- Changing Your NIS Domain Shell
- Configuring Your Machine to Be Part of the Department’s NIS Domain
- Exporting Your Home Directory to a Machine or a Group of Machines
- Setting Your NIS Password
- Controlling Login Access to Your Machine Using NIS
Changing Your NIS Domain Shell
To request a permanent shell change within the “mammoth” NIS domain, please contact Helpdesk. If your machine does not belong to the “mammoth” domain, please email root@yourmachine (e.g., root@argon, root@bsac) to request a shell change. If you are unsure about who to contact, Helpdesk will point you in the right direction.
You can change your shell for the current session by typing the name of the shell at the prompt.
Configuring Your Machine to be Part of the Department’s NIS Domain
CONFIGURING YOUR DESKTOP
The following changes must be made to your Unix/Linux machine for it to become part of the NIS domain. This instruction is written for FreeBSD 5.1 but should work for all other flavors of Linux and BSD. Please backup relevent files before you start work.
If the following configuration does not work for your distribution and you find a solution please email Helpdesk with pertinent information and we’ll post it.
- Submit a System Activation Request requesting a fixed IP and that SWW and your home directory be exported to your machine, or that your machine be added to the right netgroup.
- Log into your machine as root
- Depending on your OS, do the following:
- For FreeBSD Only: Add the following lines to /etc/rc.conf:
amd_enable=”YES” amd_flags=”-F /etc/amd.conf” #enable nfs client: nfs_client_enable=”YES” nfs_reserved_port_only=”YES” #enable nis client: nis_client_enable=”YES” nis_client_flags=”-S mammoth,cronus.CS.BERKELEY.EDU,rhea.CS.BERKELEY.EDU -m” nisdomainname=”mammoth” enable rpc_bind rpcbind_enable=”YES” ntpdate_enable=”YES” ntpdate_flags=”-b cronus.CS.BERKELEY.EDU”
- For Linux Only: Make sure ypbind daemon is installed
- For FreeBSD Only: Add the following lines to /etc/rc.conf:
- Make sure the hostname is correct (and is the same as the one submitted) by typing hostname in a terminal. If it is not correct, edit /etc/rc.conf and put
hostname=“machine.eecs.berkeley.edu”, replacing “machine” with your machine name.
- Add the proper NIS server lines to your /etc/yp.conf. To do so, you’ll need your IP address. Once you have it, find the 3rd octet from the left. For example, if your IP is 184.108.40.206 then the 3rd octet would be “35”. We’ll call this number ‘oct’. The proper NIS servers for your machine will be “cronus-<oct>” and “rhea-<oct>” with suffixes “cs.berkeley.edu” or “eecs.berkeley.edu” if your machine resides in Soda or Cory, respectively. Once you know the server-names, you can add the following lines to your/etc/yp.conf file:
domain mammoth server <rhea-server-name> domain mammoth server <cronus-server-name>
- Add the following line to /etc/sysconfig/network:
- Your /etc/nsswitch.conf should look something like this (you should read the man page for nsswitch.conf before making changes): passwd: compat shadow: compat group: files nis #hosts: db files nisplus nis dns hosts: dns files # Example – obey only what nisplus tells us… #services: nisplus [NOTFOUND=return] files #networks: nisplus [NOTFOUND=return] files #protocols: nisplus [NOTFOUND=return] files #rpc: nisplus [NOTFOUND=return] files #ethers: nisplus [NOTFOUND=return] files #netmasks: nisplus [NOTFOUND=return] files bootparams: nisplus [NOTFOUND=return] files ethers: files netmasks: files networks: files protocols: files rpc: files services: files netgroup: nis publickey: nisplus automount: nis files aliases: files nis
- Start up /sbin/portmap if it is not already running.
- Create the directory /var/yp if it does not exist.
- (Re)start /usr/sbin/ypbind
- Use the command rpcinfo -u localhost ypbind to check if ypbind was able to register its service with the portmapper.
- Add the following lines to /etc/amd.conf:
#Define an AMD Mount Point [ /home/cs ] map_name = amd.home.cs [ /home/eecs ] map_name = amd.home.eecs map_type = nis
CONFIGURING YOUR LAPTOP
Home and project directories can be mounted automatically by adding to /etc/fstab, but this can be problematic since a laptop will not always be on the network. Instead, a script can be created with the lines:
mount_smbfs -I home.eecs.berkeley.edu -W EECS //username@home/username /mnt/nfs_spaces/username mount_smbfs -I project.eecs.berkeley.edu -W EECS //username@project/pname /mnt/nfs_spaces/pname
Where username and pname should be replaced with your username and project-space name respectively. The password will be your Windows password. You need to make sure that the mount points are owned by yourself (not root) if you want to be able to write to them. SWW cannot be mounted, it is only NFS exported.
Exporting Your Home Directory to a Machine or Group of Machines
You can have your home directory exported to a machine or group of machines by emailing help@eecs with the name of the machine (or machines) and ask that your home directory be NFS exported to those machine(s).
Setting Your NIS Password
You can change your NIS password by either visiting Helpdesk with a valid picture ID or logging into passwd.eecs.berkeley.edu with ssh.
Controlling Login Access to Your Machine Using NIS
To log into a machine, the username must be in the password file (etc/passwd and sometimes also etc/shadow – both edited with vipw). For instance, on a machine that uses shadow, the password file would consist of:
If you want to open the computer to a netgroup (for example: manager-logins), you add (at the bottom because its searched top down) to the password file:
To let everyone on the network log into the machine, add:
And to deny everyone not specified in the password file (including netgroups), add at the very, very bottom:
For example, to deny alumni netgroup access you can add
+@alumni-l::0:0:::/usr/local/etc/nologin to your /etc/passwd file. You can add that shell to any netgroup to deny login access. Read the man page for passwd for more information.