NIS - Client and Server Configuration
Network Information Service (NIS) is the traditional directory service on *nix platforms. The
setup of NIS is relatively simple when compared to other directory services
like LDAP. NIS stores administrative files like /etc/passwd, /etc/hosts and so on in Berkeley DB files.
This data is made available over the network to all the clients that are
connected to the NIS domain.
Drawback : The network connection
is not encrypted and all transactions - including passwords - are sent in clear
text.
Configuring an NIS Server
•
Make sure the following packages are installed
in your machine:
ypserv : Contains the NIS server daemon
(ypserv)
and the NIS password daemon (yppasswdd).
portmap
: mandatory
The yppasswdd
daemon enables the NIS server to change the NIS database and password database
information, at the client's request. In order to change your NIS password, the
yppasswdd
daemon must be running on the master server. From the client, one must use yppasswd to update a password within
the NIS domain.
•
Insert the following line in the
/etc/sysconfig/network file:
NISDOMAIN=mynisdomain
•
Specify the networks you wish NIS to recognize
in /var/yp/securenets .
Eg:
# Permit access to localhost:
host 127.0.0.1
#Permit access to xyz.com network:
255.255.255.0 192.168.0.0
host 127.0.0.1
#Permit access to xyz.com network:
255.255.255.0 192.168.0.0
•
Insert the following lines in the /var/yp/Makefile :
NOPUSH=true
# Only if you have only a master NIS server else if you have even one slave
server, set it to false
MERGE_GROUP=false # If you have any group passwords in /etc/gshadow that need to be merged into the NIS group map, set it to true.
MERGE_PASSWD=false # Set to true if you want to merge encrypted passwords from /etc/shadow into the NIS passwd map.
MERGE_GROUP=false # If you have any group passwords in /etc/gshadow that need to be merged into the NIS group map, set it to true.
MERGE_PASSWD=false # Set to true if you want to merge encrypted passwords from /etc/shadow into the NIS passwd map.
Uncomment the following line :
all:
passwd group hosts netid ...
•
If you have slave NIS servers then enter their
names in /var/yp/ypservers .
•
Finally run the following command:
# /usr/lib/yp/ypinit -m
Configuring a slave NIS server
•
Install ypserv package on the slave server.
•
Make sure you have the name of the slave server
listed in /var/yp/ypservers
on the master server.
•
Now issue the command :
# /usr/lib/yp/ypinit -s masterserver
•
Make sure the NOPUSH value in the /var/yp/Makefile on the
master server is set to "false". Then when the master server's
databases are updated, a call to the yppush executable will be made. yppush is
responsible for transferring the updated contents from the master to the
slaves. Only transfers within the same domain are made with yppush.
•
Lastly start ypserv and yppasswdd daemons
# service ypserv start
# service yppasswdd start
# service yppasswdd start
Configuring an NIS client
•
Make sure the following packages are installed
on your machine:
ypbind - NIS client daemon
authconfig - used for automatic configuration of NIS client.
ypbind - NIS client daemon
authconfig - used for automatic configuration of NIS client.
yp-tools: Contains utilities like ypcat, yppasswd, ypwhich
and so on used for viewing and modifying the user account details within the
NIS server.
portmap (mandatory)
•
There are two methods to configure an NIS
client.
•
Method 1:
Manual method
•
Enter the following line in the /etc/sysconfig/network file:
NISDOMAIN=mynisdomain
•
Append the following line in /etc/yp.conf :
domain
mynisdomain server 192.168.0.1 # replace this with your NIS server address.
•
Make sure the following lines contain 'nis' as an option in the file /etc/nsswitch.conf file:
passwd: files nis
shadow: files nis
group: files nis
hosts: files nis dns
networks: files nis
protocols: files nis
publickey: nisplus
automount: files nis
netgroup: files nis
aliases: files nisplus
shadow: files nis
group: files nis
hosts: files nis dns
networks: files nis
protocols: files nis
publickey: nisplus
automount: files nis
netgroup: files nis
aliases: files nisplus
•
Finally restart ypbind and portmap.
•
Method 2: Run
authconfig and follow directions.
•
To check if you have succesfully configured NIS
client, execute the following :
# ypcat passwd
The output will be the contents of
the /etc/passwd
file residing on the NIS server having user IDs greater than or equal to 500.
2
NIS Server configuration
Sir i have
configured NIS server
pls check if i am wrong anywhere
NIS Server Configuration
Machine name: redtest.com , dnsname:test.com ip:192.168.20.1 user=soumalya
# nisdomainname test
# vi /etc/yp.conf
domain test server 192.168.20.1
# vi /etc/nssswitch.conf
passwd: files nis
shadow: files nis
group: files nis
# vi /etc/ypserv.conf
dns : no
*: shadow.byname : port
*asswd.adjunct.byname : port
*:*:*: none
# vi /var/yp/securenets (to create securenets file and edit)
255.255.255.255 127.0.0.0
255.255.255.0 192.168.20.0
# service portmap restart
# chkconfig protmap on
# rpcinfo -u localhost
# service ypserv restart
# chkconfig ypserv on
# rpcinfo -u redtest portmapper
# rpcinfo -u redtest ypserv
# /usr/lib/yp/ypinit -m
next host to add: redtest.test.com
next host to add: NIS Client name
next host to add: NIS Client ip
ctrl+D
is this correct? y
# service yppasswdd restart
# chkconfig yppasswdd on
# rpcinfo -u redtest yppasswdd
# vi /etc/sysconfig/network
NISDOMAIN=test
# cd /var/yp
# make
# service ypbind restart
# chkconfig ypbind on
#rpcinfo -u localhost ypbind
# vi /etc/exports (to share ditectory)
/home 192.168.20.0/24(rw,sync)
/home *(rw,sync)
# exportfs –a
# exportfs –v
# chkconfig nfslock on
# chkconfig nfs on
# service nfslock restart
# service nfs restart
# reboot
NIS Slave Server (server name : pinktest.com)
# vi /etc/hosts
192.168.20.3 pinktest.com (in master server)
# vi /etc/hosts
192.168.20.1 redtest.com (in slave server)
In slave server
# vi /etc/sysconfig/network
NISDOMAIN=test
# service portmap start
# service ypbind start
# service ypserv start
# service yppasswdd start
# service ypxfrd start
In Master Server
# service ypxfrd start
In slave server
# ypwhich –m
# usr/lib/yp/ypinitt –s 192.168.20.1
In Master Server
# vi /var/yp/ypservers
redtest
pinktest
#cp Makefile Makefile.old
# vi /var/yp/Makefile
NOPUSH=false
# make
In slave server
# vi /etc/exports (to share ditectory)
/home 192.168.20.0/24(rw,sync)
/home *(rw,sync)
# exportfs –a
# exportfs –v
# chkconfig nfslock on
# chkconfig nfs on
# service nfslock restart
# service nfs restart
# reboot
NIS CLIENT Configuration (ip:192.168.20.2)
# nisdomainname test
# ypserv 192.168.20.1
# vi /etc/yp.conf
domain test server 192.168.20.1
domain test server 192.168.20.2
# authconfig
select NIS
next
NIS Domain:test
NIS Server:192.168.20.1
# vi /etc/yp.conf
last line shows
domain test server redtest
# service ypbind restart
# chkconfig ypbind on
# service yppasswdd restart
# chkconfig yppasswd on
# service portmap restart
# chkconfig protmap on
# rpcinfo -u localhost
# service ypserv restart
# chkconfig ypserv on
# rpcinfo -u redtest ypbind
# ypcat passwd.byname
# vi /etc/host.conf
order hosts , nis , bind
# vi /etc/nssswitch.conf
passwd: files nis dns
shadow: files nis dns
group: files nis dns
hosts: files nis dns
# ypcat -x
# ypcat hosts
# chkconfig nfslock on (to mount server’s shared directory)
# service nfslock restart
# chkconfig netfs on
# service netfs restart
# chkconfig protmap on
# mount 192.168.20.1:/home /home
# mount 192.168.20.3:/home /home
# ls /home
# umount /home
# vi /etc/auto.master
/home /etc/auto.home (or auto.misc) –timeout=60
# vi /etc/auto.home (or auto.misc)
(Star sign) -fstype=nfs,soft 192.168.20.1:/home:&
(Star sign) -fstype=nfs,soft 192.168.20.1:/home:&
# chkconfig autofs restart
# service autofs restart
# showmount -e
pls check if i am wrong anywhere
NIS Server Configuration
Machine name: redtest.com , dnsname:test.com ip:192.168.20.1 user=soumalya
# nisdomainname test
# vi /etc/yp.conf
domain test server 192.168.20.1
# vi /etc/nssswitch.conf
passwd: files nis
shadow: files nis
group: files nis
# vi /etc/ypserv.conf
dns : no
*: shadow.byname : port
*asswd.adjunct.byname : port
*:*:*: none
# vi /var/yp/securenets (to create securenets file and edit)
255.255.255.255 127.0.0.0
255.255.255.0 192.168.20.0
# service portmap restart
# chkconfig protmap on
# rpcinfo -u localhost
# service ypserv restart
# chkconfig ypserv on
# rpcinfo -u redtest portmapper
# rpcinfo -u redtest ypserv
# /usr/lib/yp/ypinit -m
next host to add: redtest.test.com
next host to add: NIS Client name
next host to add: NIS Client ip
ctrl+D
is this correct? y
# service yppasswdd restart
# chkconfig yppasswdd on
# rpcinfo -u redtest yppasswdd
# vi /etc/sysconfig/network
NISDOMAIN=test
# cd /var/yp
# make
# service ypbind restart
# chkconfig ypbind on
#rpcinfo -u localhost ypbind
# vi /etc/exports (to share ditectory)
/home 192.168.20.0/24(rw,sync)
/home *(rw,sync)
# exportfs –a
# exportfs –v
# chkconfig nfslock on
# chkconfig nfs on
# service nfslock restart
# service nfs restart
# reboot
NIS Slave Server (server name : pinktest.com)
# vi /etc/hosts
192.168.20.3 pinktest.com (in master server)
# vi /etc/hosts
192.168.20.1 redtest.com (in slave server)
In slave server
# vi /etc/sysconfig/network
NISDOMAIN=test
# service portmap start
# service ypbind start
# service ypserv start
# service yppasswdd start
# service ypxfrd start
In Master Server
# service ypxfrd start
In slave server
# ypwhich –m
# usr/lib/yp/ypinitt –s 192.168.20.1
In Master Server
# vi /var/yp/ypservers
redtest
pinktest
#cp Makefile Makefile.old
# vi /var/yp/Makefile
NOPUSH=false
# make
In slave server
# vi /etc/exports (to share ditectory)
/home 192.168.20.0/24(rw,sync)
/home *(rw,sync)
# exportfs –a
# exportfs –v
# chkconfig nfslock on
# chkconfig nfs on
# service nfslock restart
# service nfs restart
# reboot
NIS CLIENT Configuration (ip:192.168.20.2)
# nisdomainname test
# ypserv 192.168.20.1
# vi /etc/yp.conf
domain test server 192.168.20.1
domain test server 192.168.20.2
# authconfig
select NIS
next
NIS Domain:test
NIS Server:192.168.20.1
# vi /etc/yp.conf
last line shows
domain test server redtest
# service ypbind restart
# chkconfig ypbind on
# service yppasswdd restart
# chkconfig yppasswd on
# service portmap restart
# chkconfig protmap on
# rpcinfo -u localhost
# service ypserv restart
# chkconfig ypserv on
# rpcinfo -u redtest ypbind
# ypcat passwd.byname
# vi /etc/host.conf
order hosts , nis , bind
# vi /etc/nssswitch.conf
passwd: files nis dns
shadow: files nis dns
group: files nis dns
hosts: files nis dns
# ypcat -x
# ypcat hosts
# chkconfig nfslock on (to mount server’s shared directory)
# service nfslock restart
# chkconfig netfs on
# service netfs restart
# chkconfig protmap on
# mount 192.168.20.1:/home /home
# mount 192.168.20.3:/home /home
# ls /home
# umount /home
# vi /etc/auto.master
/home /etc/auto.home (or auto.misc) –timeout=60
# vi /etc/auto.home (or auto.misc)
(Star sign) -fstype=nfs,soft 192.168.20.1:/home:&
(Star sign) -fstype=nfs,soft 192.168.20.1:/home:&
# chkconfig autofs restart
# service autofs restart
# showmount -e
No comments:
Post a Comment