NIS
The Network Information Service
Goals of this lab:
 To gain knowledge about the usages of directory/name services and why they are used.
 To gain experience of integration between name service and other services.
 To gain experience of a small scale, but realistic use of the name service.
Prerequisites: LXB, NET
REVISION: 2.0 [2015-08-28]
©2005-2015 DAVID BYERS
Table of Contents
PREPARATION ......................................................................................................................................................... 1
Exercise 1: Review and preparation ............................................................................................................ 1
MAIN LAB ................................................................................................................................................................ 3
Part 1: Install a simple directory service ............................................................................................................. 3
Exercise 2: Install and configure the NIS server .......................................................................................... 4
Exercise 3: Configure NIS clients ................................................................................................................. 4
Exercise 4: Configure the clients’ name service switch ............................................................................... 4
IDA/ADIT
NIS: THE NETWORK INFORMATION SERVICE
IDA/ADIT
NIS: THE NETWORK INFORMATION SERVICE
PREPARATION
Complete these exercises before starting the main lab. You should be able to complete them using only
on-line documentation and man pages. If you are implementing anything but NIS, you can skip these
exercises.
Exercise 1: Review and preparation
1-1
1-2
Report:
Read about NIS and answer the following questions:
(a)
What is a NIS map?
(b)
What is a NIS domain? What is the NIS domain of your server and clients?
(c)
What is the name of the map that is used to look up users by name?
(d)
How do users change passwords when NIS is in use? How does that work?
Read the documentation for the commands y pc at , y pwhi c h and y pbi nd and answer the
following questions:
(a)
What is y pc at used for?
(b)
What is y pwhi c h used for?
(c)
What is y pbi nd used for?
(d)
What does the –k command-line option to y pc at do?
(e)
If you want to list all users on a NIS client, what command would you use?
(f)
If you want to see which NIS server a client is bound to, which command would you
use?
(g)
If you want to see the NIS domain of a client, what command would you use?
No report required.
Exercise 2: Directory services
2-1
Why use a directory service? Name one alternative to a directory service.
2-2
Name at least two common directory services other than NIS.
Report: Answers to the questions above.
If you are planning on using LDAP, good! It’s not that hard once you understand LDAP, but you’ll have to
figure it out mostly on your own. Preparation is essential. Among other things, you need to figure out
how to hook up LDAP to the authentication process (just using the name service switch isn’t enough –
you need to configure PAM as well).
IDA/ADIT
NIS: THE NETWORK INFORMATION SERVICE
1
MAIN LAB
By default, Unix systems store key configuration information, such as usernames and passwords in local
files. If you have completed the DNS lab, you will have seen an example where using an external
directory service (in that case DNS) is a far superior solution.
Local files do not scale. With one or even a few computers, maintaining users, passwords and similar
information in local files works fine, but as the amount of information in the files increases, and the
number of systems goes up, the local file solution starts breaking down.
Directory services provide system administrators with a way to store important information in a central
repository. This makes it easier to maintain quality of information, security, makes updates easier and
faster, problem recovery simpler and so forth.
Although NIS is old and not in widespread use anymore, it does perform most of the functions expected
of a directory service, and it is one of the easiest directory services to install. Because of this, we
continue to use NIS in the labs: the principles it demonstrates are just as relevant as the principles
demonstrated by any other directory service.
Time taken 2006: 0-8 hours, average 4 hours.
Past problems: NIS rarely causes serious problems. One thing to look out for is your clients failing to
bind to the NIS server. This can be caused by a number of different things: the wrong NIS domain
configured on a server or client, networking issues, permissions set incorrectly on the server. You will
recognize this type of problem by a long wait while booting the client.
Part 1: Install a simple directory service
You are to utilize a directory service to handle as much information as possible (a minimum is to handle
users, passwords and eventually automount maps).
This lab is written with the Network Information Service (NIS) in mind. NIS is an old directory service
which was widely used in systems based around Solaris systems. NIS has some serious drawbacks
compared to more sophisticated directory services. Nevertheless, NIS performs the core functions of a
directory service and is fairly easy to set up.
However, if you feel comfortable setting up and configuring services on your system, you should
consider using LDAP instead. LDAP is the directory service that is currently in vogue, and with the
amount of investment going in to LDAP service, it is likely that LDAP will be around for a very long time.
If you do choose LDAP, follow the spirit, if not the letter, of the following exercises.
Gotcha: NIS requires the system to know its own fully-qualified domain name, but you can’t count on
the lab systems to be set up this way. If you find that NIS won’t install completely, check if the system
knows its FQDN by using the hostname command (check the man page for appropriate parameters). If
the FQDN is not known, you’ll have to configure /etc/hosts to include it, and restart the system (you
IDA/ADIT
NIS: THE NETWORK INFORMATION SERVICE
3
don’t have to restart, but it’s good to check that the change to the hostname will be effective on booting
the system).
Troubleshooting tip: When you have configured a system as a NIS client, and the client cannot
communicate with the server, you will experience long pauses in a variety of situations. Firstly, when
booting (or restarting the NIS service), the client tries to bind to the server. If binding seems to take a
long time, the server is probably not responding. Secondly, once the client is configured to get user and
group information from NIS, lots of operations will require communication with the NIS server, and if it’s
down, nothing will happen. There are lots of reasons why a NIS server might not respond. Some of the
more common ones are: the NIS server process isn’t running; the portmap service isn’t running on the
server; the NIS server is configured to not talk to the client; the client is configured to not talk to the
server; the NIS server has no maps; and the network is not functioning correctly.
Exercise 3: Install and configure the NIS server
3-1
Install the NIS server software on your server.
3-2
Configure your server as a NIS master for your NIS domain.
3-3
Populate the NIS tables with data from your local files.
Report:
Automated tests that show that the NIS server is running and contains the appropriate data.
When testing NIS at this point, when you have no clients, you may need to use the y pbi nd command
manually to bind to the server. The y pc at command is useful to read the contents of a NIS map. The
y pwhi c h command shows which server the client is bound to.
The next step is to configure NIS clients. You may configure your server as a NIS client to itself, if you
want to. The advantage of this is homogeneity. The disadvantage is that the server will be more difficult
to work with if NIS service breaks.
Exercise 4: Configure NIS clients
4-1
Configure your clients as NIS clients, so they bind to the NIS server at start.
Report:
Automated tests that show that the clients bind to the NIS server at startup.
At this point your clients are NIS clients but do not use NIS for anything.
Exercise 5: Configure the clients’ name service switch
5-1
What is the difference between using “compat” and using “files nis” as the list of sources for
e.g. passwords in the name service switch?
5-2
Configure the name service switch on your clients so they use NIS for as much as possible.
Note that you should still use local files as the first information source. Please do not use
compat unless you intend to use the special features it provides.
5-3
Why should you use local files as the first information source instead of NIS?
Report:
Automated tests that show that the clients are now using NIS as expected. Answer to the
question above.
Note that your clients should get as much information as possible from NIS. The only information that
should remain local is information that truly is local as well as information that never changes.
IDA/ADIT
NIS: THE NETWORK INFORMATION SERVICE
4
FEEDBACK FORM
NIS
Complete this feedback form individually at the end of the lab and hand it to the lab assistant when you
finish. Your feedback is essential for improving the labs. Each student should hand in a feedback form.
Do not cooperate on completing the form.
You do not need to put your name on the feedback form. Your feedback will be evaluated the same way
regardless of whether your name is on it or not. Your name is valuable to us in case you have made and
comments in the last section that need clarifications or otherwise warrant a follow-up.
For each section, please rate the following (range 1 to 5 in all cases).
 Difficulty: Rate the degree of difficulty (1=too easy, 5=too difficult)
 Learning: Rate your learning experience (1=learned nothing, 5=learned a lot).
 Interest: Rate your interest level after completing the part (1=no interest, 5=high interest).
 Time: How long did the part take to complete (in minutes)?
Difficulty
Learning
Interest
Time
(minutes)
Preparation
Part 1: Install a simple directory service
Overall
Please answer the following questions:
 What did you like about this lab?
 What did you dislike about this lab?
 Make a suggestion to improve this lab.
IDA/ADIT
NIS: THE NETWORK INFORMATION SERVICE
FEEDBACK FORM
NIS
Complete this feedback form individually at the end of the lab and hand it to the lab assistant when you
finish. Your feedback is essential for improving the labs. Each student should hand in a feedback form.
Do not cooperate on completing the form.
You do not need to put your name on the feedback form. Your feedback will be evaluated the same way
regardless of whether your name is on it or not. Your name is valuable to us in case you have made and
comments in the last section that need clarifications or otherwise warrant a follow-up.
For each section, please rate the following (range 1 to 5 in all cases).
 Difficulty: Rate the degree of difficulty (1=too easy, 5=too difficult)
 Learning: Rate your learning experience (1=learned nothing, 5=learned a lot).
 Interest: Rate your interest level after completing the part (1=no interest, 5=high interest).
 Time: How long did the part take to complete (in minutes)?
Difficulty
Learning
Interest
Time
(minutes)
Preparation
Part 1: Install a simple directory service
Overall
Please answer the following questions:
 What did you like about this lab?
 What did you dislike about this lab?
 Make a suggestion to improve this lab.
IDA/ADIT
NIS: THE NETWORK INFORMATION SERVICE