====== NIS ======

===== server =====

add to rc.conf

<code>
nisdomainname="csna"
nis_server_enable="YES"
nis_yppasswdd_enable="YES"
nis_client_enable="YES"
nis_client_flags="-S csna,csna1"
</code>

start yp service
<code>
domainname csna
service ypserv start
</code>

init master
<code>
cp /etc/master.passwd /var/yp/master.passwd
cp /etc/group /var/yp/group
cd /var/yp
vi master.passwd # delete admin account
vi group # delete admin group
vi Makefile
# comment out this line: NOPUSH = "True"
make
ypinit -m
<code>
Server Type: MASTER Domain: csna

Creating an YP server will require that you answer a few questions.
Questions will all be asked at the beginning of the procedure.

Do you want this procedure to quit on non-fatal errors? [y/n: n]  n

Ok, please remember to go back and redo manually whatever fails.
If you don't, something might not work. 

Can we destroy the existing /var/yp/csna and its contents? [y/n: n]  y

At this point, we have to construct a list of this domains YP servers.
csna is already known as master server.
Please continue to add any slave servers, one per line. When you are
done with the list, type a <control D>.
	master server   :  csna
	next host to add:  ^D
The current list of NIS servers looks like this:

csna

Is this correct?  [y/n: y]  y
</code>

start yp password daemon
<code>
service yppasswdd start
</code>

===== client =====
add to rc.conf

<code>
nisdomainname="csna"
nis_client_enable="YES"
nis_client_flags="nis_yppasswdd_flags="-t /etc/master.passwd" -S csna,csna1"
</code>

<code>
domainname csna
service ypbind start
</code>

==== allow nis account to login to client ====

install mkhomedir pam
<code>
sudo pkg install pam_mkhomedir
</code>

add following to the session section of /etc/pam.d/system
<code>
session         required        /usr/local/lib/pam_mkhomedir.so
</code>

==== allow nis account to login to client ====

''vipw'' and add following line
<code>
+:*::::::::
</code>

''vi /etc/group'' and add following line
<code>
+:*::
</code>

or edit ''/etc/nsswitch.conf''
remove
<code>
group: compat
group_compat: nis
passwd: compat
passwd_compat: nis
</code>

add
<code>
group: files nis
passwd: files nis
</code>

===== debug =====
<code>
rpcinfo -p serverhost
ypwhich
ypcat -x
ypcat passwd
ps aux | grep yp # must have only one process for ypbind
</code>


**ref**

[[http://mail.lsps.tp.edu.tw/~gsyan/freebsd2001/pam_ldap.html]]