AIX 5L Configuring TCP/IP (Unit 14) – Network Information Service (NIS) Concepts

Unit Objectives
Define the purpose of NIS
Define NIS terminology and daemons
Configure an NIS Master Server, NIS Slave Server and NIS Client

Distributed Environment Concerns
Common administrative concerns in a network environment are:
– Mainenance of separate copies of common configuration files for example, passwd, group, host
– Changes to a configuration file that must be propagated to all hosts on a network
– Probability of editing errors increase

How NIS Addresses Distributed Environment Concerns
NIS replaces replicated copies of common configuration files with one data map for each file and locates them on a central server
Enforces a consistent view of configurationfiles on a network
Simplifies administrative control of a network

NFS and /etc/passwd
NFS Client-sys3

NFS Client-sys2

NFS Client-sys1

Note: Make sure that UID numbers for users are identical on all machines.

NIS Centralized Control of /etc/passwd
passwd map

NFS Client-sys3
+::0:0::: (Indicator to the kernel to go to the NIS server)

NIS Master Server-sys1

“data maps”
DBM Format

NIS Systems
Master Server – Creates, maintains maps, Answers client requests
Slave Servers – Stores Copies of maps, Answers client requests
NIS Client – Requests and receives info from maps

NIS Domain Configuration
Each server and client is given a Domain Name in NIS.
When a client comes us it broadcasts over the network if there is any computer that can service its requests for that domain. The server or slave will respond.

NIS Master Server
Domain: “accounting”
/var/yp/accounting (yp stands for yellow pages)
Maintains the NIS Database Maps

NIS Daemons
Client Activity Client Server
——————— ————– —————–
login ypbind ypserv
name resolution

change password yppasswd yppasswdd

Note: They rename the password command and then use a symbolic link from passwd to yppasswd.

NIS Binding
1. Client sys3 – Broadcast need for server for accounting domain
2. Server sys1 – I’m available for accounting domain /var/yp/accounting
3. /var/yp/vingding/accounting.version – address of server

Note: There is a “ypset” command that allows you to bind to a specific host even if outside your local network.

ypwhich – displays what server you are bound to as an NIS server.

NIS Daemons Controlled by SRC
NIS Daemons and their Subsystems

File Path Subsystem GroupName
/usr/lib/netsvc/yp/ypserv ypserv yp
/usr/lib/netsvc/yp/ypbind ypbind yp
/usr/lib/netsvc/yp/rpc.yppasswdd yppasswdd yp
/usr/lib/netsvc/yp.rpc.ypupdated ypupdated yp

/usr/sbin/protmap portmap portmap

Note: If you are not running in a secure NFS invironment then make sure that the ypupdated daemon is not running.

Note: Also, the portmap daemon must be running.

System Default NIS Data Maps
File Contains
/etc/passwd User names, user IDs, and passwords
/etc/group User groups
/etc/hosts Hostnames and IP addresses
/etc/aliases Aliases and mailing lists for the mail system
/etc/netgroup Netgroup definitions (used by NIS)
/etc/networks Network addresses
/etc/protocols Network protocol names and numbers
/etc/rpc Remote procedure call program numbers
/etc/services Network port numbers and service names
/etc/publickey Keys for Secure NIS
/etc/netid ID info for machine, hosts, and groups

Unit Summary
1. NIS is a centralized database that simplifies system administration of common configuration files
2. Systems participating in an NIS environment belong to an NIS domain. A NIS domain is a group of systems that share the same named set of maps in a server’s /var/yp/ directory
3. An NIS environment consists of one NIS master server, one or more NIS slave servers and multiple NIS clients
4. ypserv – is an NIS server daemon that handles NIS client requests
5. ypbind – is an NIS client daemon which is responsible for locating and binding to an NIS server
6. yppasswdd – is an NIS master server daemon that takes yppasswd change requests, updates the /etc/passwd source files and builds and transfers the new passwd map to the NIS slave servers.

Leave a Reply

Your email address will not be published. Required fields are marked *