Monday 21 September 2015

NIS Server Configuration in Linux


NIS Server Configuration in Linux:-

NIS {Network Information System} is a central server to manage users password authentication, host, services, etc..User Authentication & Login information are stored in NIS Server, RPC Means Remote Procedure Call, It is (RPC)-based client/server system that allows a group of machines within an NIS domain to share a common set of configuration files like /etc/passwd, /etc/shadow, /etc/groups, /etc/hosts, /etc/services, /etc/networks, /etc/rpc, /etc/protocols, /etc/aliases etc...
Difference between NIS and LDAP
As you know LDAP has overtaken NIS as the preferred central authentication server technology as it has cross platform support and greater client web and desktop application support

configuration of NIS server:

[root@nisserver ~]# yum -y install ypserv rpcbind
Loaded plugins: product-id, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
Setting up Install Process
Package rpcbind-0.2.0-11.el6.x86_64 already installed and latest version
Resolving Dependencies
--> Running transaction check
---> Package ypserv.x86_64 0:2.19-26.el6_4.2 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

=============================================================================================================================
Package Arch Version Repository Size
=============================================================================================================================
Installing:
ypserv x86_64 2.19-26.el6_4.2 dvd 130 k

Transaction Summary
=============================================================================================================================
Install 1 Package(s)

Total download size: 130 k
Installed size: 318 k
Downloading Packages:
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : ypserv-2.19-26.el6_4.2.x86_64 1/1
Verifying : ypserv-2.19-26.el6_4.2.x86_64 1/1

Installed:
ypserv.x86_64 0:2.19-26.el6_4.2

Complete!

[root@nisserver ~]# ypdomainname example.com
[root@nisserver ~]# vim /etc/sysconfig/network
[root@nisserver ~]# cat /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=nisserver.example.com
NISDOMAIN=example.com
[root@nisserver ~]# vim /var/yp/Makefile
# Should we merge the passwd file with the shadow file ?
# MERGE_PASSWD=true|false
#MERGE_PASSWD=true
MERGE_PASSWD=false

# Should we merge the group file with the gshadow file ?
# MERGE_GROUP=true|false
#MERGE_GROUP=true
MERGE_GROUP=false



all: passwd shadow group hosts rpc services netid protocols mail \
# netgrp shadow publickey networks ethers bootparams printcap \
# amd.home auto.master auto.home auto.local passwd.adjunct \
# timezone locale netmasks

[root@nisserver ~]# vim /var/yp/securenets
255.0.0.0 127.0.0.0
255.255.0.0 172.66.0.0

[root@nisserver ~]# /etc/rc.d/init.d/rpcbind restart
Stopping rpcbind: [ OK ]
Starting rpcbind: [ OK ]
[root@nisserver ~]# /etc/rc.d/init.d/ypserv start
Starting YP server services: [ OK ]
[root@nisserver ~]# /etc/rc.d/init.d/ypxfrd start
Starting YP map server: [ OK ]
[root@nisserver ~]# /etc/rc.d/init.d/yppasswdd start
Starting YP passwd service: [ OK ]
[root@nisserver ~]# chkconfig rpcbind on
[root@nisserver ~]# chkconfig ypserv on
[root@nisserver ~]# chkconfig ypxfrd on
[root@nisserver ~]# chkconfig yppasswdd on
Create new directory:-
[root@nisserver ~]# mkdir /nishome
Create new user & set password
[root@nisserver ~]# useradd -d /nishome/apple apple
[root@nisserver ~]# passwd --stdin apple
Changing password for user apple.
apple$1200
passwd: all authentication tokens updated successfully.
[root@nisserver ~]# chmod 777 /nishome/
[root@nisserver ~]# cd /var/yp/
Whenever you want add new users, you have to update NIS database for that please run the below command make
[root@nisserver yp]# make
gmake[1]: Entering directory `/var/yp/example.com'
Updating passwd.byname...
Updating passwd.byuid...
Updating shadow.byname...
Updating group.byname...
Updating group.bygid...
Updating netid.byname...
gmake[1]: Leaving directory `/var/yp/example.com'
[root@nisserver yp]# /usr/lib64/yp/ypinit -m

At this point, we have to construct a list of the hosts which will run NIS
servers. nisserver.example.com is in the list of NIS server hosts. Please continue to add
the names for the other hosts, one per line. When you are done with the
list, type a <control D>.
next host to add: nisserver.example.com
next host to add: nisclient.example.com
next host to add:
The current list of NIS servers looks like this:

nisserver.example.com
nisclient.example.com

Is this correct? [y/n: y] Y
We need a few minutes to build the databases...
Building /var/yp/example.com/ypservers...
Running /var/yp/Makefile...
gmake[1]: Entering directory `/var/yp/example.com'
Updating passwd.byname...
Updating passwd.byuid...
Updating shadow.byname...
Updating group.byname...
Updating group.bygid...
Updating hosts.byname...
Updating hosts.byaddr...
Updating rpc.byname...
Updating rpc.bynumber...
Updating services.byname...
Updating services.byservicename...
Updating netid.byname...
Updating protocols.bynumber...
Updating protocols.byname...
Updating mail.aliases...
gmake[1]: Leaving directory `/var/yp/example.com'

nisserver.example.com has been set up as a NIS master server.

Now you can run ypinit -s nisserver.example.com on all slave server Once again restart the services
[root@nisserver ~]# service rpcbind restart
[root@nisserver ~]# service ypserv restart
[root@nisserver ~]# service ypxfrd restart
[root@nisserver ~]# service yppasswdd restart
NIS Client Configuration:

[root@nisclient ~]# yum -y install ypbind rpcbind
Loaded plugins: product-id, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
Setting up Install Process
Package rpcbind-0.2.0-11.el6.x86_64 already installed and latest version
Resolving Dependencies
--> Running transaction check
---> Package ypbind.x86_64 3:1.20.4-30.el6 will be installed
--> Processing Dependency: yp-tools for package: 3:ypbind-1.20.4-30.el6.x86_64
--> Running transaction check
---> Package yp-tools.x86_64 0:2.9-12.el6 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

=============================================================================================================================
Package Arch Version Repository Size
=============================================================================================================================
Installing:
ypbind x86_64 3:1.20.4-30.el6 dvd 52 k
Installing for dependencies:
yp-tools x86_64 2.9-12.el6 dvd 65 k

Transaction Summary
=============================================================================================================================
Install 2 Package(s)

Total download size: 117 k
Installed size: 259 k
Downloading Packages:
-----------------------------------------------------------------------------------------------------------------------------
Total 6.1 MB/s | 117 kB 00:00
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : 3:ypbind-1.20.4-30.el6.x86_64 1/2
Installing : yp-tools-2.9-12.el6.x86_64 2/2
Verifying : yp-tools-2.9-12.el6.x86_64 1/2
Verifying : 3:ypbind-1.20.4-30.el6.x86_64 2/2

Installed:
ypbind.x86_64 3:1.20.4-30.el6

Dependency Installed:
yp-tools.x86_64 0:2.9-12.el6

Complete!
[root@nisclient ~]# ypdomainname example.com
[root@nisclient ~]# vim /etc/sysconfig/network
[root@nisclient ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
172.66.249.4 nisserver.example.com nisserver
172.66.249.6 nisclient.example.com nisclient


[root@nisclient ~]# yum install authconfig
Loaded plugins: product-id, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package authconfig.x86_64 0:6.1.12-19.el6 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

=============================================================================================================================
Package Arch Version Repository Size
=============================================================================================================================
Installing:
authconfig x86_64 6.1.12-19.el6 dvd 377 k

Transaction Summary
=============================================================================================================================
Install 1 Package(s)

Total download size: 377 k
Installed size: 1.9 M
Is this ok [y/N]: Y
Downloading Packages:
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : authconfig-6.1.12-19.el6.x86_64 1/1
Verifying : authconfig-6.1.12-19.el6.x86_64 1/1

Installed:
authconfig.x86_64 0:6.1.12-19.el6

Complete!
[root@nisclient ~]# authconfig --enablenis --nisdomain=example.com --nisserver=nisserver.example.com --update
Starting NIS service: [ OK ]
Binding NIS service: [ OK ]

This will create a home directory automatically if it is not exist, (or) If you want, you can share your home directory from nisserver using NFS service.
[root@nisclient ~]# vim /etc/pam.d/system-auth
[root@nisclient ~]# cat /etc/pam.d/system-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth required pam_deny.so

account required pam_unix.so
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 500 quiet
account required pam_permit.so

password requisite pam_cracklib.so try_first_pass retry=3 type=
password sufficient pam_unix.so sha512 shadow nis nullok try_first_pass use_authtok
password required pam_deny.so

session optional pam_keyinit.so revoke
session required pam_limits.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so
session optional pam_mkhomedir.so skel=/etc/skel umask=077

[root@nisclient ~]# chkconfig rpcbind on
[root@nisclient ~]# chkconfig ypbind on

[root@nisclient ~]# ypwhich
nisserver.example.com

[root@nisclient ~]# ypcat passwd
apple:x:500:500::/nishome/apple:/bin/bash

[apple@nisclient ~]$ yppasswd
Changing NIS account information for apple on nisserver.example.com.
Please enter old password:
Changing NIS password for apple on nisserver.example.com.
Please enter new password:
Please retype new password:

The NIS password has been changed on nisserver.example.com.
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)