.php 
NetBSD Wiki/tutorials/ how to set up nfs and nis
NIS in NetBSD - Silas' website
Adding a New Slave Server
NIS Troubleshooting on Solaris
3.3. Files managed under NIS
Solaris Naming Services Architecture
 
References about NFS
29.1. The Network File System (NFS)
 
Miscellaneous references
Replacing NIS with Kerberos and LDAP HOWTO
Samba + NIS
 

Last update: Feb 04, 2014