Tuesday, May 15, 2012

HowTo Configure NIS Server / Slave and Client on Centos

Network Information Services (NIS) enables you to create user accounts that can be shared across all systems on your network. The user account is created only on the NIS server. NIS clients download the necessary username and password data from the NIS server to verify each user login.

An advantage of NIS is that users need to change their passwords on the NIS server only, instead of every system on the network. This makes NIS popular in computer training labs, distributed software development projects or any other situation where groups of people have to share many different computers.

The disadvantages are that NIS doesn't encrypt the username and password information sent to the clients with each login and that all users have access to the encrypted passwords stored on the NIS server

To Configure the NIS Server make sure you have the tools
yum -y install ypserv

Edit Your /etc/sysconfig/network File
You need to add the NIS domain you wish to use in the /etc/sysconfig/network file. 
NISDOMAIN= "pankajpal.test.com"

Edit Your /etc/yp.conf File
NIS servers also have to be NIS clients themselves, so you'll have to edit the NIS client configuration file /etc/yp.conf to list the domain's NIS server as being the server itself or localhost. 
# /etc/yp.conf - ypbind configuration file

Configure the NIS make script to use the correct maps
Edit /var/yp/Makefile
all: passwd shadow group hosts rpc services netid protocols mail

Configure what machines can talk to the NIS server
Edit /var/yp/securenets

Start the services NIS uses and make them start at boot
/etc/rc.d/init.d/portmap start
/etc/rc.d/init.d/ypserv start
/etc/rc.d/init.d/yppasswdd start
chkconfig portmap on
chkconfig ypserv on
chkconfig yppasswdd on

Initialize the NIS database
When it asks about adding more NIS servers just use ctl-D

Every time you add a new user you need to update the NIS database with this:
make -C /var/yp

Configuring NIS SLAVE server:

Install the ypserv, portmapper and dependancy packages. And set the NISDOMAINNAME same as in the server. In this example. As follows.

[root@pankaj-sec ~]# 

Create entries for name resolutions of server and other hosts in /etc/hosts. Its better you copy the /etc/hosts of server and make proper edits in it.
[root@pankaj-sec ~]# scp /etc/hosts

[root@pankaj-sec ~]# yum install yp*
[root@pankaj-sec ~]# service ypserv start
[root@pankaj-sec ~]# chkconfig ypserv on

Execute the following command in order to get the NIS maps from the server to the slave.

[root@pankaj-sec ~]# /usr/lib/yp/ypinit -s pankaj-test
pankaj-test is the hostname of server and it should be resolved in /etc/hosts. And dont forget to update the server's /etc/hosts file with slave's information.

If the following command executed well, you will get output as follows.

We will need a few minutes to copy the data from
pankaj-test .
Transferring hosts.byaddr...
Trying ypxfrd ... success

Transferring netid.byname...
Trying ypxfrd ... success

Transferring group.byname...
Trying ypxfrd ... success

[..output truncated..]

Transferring services.byservicename...
Trying ypxfrd ... success

nisclnt.lap.com's NIS data base has been set up.
If there were warnings, please figure out what went wrong, and fix it.

At this point, make sure that /etc/passwd and /etc/group have
been edited so that when the NIS is activated, the data bases you
have just created will be used, instead of the /etc ASCII files.

Start the yppasswd service.

[root@pankaj-sec ~]# service yppasswdd start
Starting YP passwd service: [ OK ]
[root@pankaj-sec ~]# chkconfig yppasswdd on

You might want to edit root's crontab *on the slave* server and add the following lines:
20 * * * * /usr/lib/yp/ypxfr_1perhour
40 6 * * * /usr/lib/yp/ypxfr_1perday
55 6,18 * * * /usr/lib/yp/ypxfr_2perday

This will ensure that most NIS maps are kept up-to-date, even if an update is missed because the slave was down at the time the update was done on the master.

On the master server, add the new slave server name to /var/yp/ypservers and run make in /var/yp to update the map .

Configuring The NIS Client

Now that the NIS server is configured, it's time to configure the NIS clients. 
Run authconfig

The authconfig or the authconfig-tui program automatically configures your NIS files after prompting you for the IP address and domain of the NIS server.
root@pankaj-test:~# authconfig-tui

Once finished, it should create an /etc/yp.conf file that defines, amongst other things, the IP address of the NIS server for a particular domain. It also edits the /etc/sysconfig/network file to define the NIS domain to which the NIS client belongs.
# /etc/yp.conf - ypbind configuration file
pankajpal.test.com server


In addition, the authconfig program updates the /etc/nsswitch.conf file that lists the order in which certain data sources should be searched for name lookups, such as those in DNS, LDAP, and NIS. Here you can see where NIS entries were added for the important login files.
passwd: files nis
shadow: files nis
group: files nis

Start the ypbind NIS client, and portmap daemons in the /etc/init.d directory and use the chkconfig command to ensure they start after the next reboot. Remember to use the rpcinfo command to ensure they are running correctly.
root@pankaj-test:~# service portmap start
Starting portmapper: [ OK ]
root@pankaj-test:~# service ypbind start
Binding to the NIS domain:
Listening for an NIS domain server.
root@pankaj-test:~# chkconfig ypbind on
[root@smallfry tmp]# chkconfig portmap on

Note: Remember to use the rpcinfo -p localhost command to make sure they all started correctly.
Verify Name Resolution

You can run the ypcat, ypmatch, and getent commands to make sure communication to the server is correct.
root@pankaj-test:~# ypcat passwd
root@pankaj-test:~# ypmatch nisuser passwd

root@pankaj-test:~# getent passwd nisuser

Try logging into the NIS client via telnet if it is enabled
[root@bigboy tmp]# telnet
Connected to
Escape character is '^]'.
Red Hat Linux release 9 (Shrike)
Kernel 2.4.20-6 on an i686
login: nisuser
Last login: Sun Nov 16 22:03:51 from 192-168-1-100.

DISCLAIMER: The information provided on this website comes without warranty of any kind and is distributed AS IS. Every effort has been made to provide the information as accurate as possible, but no warranty or fitness is implied. The information may be incomplete, may contain errors or may have become out of date. The use of this information described herein is your responsibility, and to use it in your own environments do so at your own risk.

Copyright © 2012 LINUXHOWTO.IN

No comments:

Post a Comment