I was having an issue with existing local user accounts on my NIS test server. As indicated in /etc/nssswitch.conf, local files override NIS settings. So starting with a clean system - as far as user accounts go - is a great idea.
However, I was also using the local system group wheel for daily management purposes. So it goes without saying that I was confused as to why my own account did not get wheel permissions on my test server. Doing an "id myuserid" on the NIS server showed
uid=500(myuserid) gid=100(users) groups=10(wheel),100(users), while the same command on my NIS test server showed
uid=500(myuserid) gid=100(users) groups=100(users). What gives?
Well, there is a file called /var/yp/Makefile that lists which UIDs and GIDs will be transmitted i.e. synced over NIS. Default is 500. So any user account and group below that will not get replicated. *sigh* I did read that while installing but forget when testing. An old Pipermail archive pointed the way...
I now have a local group called 'sysop' with gid 600 (groupadd -g 600 sysop) for all management purposes and uids start at 500 anyway. Case closed.