In a cluster where several machines have to be used by the same set of users and and information has to be retrained across the cluster, it is useful to have a central database that manages all the data. This can be accomplished under Linux by using the Network Information Services (NIS) which can serve the data.

We will assume that the NIS domain name (to be distinguished from the real domain name) is nis.domain. The server that will act as a NIS server will have the domain name central.nis.domain. The server is at 192.168.0.1 and the netmask for our subnet is 255.255.255.0.

One of the NIS participants will have to provide NIS information and for that purpose we set-up a NIS server and configure it.

The server setup involves just installing NIS and portmap:

aptitude install nis portmap

which will prompt at some point for a domain name. This domain can be anything and it certainly does not have to be the same as the domain name that is used by your cluster. For the rest of the tutorial we will assume that the provided domain name is nis.domain as stated in the assumptions section.

To configure the NIS server, edit /etc/defaults/nis and comment out:

0.0.0.0 0.0.0.0

adding instead:

255.255.255.0 192.168.0.0

which will only allow clients from our subnet to query the NIS server.

Next, we can enable shadow passwords by editing /var/yp/Makefile and adding shadow to the line starting with ALL:

ALL = passwd shadow group hosts rpc services netid protocols netgrp

Now we update the NIS database by issuing:

/usr/lib/yp/ypinit -m

and add our hostname central.server.domain when asked for a NIS server.

Now we can start the NIS server:

/etc/init.d/yp start

and change directory to /var/yp and execute:

make

in order to make the database - this will have to be redone once a new user is added to the server.

The client set-up is a little more tricky since it involves modify a bunch of files such that the system uses NIS as a fallback when it does not find the data locally.

First, install NIS and portmap on the clients as well:

aptitude install nis portmap

and enter the same domain-name that you used previously.

Now we should check whether NIS is set-up correctly on the client. In order to do this, edit /etc/yp.conf which is the configuration file that tells NIS where to look for information. It has the following format:

domain <NIS Domain Name> server <NIS Server>

Following the assumptions, this would look like:

domain nis.domain server central.nis.domain

Next, we configure /etc/nsswitch.conf in order to indicate to the system where it should look for information when the local information cannot be found:

passwd: compat nis
group: compat nis
shadow: compat nis
hosts: files dns nis

This file may change depending on your set-up but essentially nis should be appended to all of those lines.

In order to create a directory for an user logging-in with NIS, we edit /etc/pam.d/common-session and at the end we append the line:

session optional pam_mkhomedir.so skel=/etc/skel umask=077

Now the client can be rebooted and after a restart you will be able to log-in as an user created on the server on the client.

The following commands become interesting once the client has been properly set-up:

• ypcat - lists data from the NIS domain and can be used to query users, hostnames and groups. For example:
  • ypcat passwd - which will list the password file in the NIS domain.
  • ypcat hosts - which will list the hostnames in the NIS domain.
• yppasswd - which can be used on the client to change a user's password in the entire NIS domain.