Tutorial on NIS

C:Direct

NIS (Network Information Service) helps manage information centrally in a Unix envionment. "Information" can be user accounts, machine names, and various configuration settings. NIS first appeared on Solaris.
*** Setting up the name service switch:
- In Solaris, you have to tell the system whether to pull information from files, NIS, NIS+, DNS, or another source.
Examples of "information" are: users, hosts, printers, aliases, etc.
- The basic lookup rules are found in /etc/nsswitch.conf. By default, the machine consults with files only.
- If you would like to change the lookup method, copy one of the alternate nsswitch files to nsswitch.conf:
cp /etc/nsswitch.nis /etc/nsswitch.conf  /etc/nodename
- Set the NIS domain name -- look at /etc/defaultdomain. If empty: echo somedomain.com > /etc/defaultdomain
- Identify your NIS servers -- one master and (optionally) one or more slave servers.
- Identify your NIS clients -- all machines in your domain can be NIS clients, although this is not necessary.
* Setting up a NIS master server:
- You can create your maps straight from /etc files, but this is not recommeneded for password maps.
- Serving the master password maps (/etc/passwd, /etc/shadow) straight from /etc makes external root attacks possible.
- Decide what your default map directory is going to be (DIR in /var/yp/Makefile) -- /etc is ok.-
- Decide what your password map directory is going to be (PWDIR in /var/yp/Makefile) -- consider /var/yp/pwmaps/.
- Check the following files for correctness (all under /etc):
auto_home
auto_master
bootparams
ethers
group
hosts
ipnodes
netgroup
netmasks
networks
protocols
rpc
services
timezone
auth_attr
exec_attr
prof_attr
user_attr
audit_user
- If any of them do not exist, create them with "touch ".
- Copy the files to your DIR directory as specified in /var/yp/Makefile -- skip this step if using /etc.
- Check passwd and shadow. Then copy then to PWDIR. Remove the entry for root from both files under PWDIR.
- Prepare the Makefile -- you may want to edit the following values in /var/yp/Makefile:
- DIR value -- only if your DIR is other than /etc.
- PWDIR value.
- Domain name resolver -- to use the domain name resolver for machines not in the current domain,
comment out "B=" and uncomment "B=-b" -- refer to the beginning of /var/yp/Makefile for details.
- Build new maps on the master server:
/usr/sbin/ypinit -m
- You may see non-fatal errors (about missing maps). You can ignore them if you do not plan on using the maps in question.
Otherwise, you have to create all the missing files under /etc and rerun ypinit.
- Note about qmail, etc: If you are using qmail, your old Sendmail binary is probably /usr/lib/sendmail.OLD (or similar).
Edit /var/yp/Makefile and repoint "sendmail" to your original Sendmail binary, as the one supplied with qmail
does not have the proper option for rebuilding aliases ("-bi").
- Starting the NIS service:
/usr/lib/netsvc/yp/ypstart
- This has already been set up by ypinit to start at boot.
- NOTE: When running this from scripts, allow a 5 sec delay after starting up before executing queries.
- Stopping the NIS service:
/usr/lib/netsvc/yp/ypstop
* Setting up NIS slave servers:
- Add all the other NIS servers to /etc/hosts.
- Before setting up a slave server as a NIS slave, you have to set it up as a NIS client:
cd /var/yp
/usr/sbin/ypinit -c
- Finally, restart the NIS service on the slave server:
/usr/lib/netsvc/yp/ypstop
/usr/lib/netsvc/yp/ypstart
* Setting up NIS clients:
- Make sure you have the correct domain in /etc/defaultdomain.
- You can also manually set the domain (temporarily): domainname somedomain.com
- Set up the machine to act as a NIS client:
/usr/sbin/ypinit -c  directory.
ypxfrd /ypservers.
You can modify the file manually (to remove servers), or by running "ypinit -c" (generally to add servers).
*** NIS Administration:
* When you have a non-default PWDIR (in this case, /var/yp/pwmaps), pushing passwd changes can be tedious.
You can automate the task by creating a script, for example /usr/local/bin/push_passwd:
#!/bin/sh
grep -v root /etc/passwd > /var/yp/pwmaps/passwd
grep -v root /etc/shadow > /var/yp/pwmaps/shadow
chmod 444 /var/yp/pwmaps/passwd
chmod 400 /var/yp/pwmaps/shadow
cd /var/yp
make passwd
- Then make it executable:
chmod 755 /usr/local/bin/push_passwd
- Whenever you make a user-related change (add users, change password, etc), execute this script.
* To change other maps, follow this procedure:
Edit the appropriate input files under /etc.
cd /var/yp
make   /tmp/temp_file

本文来自ChinaUnix博客，如果查看原文请点：http://blog.chinaunix.net/u/10290/showart_48828.html