Network Information Services (NIS) enables you to create user accounts that can be shared across all systems on your network. The user account is created only on the NIS server. NIS clients download the necessary username and password data from the NIS server to verify each user login.
An advantage of NIS is that users need to change their passwords on the NIS server only, instead of every system on the network. This makes NIS popular in computer training labs, distributed software development projects or any other situation where groups of people have to share many different computers.
The disadvantages are that NIS doesn't encrypt the username and password information sent to the clients with each login and that all users have access to the encrypted passwords stored on the NIS server
An advantage of NIS is that users need to change their passwords on the NIS server only, instead of every system on the network. This makes NIS popular in computer training labs, distributed software development projects or any other situation where groups of people have to share many different computers.
The disadvantages are that NIS doesn't encrypt the username and password information sent to the clients with each login and that all users have access to the encrypted passwords stored on the NIS server
To Configure the NIS Server make sure you have the tools
yum -y install ypserv
Edit Your /etc/sysconfig/network File
You need to add the NIS domain you wish to use in the /etc/sysconfig/network file.
#/etc/sysconfig/network
NISDOMAIN= "pankajpal.test.com"
yum -y install ypserv
Edit Your /etc/sysconfig/network File
You need to add the NIS domain you wish to use in the /etc/sysconfig/network file.
#/etc/sysconfig/network
NISDOMAIN= "pankajpal.test.com"
Edit Your /etc/yp.conf File
NIS servers also have to be NIS clients themselves, so you'll have to edit the NIS client configuration file /etc/yp.conf to list the domain's NIS server as being the server itself or localhost.
# /etc/yp.conf - ypbind configuration file
ypserver 127.0.0.1
NIS servers also have to be NIS clients themselves, so you'll have to edit the NIS client configuration file /etc/yp.conf to list the domain's NIS server as being the server itself or localhost.
# /etc/yp.conf - ypbind configuration file
ypserver 127.0.0.1
Configure the NIS make script to use the correct maps
Edit /var/yp/Makefile
MERGE_PASSWD=false
MERGE_GROUP=false
all: passwd shadow group hosts rpc services netid protocols mail
Configure what machines can talk to the NIS server
Edit /var/yp/securenets
host 127.0.0.1
host 128.173.236.229
255.255.0.0 172.16.0.0
Start the services NIS uses and make them start at boot
/etc/rc.d/init.d/portmap start
/etc/rc.d/init.d/ypserv start
/etc/rc.d/init.d/yppasswdd start
chkconfig portmap on
chkconfig ypserv on
chkconfig yppasswdd on
Initialize the NIS database
When it asks about adding more NIS servers just use ctl-D
/usr/lib/yp/ypinit
Every time you add a new user you need to update the NIS database with this:
make -C /var/yp
Edit /var/yp/Makefile
MERGE_PASSWD=false
MERGE_GROUP=false
all: passwd shadow group hosts rpc services netid protocols mail
Configure what machines can talk to the NIS server
Edit /var/yp/securenets
host 127.0.0.1
host 128.173.236.229
255.255.0.0 172.16.0.0
Start the services NIS uses and make them start at boot
/etc/rc.d/init.d/portmap start
/etc/rc.d/init.d/ypserv start
/etc/rc.d/init.d/yppasswdd start
chkconfig portmap on
chkconfig ypserv on
chkconfig yppasswdd on
Initialize the NIS database
When it asks about adding more NIS servers just use ctl-D
/usr/lib/yp/ypinit
Every time you add a new user you need to update the NIS database with this:
make -C /var/yp
Configuring NIS SLAVE server:
Install the ypserv, portmapper and dependancy packages. And set the NISDOMAINNAME same as in the server. In this example. As follows.
[root@pankaj-sec ~]# pankajpal.test.com
Create entries for name resolutions of server and other hosts in /etc/hosts. Its better you copy the /etc/hosts of server and make proper edits in it. [root@pankaj-sec ~]# scp 192.168.0.23:/etc/hosts /etc/hosts
[root@pankaj-sec ~]# yum install yp*
[root@pankaj-sec ~]# service ypserv start
Install the ypserv, portmapper and dependancy packages. And set the NISDOMAINNAME same as in the server. In this example. As follows.
[root@pankaj-sec ~]# pankajpal.test.com
Create entries for name resolutions of server and other hosts in /etc/hosts. Its better you copy the /etc/hosts of server and make proper edits in it. [root@pankaj-sec ~]# scp 192.168.0.23:/etc/hosts /etc/hosts
[root@pankaj-sec ~]# yum install yp*
[root@pankaj-sec ~]# service ypserv start
[root@pankaj-sec ~]#
chkconfig ypserv on
Execute the following command in order to get the NIS maps from the server to the slave.
[root@pankaj-sec ~]# /usr/lib/yp/ypinit -s pankaj-test
Where pankaj-test is the hostname of server and it should be resolved in /etc/hosts. And dont forget to update the server's /etc/hosts file with slave's information.
If the following command executed well, you will get output as follows.
We will need a few minutes to copy the data from pankaj-test .
Transferring hosts.byaddr...
Trying ypxfrd ... success
Transferring netid.byname...
Trying ypxfrd ... success
Transferring group.byname...
Trying ypxfrd ... success
[..output truncated..]
Transferring services.byservicename...
Trying ypxfrd ... success
nisclnt.lap.com's NIS data base has been set up.
If there were warnings, please figure out what went wrong, and fix it.
At this point, make sure that /etc/passwd and /etc/group have
been edited so that when the NIS is activated, the data bases you
have just created will be used, instead of the /etc ASCII files.
Start the yppasswd service.
[root@pankaj-sec ~]# service yppasswdd start
Starting YP passwd service: [ OK ]
[root@pankaj-sec ~]# chkconfig yppasswdd on
You might want to edit root's crontab *on the slave* server and add the following lines:
20 * * * * /usr/lib/yp/ypxfr_1perhour
40 6 * * * /usr/lib/yp/ypxfr_1perday
55 6,18 * * * /usr/lib/yp/ypxfr_2perday
This will ensure that most NIS maps are kept up-to-date, even if an update is missed because the slave was down at the time the update was done on the master.
On the master server, add the new slave server name to /var/yp/ypservers and run make in /var/yp to update the map .
Execute the following command in order to get the NIS maps from the server to the slave.
[root@pankaj-sec ~]# /usr/lib/yp/ypinit -s pankaj-test
Where pankaj-test is the hostname of server and it should be resolved in /etc/hosts. And dont forget to update the server's /etc/hosts file with slave's information.
If the following command executed well, you will get output as follows.
We will need a few minutes to copy the data from pankaj-test .
Transferring hosts.byaddr...
Trying ypxfrd ... success
Transferring netid.byname...
Trying ypxfrd ... success
Transferring group.byname...
Trying ypxfrd ... success
[..output truncated..]
Transferring services.byservicename...
Trying ypxfrd ... success
nisclnt.lap.com's NIS data base has been set up.
If there were warnings, please figure out what went wrong, and fix it.
At this point, make sure that /etc/passwd and /etc/group have
been edited so that when the NIS is activated, the data bases you
have just created will be used, instead of the /etc ASCII files.
Start the yppasswd service.
[root@pankaj-sec ~]# service yppasswdd start
Starting YP passwd service: [ OK ]
[root@pankaj-sec ~]# chkconfig yppasswdd on
You might want to edit root's crontab *on the slave* server and add the following lines:
20 * * * * /usr/lib/yp/ypxfr_1perhour
40 6 * * * /usr/lib/yp/ypxfr_1perday
55 6,18 * * * /usr/lib/yp/ypxfr_2perday
This will ensure that most NIS maps are kept up-to-date, even if an update is missed because the slave was down at the time the update was done on the master.
On the master server, add the new slave server name to /var/yp/ypservers and run make in /var/yp to update the map .
Configuring The NIS Client
Now that the NIS server is configured, it's time to configure the NIS clients.
Now that the NIS server is configured, it's time to configure the NIS clients.
Run authconfig
The authconfig or the authconfig-tui program automatically configures your NIS files after prompting you for the IP address and domain of the NIS server.
root@pankaj-test:~# authconfig-tui
Once finished, it should create an /etc/yp.conf file that defines, amongst other things, the IP address of the NIS server for a particular domain. It also edits the /etc/sysconfig/network file to define the NIS domain to which the NIS client belongs.
# /etc/yp.conf - ypbind configuration file
domain pankajpal.test.com server 192.168.1.100
#/etc/sysconfig/network
NISDOMAIN= pankajpal.test.com
In addition, the authconfig program updates the /etc/nsswitch.conf file that lists the order in which certain data sources should be searched for name lookups, such as those in DNS, LDAP, and NIS. Here you can see where NIS entries were added for the important login files.
#/etc/nsswitch.conf
passwd: files nis
shadow: files nis
group: files nis
Start the ypbind NIS client, and portmap daemons in the /etc/init.d directory and use the chkconfig command to ensure they start after the next reboot. Remember to use the rpcinfo command to ensure they are running correctly.
root@pankaj-test:~# service portmap start
Starting portmapper: [ OK ]
root@pankaj-test:~# service ypbind start
Binding to the NIS domain:
Listening for an NIS domain server. root@pankaj-test:~# chkconfig ypbind on
[root@smallfry tmp]# chkconfig portmap on
Note: Remember to use the rpcinfo -p localhost command to make sure they all started correctly.
Verify Name Resolution
You can run the ypcat, ypmatch, and getent commands to make sure communication to the server is correct.
root@pankaj-test:~# ypcat passwd
nisuser:$1$Cs2GMe6r$1hohkyG7ALrDLjH1:505:100::/home/nisuser:/bin/bash
quotauser:!!:503:100::/home/quotauser:/bin/bashroot@pankaj-test:~# ypmatch nisuser passwd
nisuser:$1$d6E2i79Q$wp3Eo0Qw9nFD/:504:100::/home/nisuser:/bin/bash
root@pankaj-test:~# getent passwd nisuser
nisuser:$1$d6E2i79Q$wp3Eo0Qw9nFD/:504:100::/home/nisuser:/bin/bash
Try logging into the NIS client via telnet if it is enabled
[root@bigboy tmp]# telnet 192.168.1.201
Trying 192.168.1.201...
Connected to 192.168.1.201.
Escape character is '^]'.
Red Hat Linux release 9 (Shrike)
Kernel 2.4.20-6 on an i686
login: nisuser
Password:
Last login: Sun Nov 16 22:03:51 from 192-168-1-100.
The authconfig or the authconfig-tui program automatically configures your NIS files after prompting you for the IP address and domain of the NIS server.
root@pankaj-test:~# authconfig-tui
Once finished, it should create an /etc/yp.conf file that defines, amongst other things, the IP address of the NIS server for a particular domain. It also edits the /etc/sysconfig/network file to define the NIS domain to which the NIS client belongs.
# /etc/yp.conf - ypbind configuration file
domain pankajpal.test.com server 192.168.1.100
#/etc/sysconfig/network
NISDOMAIN= pankajpal.test.com
In addition, the authconfig program updates the /etc/nsswitch.conf file that lists the order in which certain data sources should be searched for name lookups, such as those in DNS, LDAP, and NIS. Here you can see where NIS entries were added for the important login files.
#/etc/nsswitch.conf
passwd: files nis
shadow: files nis
group: files nis
Start the ypbind NIS client, and portmap daemons in the /etc/init.d directory and use the chkconfig command to ensure they start after the next reboot. Remember to use the rpcinfo command to ensure they are running correctly.
root@pankaj-test:~# service portmap start
Starting portmapper: [ OK ]
root@pankaj-test:~# service ypbind start
Binding to the NIS domain:
Listening for an NIS domain server. root@pankaj-test:~# chkconfig ypbind on
[root@smallfry tmp]# chkconfig portmap on
Note: Remember to use the rpcinfo -p localhost command to make sure they all started correctly.
Verify Name Resolution
You can run the ypcat, ypmatch, and getent commands to make sure communication to the server is correct.
root@pankaj-test:~# ypcat passwd
nisuser:$1$Cs2GMe6r$1hohkyG7ALrDLjH1:505:100::/home/nisuser:/bin/bash
quotauser:!!:503:100::/home/quotauser:/bin/bashroot@pankaj-test:~# ypmatch nisuser passwd
nisuser:$1$d6E2i79Q$wp3Eo0Qw9nFD/:504:100::/home/nisuser:/bin/bash
root@pankaj-test:~# getent passwd nisuser
nisuser:$1$d6E2i79Q$wp3Eo0Qw9nFD/:504:100::/home/nisuser:/bin/bash
Try logging into the NIS client via telnet if it is enabled
[root@bigboy tmp]# telnet 192.168.1.201
Trying 192.168.1.201...
Connected to 192.168.1.201.
Escape character is '^]'.
Red Hat Linux release 9 (Shrike)
Kernel 2.4.20-6 on an i686
login: nisuser
Password:
Last login: Sun Nov 16 22:03:51 from 192-168-1-100.
DISCLAIMER: The
information provided on this website comes without warranty of any kind and is
distributed AS IS. Every effort has been made to provide the information as
accurate as possible, but no warranty or fitness is implied. The information
may be incomplete, may contain errors or may have become out of date. The use
of this information described herein is your responsibility, and to use it in
your own environments do so at your own risk.
Copyright
© 2012 LINUXHOWTO.IN
No comments:
Post a Comment