~ CHAPTER 19: NETWORK INFORMATION SERVICE (NIS) ~

The Network Information Service (NIS) makes possible the sharing the data of critical files

across the local area network.

The main benefit achieved from using NIS is that you can maintain a central copy of the data,

and whenever that data is updated, it automatically propagates to all of the network users.

Inside NIS

The Network Information Service is really just a simple database that clients can query. It

contains a series of independent tables. Each table originated as a straight text file, such as

/etc/passwd, which is tabular in nature and has at least one column that is unique for every

row.

NOTE: Although it is technically correct to refer to NIS’s tables as a database, they are

more typically called maps. (In this context, we are mapping keys to values). Using the

/etc/passwd file as an example, we map a user’s login name (which we know is always

unique) to the rest of the password entry.

The NIS Servers

NIS can have one authoritative server where the original data files are kept (this is

somewhat similar to the DNS).

This can be done by setting up one or more secondary (slave) NIS servers. In addition

to helping distribute the load, secondary servers also provide a mechanism to better

handle server failures. The secondary NIS server can continue answering queries

even while the master or other secondary servers are down.

Secondary NIS server receive updates whenever the primary NIS server is updated,

so that the masters and slaves remain in sync. The process of keeping the secondary

servers in sync with the primary is called the server push.

NOTE: A server pull mechanism also exists for NIS. However, this solution is typically

reserved for more complex configurations, such as when you have hundreds of slave

servers. In a smaller network, this should not be an issue.

======================================================================

linux19.html PAGE 2 2002/07/20

Domains

Primary NIS servers establish domains that are similar to the domains of a PDC. A significant

difference is that the NIS domain does not require the NIS server administrator to explicitly allow

a client to join.

NIS and Yellow Pages

When NIS was originally developed in the 1980’s it was called Yellow Pages (YP for short).

But invoked a lawsuit in the U.K with the trademark of British Telecom. To avoid a lawsuit.

Sun renamed the package Network Information Service, and other UNIX vendors followed suit.

Configuring the Master NIS Server

Linux distributions typically come with NIS already compiled and installed. All this is left for

you to do is enable the service (if it isn’t enabled already).

The yp stands for the Yellow pages
Once NIS is enabled, you’ll need to configure it.:
Establish a domain name.
Start the ypserv daemon to start NIS.
Edit the makefile.
Run ypinit to create the databases.

Establishing a Domain Name

Setting the NIS domain name is done with the domainname command

domainname^bluesky.com

Starting NIS

The ypserv daemon is responsible for handling NIS requests. If you are installing NIS

onto a live server, most likely you will not want to reboot the server to complete the

installation.

/etc/rc.d/init.d/ypserv^start

======================================================================

linux19.html PAGE 3 2002/07/20

Editing the Makefile

You’ve seen the use of the make command to compile programs in many other chapters.
The make tool doesn’t do the compilation, however, it simply keeps track of what files

need to be compiled and then invokes the necessary program to perform the compilation.

When make sees that a file’s data and time have been modified, make takes that to mean

that the file’s contents have been modified. If the file has been modified, that tells make

that the file needs to be recompiled.

Using upinit

Once you have the makefile ready, you need to initialize the UP (NIS) server using the ypinit command.

Makefile Errors

If you made a mistake in the makefile, you may get an error when ypinit runs the make program.

If you see this error: See page 435.

Updating NIS Maps

If you have updated the files configured to be shared by NIS with the rest of your network, you

need to rebuild the map files.

cd^/var/yp;make

Setting up the Startup Script

The NIS client runs a daemon called ypbind in order to communicate with the server. Typically,

this is started in the /etc/rc.d/init.d/ypbind startup script.

Testing your NIS Client Configuration

ypcat command is used to dump a map from the NIS server to your screen. To do this, type

the following command:

ypcat^passwd

======================================================================

linux19.html PAGE 4 2002/07/20

Setting up the NIS Master to Push to Slaves

If you haven’t already configured the master NIS server that will push to the slave NIS servers,

you should do so now. This requires two tasks: First edit the /var/yp/ypservers file so that it

lists all the secondary NIS server to which the master server will push maps.

NIS Tools

To help you work with NIS, a handful of tools have been written to let you extract information

form the database via the command line.

ypcat. Dumps the contents of an NIS MAP.
ypwhich. Returns the name of the NIS server that is answering your requests.
ypmatch. A close relative to the ypcat. Rather than pulling an entire map down, however, you

supply a key value to ypmatch and only the entry corresponding to that key is pulled down.

yppasswd. Is the NIS version of the standard Linux passwd command. The difference

between the two is that the yppasswd command allows the user to set their password on the

NIS server.

Using NIS in Configuration Files

One of the most popular uses of NIS is the sharing of the /etc/passwd file so that everyone can

A Small Network

We define a small network to be one with fewer than 30 to 40 UNIX /Linux systems, all of

which exist on the same subnet.

A Segmented Network

Segmented networks introduce complexity to the process of handling broadcast-style services.

For growing network, however, segmenting is likely to be a necessity. By segmenting your traffic

into two or more discrete networks, you can better keep traffic on each segment down to a

controllable level.

In any event, this network’s clients should be configured to contact the server directly instead

of using broadcasts.

======================================================================

linux19.html PAGE 5 2002/07/20

Networks Bigger than Buildings

It isn’t uncommon for networks to grow bigger than the buildings they’re located in. Remote

offices connected through a variety of methods mean a variety of administrative decisions –

and not just concerning NIS!

Summary:

Although similar in nature to PDCs, NIS servers are not the same. Namely, NIS

servers do not perform authentication.

Once the makefile is set up and ypinit has been run, master NIS servers do not need

additional setups. Changes to the files that you need to share via NISD

(such as /etc/passwd) are updated and propagated by running cd^/var/yp;make.

NIS slave servers are listed on the master server’s file, /var/yp/ypservers.
Setup of an NIS slave server is little more than running the upinit^-s command.
NIS clients need their /etc/yp.conf and /etc/nsswitch.conf files to be adjusted,

and then only the ypbind program is set running.

Be sure to establish the NIS-isms in the client-side password file.