HOW TO BUILD AND INSTALL: 1. Generate a Makefile: For a standard installation, run "BUILD" and go to 4. Or you could run configure configure accepts a lot of options. Try configure --help. Normally, you only need the following: --with-gdbm-dir=BASE-DIR : If your system do not have the GDBM library in /lib, /usr/lib or /usr/local/lib, and the header files in a usually place, you could tell the linker where to find the library and header files. On our Sun's, the libgdbm.a is installed under /usr/local/gnu/gdbm/[lib|include], so the option is: --with-gdbm-dir=/usr/local/gnu/gdbm --with-ndbm=[yes|no] : If you doesn't have the GDBM library installed, but has Solaris with ndbm support, use this option. PLEASE read the README file for more information and problems with this !! --enable-tcp-wrapper[=BASE-DIR] : By default, ypserv will look in the /var/yp/securenets file, if a host is allow to connect to the server. The tcp wrapper lib is much more flexible. With this option, you could enable it. The securenets file will not be used in this case. As optional argument you could give the path to the header file and library. For more information, look at the README.secure file. THIS OPTION WILL NOT BE SUPPORTED ANY LONGER FROM ME !! --enable-yppasswd : Compile and install the yppasswd client. By default, this program will be not installed. --enable-ypmake : ypmake is a perl script, which creates the maps faster for smaller sites. By default, it will not be installed. --enable-checkroot : Allow root to change NIS passwords with yppasswd for normal users. At first, the old password will be checked against the old user password, then against the root password. This is by default enabled. --enable-fqdn : With this option, all hostnames will be replaced with the result from gethostbyname (hostname) to get the canonified hostname. You need this for example, if your servers are in different DNS domains. The communication with between the NIS server will be a little bit slower. The communication with the clients is not affected from this. WARNING: gethostbyname must return the same result on every host, or it will NOT work. The best is, to put hosts: dns files into /etc/nsswitch.conf. 2. Edit the "Makefile" to suit your needs. 3. Type "make". 4. Type "make install" as root from the build directory. 5. Go in the etc subdirectory and edit the "ypserv.conf" and "securenets" file for your system and copy them to the correct places. If you use the tcp wrapper, you don't need "securenets". 6. If you use the tcp wrapper library, you must modify your /etc/hosts.allow and /etc/hosts.deny files. Else you should create the /var/yp/securenets file. If not, everybod on the world could connect to your server, if he knows the NIS domainname. DON'T USE THE setenv OPTION IN THIS CONFIGURATION FILES ! 7. Make sure your domainname is set ! /bin/domainname shouldn't return an empty string or "(none)". If, you have real problems or forget to set the domainname. After setting the domainname, make sure it will be set on the next boot again, and reboot ! 8. Possible modify /var/yp/Makefile to suit your setup. Remove/add all maps to the all: line, which should be build and distributed by your NIS server. 9. If you will use "ypmake", copy /var/yp/ypmake.conf.sample to /var/yp//ypmake.conf and modify it for your system. 10. If you only have one ypserv server in your domain, do: cd /var/yp; make or call ypmake This will create the maps. 11. If you have more then one ypserv server in your domain (you should have one for every subnet), run "/usr/lib/yp/ypinit -m" on the master host. ypinit will ask some Questions and create all neccessary maps. You must comment out the NOPUSH = "True" line in /var/yp/Makefile, or the master will never send updates to the slave server. On the slave server hosts, you only have to run "/usr/lib/yp/ypinit -s masterhost", this will get all the maps from the master ypserv. 12. If you have slave NIS server, you should start rpc.ypxfrd on the master host. You don't need rpc.ypxfrd on any slave server. You could start rpc.ypxfrd from a /etc/rc* script or by inetd. For the last, you have to add: * to /etc/rpc: fypxfrd 600100069 freebsd-ypxfrd * to /etc/inetd.conf: fypxfrd/1 dgram rpc/udp wait root /usr/sbin/rpc.ypxfrd rpc.ypxfrd fypxfrd/1 stream rpc/tcp nowait root /usr/sbin/rpc.ypxfrd rpc.ypxfrd Since this ypxfrd implementation uses the FreeBSD ypxfrd protocoll, you could not contact a Sun ypxfrd and you could not use the ypxfrd entrys from a Sun. ypxfrd needs a lot of time by starting from inetd, you should start it by a /etc/rc* script. 13. On bootup, start ypserv from a /etc/rc* script. If this server is a master or the only one, you have to start rpc.yppasswdd, too. 14. If your users are allowed to change the shell, add -e chsh to rpc.yppasswdd as parameter. For changing the GECOS field, add -e chfn. IMPORTANT NOTES: ================ Please note that the /var/yp/Makefile needs GNU Awk (or a compatible version like mawk, which should be faster) to work. If you will use the --dns flag, you need gethostbyname and gethostbyaddr functions, which querys directly the nameserver, and do not call the server `ypserv', which calls the functions, and you have a loop. Under Linux, ypserv uses the functions in dns_hosts.c by default, you have nothing to do. Under SunOS/Solaris, you could install and use the resolv+ library, which worked great for me. Thorsten Kukuk