From owner-freebsd-questions Tue Mar 3 11:51:53 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id LAA16995 for freebsd-questions-outgoing; Tue, 3 Mar 1998 11:51:53 -0800 (PST) (envelope-from owner-freebsd-questions@FreeBSD.ORG) Received: from alpha.mstk.com (cx93934-a.vista1.sdca.home.com [24.0.177.213]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id LAA16899 for ; Tue, 3 Mar 1998 11:51:43 -0800 (PST) (envelope-from ifield@mstk.com) Received: by alpha.mstk.com with Internet Mail Service (5.5.1960.3) id ; Tue, 3 Mar 1998 11:54:53 -0800 Message-ID: <411B07D1F591D111928500A0C985DE2E01FF08@alpha.mstk.com> From: Ian Field To: "'Derek Laufenberg'" Cc: "'freebsd-questions@freebsd.org'" Subject: RE: NIS Implementation Date: Tue, 3 Mar 1998 11:54:52 -0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Derek, Thanks for the help, I have a couple followup questions: 1) What should be the syntax of the /var/yp/servers file? 2) on clients: add + to end of filenames? (i.e. hosts+) or on the last line of the file itself? 3) also, for NFS (which is installed and working) how do I automount dirs at boot? Thanks again - once you respond I will let you know how it all works... Ian Field ifield@mstk.com -----Original Message----- From: Derek Laufenberg [mailto:laufen@wi.net] Sent: Monday, March 02, 1998 9:04 PM To: Ian Field; freebsd-questions@freebsd.org Subject: Re: NIS Implementation The NIS isn't trival, but there are a few things which must be done. On the server: 1) create a /var/yp/master.passwd with entries for each user 2) create /var/yp/servers with name of the server or servers (I dont think this should be blank) 3) create /var/yp/securenets file (optional but good idea) here is an example: #allow local address and all hosts on internal net 10.xxxx 127.0.0.1 255.255.255.255 10.0.0.0 255.0.0.0 4) do a 'make' in /var/yp 5) In /etc/rc.conf on server: nisdomainname="barnyard.foo" # Set to NIS domain if using NIS (or NO). ... # Network Information Services (NIS) options: ### nis_client_enable="YES" # We're an NIS client (or NO). nis_client_flags="" # Flags to ypbind (if enabled). nis_ypset_enable="" # Run ypset at boot time (or NO). nis_ypset_flags="" # Flags to ypset (if enabled). nis_server_enable="YES" # We're an NIS server (or NO). nis_server_flags="" # Flags to ypserv (if enabled). nis_ypxfrd_enable="NO" # Run rpc.ypxfrd at boot time (or NO). nis_ypxfrd_flags="" # Flags to rpc.ypxfrd (if enabled). nis_yppasswdd_enable="YES" # Run rpc.yppasswdd at boot time (or NO). nis_yppasswdd_flags="-s -f" # Flags to rpc.yppasswdd (if enabled). 6) Server should be up on with the next reboot. On the Client side: 1) add + to end of /etc/hosts - not sure if this is needed???Anyone??? 2) add +::: to end of /etc/group 3) vipw and add +::::::::: to end of password file 4) allow NIS and disable bind in /etc/host.conf The NIS server will do the DNS lookup for the client. 5) in etc/rc.conf on client: nisdomainname="barnyard.foo" # Set to NIS domain if using NIS (or NO). ... # Network Information Services (NIS) options: ### nis_client_enable="YES" # We're an NIS client (or NO). nis_client_flags="" # Flags to ypbind (if enabled). nis_ypset_enable="NO" # Run ypset at boot time (or NO). nis_ypset_flags="" # Flags to ypset (if enabled). nis_server_enable="NO" # We're an NIS server (or NO). nis_server_flags="" # Flags to ypserv (if enabled). nis_ypxfrd_enable="NO" # Run rpc.ypxfrd at boot time (or NO). nis_ypxfrd_flags="" # Flags to rpc.ypxfrd (if enabled). nis_yppasswdd_enable="NO" # Run rpc.yppasswdd at boot time (or NO). nis_yppasswdd_flags="" # Flags to rpc.yppasswdd (if enabled). You must also make sure the clients are using the same libcrypt files. Look in /usr/lib and make sure. I think the default is MD5, but if you want to allow Sun machines in your domain, then use DES. On each of the machine, I only have a few entries in the /etc/master.passwd file. Them being root and the NIS entry +::::::::. All the others are kept on the NIS server. This server also serves the NFS files systems for /home, /usr, and /spare. All accounts go on /home/user. THe /usr partition get mounted on all the clients and symlinks point to stuff like man pages and /usr/local stuff. This saves a lot of disk space. on the clients. Some erformance hits are taken, but maintance is much simpler. I think that covers everything. Try it and let us know. Derek Laufenberg To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message