When doing ypmatch nisuser passwd, I got the error: "can't match key nisuser in map passwd.byuid. Reason: Internal NIS error.".
This was caused by my /var/yp/securenets setting. I had forgotten to allow to the NIS host itself to query the database. Doh! Check the Unix Manual Page for securenets and look closely at the specification of netmask. It says that the mask may also be the string 'host' to allow a specific host access! All I needed to do was add "host 127.0.0.1" and it worked!