Title: nos server setup
Subject: notes from setting a nis server
http://www.linux-nis.org/nis-howto/HOWTO/index.html
http://www.ibiblio.org/mdw/HOWTO/NIS-HOWTO/ypserv.html
http://www.freeos.com/articles/2843/
http://www.cuug.ab.ca/~leblancj/labs/nisplus.html

###??###1. Set root's path to indicate that nis comes before /usr/bin
###??### PATH=/usr/sbin:/usr/lib/nis:/usr/bin:/usr/ucb:/etc:
How NIS works
  NIS databases are in so-called DBM format

  Shared files can be directly converted to DBM format using
  ASCII-to- DBM translation software = "makedbm"

  Slave are notified of any change to the NIS maps, and synchronize  = "yppush" 
###??###
How NIS+ works
  Adds support for data encryption and authentication
  Each node in tree corresponds to one of 6 NIS+ object ix types:
  	1) directory	
	2) entry	
	3) group	
	4) link		
	5) table	
	6) private	
  Two special NIS+ directories: 
  	org_dir 	admin tables (passwd, hosts, or mail_aliases)
	groups_dir	group objects for access control.
  NIS+ domain is the collection of org_dir, groups_dir and their parent
directory.
###??###

The server setup is the same for both traditional NIS and NYS.
 ypbind, ypserv and yp-tools
2. For secure RPC, the portmapper needs the Time service.
  /etc/inetd.conf
	#
	# Time service is used for clock syncronization.
	#
	time    stream  tcp     nowait  root    internal
	time    dgram   udp     wait    root    internal
  /etc/init.d/inetd restart

3. New NIS versions use the file/etc/yp.conf to name the servers
   # suse wants you to set YP_SERVER="127.0.0.1" in /etc/rc.config
  /etc/yp.conf   
  ypserver 127.0.0.1
  ypserver 10.10.0.1
  ypserver 10.0.100.8
  ypserver 10.3.1.1

4. Set the set the domain name:
   /bin/domainname nis.stilen.com

1. start portmapper
	/etc/init.d/portmap start

3. Create the directory "/var/yp" if it does not exist.
4. Start up "/usr/sbin/ypbind"
5. Check if ypbind registered its service with portmapper.
 rpcinfo -p localhost
   program vers proto   port
    100000    2   tcp    111  portmapper
    100000    2   udp    111  portmapper
    100003    2   udp   2049  nfs
    100003    3   udp   2049  nfs
    100021    1   udp  33344  nlockmgr
    100021    3   udp  33344  nlockmgr
    100021    4   udp  33344  nlockmgr
    100024    1   udp    676  status
    100024    1   tcp    678  status
    100005    1   udp  33345  mountd
    100005    1   tcp  54129  mountd
    100005    2   udp  33345  mountd
    100005    2   tcp  54129  mountd
    100005    3   udp  33345  mountd
    100005    3   tcp  54129  mountd
    100004    2   udp    666  ypserv
    100004    1   udp    666  ypserv
    100004    2   tcp    669  ypserv
    100004    1   tcp    669  ypserv
    100007    2   udp    983  ypbind
    100007    1   udp    983  ypbind
    100007    2   tcp    986  ypbind
    100007    1   tcp    986  ypbind
    
   
rpcinfo -u localhost ypbind
  program 100007 version 1 ready and waiting
  program 100007 version 2 ready and waiting    

6. Add nis to the  /etc/host.conf 
	order hosts, bind, nis

7. Add to your /etc/passwd:
    +::::::
    +jstile:::::::
    +@sysadmins:::::::
    -ftp

8. Add to your /etc/yp.conf
	ypserver 127.0.0.1

9. Add to your /etc/nsswitch.conf
  #---------------------------------------
  passwd:     compat
  group:      compat
  # For libc5, you must use shadow: files nis
  shadow:     compat 

  # Note: passwd_compat, group_compat and shadow_compat are only supported by glibc 2.x
  passwd_compat: nis
  group_compat: nis
  shadow_compat: nis 
	
  hosts:      nis files dns services:   nis [NOTFOUND=return] files
  networks:   nis [NOTFOUND=return] files
  protocols:  nis [NOTFOUND=return] files
  rpc:        nis [NOTFOUND=return] files
  ethers:     nis [NOTFOUND=return] files
  netmasks:   nis [NOTFOUND=return] files
  netgroup:   nis
  bootparams: nis [NOTFOUND=return] files
  publickey:  nis [NOTFOUND=return] files
  automount:  files
  aliases:    nis [NOTFOUND=return] files
  #---------------------------------------
########################
### NIS+ Client config
########################
10. Initialize the client:
  domainname nisplus.domain.
  nisinit -c -H <NIS+ server>
11. Change your /etc/nsswitch.conf file. 
    Make sure that the only service after publickey is nisplus 
    ("publickey: nisplus"), and nothing else!
12. Start the keyserver by running:
   keylogin -r
13. "niscat passwd.org_dir" should now show you all entries in the passwd database
    
10. Add to your /etc/pam.d/login file looks like:
  #%PAM-1.0
  auth       required/lib/security/pam_securetty.so
  auth       required/lib/security/pam_unix.so
  auth       required/lib/security/pam_nologin.so
  account    required/lib/security/pam_unix.so
  password   required/lib/security/pam_unix.so
  session    required/lib/security/pam_unix.so

###########################################
# Configure the server: 
###########################################
1. ypserv --version
      ypserv (ypserv) 2.1

2. Modify the "all" rule in /var/yp/Makefile, to share what is needed
      all: passwd group rpc services netid auto.home mail   

3. Edit the Options at the beginning of /var/yp/Makefile

4. Edit the hosts listed in /var/yp/securenets 
  
  # Always allow access for localhost
  255.0.0.0	127.0.0.0
  # This line gives access to everybody. PLEASE ADJUST!
  0.0.0.0	        0.0.0.0
  #
  255.255.255.0	192.168.0.10
  255.255.255.0	192.168.0.11
  255.255.255.0	192.168.0.42

5. Edit the /etc/ypserv.conf
*			   : *       : shadow.byname    : port
*			   : *       : passwd.adjunct.byname : port

6. Specify the NIS server in /etc/yp.conf
  
6. Make sure port mapper is running
rpcinfo -u localhost ypserv

7. Display all the passwd stuff on the system.
ypcat passwd.byname

#########################################3
2. The NIS domain name parameter is set 
   - At startup, run `nisdomainname my.nis.domain.com
   - Equivalent commands are ypdomainname and domainname. 
   - Also set in /etc/sysconfig/network for RedHat
                /etc/rc.config, "YP_DOMAINNAME=" for SuSE.

3. Now generate the NIS (YP) database.
	On the master, run:	/usr/lib/yp/ypinit -m
	
	On the slave, run:	/usr/lib/yp/ypinit -s masterhost
	
4. Edit /var/yp/Makefile
  # If you have slaves, add their names to etc/ypservers, and
     NOPUSH=false
  
  # I'm also exporting /etc/services and /etc/hosts
  all: passwd group rpc services netid

5. cd /var/yp/ ; make 
   -or-
   /usr/lib/yp/ypinit -m
   
   # Ypinit will prompt for NIS Masters and Slave servers.
   # This list is written to /var/yp/ypservers, then `make` is run.
   # Ypinit re-creates the NIS database from scratch each time.

7. start portmapper
	/etc/init.d/portmap start

5. cd /var/yp/ ; make 
   You can also use the program ypinit.
   /usr/lib/yp/ypinit -m

9. check  
    rpcinfo -u localhost ypserv
     program 100004 version 1 ready and waiting
     program 100004 version 2 ready and waiting
    
    lsof -i tcp
     portmap   10348 root    4u  IPv4 24005845       TCP *:sunrpc (LISTEN)
     rpc.statd 12371 root    1u  IPv4 24206552       TCP *:ggf-ncp (LISTEN)
     rpc.mount 12383 root   13u  IPv4 24206850       TCP *:54129 (LISTEN)
     ypserv    15328 root    5u  IPv4 24321396       TCP *:meregister (LISTEN)
     ypbind    15645 root    7u  IPv4 24323837       TCP *:986 (LISTEN)
     ypbind    15646 root    7u  IPv4 24323837       TCP *:986 (LISTEN)
     ypbind    15647 root    7u  IPv4 24323837       TCP *:986 (LISTEN)
     ypbind    15648 root    7u  IPv4 24323837       TCP *:986 (LISTEN)  
 
7. start portmapper
8. start ypserver
9. check  
	rpcinfo -u localhost ypserv

  
# scan iptraf, mtr or hping2