Network Information Services (NIS) enables you to create user accounts that can be shared across all systems on your network. The user account is created only on the NIS server. NIS clients download the necessary username and password data from the NIS server to verify each user login.
An advantage of NIS is that users need to change their passwords on the NIS server only, instead of every system on the network. This makes NIS popular in computer training labs, distributed software development projects or any other situation where groups of people have to share many different computers.
The disadvantages are that NIS doesn't encrypt the username and password information sent to the clients with each login and that all users have access to the encrypted passwords stored on the NIS server.
§ We need to have a main Linux server, having a large amount of disk space and will be used as both the NIS server and NFS-based file server.
§ Users logging into the PCs will be assigned home directories on server and not on the PCs themselves.
§ Each user's home directory will be automatically mounted with each user login on the PCs using NFS.
§ NIS RPMs need to be installed on the server and client as ypserve and yp-tools are on the server, and ypbind and yp-tools are on the client.
1. Configure Server as an NFS server to make its /home directory available to the Linux workstations.
2. Configure Client as an NFS client that can access Server's /home directory.
3. Configure Server as an NIS server.
4. Create a user account (nisuser) on Server that doesn't exist on Client. Convert the account to a NIS user account.
5. Configure Client as an NIS client.
6. Test a remote login from Server to Client using the username and password of the account nisuser.
Steps to configure the NFS server
1. Edit the /etc/exports file to allow NFS mounts of the /home directory with read/write access.
/home *(rw,sync)
2. NFS will read the /etc/exports file for the new entry, and make /home available to the network with the exportfs command.
#exportfs -a
3. Make sure the required nfs, nfslock, and portmap daemons are both running and configured to start after the next reboot.
# chkconfig nfslock on
# chkconfig nfs on
# chkconfig portmap on
# service portmap start
Starting portmapper: [ OK ]
# service nfslock start
Starting NFS statd: [ OK ]
# service nfs start
Starting NFS services: [ OK ]
Starting NFS quotas: [ OK ]
Starting NFS daemon: [ OK ]
Starting NFS mountd: [ OK ]
We have successfully configured our NFS Server.
We also need to configure the NFS clients to mount their /home directories on the NFS server.
1. Here we have to make sure the required netfs, nfslock, and portmap daemons are running and configured to start after the next reboot.
# chkconfig nfslock on
# chkconfig netfs on
# chkconfig portmap on
# service portmap start
Starting portmapper: [ OK ]
# service netfs start
Mounting other filesystems: [ OK ]
# service nfslock start
Starting NFS statd: [ OK ]
2. We can keep a copy of the old /home directory, and create a new directory /home on which we'll mount the NFS server's directory.
# mv /home /home.save
# mkdir /home
3. Here we have to make sure that we can mount Server's /home directory on the new /home directory we had just created. Unmount it once everything looks correct.
# mount *.*.*.*:/home /home/
# umount /home
4. Start configuring autofs automounting. Edit your /etc/auto.master file to refer to file /etc/auto.home for mounting information whenever the /home directory is accessed. After five minutes, autofs unmounts the directory.
#/etc/auto.master
/home /etc/auto.home --timeout 600
5. Edit file /etc/auto.home to do the NFS mount whenever the /home directory is accessed. If the line is too long to view on your screen, you can add a \ character at the end to continue on the next line.
#/etc/auto.home
* --fstype=nfs *.*.*.*:/home/&
6. Start autofs and make sure it starts after the next reboot with the chkconfig command.
# chkconfig autofs on
# service autofs restart
Stopping automount:[ OK ]
Starting automount:[ OK ]
All newly added Linux users will now be assigned a home directory under the new remote /home directory.
Configuration of The NIS Server
Install the NIS Server Packages
Edit Your /etc/sysconfig/network File
#/etc/sysconfig/network
NISDOMAIN="domainname"
NIS servers also have to be NIS clients themselves, so we'll have to edit the NIS client configuration file /etc/yp.conf to list the domain's NIS server as being the server itself or localhost.
# /etc/yp.conf - ypbind configuration file
ypserver 127.0.0.1
Starting portmapper: [ OK ]
# service yppasswdd start
Starting YP passwd service: [ OK ]
# service ypserv start
Setting NIS domain name DOMAINNAME: [ OK ]
Starting YP server services: [ OK ]
# chkconfig portmap on
# chkconfig yppasswdd on
# chkconfig ypserv on
Required NIS Server Daemons
Portmap == The foundation RPC daemon upon which NIS runs.
Yppasswdd == Lets users change their passwords on the NIS server from NIS clients
Ypserv == Main NIS server daemon
Ypbind == Main NIS client daemon
For the portmap info.
# rpcinfo -p localhost
# /usr/lib/yp/ypinit -m
Note: Be sure portmap is running before trying this step or you'll get errors, such as:
failed to send 'clear' to local ypserv: RPC: Port mapper failureUpdating group.bygid...
You will have to delete the /var/yp/DOMAINNAME directory and restart portmap, yppasswd, and ypserv before you'll be able to do this again successfully.
Start The ypbind and ypxfrd Daemons
# service ypbind start
Binding to the NIS domain: [ OK ]
Listening for an NIS domain server.
# service ypxfrd start
Starting YP map server: [ OK ]
# chkconfig ypbind on
# chkconfig ypxfrd on
Make Sure The Daemons Are Running
All the NIS daemons use RPC port mapping and, therefore, are listed using the rpcinfo command when they are running correctly.
# rpcinfo -p localhost
program vers proto port
100000 2 tcp 111 portmapper
100000 2 udp 111 portmapper
100003 2 udp 2049 nfs
100003 3 udp 2049 nfs
100021 1 udp 1024 nlockmgr
100021 3 udp 1024 nlockmgr
100021 4 udp 1024 nlockmgr
100004 2 udp 784 ypserv
100004 1 udp 784 ypserv
100004 2 tcp 787 ypserv
100004 1 tcp 787 ypserv
100009 1 udp 798 yppasswdd
600100069 1 udp 850 fypxfrd
600100069 1 tcp 852 fypxfrd
100007 2 udp 924 ypbind
100007 1 udp 924 ypbind
100007 2 tcp 927 ypbind
100007 1 tcp 927 ypbind
Add NIS User
# useradd -g users nisuser
# passwd nisuser
Changing password for user nisuser.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
# cd /var/yp
# make
gmake[1]: Entering directory `/var/yp/DOMAINNAME'
Updating passwd.byname...
Updating passwd.byuid...
Updating netid.byname...
gmake[1]: Leaving directory `/var/yp/DOMAINNAME'
The authconfig
or the authconfig-tui
program automatically configures your NIS files after prompting you for the IP address and domain of the NIS server.
# authconfig-tui
Once finished, it should create an /etc/yp.conf file that defines, amongst other things, the IP address of the NIS server for a particular domain. It also edits the /etc/sysconfig/network file to define the NIS domain to which the NIS client belongs.
# /etc/yp.conf - ypbind configuration file
domain DOMAINNAME server *.*.*.*
#/etc/sysconfig/network
NISDOMAIN=DOMAINNAME
Start The NIS Client Related Daemons
Start the ypbind NIS client, and portmap daemons in the /etc/init.d directory and use the chkconfig command to ensure they start after the next reboot.
# service portmap start
Starting portmapper: [ OK ]
# service ypbind start
Binding to the NIS domain:
Listening for an NIS domain server.
# chkconfig ypbind on
# chkconfig portmap on
Test Logins via The NIS Server
Logging In Via Telnet
Try logging into the NIS client via telnet if it is enabled
# telnet 192.168.1.2
Trying 192.168.1.2
Connected to 192.168.1.2.
Escape character is '^]'.
Red Hat Linux release 9 (Shrike)
Kernel 2.4.20-6 on an i686
login: nisuser
Password:
Last login: Sun Nov 16 22:03:51 from 192-168-1-100
[nisuser@Client nisuser]$
Logging In Via SSH
Try logging into the NIS client via SSH.
# ssh -l nisuser 192.168.1.102
nisuser@192.168.1.102's password:
[nisuser@Client nisuser]$
No comments:
Post a Comment