NIS SERVER SETUP:
1. Install required packages:# yum install ypserv portmap
2. Edit /etc/sysconfig/network and add static NIS ports:
YPSERV_ARGS="-p 841"
YPPASSWDD_ARGS="-p 842"
YPXFRD_ARGS="-p 843"
To verify currently used ports run:
# rpcinfo -p localhost
3. Open required ports in firewall. Edit /etc/sysconfig/iptables and add:
-A RH-Firewall-1-INPUT -p udp --dport 111 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp --dport 111 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp --dport 841 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 841 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp --dport 842 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 842 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp --dport 843 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 843 -j ACCEPT
# service iptables restart
4. Setup NIS domain name - edit /etc/sysconfig/network and add:
NISDOMAIN="internal"
5. Initialize NIS maps:
/usr/lib/yp/ypinit -m
6. Secure NIS - permit only trusted networks. You may allow only specified subnets using iptables (i.e. by adding -s 192.168.0.0/24 to the portmap and NIS ports) or by editing /var/yp/securenets and including permitted networks in following format:
255.255.255.0 192.168.0.0
7. Start services and include them in rc3.d scripts:
# service portmap start
# service ypserv start
# chkconfig portmap on
# chkconfig ypserv on
You may include yppasswdd and ypxfrd as well if you need them.
UPDATING NIS MAPS:
# cd /var/yp; makeNIS CLIENT SETUP:
Execute:# authconfig --update --nisdomain=internal --nisserver=nis.example.com --enablenis
Or:
# authconfig-tui
Finally make sure that ypbind is running and it's added to rc3.d services:
# service ypbind start
# chkconfig ypbind on
VIEWING NIS MAPS:
On the client:# getent <mapname>
# getent passwd
On any allowed host:
# ypcat -d internal -h nis.example.com <mapname>
# ypcat -d internal -h nis.example.com passwd
