Linux NIS – How to Replace an NIS Master Server

linuxnis

I need to take down my current NIS master server because it is running on RHEL 4 which is too old for the auditors to approve now.

I think I need to copy some files off the master over to a slave server and run make?

I know there are files listed in the makefile but which ones are necessary for this and which ones should be left alone?

The slave server is running Ubuntu 12.04.

Best Answer

Let's assume that the domain configuration is under /var/yp/<domainname>;
Let's assume the NIS server configuration is under /var/yp;
Let's assume you have some NIS related configuration files under /etc/ as well. Those could be /etc/yp.conf, /etc/ypserv.conf, /etc/ypserv.securenets and possible others (their filenames usually begin with yp....

What you need to do in order to move your NIS to the new server:

Copy all of these files from the old server to the new one. Make sure they are not existent there beforehand or if they are - take backups before overwriting them!
Decide if the new server will have the same hostname and IP address as the original master.
If the name is the same you would skip the clients reconfiguration, otherwise it will be necessary to point to the right server (host or IP). I would rather reconfigure the clients
Copy the passwords, groups, shadow files from the old server to the new one
Once you have all files on the new server, run make -C /var/yp
You may need to stop the NIS service on the old server, as the domains are to be the same and can't have two master servers. If no errors - continue with following steps. Otherwise - well ... troubleshoot.
Run ypwhich on the new server and verify it returns its own hostname
Run ypcat passwd | grep <username>, ypcat group | grep <groupname>
Verify this works as expected;
Stop the NIS service on the old server, if not done earlier
Reconfigure all NIS clients
Change their /etc/yp.conf to point to the respective server:
echo -e "ypserver new_NIS_server" >> /etc/yp.conf.
(alternatively this is where you would give the new machine the old one's IP/Hostname).

Good luck!

Related Solutions

Linux – Password rules for yppasswd

Unfortunately (short of recompiling yppasswd and hard coding in your requirements), this cannot be accomplished as stated. I would submit that the yppasswd daemon should be disabled and no calls to yppasswd should be made. A much better approach is to configure your pam stack to handle native calls to passwd and push them through the appropriate authentication channels. Alternatively you can globally alias yppasswd to passwd -r nis (man password for individual arguments).

That'd be where I would start.

NIS/ypserv – Identify Connecting Clients

Funnily enough, I was doing that just this morning, to verify that people were talking to my new NIS server.

Firstly, find the port that ypserv is on with

oldserver> rpcinfo -p|grep ypserv
    100004    2   udp    844  ypserv
    100004    1   udp    844  ypserv
    100004    2   tcp    847  ypserv
    100004    1   tcp    847  ypserv

Then, you can use tcpdump to look for traffic:

oldserver> sudo tcpdump -n -n port 847 or port 844
[...]
15:09:18.714526 IP 192.168.20.102.707 > 192.168.1.87.844: UDP, length 56
15:09:18.714679 IP 192.168.1.87.844 > 192.168.20.102.707: UDP, length 28
15:09:20.717203 IP 192.168.1.105.900 > 192.168.1.87.844: UDP, length 56
15:09:20.717296 IP 192.168.1.87.844 > 192.168.1.105.900: UDP, length 28
15:09:21.326160 IP 192.168.1.39.719 > 192.168.1.87.844: UDP, length 56
15:09:21.326225 IP 192.168.1.87.844 > 192.168.1.39.719: UDP, length 28

As you can see, my server (192.168.1.87) is definitely getting traffic. If you don't see anything after a half-hour or so, you're not getting anything.

Best Answer

Related Solutions

Linux – Password rules for yppasswd

NIS/ypserv – Identify Connecting Clients

Related Topic