MRKAVANA (mrkavana@gmail.com) - www.facebook.com/kavanathai

Jul 18, 2011

How to install and configure NIS server in redhat linux rhel5 / Centos

NIS is centralized authentication software in Linux / Unix / Solaris platform. In a network, there will be a NIS server, one or more NIS slaves and lots of NIS Client machines. This document explains how to install and configue NIS Master, Slave and Client Machines in Redhat enterprise linux rhel5. It can also be applicable on centos, fedora and other variants.

Configuring the NIS MASTER Server:

Packages :
For installing NIS the following packages are required.
For server:

ypserv
portmap
make

For client:

ypbind
portmap
authconfig
autofs

Installation:

Step1:
Configure the NISDOMAIN. It should be different from the FQDN [domain name].
[root@vm3 ~]# nisdomainname nis.lap.com
And you have to resolve it in /etc/hosts

[root@vm3 ~]# cat /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 localhost.localdomain localhost
::1 localhost6.localdomain6 localhost6
192.168.0.23 nis.lap.com
[root@vm3 ~]#

To make it permenant add the enty in /etc/sysconfig/network. This should be done in order to srvive a reboot.

[root@vm3 ~]# cat /etc/sysconfig/network
NETWORKING_IPV6=no
HOSTNAME=vm3
NETWORKING=yes
GATEWAY=192.168.0.1
NISDOMAIN=nis.lap.com
[root@vm3 ~]#

restart the network service

Step2:

Install the packages for server.

[root@vm3 ~]# yum install yp*
if using rpm you've to install ypserv, portmapper and dependecy make.
After installing these a new directory yp will be created under /var

Security Tip:

To allow only some hosts to access information of NIS, create this file and edit as follows. [At first time]

[root@vm3 ~]# cat /var/yp/securenets
#subnet #network
255.255.255.0 192.168.0.0
[root@vm3 ~]#

Step3:

Start the service
[root@vm3 ~]# /etc/init.d/ypserv start
Starting YP server services: [ OK ]
[root@vm3 ~]# chkconfig ypserv on

Check whether its running:

[root@vm3 ~]# rpcinfo -u 192.168.0.23 ypserv
program 100004 version 1 ready and waiting
program 100004 version 2 ready and waiting

[root@vm3 ~]# rpcinfo -p
program vers proto port
100000 2 tcp 111 portmapper
100000 2 udp 111 portmapper
100024 1 udp 715 status
100024 1 tcp 718 status
100004 2 udp 821 ypserv
100004 1 udp 821 ypserv
100004 2 tcp 824 ypserv
100004 1 tcp 824 ypserv

Step4:

Create Users:

We are creating 5 users having username and passed are same.
Eg: Name- user1 password- user1



[root@vm3 ~]# for i in 1 2 3 4 5; do useradd user$i; echo user$i | passwd --stdin user$i; done

Changing password for user user1.
passwd: all authentication tokens updated successfully.
Changing password for user user2.
passwd: all authentication tokens updated successfully.
Changing password for user user3.
passwd: all authentication tokens updated successfully.
Changing password for user user4.
passwd: all authentication tokens updated successfully.
Changing password for user user5.
passwd: all authentication tokens updated successfully.

Step5:

Now set mastet NIS and initialize NIS maps DB.

# vi /var/yp/Makefile

In this file you can specify MINUID and MINGID [line num 32] and any files you want to read by NIS. [line num 72]. Read the Comments for details.

In this you can configure many parameters. One of them is NOPUSH.

If we have only one server, we don't have to push the maps to the slave servers (NOPUSH=true). If you have slave servers, change this to "NOPUSH=false" and put all hostnames of your slave servers in the file /var/yp/ypservers.
NOPUSH=false

Create the Map:
[root@vm3 ~]# /usr/lib/yp/ypinit -m

At this point, we have to construct a list of the hosts which will run NIS
servers. vm3 is in the list of NIS server hosts. Please continue to add
the names for the other hosts, one per line. When you are done with the
list, type a .
next host to add: vm3
next host to add: vm5 #vm5 is the hostname of our slave server.
next host to add: #It is resolved in /etc/hosts.


The current list of NIS servers looks like this:
vm3
vm5

Is this correct? [y/n: y] y
We need a few minutes to build the databases...
Building /var/yp/nis.lap.com/ypservers...



Running /var/yp/Makefile...
gmake[1]: Entering directory `/var/yp/nis.lap.com'
Updating passwd.byname...
Updating passwd.byuid...
Updating group.byname...
Updating group.bygid...
Updating hosts.byname...
Updating hosts.byaddr...
Updating rpc.byname...
Updating rpc.bynumber...
Updating services.byname...
Updating services.byservicename...
Updating netid.byname...
Updating protocols.bynumber...
Updating protocols.byname...
Updating mail.aliases...
gmake[1]: Leaving directory `/var/yp/nis.lap.com'
vm3 has been set up as a NIS master server.

Now you can run ypinit -s vm3 on all slave server.
[Slave configuration we will discuss later in the same document.]
[root@vm3 ~]#


[root@vm3 ~]# /etc/init.d/ypxfrd start
Starting YP map server: [ OK ]
[It should be started in order to forward the map from master to slave machines.]
[root@vm3 ~]#

[root@vm3 ~]# service yppasswdd start
Starting YP passwd service: [ OK ]
[root@vm3 ~]# chkconfig yppasswdd on

Share /home directory using NFS:

You have to share the /home directory of the NIS server machine inorder to access from the client machines. Because when you are logging in from client you are getting to that users home directory. So it should be mounted to client machine from the server.
[Implement the proper backup mechanism for /home in the server.]

[root@vm3 ~]# cat /etc/exports
/home *(rw,sync)

[root@vm3 ~]# exportfs -a
[root@vm3 ~]# service nfs start
[root@vm3 ~]# service portmap restart
[root@vm3 ~]# chkconfig nfs on
[root@vm3 ~]# chkconfig portmap on


Adding new NIS users:

Add new users in server. And goto the dirctory /var/yp
and execute the following command

# make

Configuring NIS SLAVE server:

Install the ypserv, portmapper and dependancy packages. And set the NISDOMAINNAME same as in the server. In this example. As follows.

[root@vm5 ~]# nisdomainname nis.lap.com

Create entries for name resolutions of server and other hosts in /etc/hosts. Its better you copy the /etc/hosts of server and make proper edits in it.

[root@vm5 ~]# scp 192.168.0.23:/etc/hosts /etc/hosts

[root@vm5 ~]# yum install yp*
[root@vm5 ~]# service ypserv start
[root@vm5 ~]# chkconfig ypserv on

Execute the following command in order to get the NIS maps from the server to the slave.

[root@vm5 ~]# /usr/lib/yp/ypinit -s vm3

Where vm3 is the hostname of server and it should be resolved in /etc/hosts. And dont forget to update the server's /etc/hosts file with slave's information.

If the following command executed well, you will get output as follows.

We will need a few minutes to copy the data from vm3.
Transferring hosts.byaddr...
Trying ypxfrd ... success

Transferring netid.byname...
Trying ypxfrd ... success

Transferring group.byname...
Trying ypxfrd ... success

[..output truncated..]

Transferring services.byservicename...
Trying ypxfrd ... success

nisclnt.lap.com's NIS data base has been set up.
If there were warnings, please figure out what went wrong, and fix it.



At this point, make sure that /etc/passwd and /etc/group have
been edited so that when the NIS is activated, the data bases you
have just created will be used, instead of the /etc ASCII files.

Start the yppasswd service.

[root@vm5 ~]# service yppasswdd start
Starting YP passwd service: [ OK ]
[root@vm5 ~]# chkconfig yppasswdd on

You might want to edit root's crontab *on the slave* server and add the following lines:
20 *    * * *    /usr/lib/yp/ypxfr_1perhour
40 6    * * *    /usr/lib/yp/ypxfr_1perday
55 6,18 * * *    /usr/lib/yp/ypxfr_2perday

This will ensure that most NIS maps are kept up-to-date, even if an update is missed because the slave was down at the time the update was done on the master. 

On the master server, add the new slave server name to /var/yp/ypservers and runmake in /var/yp to update the map .

Configuring NIS Client:

Install the following packages in client machine.

[root@vm6 ~]# yum install ypbind authconfig autofs

Give the domain name and Ipof the NIS server in client.

#authconfig -tui
or
#setup
-> Authentication Configuration
->Check these fields
->Cache Information.
->Use NIS
->next
Domain: nis.lap.com #give domain name here its nis.lap.com
Server: 192.168.0.23

If you have slave servers give like this. Ips of machines one after one separated by commas.

server 192.168.0.23, 192.168.0.25

Edit the /etc/nsswitch.conf file

The username and passwords should be checked in order such that the NIS files should be checked first. So edit the entries as follows.



vi /etc/nsswitch.conf
passwd: nis files
shadow: nis files
group: nis files

Configure autofs:

Open the configuration file of autofs and make edits.

#vi /etc/auto.master
/home /etc/auto.misc --timeout=60
#vi /etc/auto.misc


  • -rw,sync 192.168.0.23:/home/&
    Restart the autofs service.
#service autofs restart
#chkconfig autofs on

Some useful commands:

#ypcat passwd

from client executing the above command will give the entriesof NIS users in /etc/passwd file of master server.

No comments:

Post a Comment