this is obsolete doc -- see http://doc.nethence.com/ instead

Setting up NIS and NFS on NetBSD 

Introduction and requirements 

On master and slave, backup /var/yp/ before you initialize the NIS service so you can start from scratch again whenever you want, 

cd /var/

tar czpf yp.dist.tar.gz yp/

Note. Otherwise you could restore Makefile.main Makefile.yp and nicknames from the distribution 'etc.tgz' set. 

Make sure the master and the slave resolve themselfs and each other (fixed address in /etc/hosts ist very much recommended, with or without DNS), 

cd /etc/

vi hosts

Version used: NetBSD 6.x, but this is so old school it will work on any version. 

Configuring the NIS master 

Setup the NIS domain name, 

nisdomain=nisexample 

cd /etc/

cat > mydomain <<EOF9

$nisdomain

EOF9

ln -sf mydomain domainname

ln -sf mydomain defaultdomain

domainname $nisdomain

domainname

unset nisdomain

Now initialize the NIS databases as NIS master, 

cd ~/

rm -rf /var/yp/

mkdir -p /var/yp/binding/

ypinit -m

note that it is only binding as client to itself for now, so answer, 

        next host: lilith

        next host: [ENTER]

(...) 

Is this correct? [y/n: n] y

Can we destroy the existing /var/yp/nisexample

and its contents? [y/n: n]  y

apply (generates *.time and *.db files), 

cd /var/yp/

make

Enable the NIS service on the master, 

cd /etc/

cat >> rc.conf <<EOF9

rpcbind=yes

ypserv=yes

ypbind=yes

yppasswdd=yes 

EOF9

/etc/rc.d/rpcbind restart

/etc/rc.d/ypserv restart

/etc/rc.d/ypbind restart

/etc/rc.d/yppasswdd restart

Configure the master as a client to itself, 

cd /etc/

mv nsswitch.conf nsswitch.conf.dist

sed '/^$/d;

/^#/d;

s/group:[[:space:]]*compat/group:          files nis/;

s/passwd:[[:space:]]*compat/passwd:         files nis/;

' nsswitch.conf.dist > nsswitch.conf

Configuring the NIS slave 

Setup the NIS domain name, 

nisdomain=nisexample 

cd /etc/

cat > mydomain <<EOF9

$nisdomain

EOF9

ln -sf mydomain domainname

ln -sf mydomain defaultdomain

domainname $nisdomain

domainname

unset nisdomain

Now initialize the NIS databases as NIS slave (pointing to the master SHORT network address), 

  ping -c1 lilith 

ypinit -s lilith 

note that it is also and respectively only binding as client to itself for now, so answer, 

        next host: client.example.local

        next host: [ENTER]

(...) 

Is this correct? [y/n: n] y

Can we destroy the existing /var/yp/nisexample

and its contents? [y/n: n]  y

Enable the NIS service on the slave, 

cd /etc/

cat >> rc.conf <<EOF9

rpcbind=yes

ypserv=yes

ypbind=yes

yppasswdd=no 

EOF9

/etc/rc.d/rpcbind start

/etc/rc.d/ypserv start

/etc/rc.d/ypbind start

Configure the slave as a client to itself, 

cd /etc/

mv nsswitch.conf nsswitch.conf.dist

sed '/^$/d;

/^#/d;

s/group:[[:space:]]*compat/group:          files nis/;

s/passwd:[[:space:]]*compat/passwd:         files nis/;

' nsswitch.conf.dist > nsswitch.conf

Ready to go 

Register the slave server(s) on the master, 

cd /var/yp/example/

cat >> ypservers <<EOF9

client.example.local client.example.local

EOF9

make ypservers

check the modification is understood by the master server, 

makedbm -u ypservers

now create a user, 

useradd -s /bin/ksh -m -g users usercheck1

passwd usercheck1

cd /var/yp/

make

and check you can see it on the slave, 

getent passwd | grep check

Now try to login as usercheck1 on the slave machine: 

1) on the console,

2) remotely though e.g. SSH.

You can update your NIS password doing, 

yppasswd

#or passwd -y

and you should get the success message, 

The NIS password has been changed on lilith, the master NIS passwd server.

Now it's time to validate the Master <-> Slave kind-of-HA. Disconnect the wire from the Master server and see if the slave SSH service on the NIS user is still responding (of course be careful not to use any diskless system on the slave, or make sure that the diskless nfs server isn't also the NIS master). 

Setting up the NFS service for home directories 

Configure your shared dirs, 

cd /etc/

vi exports

like, 

/home -maproot=nobody:nobody -network=192.168.0.0/24 

Note. The export on the NFS server, the password file on the NIS master server and the fstab parameters must all point to the same folder. So if it's /home on the NIS master, keep it up anywhere. 

Enable the daemons, 

cd /etc/

cat >> rc.conf <<EOF9

rpcbind=yes

mountd=yes

nfs_server=yes

lockd=yes

statd=yes

nfs_client=yes

EOF9

apply, 

/etc/rc.d/rpcbind restart

/etc/rc.d/mountd restart

/etc/rc.d/nfslocking restart

/etc/rc.d/nfsd restart

and verify, 

showmount -e 127.0.0.1

Configuring NIS and NFS clients 

NIS client 

cd /etc/

cat > mydomain <<EOF9

example

EOF9

ln -sf mydomain domainname

ln -sf mydomain defaultdomain

domainname example

domainname

cd ~/

find /var/yp/

ypinit -c

cd /etc/

cat >> rc.conf <<EOF9

rpcbind=yes

ypserv=no 

ypbind=yes

yppasswdd=no 

EOF9

/etc/rc.d/rpcbind start

/etc/rc.d/ypbind start

cd /etc/

[[ ! -f nsswitch.conf.dist ]] && mv nsswitch.conf nsswitch.conf.dist

sed '/^$/d;

/^#/d;

s/group:[[:space:]]*compat/group:          files nis/;

s/passwd:[[:space:]]*compat/passwd:         files nis/;

' nsswitch.conf.dist > nsswitch.conf

NFS client 

Enable NFS as client, 

cd /etc/

cat >> rc.conf <<EOF9

rpcbind=yes

nfs_client=yes

lockd=yes

statd=yes

EOF9

and apply, 

/etc/rc.d/rpcbind restart

/etc/rc.d/nfslocking restart

Mount user's home base directory, 

cd /etc

cat >> fstab <<EOF9

192.168.0.1:/export/client/home   /home nfs   rw 0 0

EOF9

mount /home/

Usage and maintenance 

You can update your NIS password doing, 

yppasswd

#or passwd -y

and you should get the success message, 

The NIS password has been changed on lilith, the master NIS passwd server.

You may want to backup the NIS databases once in a while, e.g., 

cd /var/

tar czpf yp.`date +%s`.tar.gz yp/

TODO 

- securing NIS and NFS with /etc/hosts.* 

- need INSECURE (makedbm -s) for sol8 clients? 

- what about amd -- automount -- and ethers? 

References about NIS 

23.6.3. Network Information Service (NIS/YP): http://www.netbsd.org/docs/guide/en/chap-net-intro.html#chap-net-intro-nsconcepts-nis 

うにっくすさんの覚え書き - NetBSD - NIS: http://www.nognog.com/techmemo/NetBSD_NIS_HOWTO.php 

NetBSD Wiki/tutorials/ how to set up nfs and nis: http://wiki.netbsd.org/tutorials/how_to_set_up_nfs_and_nis/ 

NIS in NetBSD - Silas' website: http://www.silas.net.br/doc.notes/unix/netbsd/nis-in-netbsd.html 

Adding a New Slave Server: http://docs.oracle.com/cd/E19455-01/806-1387/6jam692cm/index.html 

NIS Troubleshooting on Solaris: http://www.softpanorama.net/Net/Application_layer/NIS/nis_troubleshooting.shtml 

3.3. Files managed under NIS: http://docstore.mik.ua/orelly/networking_2ndEd/nfs/ch03_03.htm 

Solaris Naming Services Architecture: http://www.informit.com/articles/article.aspx?p=24381&seqNum=11 

References about NFS 

29.1. The Network File System (NFS): http://www.netbsd.org/docs/guide/en/chap-net-services.html#chap-net-services-nfs 

Miscellaneous references 

Replacing NIS with Kerberos and LDAP HOWTO: http://aput.net/~jheiss/krbldap/howto.html 

Samba + NIS: http://forum.ubuntu-fr.org/viewtopic.php?id=439878