Monday, July 13, 2009

How to Configure NIS Server (Network Information Services)

Network Information Services (NIS) enables you to create user accounts that can be shared across all systems on your network. The user account is created only on the NIS server. NIS clients download the necessary username and password data from the NIS server to verify each user login.

An advantage of NIS is that users need to change their passwords on the NIS server only, instead of every system on the network. This makes NIS popular in computer training labs, distributed software development projects or any other situation where groups of people have to share many different computers.

The disadvantages are that NIS doesn't encrypt the username and password information sent to the clients with each login and that all users have access to the encrypted passwords stored on the NIS server.

§ We need to have a main Linux server, having a large amount of disk space and will be used as both the NIS server and NFS-based file server.

§ Users logging into the PCs will be assigned home directories on server and not on the PCs themselves.

§ Each user's home directory will be automatically mounted with each user login on the PCs using NFS.

§ NIS RPMs need to be installed on the server and client as ypserve and yp-tools are on the server, and ypbind and yp-tools are on the client.

1. Configure Server as an NFS server to make its /home directory available to the Linux workstations.

2. Configure Client as an NFS client that can access Server's /home directory.

3. Configure Server as an NIS server.

4. Create a user account (nisuser) on Server that doesn't exist on Client. Convert the account to a NIS user account.

5. Configure Client as an NIS client.

6. Test a remote login from Server to Client using the username and password of the account nisuser.

Steps to configure the NFS server

1. Edit the /etc/exports file to allow NFS mounts of the /home directory with read/write access.

/home *(rw,sync)

2. NFS will read the /etc/exports file for the new entry, and make /home available to the network with the exportfs command.

#exportfs -a

3. Make sure the required nfs, nfslock, and portmap daemons are both running and configured to start after the next reboot.

# chkconfig nfslock on

# chkconfig nfs on

# chkconfig portmap on

# service portmap start

Starting portmapper: [ OK ]

# service nfslock start

Starting NFS statd: [ OK ]

# service nfs start

Starting NFS services: [ OK ]

Starting NFS quotas: [ OK ]

Starting NFS daemon: [ OK ]

Starting NFS mountd: [ OK ]

We have successfully configured our NFS Server.

We also need to configure the NFS clients to mount their /home directories on the NFS server.

1. Here we have to make sure the required netfs, nfslock, and portmap daemons are running and configured to start after the next reboot.

# chkconfig nfslock on

# chkconfig netfs on

# chkconfig portmap on

# service portmap start

Starting portmapper: [ OK ]

# service netfs start

Mounting other filesystems: [ OK ]

# service nfslock start

Starting NFS statd: [ OK ]

2. We can keep a copy of the old /home directory, and create a new directory /home on which we'll mount the NFS server's directory.

# mv /home /home.save

# mkdir /home

3. Here we have to make sure that we can mount Server's /home directory on the new /home directory we had just created. Unmount it once everything looks correct.

# mount *.*.*.*:/home /home/

# umount /home

4. Start configuring autofs automounting. Edit your /etc/auto.master file to refer to file /etc/auto.home for mounting information whenever the /home directory is accessed. After five minutes, autofs unmounts the directory.

#/etc/auto.master

/home /etc/auto.home --timeout 600

5. Edit file /etc/auto.home to do the NFS mount whenever the /home directory is accessed. If the line is too long to view on your screen, you can add a \ character at the end to continue on the next line.

#/etc/auto.home

* --fstype=nfs *.*.*.*:/home/&

6. Start autofs and make sure it starts after the next reboot with the chkconfig command.

# chkconfig autofs on

# service autofs restart

Stopping automount:[ OK ]

Starting automount:[ OK ]

All newly added Linux users will now be assigned a home directory under the new remote /home directory.

Configuration of The NIS Server

Install the NIS Server Packages

ypserve and yp-tools on the server

Edit Your /etc/sysconfig/network File

#/etc/sysconfig/network

NISDOMAIN="domainname"

Edit Your /etc/yp.conf File

NIS servers also have to be NIS clients themselves, so we'll have to edit the NIS client configuration file /etc/yp.conf to list the domain's NIS server as being the server itself or localhost.

# /etc/yp.conf - ypbind configuration file

ypserver 127.0.0.1

# service portmap start

Starting portmapper: [ OK ]

# service yppasswdd start

Starting YP passwd service: [ OK ]

# service ypserv start

Setting NIS domain name DOMAINNAME: [ OK ]

Starting YP server services: [ OK ]

# chkconfig portmap on

# chkconfig yppasswdd on

# chkconfig ypserv on

Required NIS Server Daemons

Portmap == The foundation RPC daemon upon which NIS runs.

Yppasswdd == Lets users change their passwords on the NIS server from NIS clients

Ypserv == Main NIS server daemon

Ypbind == Main NIS client daemon

For the portmap info.

# rpcinfo -p localhost

Initialize Your NIS Domain

# /usr/lib/yp/ypinit -m

Note: Be sure portmap is running before trying this step or you'll get errors, such as:

failed to send 'clear' to local ypserv: RPC: Port mapper failureUpdating group.bygid...

You will have to delete the /var/yp/DOMAINNAME directory and restart portmap, yppasswd, and ypserv before you'll be able to do this again successfully.

Start The ypbind and ypxfrd Daemons

# service ypbind start

Binding to the NIS domain: [ OK ]

Listening for an NIS domain server.

# service ypxfrd start

Starting YP map server: [ OK ]

# chkconfig ypbind on

# chkconfig ypxfrd on

Make Sure The Daemons Are Running

All the NIS daemons use RPC port mapping and, therefore, are listed using the rpcinfo command when they are running correctly.

# rpcinfo -p localhost

program vers proto port

100000 2 tcp 111 portmapper

100000 2 udp 111 portmapper

100003 2 udp 2049 nfs

100003 3 udp 2049 nfs

100021 1 udp 1024 nlockmgr

100021 3 udp 1024 nlockmgr

100021 4 udp 1024 nlockmgr

100004 2 udp 784 ypserv

100004 1 udp 784 ypserv

100004 2 tcp 787 ypserv

100004 1 tcp 787 ypserv

100009 1 udp 798 yppasswdd

600100069 1 udp 850 fypxfrd

600100069 1 tcp 852 fypxfrd

100007 2 udp 924 ypbind

100007 1 udp 924 ypbind

100007 2 tcp 927 ypbind

100007 1 tcp 927 ypbind

Add NIS User

# useradd -g users nisuser

# passwd nisuser

Changing password for user nisuser.

New password:

Retype new password:

passwd: all authentication tokens updated successfully.

# cd /var/yp

# make

gmake[1]: Entering directory `/var/yp/DOMAINNAME'

Updating passwd.byname...

Updating passwd.byuid...

Updating netid.byname...

gmake[1]: Leaving directory `/var/yp/DOMAINNAME'

Configuring The NIS Client

Run authconfig

The authconfig or the authconfig-tui program automatically configures your NIS files after prompting you for the IP address and domain of the NIS server.

# authconfig-tui

Once finished, it should create an /etc/yp.conf file that defines, amongst other things, the IP address of the NIS server for a particular domain. It also edits the /etc/sysconfig/network file to define the NIS domain to which the NIS client belongs.

# /etc/yp.conf - ypbind configuration file

domain DOMAINNAME server *.*.*.*

#/etc/sysconfig/network

NISDOMAIN=DOMAINNAME

Start The NIS Client Related Daemons

Start the ypbind NIS client, and portmap daemons in the /etc/init.d directory and use the chkconfig command to ensure they start after the next reboot.

# service portmap start

Starting portmapper: [ OK ]

# service ypbind start

Binding to the NIS domain:

Listening for an NIS domain server.

# chkconfig ypbind on

# chkconfig portmap on

Test Logins via The NIS Server

Logging In Via Telnet

Try logging into the NIS client via telnet if it is enabled

# telnet 192.168.1.2

Trying 192.168.1.2

Connected to 192.168.1.2.

Escape character is '^]'.

Red Hat Linux release 9 (Shrike)

Kernel 2.4.20-6 on an i686

login: nisuser

Password:

Last login: Sun Nov 16 22:03:51 from 192-168-1-100

[nisuser@Client nisuser]$

Logging In Via SSH

Try logging into the NIS client via SSH.

# ssh -l nisuser 192.168.1.102

nisuser@192.168.1.102's password:

[nisuser@Client nisuser]$