Networking - Network Information System (NIS)

The Network Information Service distributes information that needs to be shared throughout a Linux network to all machines on the network. NIS was originally developed by Sun Microsystems and known as Yellow Pages (YP), so many commands begin with the letters yp, such as ypserv, ypbind, and yppasswd.

The information most commonly distributes across a network using NIS consists of user database and authentication information, such as /etc/passwd and /etc/group. If, for example, a user’s password entry is shared by all login hosts via the NIS password database, that user is able to log in on all login hosts on the network, all hosts, that is, that are running the NIS client programs.

An NIS domain name refers to a group of system, typically on a LAN or on only a subnet of a LAN, which use the same NIS maps. NIS domains are typically used as system management tools, a convenient method for organizing groups of machines that need to access the information shared across a network using a set of common NIS maps.

NIS database are stored in DBM format, a binary file format based on simple ASCII text files. For example, the file /etc/passwd and /etc/group can be converted directly to DBM format using an ASCII-to-DBM conversion program named makedbm.

Each NIS domain must have at least one system that functions as an NIS server for that domain. NIS clients are programs that use NIS to query designated servers for information that is stored in the servers’ databases, which are known as maps. NIS servers can be further subdivided into master and slave servers. A master server maintains the authoritative copies of the NIS maps.

A slave server maintains copies of the NIS databases, which it receives from the master NIS server whenever changes are made to the database stored on the master. In NIS configurations that use slave servers, the slaves receive copies of the DBM database, not the ASCII source files. The yppush program notifies slave servers of changes to the NIS maps and then the slaves automatically retrieve the updated maps in order to synchronize their database with the master.

Four NIS topologies are commonly used:

Type 1: A single domain with a master server, no slave server and one or more clients.

Type 2: A single domain with a master, one or more slave server and one or more clients.

Type 3: Multiple domains, each with its own master server, no slave server and one or more clients.

Type 4: Multiple domains, each with its own master server, one or more slave servers and one or more clients.

The rpm are required as follows,

[root@localhost RPMS]# rpm -ivh ypserv.rpm

ð For server side.

[root@localhost RPMS]# rpm -ivh ypbind.rpm

ð For client side.

[root@localhost RPMS]# rpm -ivh yptool.rpm

ð For developing the NIS server.

NIS Server Configuration Commands and Files




Sets a system’s NIS domain name.


Handles the primary NIS server duties.


Builds and installs the NIS database.


Processes user password changes in an NIS environment.


Speeds up the transfer of large NIS maps from master to slave service.


Propagates updated NIS maps to slave servers.


Lists hosts permitted to access the NIS maps.


Stores runtime configuration options and special host access directives.

NIS Client Configuration Commands and Files


Display the name of the master NIS server.


Prints the entries in an NIS database.


Changes user passwords and information on the NIS server.


Displays the server and version number of an NIS map.


Prints the value of one or more entries in an NIS map.


Configures the NIS client bindings.


Configures the system name database lookup.


Configures hostname resolution.

/etc/ypserv.conf File

[root@admin root]# vi /etc/ypserv.conf


# ypserv.conf In this file you can set certain options for the NIS


# and you can deny or restrict access to certain maps based

# on the originating host.


# See ypserv.conf(5) for a description of the syntax.


# Some options for ypserv. This things are all not needed, if

# you have a Linux net.

# Should we do DNS lookups for hosts not found in the hosts table ?

# This option is ignored in the moment.

dns: no

# How many map file handles should be cached ?

files: 30

# Should we register ypserv with SLP ?

slp: no

# xfr requests are only allowed from ports <>

xfr_check_port: yes

# The following, when uncommented, will give you shadow like passwords.

# Note that it will not work if you have slave NIS servers in your

# network that do not run the same server as you.

# Host : Domain : Map : Security


# * : * : passwd.byname : port

# * : * : passwd.byuid : port

# Not everybody should see the shadow passwords, not secure, since

# under MSDOG everbody is root and can access ports <>

* : * : shadow.byname : port

* : * : passwd.adjunct.byname : port

# If you comment out the next rule, ypserv and rpc.ypxfrd will

# look for YP_SECURE and YP_AUTHDES in the maps. This will make

# the security check a little bit slower, but you only have to

# change the keys on the master server, not the configuration files

# on each NIS server.

# If you have maps with YP_SECURE or YP_AUTHDES, you should create

# a rule for them above, that's much faster.

# * : * : * : none

ð ypserv and ypxfrd read /etc/ypserv.conf when they start and when sent a SIGHUP signal. An option line has the following format:


ð option can be either dns or xfr_check_port. dns controls whether or not the NIS server performs a DNS lookup for hosts not listed in the host maps. xfr_check_port controls whether or not ypserv runs on a port numbered less than 1024, a so-called privileged port.


ð About the fields are explained below,




The IP address to match. Wildcards are allowed. Example, 192.168.0. refers to all addresses between and


The name of a map to match.


The type of security to use. Can be one of none, port, deny or des.

· none enables access to map for host unless mangle is set to yes, in which case access is denied.

· port enables access if the connection is coming from a privileged port. If mangle is set to yes, access is enabled, but the password field is mangled. If mangle is no, access is denied.

· deny denies the matching host access to this map.

· des requires DES authentication.


The type of port to use. If set to yes, field is replaced by x if the requesting port is an unprivileged port. If set to no, field is not mangled if the requesting port is unprivileged.


The field number in the map to mangle. The default value if field in not specified is 2, which corresponds to the password field in /etc/group, /etc/shadow and /etc/passwd.

Configuration of an NIS Server

1. Now you need to edit the "network" file and add the following line. The line nothing but the domain name,

[root@admin root]# vi /etc/sysconfig/network


ð To set a permanent NIS domain name.

[root@admin root]# nisdomainname

ð This NIS domain name is set for only temporarily – the name set will not survive a system reboot.

[root@admin root]# nisdomainname

2. For NIS server there is no port number so it must need to start the portmap.

[root@admin root]# service portmap start

[root@admin root]# rpcinfo -p

3. Now we will start the primary server daemon.

[root@admin root]# service ypserv start

Starting YP server services: [ OK ]

ð It will also show the domain name.

4. Again confirm the ypserv is running,

[root@admin root]# rpcinfo -u ypserv

program 100004 version 1 ready and waiting

program 100004 version 2 ready and waiting

5. Initialize the NIS maps.

[root@admin root]# /usr/lib/yp/ypinit -m

At this point, we have to construct a list of the hosts which will run NIS

servers. is in the list of NIS server hosts. Please continue to add

the names for the other hosts, one per line. When you are done with the

list, type a .

next host to add:

next host to add:

The current list of NIS servers looks like this:

Is this correct? [y/n: y] y

We need a few minutes to build the databases...

Building /var/yp/

Running /var/yp/Makefile...

gmake[1]: Entering directory `/var/yp/'

Updating passwd.byname...

Updating passwd.byuid...

Updating group.byname...

Updating group.bygid...

Updating hosts.byname...

Updating hosts.byaddr...

Updating rpc.byname...

Updating rpc.bynumber...

Updating services.byname...

Updating services.byservicename...

Updating netid.byname...

Updating protocols.bynumber...

Updating protocols.byname...

Updating mail.aliases...

gmake[1]: Leaving directory `/var/yp/' has been set up as a NIS master server.

Now you can run ypinit -s on all slave server.

ð This command uses the –m option to indicate that it is creating maps for the master server.

[root@admin root]# /usr/lib/yp/ypinit -s

ð The –s instructs ypinit to create a slave server using the databases from the master server named

After the execution of ypinit, there are some files, including a directory named as domain name (, are created in /var/yp directory.

[root@admin root]# cd /var/yp/

[root@admin yp]# ls

binding Makefile nicknames ypservers

6. Start the password daemon.

[root@admin root]# service yppasswdd start

Starting YP passwd service: [ OK ]

7. Confirm that yppasswd is running,

[root@admin yp]# rpcinfo -u yppasswd

program 100009 version 1 ready and waiting

8. Use the Service Configuration tool, as explained earlier, to configure ypserv and yppasswdd to start at boot time.

Configuration of NIS client

1. First we have to set a domain name (same as server domain name) for client system.

[root@client root]# vi /etc/sysconfig/network


2. Edit /etc/yp.conf to identify the default NIS server.

[root@client root]# vi /etc/yp.conf

# /etc/yp.conf - ypbind configuration file

# Valid entries are

# domain NISDOMAIN server HOSTNAME

# Use server HOSTNAME for the domain NISDOMAIN.

# domain NISDOMAIN broadcast

# Use broadcast on the local net for domain NISDOMAIN

# domain NISDOMAIN slp

# Query local SLP server for ypserver supporting NISDOMAIN

# ypserver HOSTNAME

# Use server HOSTNAME for the local domain. The

# IP-address of server must be listed in /etc/hosts.

# broadcast

# If no server for the default domain is specified or

# none of them is rechable, try a broadcast call to

# find a server.


domain server

Or use the following command to set domain name and NIS server name.

[root@client root]# authconfig

ð Now it will open a dialog box and enter the entire information and server name in the box.

3. Now we need to check the portmapper is running.

[root@client root]# rpcinfo -p

program vers proto port

100000 2 tcp 111 portmapper

100000 2 udp 111 portmapper

4. Start the primary client daemon, ypbind.

[root@client root]# service ypbind start

Binding to the NIS domain: [ OK ]

Listening for an NIS domain server..

5. Edit /etc/host.conf and add NIS to the services used for hostname lookup.

[root@client root]# cat /etc/host.conf

order hosts,nis,bind

6. Use the Service Configuration tool, as explained earlier, to configure ypbind to start at boot time.

Testing NIS Commands

[sroyit@admin sroyit]$ ypwhich

[sroyit@admin sroyit]$ ypcat passwd

sroyit:$1$L1tTWcvG$gyUEylxocGu8hln/b9QTW0:500:500:Susanta Kumar Roy:/home/sroyit:/bin/bash

[sroyit@admin sroyit]$ ypmatch sroyit passwd

sroyit:$1$L1tTWcvG$gyUEylxocGu8hln/b9QTW0:500:500:Susanta Kumar Roy:/home/sroyit:/bin/bash

[sroyit@admin sroyit]$ ypmatch sroyit group


[sroyit@admin sroyit]$ ypcat -x

Use "ethers" for map "ethers.byname"

Use "aliases" for map "mail.aliases"

Use "services" for map "services.byname"

Use "protocols" for map "protocols.bynumber"

Use "hosts" for map "hosts.byname"

Use "networks" for map "networks.byaddr"

Use "group" for map "group.byname"

Use "passwd" for map "passwd.byname"

[sroyit@admin sroyit]$ ypchfn

ð This command is used for changing NIS account information for sroyit on