Verifying NIS configuration for servers and clients

If you are troubleshooting issues with the Centrify Network Information Service or NIS client look-ups, start by verifying whether the current environment is configured properly by doing the following:

  • Check the connectivity between the NIS client and the NIS server with a ping command. If the ping command fails, check the network connection and the DNS configuration for name resolution problems.
  • Verify that the nisd.securenets parameter allows responses to NIS clients on other computers. By default, the adnisd process responds only to local NIS requests.
  • Verify that the adnisd process is running, for example with the ps command. If adnisd is not running, restart it.
  • Verify that ypserv is not currently running. If ypserv is running, stop it, modify the system initialization files so ypserv does not start when the computer is rebooted, and restart adnisd.
  • Verify that adnisd has registered with RPC by running rpcinfo -p localhost on the adnisd server. You should see two entries in the RPC table for the ypserv program (100004):

       program vers proto   port
    ...
    100004 2 udp 844 ypserv
    100004 2 tcp 846 ypserv
    ...

    If no table is displayed, restart RPC services. If the ypserv process is not listed, restart adnisd.

  • Verify RPC connectivity from the NIS client:

    rpcinfo -p server

    You should see the same table and entries as when you listed RPC entries for the adnisd server. For example:

       program vers proto   port
    ...
    100004 2 udp 844 ypserv
    100004 2 tcp 846 ypserv
    ...

    If no table is displayed, check the access permissions to the RPC server. For example, on Linux, check /etc/hosts.allow and /etc/hosts.deny files.

  • Make sure the correct NIS domain name is configured on the NIS client. The NIS domain name is usually the same name as the name of the zone that the server is joined to. To set the domain name, log on as root run the following command:

    domainname zone_name

  • Verify that the ypbind process is running on the NIS client using the ps command. If ypbind is not listed as a running process, configure and start it.
  • Verify that ypbind on the NIS client has found the Centrify NIS server by running ypwhich on the NIS client machine.

    If the client is not bound to the correct server name, check the ypbind configuration files and start-up options.

    If you are transitioning from an existing NIS infrastructure to the Centrify Network Information Service, the most common reasons for errors are an incorrect domainname setting or an improper ypbind configuration. For example, if your existing NIS domain names do not match the zone name, some clients may fail because they use the old NIS domain name instead of the domain name you have set up for the Centrify Network Information Service domain.