Simplest Enterprise Continuous Integration Solutions

Saturday, February 26, 2011

Enterprise Linux - NIS Configuration

  • NIS Server
Make sure portmap, yppasswdd, ypserv, yp-tools, ypbind, ypxfrd are installed
[root@linux64-server ~]# yum install ypserv -y
[root@linux64-server ~]# cat /etc/sysconfig/network
NETWORKING=yes
NETWORKING_IPV6=no
HOSTNAME=linux64-server
DHCP_HOSTNAME=linux64-server
NISDOMAIN=MY-NIS-NETWORK
[root@linux64-server ~]# cat /etc/yp.conf
# /etc/yp.conf - ypbind configuration file
# Valid entries are
#
# domain NISDOMAIN server HOSTNAME
#       Use server HOSTNAME for the domain NISDOMAIN.
#
# domain NISDOMAIN broadcast
#       Use  broadcast  on  the local net for domain NISDOMAIN
#
# domain NISDOMAIN slp
#       Query local SLP server for ypserver supporting NISDOMAIN
#
# ypserver HOSTNAME
#       Use server HOSTNAME for the  local  domain.  The
#       IP-address of server must be listed in /etc/hosts.
#
# broadcast
#       If no server for the default domain is specified or
#       none of them is rechable, try a broadcast call to
#       find a server.
#
domain MY-NIS-NETWORK server 10.3.20.100
[root@linux64-server ~]# cat /etc/ypserv.conf
#
# ypserv.conf   In this file you can set certain options for the NIS server,
#               and you can deny or restrict access to certain maps based
#               on the originating host.
#
#               See ypserv.conf(5) for a description of the syntax.
#


# Some options for ypserv. This things are all not needed, if
# you have a Linux net.


# Should we do DNS lookups for hosts not found in the hosts table ?
# This option is ignored in the moment.
dns: no


# How many map file handles should be cached ?
files: 30


# Should we register ypserv with SLP ?
#slp: no
# After how many seconds we should re-register ypserv with SLP ?
#slp_timeout: 3600


# xfr requests are only allowed from ports < 1024
xfr_check_port: yes


# The following, when uncommented,  will give you shadow like passwords.
# Note that it will not work if you have slave NIS servers in your
# network that do not run the same server as you.


# Host                     : Domain  : Map              : Security
#
# *                        : *       : passwd.byname    : port
# *                        : *       : passwd.byuid     : port


# Not everybody should see the shadow passwords, not secure, since
# under MSDOG everbody is root and can access ports < 1024 !!!
*                          : *       : shadow.byname    : port
*                          : *       : passwd.adjunct.byname : port


# If you comment out the next rule, ypserv and rpc.ypxfrd will
# look for YP_SECURE and YP_AUTHDES in the maps. This will make
# the security check a little bit slower, but you only have to
# change the keys on the master server, not the configuration files
# on each NIS server.
# If you have maps with YP_SECURE or YP_AUTHDES, you should create
# a rule for them above, that's much faster.
# *                        : *       : *                : none
[root@linux64-server ~]# domainname MY-NIS-NETWORK
[root@linux64-server ~]# ypdomainname MY-NIS-NETWORK 
[root@linux64-server yp]# cat /var/yp/securenets
host 127.0.0.1
255.255.255.0   10.3.20.0
[root@linux64-server ~]# service portmap restart
Stopping portmap:                                          [  OK  ]
Starting portmap:                                          [  OK  ]
[root@linux64-server ~]# chkconfig portmap on
[root@linux64-server ~]# service ypserv restart
Stopping YP server services:                               [  OK  ]
Starting YP server services:                               [  OK  ] 
[root@linux64-server ~]# chkconfig ypserv on
[root@linux64-server ~]# rpcinfo -u localhost ypserv
program 100004 version 1 ready and waiting
program 100004 version 2 ready and waiting
[root@linux64-server ~]# /usr/lib64/yp/ypinit -m


At this point, we have to construct a list of the hosts which will run NIS
servers.  linux64-server is in the list of NIS server hosts.  Please continue to add
the names for the other hosts, one per line.  When you are done with the
list, type a .
        next host to add:  linux64-server
        next host to add:
The current list of NIS servers looks like this:


linux64-server


Is this correct?  [y/n: y]  y
We need a few minutes to build the databases...
Building /var/yp/MY-NIS-NETWORK/ypservers...
Running /var/yp/Makefile...
gmake[1]: Entering directory `/var/yp/MY-NIS-NETWORK'
Updating passwd.byname...
Updating passwd.byuid...
Updating group.byname...
Updating group.bygid...
Updating hosts.byname...
Updating hosts.byaddr...
Updating rpc.byname...
Updating rpc.bynumber...
Updating services.byname...
Updating services.byservicename...
Updating netid.byname...
Updating protocols.bynumber...
Updating protocols.byname...
Updating mail.aliases...
gmake[1]: Leaving directory `/var/yp/MY-NIS-NETWORK'


linux64-server has been set up as a NIS master server.


Now you can run ypinit -s linux64-server on all slave server.
[root@linux64-server ~]# service ypbind start
Binding to the NIS domain:                                 [  OK  ]
Listening for an NIS domain server.
[root@linux64-server ~]# chkconfig ypbind on on[root@linux64-server ~]# service yppasswdd start
Starting YP passwd service:                                [  OK  ]
[root@linux64-server ~]# chkconfig yppasswdd on on[root@linux64-server ~]# service ypxfrd start
Starting YP map server:                                    [  OK  ]
[root@linux64-server ~]# chkconfig ypxfrd on
  • NIS user
[root@linux64-server ~]# useradd -g users nisuser
[root@linux64-server ~]# passwd nisuser
Changing password for user nisuser.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
[root@linux64-server ~]# cd /var/yp
[root@bigboy yp]# make
gmake[1]: Entering directory `/var/yp/MY-NIS-NETWORK'
Updating passwd.byname...
Updating passwd.byuid...
Updating netid.byname...
gmake[1]: Leaving directory `/var/yp/MY-NIS-NETWORK'
  • NIS Client
Make sure portmap, yppasswdd, yp-tools are installed
[root@linux64-client1 ~]# cat /etc/sysconfig/network
NETWORKING=yes
NETWORKING_IPV6=no
HOSTNAME=linux64-client1
DHCP_HOSTNAME=linux64-client1
NISDOMAIN=MY-NIS-NETWORK
[root@linux64-client1 ~]# cat /etc/yp.conf
# /etc/yp.conf - ypbind configuration file
# Valid entries are
#
# domain NISDOMAIN server HOSTNAME
#       Use server HOSTNAME for the domain NISDOMAIN.
#
# domain NISDOMAIN broadcast
#       Use  broadcast  on  the local net for domain NISDOMAIN
#
# domain NISDOMAIN slp
#       Query local SLP server for ypserver supporting NISDOMAIN
#
# ypserver HOSTNAME
#       Use server HOSTNAME for the  local  domain.  The
#       IP-address of server must be listed in /etc/hosts.
#
# broadcast
#       If no server for the default domain is specified or
#       none of them is rechable, try a broadcast call to
#       find a server.
#
domain MY-NIS-NETWORK server 10.3.20.100
[root@linux64-client1 ~]# cat /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1               localhost.localdomain localhost
::1             localhost6.localdomain6 localhost6
10.3.20.100     linux64-server
[root@linux64-client1 ~]# domainname MY-NIS-NETWORK
[root@linux64-client1 ~]# ypdomainname MY-NIS-NETWORK 
[root@linux64-client1 ~]# cat /etc/nsswitch.conf
#
# /etc/nsswitch.conf
#
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
#
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
#
# Legal entries are:
#
#       nisplus or nis+         Use NIS+ (NIS version 3)
#       nis or yp               Use NIS (NIS version 2), also called YP
#       dns                     Use DNS (Domain Name Service)
#       files                   Use the local files
#       db                      Use the local database (.db) files
#       compat                  Use NIS on compat mode
#       hesiod                  Use Hesiod for user lookups
#       [NOTFOUND=return]       Stop searching if not found so far
#


# To use db, put the "db" in front of "files" for entries you want to be
# looked up first in the databases
#
# Example:
#passwd:    db files nisplus nis
#shadow:    db files nisplus nis
#group:     db files nisplus nis



passwd:     files       nis
shadow:     files       nis
group:      files       nis


#hosts:     db files nisplus nis dns
hosts:      files dns


# Example - obey only what nisplus tells us...
#services:   nisplus [NOTFOUND=return] files
#networks:   nisplus [NOTFOUND=return] files
#protocols:  nisplus [NOTFOUND=return] files
#rpc:        nisplus [NOTFOUND=return] files
#ethers:     nisplus [NOTFOUND=return] files
#netmasks:   nisplus [NOTFOUND=return] files


bootparams: nisplus [NOTFOUND=return] files


ethers:     files
netmasks:   files
networks:   files
protocols:  files
rpc:        files
services:   files


netgroup:   nisplus


publickey:  nisplus


automount:  files nisplus
aliases:    files nisplus
[root@linux64-client1 ~]# service portmap start
Starting portmap:                                          [  OK  ]
[root@linux64-client1 ~]# chkconfig portmap on
[root@linux64-client1 ~]# service ypbind start
Binding to the NIS domain:                                 [  OK  ]
Listening for an NIS domain server.
[root@linux64-client1 ~]# chkconfig ypbind on
[root@linux64-client1 ~]# rpcinfo -u localhost ypbind
program 100007 version 1 ready and waiting
program 100007 version 2 ready and waiting
[root@linux64-client1 ~]# ypcat passwd

nisuser:$1$/iEACA7I$S.nInc1zfDgZk9wh0NgvN/:502:100::/home/nisuser:/bin/bash

No comments:

Post a Comment