Setting up a central Linux Authentication Server.

=== Setting up the Server ===
We will be using NIS. First make sure the ypserv rpm package is installed on the server.

{{{
rpm -q ypserv}}}
Edit /etc/sysconfig/network and add the following line

{{{
NISDOMAIN=creativenis}}}
where creativenis is what you want to call your NIS domain.  It is suggested that you do not use your DNS domain name here as it may allow hackers an easy domain to guess. There should be a file called /var/yp/Makefile.  Open up the file in your editor of choice and check the following lines:

{{{
MINUID=500
MINGID=500}}}
check your /etc/passwd file and find out at what UID your first user starts in.  This is'''VERY IMPORTANT'''. You will waste a lot of time and lose a lot of hair if you do not check this.  You will run into strange problems like "some users work fine, but some others are not being exported".  On systems that have been upgraded from previous Linux distributions, the normal user's UIDs start at 200.  Set this to a low enough value so that all your users are visible, but not too low as to export the superuser(s) as well. Next start up ypserv and make sure it starts on a reboot.

{{{
service ypserv start
chkconfig ypserv on}}}
That should be all you need for the server side.

=== Setting up the Client(s) ===
Recent fedora distributions make it easy to set up a client once your server is ready.  On firstboot (the little program that runs after you finish installing) you get to set up authentication.  There will be a GUI or TUI interface.  Just set under User Information to "Use NIS".  On the next screen, enter the domain "creativenis" (the same one you placed in /etc/sysconfig/network of the server), and your servers IP or hostname under Server. If you have already gone past firstboot, just run authconfig-tui or authconfig-gtk to re activate the wizard.  Then check and make sure ypbind is running and will be run when rebooted.

{{{
service ypbind start
chkconfig ypbind on}}}
If you did everything correctly you can run:

{{{
ypcat passwd}}}
This will list the "/etc/passwd" file that the server is sending to your client.  Check and make sure all the users you need are in there.  You will also probably need to NFS mount the home directories on your client machine as well.

=== Creating new user (email) accounts ===
Create users on the main server (sam).  For all your changes to propagate to the client machines run (on sam):

{{{
#cd /var/yp
#make}}}
This will regenerate index files for the authentication server.