Network Information Services, NIS, and Network File Systems, NFS, were both developed at Sun Microsystems. Together they can add a great deal of cohesion to a group of otherwise disparate computers. Using NIS as an authentication server, one can arrange to login to any one of the participating machines and have the login verified at a single source. Changing one's password on one of the system's machines has the effect of changing it on all of the participating machines. And once logins and passwords (and pid's and gid's) are standardized throughout the system, NFS can be set up to export a user's home directory to any of the participating machines. Thus, the user will see his same home file system no matter which machine he logs into. Changes introduced while working on one machine become visible from any other. This lab explores how to set up and administer NIS on Linux.
A good reference for this material is Steve Shah's " Linux Administration, A Beginner's Guide," Network Professional's Library, Osborne/McGraw-Hill, 2001.
Alert! -- Reader Advisory. These notes are still a bit sketchy and incomplete. Wear a crash helmet.
1. Use the ksysv tool to start ypserv, yppasswd, and ypbind in run level 5. Drag and drop from the Services Available column to the Run Level 5 Start column.
2. Establish the NIS domain name from the commandline.
To have the name available after rebooting, edit the appropriate configuration file,
emacs /etc/sysconfig/network &
... adding a line which establishes the NIS domainname:
NETWORKING=yes HOSTNAME=pluto GATEWAY=188.8.131.52 NIS_DOMAIN=csNISdomain.sewanee.edu
Alternatively, one could edit /etc/rc.d/init.d/ypserv, adding the same line anywhere near the first line of the file.
3. Start the ypserv daemon:
[root@pluto /root]# /etc/rc.d/init.d/ypserv start Starting YP server services: [ OK ]
4. Edit Makefile.
[root@pluto /root]# cd /var/yp [root@pluto yp]# emacs Makefile &
Actually, I accepted all of the defaults.
5. Initialize the master NIS server with ypinit:
[root@pluto yp]# /usr/lib/yp/ypinit -m At this point, we have to construct a list of the hosts which will run NIS servers. pluto is in the list of NIS server hosts. Please continue to add the names for the other hosts, one per line. When you are done with the list, type a
. next host to add: pluto next host to add: The current list of NIS servers looks like this: pluto Is this correct? [y/n: y] y We need some minutes to build the databases... Building /var/yp/csNISdomain.sewanee.edu/ypservers... Running /var/yp/Makefile... gmake: Entering directory `/var/yp/csNISdomain.sewanee.edu' Updating passwd.byname... Updating passwd.byuid... Updating group.byname... Updating group.bygid... Updating hosts.byname... Updating hosts.byaddr... Updating rpc.byname... Updating rpc.bynumber... Updating services.byname... Updating services.byservicename... Updating netid.byname... Updating protocols.bynumber... Updating protocols.byname... Updating mail.aliases... gmake: Leaving directory `/var/yp/csNISdomain.sewanee.edu'
Whenever we change any of the files being served by NIS, eg., by adding a new user to /etc/passwd, we must rerun make to push the new data into the databases (called maps in NIS lingo).
cd /var/yp; make
Setting Up an NIS Client
0. Set NIS domainname on client
emacs /etc/sysconfig/network &
and enter a line for domainname, as for the master server
1. Edit /etc/yp.conf
/etc/yp.conf - ypbind configuration file # Valid entries are # #domain NISDOMAIN server HOSTNAME # Use server HOSTNAME for the domain NISDOMAIN. # domain csNISdomain.sewanee.edu server pluto #domain NISDOMAIN broadcast # Use broadcast on the local net for domain NISDOMAIN # #ypserver HOSTNAME # Use server HOSTNAME for the local domain. The # IP-address of server must be listed in /etc/hosts. # ypserver pluto
or use broadcast for clients after testing that the server responds to a broadcast ping:
ping -b 184.108.40.206
2. Set up the startup script.
Use ksysv to start ypbind in runlevels 3 and 5
Run startup script:
[root@pluto yp]# /etc/rc.d/init.d/ypbind start Binding to the NIS domain: [ OK ] Listening for an NIS domain server.
3. Edit /etc/nsswitch.conf
The relevant entries for now are as follows:
# Example: #passwd: db files nisplus nis #shadow: db files nisplus nis #group: db files nisplus nis passwd: files nisplus nis shadow: files nisplus nis group: files nisplus nis #hosts: db files nisplus nis dns hosts: files nisplus nis dns
Now test your implimentation.
[root@pluto yp]# ypcat passwd johannsson:zFn1/Rzk.biEM:1003:500:Joi Johannsson:/home/johannsson:/bin/bash ldale:zHm3CLC04Qyd.:1002:501:Lucia Dale:/home/ldale:/bin/bash lankewicz:zyFQ6LXk4/i7E:1001:501:Linda Lankewicz:/home/lankewicz:/bin/bash arshad:Ci2buxiT3A8jE:1004:600:Fahd Arshad:/home/arshad:/bin/bash parrish:$1$A6/TehU.$Jdm1mli0dEoIlotsxKoqQ1:500:501:Chris Parrish:/home/parrish:/bin/bash
NIS and NFS Exercise. Now that both NIS and NFS are running on your system, arrange for user's home directories to be exported from the NFS server after a successful NIS login from anywhere on the system. Configuring a stable system of this sort is certainly worth mentioning in your next IT job interview!