To answer this question you have to consider two cases:
In the first case, you only need the client programs (ypbind, ypwhich, ypcat, yppoll, ypmatch). The most important program is ypbind. This program must be running at all times, that is, it should always appear in the list of processes. It's a so-called daemon process and needs to be started from the system's startup file (eg. /etc/rc.local, /etc/init.d/nis, /etc/rc.d/init.d/ypbind). As soon as ypbind is running, your system has become a NIS client.
In the second case, if you don't have NIS servers, then you will also need a NIS server program (usually called ypserv). Section 8 describes how to set up a NIS server on your Linux machine using the "ypserv" implementation by Peter Eriksson and Thorsten Kukuk. Note that from version 0.14 this implementation supports the master-slave concept talked about in section 4.1.
There is also another free NIS server available, called "yps", written by Tobias Reber in Germany which does support the master-slave concept, but has other limitations and isn't supported any longer.
The system library "/usr/lib/libc.a" (version 4.4.2 and better) or the shared library "/lib/libc.so.x" contain all necessary system calls to succesfully compile the NIS client and server software. For glibc 2.x, you also need /lib/libnsl.so.1.
Some people reported that NIS only works with "/usr/lib/libc.a" version 4.5.21 and better so if you want to play it safe don't use older libc's. The NIS client software can be obtained from:
Site Directory File Name
ftp.kernel.org /pub/linux/utils/net/NIS yp-tools-2.0.tar.gz
ftp.kernel.org /pub/linux/utils/net/NIS ypbind-mt-1.2.tar.gz
ftp.kernel.org /pub/linux/utils/net/NIS ypbind-3.3.tar.gz
sunsite.unc.edu /pub/Linux/system/Network/admin yp-clients-2.2.tar.gz
ftp.uni-paderborn.de /linux/local/yp yp-clients-2.2.tar.gz
ftp.uni-paderborn.de /linux/local/yp ypbind-3.3.tar.gz
Once you obtained the software, please follow the instructions which come with the software. yp-clients 2.2 are for use with libc4 and libc5 until 5.4.20. libc 5.4.21 and glibc 2.x needs yp-tools 1.4.1. The new yp-tools 2.0 will work with every Linux libc. Since there was some bugs in the NIS code, you shouldn't use libc 5.4.21-5.4.35. Use libc 5.4.36 or later instead, or the most YP programs will not work. ypbind 3.3 will work with all libraries, too. You should never use the ypbind from yp-clients 2.2.
Assuming you have succesfully compiled the software you are now ready to install the software. A suitable place for the ypbind daemon is the directory /usr/sbin. Some people may tell you, that you don't need ypbind on a system with NYS. This is wrong, ypwhich and ypcat need it.
You'll need to do this as root of course. The other binaries (ypwhich, ypcat, yppoll, ypmatch) should go in a directory accessible by all users, normally /usr/bin.
The ypbind process has a configuration file called /etc/yp.conf. You can hardcode a NIS server there - for more info see the manual page for ypbind(8). You also need this file for NYS. An example:
ypserver voyager
ypserver ds9
If the system could resolv the hostnames without NIS, you could use the name, else you have to use the IP address.
It might be a good idea to test ypbind before incorporating it in the /etc/rc.d/ files. To test ypbind do the following:
/bin/domainname nis.domain
nis.domain should be some string, _NOT_ normally
associated with the domain name of your machine! The reason for
this is that it makes it a little harder for external crackers
to retreive the password database from your NIS servers. If you
don't know what the NIS domain name is on your network, ask
your system/network administrator.
program vers proto port
100000 2 tcp 111 portmapper
100000 2 udp 111 portmapper
100007 2 udp 637 ypbind
100007 2 tcp 639 ypbind
300019 1 udp 660
program 100007 version 2 ready and waiting
At this point you should be able to use NIS client programs like ypcat, etc... For example, "ypcat passwd" will give you the entire NIS password database.
IMPORTANT: If you skipped the test procedure then make sure you have set the domain name, and created the directory:
/var/yp
This directory MUST exist for ypbind to start up succesfully.
To check if the domainname is set correct, use the /bin/ypdomainname from yp-tools 2.0. It uses the yp_get_default_domain function, which is more restrict. It doesn't allow for example the "(none)" domainname, which is the default under Linux and makes a lot of problems.
If the test worked you may now want to change the files in /etc/rc.d/ on your system so that ypbind will be started up at boot time and your system will act as a NIS client. Make sure, that the domainname will be set at boot time.
Well, that's it. Reboot the machine and watch the boot messages to see if ypbind is actually started.
For host lookups you must set (or add) "nis" to the lookup order line in your /etc/host.conf file. Please read the manpage "resolv+.8" for more details.
Add the following line to /etc/passwd on your NIS clients:
+::::::
You can also use the + and - characters to include/exclude or change users. If you want to exclude the user guest just add -guest to your /etc/passwd file. You want to use a different shell (e.g. ksh) for the user "linux"? No problem, just add "+linux::::::/bin/ksh" (without the quotes) to your /etc/passwd. Fields that you don't want to change have to be left empty. You could also use Netgroups for user control.
For example, to only allow login-access to miquels, dth and ed, and all members of the sysadmin netgroup, but to have the account data of all other users available:
+miquels:::::::
+ed:::::::
+dth:::::::
+@sysadmins:::::::
-ftp
+:*::::::/etc/NoShell
Note that in Linux you can also override the password field, as we did in this example. In this example, we also remove the login "ftp", so it isn't known any longer, and anonymous ftp will not work.
The netgroup would be look like
sysadmins (-,software,) (-,kukuk,)
IMPORTANT: Note that the netgroup feature is implemented starting from libc 4.5.26. But if you have a version of libc earlier than 4.5.26, every user in the NIS password database can access your linux machine if you run "ypbind".
All that is required is that the NIS configuration file (/etc/yp.conf) points to the correct server(s) for its information. Also, the Name Services Switch configuration file (/etc/nsswitch.conf) must be correctly set up.
You should install ypbind. It isn't needed by the libc, but the NIS(YP) tools need it.
If you wish to use the include/exclude user feature (+/-guest/+@admins), you have to use "passwd: compat" and "group: compat". Note, that there is no "shadow: compat" ! You have to use "shadow: files nis" in this case.
The NYS sources are part of the libc 5 sources. When run configure, say the first time "NO" to the "Values correct" question, then say "YES" to "Build a NYS libc from nys".
The glibc uses "traditional NIS", so you need to start ypbind. The Name Services Switch configuration file (/etc/nsswitch.conf) must be correctly set up. If you use the compat mode for passwd, shadow or group, you have to add the "+" at the end of this files, and you could use the include/exclude user feature. The configuration is excatly the same as under Solaris 2.x.
The Network Services switch file /etc/nsswitch.conf determines the order of lookups performed when a certain piece of information is requested, just like the /etc/host.conf file which determines the way host lookups are performed. For example, the line
hosts: files nis dns
specifies that host lookup functions should first look in the local /etc/hosts file, followed by a NIS lookup and finally thru the domain name service (/etc/resolv.conf and named), at which point if no match is found an error is returned. This file must be readable for every user !
A good /etc/nsswitch.conf file for NIS is:
#
# /etc/nsswitch.conf
#
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
#
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
#
# Legal entries are:
#
# nisplus Use NIS+ (NIS version 3)
# nis Use NIS (NIS version 2), also called YP
# dns Use DNS (Domain Name Service)
# files Use the local files
# db Use the /var/db databases
# [NOTFOUND=return] Stop searching if not found so far
#
passwd: compat
group: compat
shadow: compat
passwd_compat: nis
group_compat: nis
shadow_compat: nis
hosts: nis files dns
services: nis [NOTFOUND=return] files
networks: nis [NOTFOUND=return] files
protocols: nis [NOTFOUND=return] files
rpc: nis [NOTFOUND=return] files
ethers: nis [NOTFOUND=return] files
netmasks: nis [NOTFOUND=return] files
netgroup: nis
bootparams: nis [NOTFOUND=return] files
publickey: nis [NOTFOUND=return] files
automount: files
aliases: nis [NOTFOUND=return] files
passwd_compat, group_compat and shadow_compat are only supported by glibc 2.x. If there are no shadow rules in /etc/nsswitch.conf, glibc will use the passwd rule for lookups. There are some more lookup module for glibc like hesoid. For more information, read the glibc documentation.