This commit is contained in:
gferg 2002-08-05 20:21:33 +00:00
parent e449e665b6
commit 93d047ff2c
4 changed files with 279 additions and 132 deletions

View File

@ -1073,7 +1073,7 @@ applications to make them LDAP-aware. </Para>
NIS-HOWTO</ULink>,
<CiteTitle>The Linux NIS(YP)/NYS/NIS+ HOWTO</CiteTitle>
</Para><Para>
<CiteTitle>Updated: November 2000</CiteTitle>.
<CiteTitle>Updated: August 2002</CiteTitle>.
How to configure Linux as NIS(YP) or NIS+ client and how to install
as a NIS server. </Para>
</ListItem>

View File

@ -1957,7 +1957,7 @@ How to set up NFS clients and servers. </Para>
NIS-HOWTO</ULink>,
<CiteTitle>The Linux NIS(YP)/NYS/NIS+ HOWTO</CiteTitle>
</Para><Para>
<CiteTitle>Updated: November 2000</CiteTitle>.
<CiteTitle>Updated: August 2002</CiteTitle>.
How to configure Linux as NIS(YP) or NIS+ client and how to install
as a NIS server. </Para>
</ListItem>

View File

@ -265,7 +265,7 @@ and running, using an IP network. </Para>
NIS-HOWTO</ULink>,
<CiteTitle>The Linux NIS(YP)/NYS/NIS+ HOWTO</CiteTitle>
</Para><Para>
<CiteTitle>Updated: November 2000</CiteTitle>.
<CiteTitle>Updated: August 2002</CiteTitle>.
How to configure Linux as NIS(YP) or NIS+ client and how to install
as a NIS server. </Para>
</ListItem>

View File

@ -1,6 +1,6 @@
<!DOCTYPE Article PUBLIC "-//OASIS//DTD DocBook V3.1//EN">
<Article>
<Article id="index">
<ArtHeader>
@ -10,7 +10,7 @@
<FirstName>Thorsten Kukuk</FirstName>
</AUTHOR
>
<PubDate>v1.1.1, 18 November 2000</PubDate>
<PubDate>v1.2, 4 August 2002</PubDate>
<Abstract>
@ -26,7 +26,7 @@ and how to install as NIS server.
</Abstract>
</ArtHeader>
<Sect1>
<Sect1 id="introduction">
<Title>Introduction</Title>
<Para>
@ -82,8 +82,8 @@ who we should thank for writing the first versions of this document.
You can always view the latest version of this document on the
World Wide Web via the
URL <ULink
URL="http://www.suse.de/~kukuk/nis-howto/HOWTO/NIS-HOWTO.html"
>http://www.suse.de/~kukuk/nis-howto/HOWTO/NIS-HOWTO.html</ULink
URL="http://www.linux-nis.org/nis-howto/HOWTO/NIS-HOWTO.html"
>http://www.linux-nis.org/nis-howto/HOWTO/NIS-HOWTO.html</ULink
>.
</Para>
@ -95,8 +95,8 @@ Linux WWW and FTP sites, including the LDP home page.
<Para>
Links to translations of this document could be found at
<ULink
URL="http://www.suse.de/~kukuk/nis-howto/"
>http://www.suse.de/~kukuk/nis-howto/</ULink
URL="http://www.linux-nis.org/nis-howto/"
>http://www.linux-nis.org/nis-howto/</ULink
>.
</Para>
@ -122,8 +122,8 @@ possible.
<Para>
If you have questions or comments about this document, please feel
free to mail Thorsten Kukuk, at <ULink
URL="mailto:kukuk@suse.de"
>kukuk@suse.de</ULink
URL="mailto:kukuk@linux-nis.org"
>kukuk@linux-nis.org</ULink
>. I welcome any
suggestions or criticisms. If you find a mistake with this
document, please let me know so I can correct it in the next
@ -153,6 +153,7 @@ Byron A Jeff &#60;byron@cc.gatech.edu&#62;
Markus Rex &#60;msrex@suse.de&#62;
Miquel van Smoorenburg &#60;miquels@cistron.nl&#62;
Dan York &#60;dyork@lodestar2.com&#62;
Christoffer Bromberg &#60;christoffer@web.de&#62;
</Screen>
</Para>
@ -169,7 +170,7 @@ GNU libc 2.x from scratch.
</Sect1>
<Sect1>
<Sect1 id="glossary">
<Title>Glossary and General Information</Title>
<Sect2>
@ -353,24 +354,18 @@ NIS stands for Network Information Service. Its purpose is to
provide information, that has to be known throughout the network,
to all machines on the network. Information likely to be
distributed by NIS is:
</Para>
<Para>
<ItemizedList>
<ListItem>
<Para>
login names/passwords/home directories (/etc/passwd)
</Para>
</ListItem>
<ListItem>
<Para>
group information (/etc/group)
</Para>
</ListItem>
</ItemizedList>
</Para>
@ -390,7 +385,7 @@ SunSoft, Inc.
</Sect1>
<Sect1>
<Sect1 id="which">
<Title>NIS, NYS or NIS+ ?</Title>
<Sect2>
@ -455,20 +450,18 @@ and shadow. The GNU C Library has no problems with shadow passwords over NIS.
</Title>
<Para>
The choice between NIS and NIS+ is easy - use NIS if you don't have to
use NIS+ or have severe security needs. NIS+ is &lowbar;much&lowbar; more problematic
The choice between NIS and NIS+ is easy - use NIS+ only if you have
severe security needs. NIS+ is &lowbar;much&lowbar; more problematic
to administer (it's pretty easy to handle on the client side, but the
server side is horrible). Another problem is that the support for NIS+
under Linux is still under developement - you need the latest glibc 2.1.
There is an unsupported port of the glibc NIS+ support for libc5 as
dropin replacement.
under Linux contains a lot of bugs and that the development has stopped.
</Para>
</Sect2>
</Sect1>
<Sect1>
<Sect1 id="operation">
<Title>How it works</Title>
<Sect2>
@ -498,19 +491,19 @@ server will try to find one that is up or faster.
<Para>
NIS databases are in so-called DBM format, derived from ASCII
databases. For example, the files <Literal remap="tt">/etc/passwd</Literal> and
<Literal remap="tt">/etc/group</Literal> can be directly converted to DBM format using
ASCII-to-DBM translation software ("makedbm", included with the
server software). The master NIS server should have both, the ASCII
databases and the DBM databases.
databases. For example, the files <filename>/etc/passwd</filename> and
<filename>/etc/group</filename> can be directly converted to DBM format
using ASCII-to-DBM translation software (<Command>makedbm</Command>,
included with the server software). The master NIS server should have
both, the ASCII databases and the DBM databases.
</Para>
<Para>
Slave servers will be notified of any change to the NIS maps, (via the
"yppush" program), and automatically retrieve the necessary changes in
order to synchronize their databases. NIS clients do not need to do
this since they always talk to the NIS server to read the information
stored in it's DBM databases.
<Command>yppush</Command> program), and automatically retrieve the
necessary changes in order to synchronize their databases. NIS clients
do not need to do this since they always talk to the NIS server to read
the information stored in it's DBM databases.
</Para>
<Para>
@ -611,7 +604,7 @@ configuration file !
</Sect1>
<Sect1>
<Sect1 id="setting_NIS">
<Title>What do you need to set up NIS?
<IndexTerm><Primary
>NIS!setting up</Primary></IndexTerm>
@ -660,7 +653,8 @@ As soon as ypbind is running your system has become a NIS client.
<Para>
In the second case, if you don't have NIS servers, then you will also
need a NIS server program (usually called ypserv). <XRef LinkEnd="ypserv">
describes how to set up a NIS server on your Linux machine using the "ypserv"
describes how to set up a NIS server on your Linux machine using the
<Command>ypserv</Command>
daemon.
</Para>
@ -690,8 +684,8 @@ libc's. The NIS client software can be obtained from:
<Screen>
Site Directory File Name
ftp.kernel.org /pub/linux/utils/net/NIS yp-tools-2.4.tar.gz
ftp.kernel.org /pub/linux/utils/net/NIS ypbind-mt-1.7.tar.gz
ftp.kernel.org /pub/linux/utils/net/NIS yp-tools-2.7.tar.gz
ftp.kernel.org /pub/linux/utils/net/NIS ypbind-mt-1.12.tar.gz
ftp.kernel.org /pub/linux/utils/net/NIS ypbind-3.3.tar.gz
ftp.kernel.org /pub/linux/utils/net/NIS ypbind-3.3-glibc5.diff.gz
</Screen>
@ -708,7 +702,7 @@ a bug in the NIS code, you shouldn't use libc 5.4.21-5.4.35. Use libc
ypbind 3.3 will work with all libraries, too. If you use gcc 2.8.x or
greater, egcs or glibc 2.x, you should add the ypbind-3.3-glibc5.diff
patch to ypbind 3.3. If possible you should avoid the use of ypbind 3.3
for security reasons.
for security reasons.
ypbind-mt is a new, multithreaded daemon. It needs a Linux 2.2 kernel
and glibc 2.1 or later.
</Para>
@ -716,7 +710,7 @@ and glibc 2.1 or later.
</Sect2>
</Sect1>
<Sect1>
<Sect1 id="settingup_client">
<Title>Setting Up the NIS Client
</Title>
<Sect2>
@ -760,7 +754,7 @@ An example:
</Para>
<Para>
If the system cam resolv the hostnames without NIS, you may use
If the system can resolve the hostnames without NIS, you may use
the name, otherwise you have to use the IP address. ypbind 3.3 has a bug
and will only use the last entry (ypserver 10.3.1.1 in the example). All
other entries are ignored. ypbind-mt handle this correct and uses
@ -800,29 +794,29 @@ your system/network administrator.
<ListItem>
<Para>
Start up "/usr/sbin/portmap" if it is not already running.
Start up "<Command>/usr/sbin/portmap</command>" if it is not already running.
</Para>
</ListItem>
<ListItem>
<Para>
Create the directory "/var/yp" if it does not exist.
Create the directory <filename>/var/yp</filename> if it does not exist.
</Para>
</ListItem>
<ListItem>
<Para>
Start up "/usr/sbin/ypbind"
Start up <Command>/usr/sbin/ypbind</Command>
</Para>
</ListItem>
<ListItem>
<Para>
Use the command "rpcinfo -p localhost" to check if ypbind
was able to register its service with the portmapper. The
Use the command <Command>rpcinfo -p localhost</Command> to check if
ypbind was able to register its service with the portmapper. The
output should look like:
@ -858,9 +852,8 @@ Depending on the ypbind version you are using.
<ListItem>
<Para>
You may also run "rpcinfo -u localhost ypbind". This command
should produce something like:
You may also run <Command>rpcinfo -u localhost ypbind</Command>.
This command should produce something like:
<Screen>
program 100007 version 2 ready and waiting
@ -889,8 +882,8 @@ Important is only the "version 2" message.
<Para>
At this point you should be able to use NIS client programs like ypcat,
etc... For example, "ypcat passwd.byname" will give you the entire NIS
password database.
etc... For example, <Command>ypcat passwd.byname</Command> will give
you the entire NIS password database.
</Para>
<Para>
@ -911,7 +904,8 @@ This directory MUST exist for ypbind to start up succesfully.
</Para>
<Para>
To check if the domainname is set correct, use the /bin/ypdomainname from
To check if the domainname is set correct, use the
<Command>/bin/ypdomainname</Command> from
yp-tools 2.2. It uses the yp&lowbar;get&lowbar;default&lowbar;domain() function which is more
restrict. It doesn't allow for example the "(none)" domainname, which
is the default under Linux and makes a lot of problems.
@ -939,12 +933,13 @@ if ypbind is actually started.
<Para>
For host lookups you must set (or add) "nis" to the lookup order line
in your /etc/host.conf file. Please read the manpage "resolv+.8" for
more details.
in your <filename>/etc/host.conf</filename> file. Please read the
manpage "resolv+.8" for more details.
</Para>
<Para>
Add the following line to /etc/passwd on your NIS clients:
Add the following line to <filename>/etc/passwd</filename>
on your NIS clients:
</Para>
<Para>
@ -958,9 +953,11 @@ Add the following line to /etc/passwd on your NIS clients:
<Para>
You can also use the + and - characters to include/exclude or change
users. If you want to exclude the user guest just add -guest to your
/etc/passwd file. You want to use a different shell (e.g. ksh) for
<filename>/etc/passwd</filename> file.
You want to use a different shell (e.g. ksh) for
the user "linux"? No problem, just add "+linux::::::/bin/ksh"
(without the quotes) to your /etc/passwd. Fields that you don't want
(without the quotes) to your <filename>/etc/passwd</filename>. Fields
that you don't want
to change have to be left empty. You could also use Netgroups for
user control.
</Para>
@ -1196,12 +1193,12 @@ Solaris does not support shadow passwords over NIS.
</Title>
<Para>
PAM does not support Shadow passwords over NIS, especially
pam&lowbar;pwdb/libpwdb. This is a big problem for RedHat 5.x users. If you
have glibc and PAM, you need to change the /etc/pam.d/* entries.
Replace all pam&lowbar;pwdb rules through pam&lowbar;unix&lowbar;*
modules. Due a bug in the pam&lowbar;unix&lowbar;auth.so module this will not always
work.
Linux-PAM 0.75 and newr does support Shadow passwords over NIS if you
use the pam_unix.so Module or if you install the extra pam_unix2.so
Module. Old systems using pam&lowbar;pwdb/libpwdb (for example Red Hat
Linux 5.x)
need to change the /etc/pam.d/* entries. All pam&lowbar;pwdb rules should
be replaced through a pam&lowbar;unix&lowbar;* module.
</Para>
<Para>
@ -1212,12 +1209,16 @@ An example /etc/pam.d/login file looks like:
<Screen>
#%PAM-1.0
auth required /lib/security/pam_securetty.so
auth required /lib/security/pam_unix.so
auth required /lib/security/pam_nologin.so
account required /lib/security/pam_unix.so
password required /lib/security/pam_unix.so
session required /lib/security/pam_unix.so
auth requisite pam_unix2.so nullok #set_secrpc
auth required pam_securetty.so
auth required pam_nologin.so
auth required pam_env.so
auth required pam_mail.so
account required pam_unix2.so
password required pam_pwcheck.so nullok
password required pam_unix2.so nullok use_first_pass use_authtok
session required pam_unix2.so none # debug or trace
session required pam_limits.so
</Screen>
</Para>
@ -1228,7 +1229,7 @@ session required /lib/security/pam_unix.so
</Sect1>
<Sect1>
<Sect1 id="nisplus">
<Title>What do you need to set up NIS+ ?</Title>
<Sect2>
@ -1240,25 +1241,17 @@ session required /lib/security/pam_unix.so
<Para>
The Linux NIS+ client code was developed for the GNU C library 2.
There is also a port for Linux libc5, since most commercial Applications
are linked against this library, and you cannot recompile them for
using glibc. There are problems with libc5 and NIS+:
where linked against this library in the past, and you cannot recompile
them for using glibc. There are problems with libc5 and NIS+:
static programs cannot be linked with it, and programs compiled
with this library will
not work with other libc5 versions.
with this library will not work with other libc5 versions.
</Para>
<Para>
You need to retrieve and compile the GNU C Library 2.1 for Intel
based platforms, or GNU C Library 2.1.1 for 64bit platforms.
As base System you need a glibc based Distribution like Debian,
RedHat or SuSE Linux.
</Para>
<Para>
For every distribution, you need to recompile the gcc/g++ compiler,
libstdc++ and ncures. For Redhat, you need to make a lot of
changes of the PAM configuration. For SuSE Linux 6.0, you need
to recompile the shadow package.
Red Hat Linux or SuSE Linux. If you have a Linux Distribution, which
does not have glibc 2.1.1 or later, you need to update to a newer
version.
</Para>
<Para>
@ -1267,9 +1260,9 @@ The NIS+ client software can be obtained from:
<Screen>
Site Directory File Name
ftp.funet.fi /pub/gnu/funet libc-*, glibc-crypt-*,
glibc-linuxthreads-*
ftp.kernel.org /pub/linux/utils/net/NIS+ nis-utils-1.3.tar.gz
ftp.gnu.org /pub/gnu/glibc glibc-2.2.5.tar.gz,
glibc-linuxthreads-2.2.5.tar.gz
ftp.kernel.org /pub/linux/utils/net/NIS+ nis-utils-1.4.1.tar.gz
</Screen>
</Para>
@ -1277,8 +1270,8 @@ The NIS+ client software can be obtained from:
<Para>
You should also have a look at
<ULink
URL="http://www.suse.de/~kukuk/nisplus/"
>http://www.suse.de/~kukuk/nisplus/</ULink
URL="http://www.linux-nis.org/nisplus/"
>http://www.linux-nis.org/nisplus/</ULink
>
for more information and the latest sources.
</Para>
@ -1322,7 +1315,8 @@ your system/network administrator.
</Para>
<Para>
Now you should change your /etc/nsswitch.conf file. Make sure that the
Now you should change your <filename>/etc/nsswitch.conf</filename>
file. Make sure that the
only service after publickey is nisplus ("publickey: nisplus"), and nothing
else!
</Para>
@ -1340,7 +1334,8 @@ publickey for the new host on the NIS+ Server?).
</Para>
<Para>
"niscat passwd.org&lowbar;dir" should now show you all entries in the passwd database.
<Command>niscat passwd.org&lowbar;dir</Command>
should now show you all entries in the passwd database.
</Para>
</Sect2>
@ -1385,9 +1380,10 @@ session required /lib/security/pam_unix2.so
</Title>
<Para>
The Network Services switch file /etc/nsswitch.conf determines the
order of lookups performed when a certain piece of information is
requested, just like the /etc/host.conf file which determines the way
The Network Services switch file <filename>/etc/nsswitch.conf</filename>
determines the order of lookups performed when a certain piece of
information is requested, just like the
<filename>/etc/host.conf</filename> file which determines the way
host lookups are performed. For example, the line
</Para>
@ -1401,13 +1397,14 @@ host lookups are performed. For example, the line
<Para>
specifies that host lookup functions should first look in the local
/etc/hosts file, followed by a NIS+ lookup and finally through the domain
name service (/etc/resolv.conf and named), at which point if no match
is found an error is returned.
<filename>/etc/hosts</filename> file, followed by a NIS+ lookup and
finally through the domain
name service (<filename>/etc/resolv.conf</filename> and named), at
which point if no match is found an error is returned.
</Para>
<Para>
A good /etc/nsswitch.conf file for NIS+ is:
A good <filename>/etc/nsswitch.conf</filename> file for NIS+ is:
<Screen>
#
@ -1489,7 +1486,8 @@ The NIS server software can be found on:
<Screen>
Site Directory File Name
ftp.kernel.org /pub/linux/utils/net/NIS ypserv-1.3.11.tar.gz
ftp.kernel.org /pub/linux/utils/net/NIS ypserv-2.4.tar.gz
ftp.kernel.org /pub/linux/utils/net/NIS ypserv-2.4.tar.bz2
</Screen>
</Para>
@ -1497,8 +1495,8 @@ The NIS server software can be found on:
<Para>
You could also look at
<ULink
URL="http://www.suse.de/~kukuk/nis/"
>http://www.suse.de/~kukuk/nis/</ULink
URL="http://www.linux-nis.org/nis/"
>http://www.linux-nis.org/nis/</ULink
>
for more information.
</Para>
@ -1508,21 +1506,18 @@ The server setup is the same for both traditional NIS and NYS.
</Para>
<Para>
Compile the software to generate the <Literal remap="tt">ypserv</Literal> and <Literal remap="tt">makedbm</Literal>
programs. You can configure ypserv to use the securenets file or
the tcp&lowbar;wrappers. The tcp&lowbar;wrapper is much more flexible, but a lot of
people have big problems with it. And some configuration files for
tcp&lowbar;wrappers may cause a memory leak. If you have problems with
ypserv compiled for tcp&lowbar;wrapper, recompile it using the securenets file.
ypserv --version tells you, which version you have.
Compile the software to generate the <Command>ypserv</Command> and
<Command>makedbm</Command>
programs. ypserv-2.x only supports the securenets file for access
restrictions.
</Para>
<Para>
If you run your server as master, determine what files you require to be
available via NIS and then add or remove the appropriate
entries to the "all" rule in <Literal remap="tt">/var/yp/Makefile</Literal>. You always
should look at the Makefile and edit the Options at the beginning of
the file.
entries to the "all" rule in <filename>/var/yp/Makefile</filename>.
You always should look at the Makefile and edit the Options at the
beginning of the file.
</Para>
<Para>
@ -1530,19 +1525,20 @@ There was one big change between ypserv 1.1 and ypserv 1.2. Since
version 1.2, the file handles are cached. This means you have to
call makedbm always with the -c option if you create new maps. Make
sure, you are using the
new <Literal remap="tt">/var/yp/Makefile</Literal> from ypserv 1.2 or later, or add the -c flag
to makedbm in the Makefile. If you don't do that, ypserv will continue to
use the old maps, and not the updated one.
new <filename>/var/yp/Makefile</filename> from ypserv 1.2 or later,
or add the -c flag to makedbm in the Makefile. If you don't do that,
ypserv will continue to use the old maps, and not the updated one.
</Para>
<Para>
Now edit <Literal remap="tt">/var/yp/securenets</Literal> and <Literal remap="tt">/etc/ypserv.conf</Literal>.
Now edit <filename>/var/yp/securenets</filename> and
<filename>/etc/ypserv.conf</filename>.
For more information, read the ypserv(8) and ypserv.conf(5) manual pages.
</Para>
<Para>
Make sure the portmapper (portmap(8)) is running, and start the
server <Literal remap="tt">ypserv</Literal>. The command
server <Command>ypserv</Command>. The command
</Para>
<Para>
@ -1585,7 +1581,7 @@ Now generate the NIS (YP) database. On the master, run
</Para>
<Para>
On a slave make sure that <Literal remap="tt">ypwhich -m</Literal> works. This means,
On a slave make sure that <Command>ypwhich -m</Command> works. This means,
that your slave
must be configured as NIS client before you could run
@ -1601,17 +1597,18 @@ That's it, your server is up and running.
</Para>
<Para>
If you have bigger problems, you could start <Literal remap="tt">ypserv</Literal> and
<Literal remap="tt">ypbind</Literal> in debug
If you have bigger problems, you could start <Command>ypserv</Command> and
<Command>ypbind</Command> in debug
mode on different xterms. The debug output should show you what goes
wrong.
</Para>
<Para>
If you need to update a map, run <Literal remap="tt">make</Literal> in the <Literal remap="tt">/var/yp</Literal>
If you need to update a map, run <Command>make</Command> in the
<Literal remap="tt">/var/yp</Literal>
directory on the NIS master. This will update a map if the source file
is newer, and push the files to the slave servers. Please don't use
<Literal remap="tt">ypinit</Literal> for updating a map.
<Command>ypinit</Command> for updating a map.
</Para>
<Para>
@ -1641,14 +1638,16 @@ the new slave server has permissions to contact the NIS master. Then run
</Screen>
on the new slave. On the master server, add the new slave server name
to <Literal remap="tt">/var/yp/ypservers</Literal> and run <Literal remap="tt">make</Literal> in <Literal remap="tt">/var/yp</Literal>
to <filename>/var/yp/ypservers</filename> and run
<Command>make</Command> in <Literal remap="tt">/var/yp</Literal>
to update the map.
</Para>
<Para>
If you want to restrict access for users to your NIS server, you'll have
to setup the NIS server as a client as well by running ypbind and adding the
plus-entries to /etc/passwd &lowbar;halfway&lowbar; the password file. The library
plus-entries to <filename>/etc/passwd</filename> &lowbar;halfway&lowbar;
the password file. The library
functions will ignore all normal entries after the first NIS entry, and
will get the rest of the info through NIS. This way the NIS access rules
are maintained. An example:
@ -1684,7 +1683,7 @@ will have normal access.
</Para>
<Para>
Alternatively, you could edit the <Literal remap="tt">/var/yp/Makefile</Literal> file
Alternatively, you could edit the <filename>/var/yp/Makefile</filename> file
and set NIS to use
another source password file. On large systems the NIS password and group
files are usually stored in <Literal remap="tt">/etc/yp/</Literal>. If you do this the normal
@ -1833,7 +1832,7 @@ Errors will be logged using syslog.
</Sect1>
<Sect1>
<Sect1 id="verification">
<Title>Verifying the NIS/NYS Installation
<IndexTerm><Primary
>NIS!verification of operation</Primary></IndexTerm>
@ -1939,7 +1938,145 @@ or
</Para>
</Sect1>
<Sect1>
<Sect1 id="maps">
<Title>Creating and Updating NIS maps
<IndexTerm><Primary
>NIS!creating and updating maps</Primary></IndexTerm>
</Title>
<Sect2>
<Title>Creating new NIS maps
<IndexTerm><Primary
>MAP!creating</Primary></IndexTerm>
</Title>
<Para>
The initial NIS maps will be created by running
</Para>
<Screen>
% /usr/lib/yp/ypinit -m
</Screen>
<Para>
This is done when setting up the NIS master server for the first
time. For more information about this, read <XRef LinkEnd="ypserv">.
If you wish to add new maps to your server or remove old one, you
need to edit the <Literal remap="tt">/var/yp/Makefile</Literal> and
change the <Literal remap="tt">all:</Literal> rule. Add or remove
the name of the rule, which generates the map.
</Para>
<Para>
If you delete a map, you also have to remove the corresponding
files.
</Para>
<Para>
After this change, you only need to run
</Para>
<Screen>
% make -C /var/yp
</Screen>
<Para>
and the maps should be created.
</Para>
</Sect2>
<Sect2>
<Title>Updating NIS maps
<IndexTerm><Primary
>MAP!updating</Primary></IndexTerm>
</Title>
<Para>
If you modify the sources for the NIS maps (for example if you create
a new user by adding the account to the passwd file), you need to
regenerate the NIS maps. This is done by a simple
</Para>
<Screen>
% make -C /var/yp
</Screen>
<Para>
This command will check which sources have changed, creates the
maps new and tell ypserv that the maps have changed.
</Para>
</Sect2>
<Sect2>
<Title>Length of Map entries
<IndexTerm><Primary
>MAP!length of entries</Primary></IndexTerm>
</Title>
<Para>
The length of one entry is limited by the NIS protocol to 1024 characters.
You can't just increase this value and recompile the system. Every system
that uses NIS v2 expects key and data values to be no more than 1024 bytes
in size; if you suddenly make YPMAXRECORD larger on your client and server,
you will break interoperability with all other systems on your network that
use NIS. To make it work right, you'd have to go to every vendor that supports
NIS and get them to all make the change at the same time. Chances are you
won't be able to do this.
</Para>
<Para>
With glibc 2.1 and newer this limit was removed from the glibc NIS
implementation. So it is possible under Linux to use longer entries,
but only if you have no other NIS clients or servers in your network.
</Para>
<Para>
To allow the creation of NIS maps with a longer entry, you need to add
the <Literal remap="tt">--no-limit-check</Literal> option to the
<Literal remap="tt">makedbm</Literal> call in
<Literal remap="tt">/var/yp/Makefile</Literal>.
</Para>
<Para>
The result should look like:
</Para>
<Screen>
DBLOAD = $(YPBINDIR)/makedbm -c -m `$(YPBINDIR)/yphelper --hostname` --no-limit-check
</Screen>
<Para>
WARNING: This breaks the NIS protocol and even if Linux supports it,
not all Applictions running under Linux works with this change!
</Para>
<Para>
There is another way of solving this problem for
<filename>/etc/group</filename> entries. This idea is
from Ken Cameron:
</Para>
<Screen>
1. Break the entry into more than one line and name each group
slightly differnet.
2. keep the GID the same for all.
3. have the first entry with the right group name and the GID.
I don't put any user names in this one.
What happens is that going by user name you pick up the GID when the code
reads it. Then going the other way it stops after the first match of GID
and takes that name. It's ugly but works!
</Screen>
</Sect2>
</Sect1>
<Sect1 id="reboot">
<Title>Surviving a Reboot</Title>
<Para>
Once you have NIS correctly configured on the server and client, you do need
@ -1986,7 +2123,7 @@ distributions handle the storage of the NIS domainname.
</Para>
<Sect3>
<Title>Caldera 2.<emphasis>x</emphasis></Title>
<Title>Caldera 2.x</Title>
<Para>
Caldera uses the file <filename>/etc/nis.conf</filename> which has the same format
as the normal <filename>/etc/yp.conf</filename>.
@ -2001,7 +2138,7 @@ Debian appears to follow Sun's usage of <filename>/etc/defaultdomain</filename>.
</Sect3>
<Sect3>
<Title>Red Hat 6.<emphasis>x</emphasis></Title>
<Title>Red Hat Linux 6.x and 7.x</Title>
<Para>
Create or modify the variable <Command>NISDOMAIN</Command> in the file
<filename>/etc/sysconfig/network</filename>.
@ -2009,15 +2146,24 @@ Create or modify the variable <Command>NISDOMAIN</Command> in the file
</Sect3>
<Sect3>
<Title>SuSE Linux</Title>
<Title>SuSE Linux 6.x and 7.x</Title>
<Para>
Modify the variable <command>YP_DOMAINNAME</command> in <filename>/etc/rc.config</filename> and then run the command <command>SuSEconfig</command>.
</Para>
</Sect3>
<Sect3>
<Title>SuSE Linux 8.x</Title>
<Para>
Since version 8.0 SuSE Linux also follow Sun's usage of
<filename>/etc/defaultdomain</filename>.
</Para>
</Sect3>
</Sect2>
</Sect1>
<Sect1>
<Sect1 id="troubleshooting">
<Title>Common Problems and Troubleshooting NIS
<IndexTerm><Primary
>NIS!troubleshooting</Primary></IndexTerm>
@ -2114,7 +2260,7 @@ mangling if you have a Solaris client.
</Sect1>
<Sect1>
<Sect1 id="faq">
<Title>Frequently Asked Questions
<IndexTerm><Primary
>NIS!frequently asked questions</Primary></IndexTerm>
@ -2136,3 +2282,4 @@ questions unanswered you might want to post a message to
</Sect1>
</Article>