≡ Menu

How to Setup and Configure YPServ Linux NIS Server and Client

NIS stands for Network Information Service.

NIS is also called as YP. YP stands for Yellow Pages.

NIS is a lookup service for set of databases. The databases in this cases can be a passwd file, group file, hosts file, etc. This is primarily used as a central repository to hold all username and passwords (i.e /etc/passwd), and different servers can authenticate against this server for the username and password.

This is very helpful for system administrators who has to manage several servers. Instead of creating useraccount for your users on each and every Linux servers, you can just create the account on one server that is configured to run NIS server. All other servers can be configured as NIS client, which will authenticate against this central NIS server repository.

This is a step-by-step tutorial that explains the installation and configuration of ypserv NIS server and client.

YPServ stands for Yellow Pages Server.

If an NIS server is already configured, and you are just trying to connect a Linux server to an existing NIS server, skip to the “Configre NIS Client” section below.

If you are installing and configuring both NIS server and client, start from the 1st step below.

NIS Server Configuration

1. Verify Portmap

Portmap server maps DARPA port to RPC program number. For a NIS client that makes RPC calls to talk to the NIS Server (which is a RPC server), portmapper should be running.

When the NIS server starts, it informs the portmapper on what port it is listening. When NIS client contacts a NIS server, it will first check with the portmapper and get the portnumber where the NIS servers is running, and will send the RPC calls to that port number.

On most Linux distributions, portmap will be running by default. Make sure it is running, and configured to be started when the system is rebooted.

# ps -ef | grep -i portmap
rpc       3624     1  0 Feb23 ?        00:00:00 portmap
root     16908  8658  0 10:35 pts/0    00:00:00 grep -i portmap

# chkconfig --list | grep portmap
portmap         0:off   1:off   2:off   3:on    4:on    5:on    6:off

2. Install YPServ

Install ypserv on your server using the typical installation methods for your respective Linux distro (for example: apt-get, or yum, or up2date, etc.).

If you like to install it from source, download the ypserv source.

On redhat system, identify the ypserv RPM from your installation CD and install it as shown below using rpm.

# rpm -ivh ypserv-2.19-5.el5.i386.rpm
Preparing...                ########################################### [100%]
   1:ypserv                 ########################################### [100%]

ypserv will be installed under /usr/sbin/ypserv

# whereis ypserv
ypserv: /usr/sbin/ypserv /etc/ypserv.conf /usr/share/man/man8/ypserv.8.gz

3. Start ypserv

Check to see whether the ypserv is registered with the portmap as shown below.

# rpcinfo -u localhost ypserv
rpcinfo: RPC: Program not registered
program 100004 is not available

The above output indicates either ypserv is not installed, or ypserv is installed but not started yet. The following quick check indicates that the ypserv is not started yet.

# chkconfig --list | grep yp
ypbind          0:off   1:off   2:off   3:off   4:off   5:off   6:off
yppasswdd       0:off   1:off   2:off   3:off   4:off   5:off   6:off
ypserv          0:off   1:off   2:off   3:off   4:off   5:off   6:off
ypxfrd          0:off   1:off   2:off   3:off   4:off   5:off   6:off

# service ypserv status
ypserv is stopped

Set the NISDOMAIN in the /etc/sysconfig/network file as shown below.

# vi /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=prod-db
GATEWAY=192.168.1.1
NISDOMAIN=thegeekstuff.com

Start the ypserv as shown below.

# service ypserv start
Setting NIS domain name thegeekstuff.com: [  OK  ]
Starting YP server services:              [  OK  ]

There are some NIS server configuration parameters set in the /etc/ypserv.conf file. But, you don’t need to modify the default values in this file.

4. Generate NIS Database

Once the ypserv is installed and started, it is time to generate the NIS database. All the NIS database are stored under /var/yp directory. Before you generate the database you will not see the directory for your domain name under the /var/yp.

# ls -l /var/yp
total 36
drwxr-xr-x 2 root root  4096 May 18  2010 binding
-rw-r--r-- 1 root root 16669 Oct 31  2008 Makefile
-rw-r--r-- 1 root root   185 Jun  6  2007 nicknames

Generate the NIS database using ypinit program as shown below. You just have to enter the hostname of your NIS server to generate the database.

# /usr/lib/yp/ypinit -m

Please continue to add the names for the other hosts, one 
per line.  When you are done with the list, type a .
        next host to add:  prod-db
        next host to add: 

The current list of NIS servers looks like this: prod-db

Is this correct?  [y/n: y]  y
We need a few minutes to build the databases...
Building /var/yp/thegeekstuff.com/ypservers...
Running /var/yp/Makefile...
gmake[1]: Entering directory `/var/yp/thegeekstuff.com'
Updating passwd.byname...
Updating passwd.byuid...
Updating group.byname...
Updating group.bygid...
Updating hosts.byname...
Updating hosts.byaddr...
...
gmake[1]: Leaving directory `/var/yp/thegeekstuff.com'

prod-db has been set up as a NIS master server.

Now you can run ypinit -s prod-db on all slave server.

After generating the database, you can see a new directory for your domain is created under /var/yp as shown below.

# ls -l /var/yp
total 44
drwxr-xr-x 2 root root  4096 Oct  8 10:59 thegeekstuff.com
drwxr-xr-x 2 root root  4096 May 18  2010 binding
-rw-r--r-- 1 root root 16669 Oct 31  2008 Makefile
-rw-r--r-- 1 root root   185 Jun  6  2007 nicknames
-rw-r--r-- 1 root root    10 Aug 31 10:58 ypservers

The /var/yp/ypservers will contain the name of your NIS server hostname.

# cat /var/yp/ypservers
prod-db

5. Verify the installation

Verify the NIS server installation by checking whether the passwd file can be accessed using the ypcat NIS client program.

# ypcat passwd
No such map passwd.byname. Reason: Can't bind to server which serves this domain

You might get the above error message because ypbind might not running on your system. Just start the ypbind and verify the configuration.

# service ypbind start

# ypcat passwd
ramesh:R7EFEGJ1mxRGwVLVC.:401:401::/home/ramesh:/bin/bash
john:QtlRW$Fx.uZvD:402:402::/home/john:/bin/bash

If you don’t like to display the encrypted passwd field in the ypcat passwd output, set the MERGE_PASSWD to false in the /var/yp/Makefile as shown below.

# vi /var/yp/Makefile
MERGE_PASSWD=false

After you do the above, the ypcat passwd command will just display a ‘x’ in the passwd file.

# ypcat passwd
ramesh:x:401:401::/home/ramesh:/bin/bash
john:x:402:402::/home/john:/bin/bash

Anytime you make a change (either updates to the Makefile, or changes to a database). For example, when you add a new user, or modify an existing user account, you should do the following. Without this, the changes will not be reflected to any of your NIS client.

# cd /var/yp
# make

I recommend that you add this to the root cron job on your NIS server to execute this every 15 minutes. This way, you don’t need to worry about running this manually anytime you make some changes to the NIS database.

NIS Client Configuration

The following steps needs to be executed on the NIS client. In the above example, we installed NIS server on a servername called prod-db. If you want another Linux server dev-db, to use the /etc/passwd file on the prod-db for authentication, you need to do the following steps on the dev-db server (NIS client).

6. Set the Domainname on Client

Verify the domainname is set properly on this server. If this doesn’t return the proper domainname. Execute ‘domainname {your-domain}’ to set the domainname on the server.

# domainname
thegeekstuff.com

domainname command will set the domainname temporarily. i.e if you reboot the system, the domainname will be gone. To make the domainname permanent, update the network file and set the NISDOMAIN parameter as shown below.

# cat /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=dev-db
GATEWAY=192.168.1.4
NISDOMAIN=thegeekstuff.com

7. Set the NIS Server Name on Client

Add the following line to the /etc/yp.conf file. This instructs the NIS client that the NIS server is prod-db. Instead of prod-db below, you can also give the ip-address of the prod-db server.

# vi /etc/yp.conf
domain thegeekstuff.com server prod-db

8. Start the ypbind on Client

ypbind is a NIS binding program. This searches for a NIS server for your NIS domain and maintains NIS binding information.

Make sure ypbind is up and running on the NIS client server. Most Linux distributions has ypbind installed already. If it is not running, start it.

# ps -ef | grep ypbind

# service ypbind start

Verify the NIS server installation by checking whether the passwd file can be accessed using the ypcat NIS client program.

# ypcat passwd
No such map passwd.byname. Reason: Can't bind to server which serves this domain

You might get the above error message because ypbind might not running on your system. Just start the ypbind and verify the configuration.

# service ypbind start

# ypcat passwd
ramesh:x.:401:401::/home/ramesh:/bin/bash
john:x:402:402::/home/john:/bin/bash
Add your comment

If you enjoyed this article, you might also like..

  1. 50 Linux Sysadmin Tutorials
  2. 50 Most Frequently Used Linux Commands (With Examples)
  3. Top 25 Best Linux Performance Monitoring and Debugging Tools
  4. Mommy, I found it! – 15 Practical Linux Find Command Examples
  5. Linux 101 Hacks 2nd Edition eBook Linux 101 Hacks Book

Bash 101 Hacks Book Sed and Awk 101 Hacks Book Nagios Core 3 Book Vim 101 Hacks Book

Comments on this entry are closed.

  • Medhat November 30, 2011, 1:17 pm

    Thanks for the nice brief. I must be missing something from it. Is the point that the NIS server will serve essentially the content of its own /etc/passwd and /etc/group to the network or does it have its own separate DB from the very server it is running on?
    Also, is the client strictly bound what is in the NIS or it is basically authenticating against the “union” of the LIS and what’s its own passwd and group? What if there is a conflict?
    Lastly, for the choice of domain (to avoid conflicts) NIS server, I hope does not attempt to take over DNS function on its own. Does it?

  • Soj November 30, 2011, 10:26 pm

    Great work. Perfectly documented. It would be great if you can jot down the steps to configure NIS+, LDAP and the differences between NIS, NIS+ and LDAP.
    You rock!!!

  • Soj December 4, 2011, 9:50 pm

    Also, is there any specific SELINUX rule to allow ypbind to start ?

    [root@lg ~]# ypcat passwd
    No such map passwd.byname. Reason: Can’t bind to server which serves this domain

    [root@lg yp]# service ypbind start
    Starting NIS service: [ OK ]
    Binding NIS service: ………………….. [FAILED]
    Shutting down NIS service: [ OK ]

    I have configured static IP and flushed off both iptables and ip6tables and default chain policy rule is to ACCEPT. So, there shouldn’t be any issues with iptables blocking ypbind to start..

    The log says:
    Dec 5 08:45:47 linuxgenius setsebool: The allow_ypbind policy boolean was changed to 1 by root
    Dec 5 08:45:47 linuxgenius dbus: [system] Reloaded configuration
    Dec 5 08:46:32 linuxgenius ypbind: NIS server for domain thegeekstuff.com is not responding.

    I think it’s the SELINUX policy issue.. Any idea?

  • Bala January 20, 2013, 9:06 pm

    Hi,

    Evan am getting the same error as Soj.

    [root@lg yp]# service ypbind start
    Starting NIS service: [ OK ]
    Binding NIS service: ………………….. [FAILED]
    Shutting down NIS service: [ OK ]

  • Heo January 29, 2013, 8:20 pm

    Hi Bala,

    You did this? -> /usr/lib/yp/ypinit -m
    ‘yp’ is in the lib???
    if no there, come on this way
    ———————————————————————————–
    [root@yiheo Desktop]# /usr/lib <-press the tab key
    lib/ lib64/ libexec/
    ———————————————————————————–
    other lib is lib64, maybe yp is in the lib64
    just my way

  • salman February 14, 2013, 8:25 pm

    hi everyone.
    i need help when i start ypcat passwd
    i got the same error as you mentioned above,
    and also when i run the
    service ypbind start on client side
    farword request to systemctl disable sssd.service
    this error occured
    plz help me
    i tried almost 20 times but failed
    try to run this command in different style

  • David Ramirez March 29, 2013, 10:16 am

    Hi,
    Great how-to, thanks. I have some 60+ machines under NIS/YP, all work fine – except the newest 8 ones, whose only difference is that they have the fastest processors in the group… On them I get consistently:

    do_ypcall: clnt_call: RPC: Timed out
    do_ypcall: clnt_call: RPC: Timed out
    do_ypcall: clnt_call: RPC: Timed out

    errors in the logs (Fedora 17/64).
    However, their users have apparently no problems – the can log in, work, access shares etc.

    This seems to be associated to querying the hosts map, which comes frequently. Changing the order in nsswitch.conf to look up our corporate DNS first caused problems everywhere. So I stepped back to NIS/YP and continue living with the problem.
    Any ideas / workarounds suggestions ? Thanks.

  • vijay December 30, 2013, 7:04 am

    Hello guys,

    Am trying to configure NIS server on my Centos-6.4 almost i got it, but when i start ypbind am getting an error as follows, Kindly guide me to sort it out.

    Starting NIS service: [ OK ]
    Binding NIS service: ………………….. [FAILED]
    Shutting down NIS service: [ OK ]

  • jagadeesh January 3, 2014, 5:05 am

    pls help founding error

    Starting NIS service: [ OK ]
    Binding NIS service: ………………….. [FAILED]
    Shutting down NIS service: [ OK ]

    help

  • typper January 14, 2014, 7:21 am

    hi.
    Binding NIS service: ………………….. [FAILED]

    in yp.conf put the line:
    ypserver 127.0.0.1

  • Phani February 7, 2014, 8:01 am

    Is there a way to integrate sudo access to that of netgroups used for NIS?
    If so how is it done?

  • Huy November 21, 2014, 4:36 am

    I have the problem when i installed Nis client, afer install nis client, when i restart ypbind by command : service ypbind restart, there is a errer: ypbindproc_domain domain not bound. And my machine not working after reboot.
    Please help me.
    Thank u very much.

  • sabari February 17, 2015, 7:22 am

    hi everyone,
    thanks for this blog
    I have error while doing this please help me.
    # ypcat passwd
    No such map passwd.byname. Reason: Internal NIS error.
    please help

  • TBuch February 18, 2015, 12:07 pm

    To fix the ypbind failure I had to add a ypserver line to /etc/yp.conf.
    E.g.
    ypserver blahblah.blah.com
    I believe this is because that verification step in the server setup is requiring that the server also act as a client.

    After I did that I got “No such map passwd.byname. Reason: Internal NIS error.” for ypcat. In order to fix I had to stop ypbind to restart it
    # service ypbind stop
    # service ypbing start

  • sabari February 23, 2015, 8:17 am

    thank you for your support
    now I am facing the another error in client side
    while doing yp bind this error is happening
    Binding NIS service: ………………….. [FAILED]
    please help me

  • Ben September 18, 2015, 3:40 pm

    i was able to fix ypbind not start by editing /etc/ypserv.conf
    dns: no
    files: 45
    * : * : passwd.byname : none
    * : * : passwd.byuid : none
    * : * : shadow.byname : none
    * : * : passwd.adjunct.byname : none

    and commenting everything else

  • Andrew Price January 20, 2016, 6:35 am

    Hi im following the instructions, they are great, but im still getting

    ypcat passwd
    No such map passwd.byname. Reason: No such map in server’s domain

    even after trying to update