Here is describe how to configure NIS for the RedHat Linux.
The Network Information Service or NIS (originally called Yellow Pages or YP) consists of a client-server directory service protocol for distributing system configuration data such as user and host names between computers on a computer network.
Before we start I would like to say couple words about my environment:
- I have to boxes (node2 has ip address 10.0.30.2 and node1 with ip 10.0.30.1)
- node2 used as NIS server and node1 as NIS client
- Both machines uses CentOS
I will divide post on two part. First part will be describe what have to done on the server side and second on the client side.
Let’s get nis software over yum:
yum install ypbind yum install ypserv yum install yp-tools
And configure ypserv configuration files:
vi /etc/ypserv.conf
The main line is :
Host : Domain : Map : Security , it’s commented by default
In our server we have next lines:
10.0.30. : my-net : * : port
It’s means that:
- we allow access to our database all machines in subnet 10.0.30.0/24 .
- the name of our nis domain is “my-net”
- we allow for replicate all files which described at /var/yp/Makefile
- allow access if source port < 1024. Otherwise deny access.
If you want to get more information concerning ypserv.conf, type:
man ypserv.conf
Do not forget set variable NISDOMAIN at file /etc/syconfig/network, because your service will not start at next boot:
echo "NISDOMAIN=\"my_net\"" >> /etc/syconfig/network
Start server services :
/etc/init.d/ypserv start /etc/init.d/yppasswdd start
and add its to loading scripts :
chkconfig --level 345 ypserv on chkconfig --level 345 yppasswdd on
Where ,
ypserv – main server
yppasswdd – password daemon, which allows users change their password in NIS database
Also you need to create /var/yp/securenets file restrict access to your NIS server. To allow acces for subnet 10.0.30.0/24, put next in file:
255.255.255.0 10.0.30.0
Use
man securenets
to get more details.
Next, generate nis database :
cd /usr/lib/yp/ ./ypinit -m
you will be prompted to input the name of client servers(they should be declared at /etc/hosts)
Make these steps every time after updating of maped files:
cd /var/yp/ make
That all for the first part. Now your server should be work.
Go to the client side.
Install nis client software:
yum install ypbind
and switch off SELinux rule which block ypbind running:
# setsebool -P allow_ypbind on
Edit /etc/yp.conf file. Put into it next string:
domain my_net server node2
!!Please make sure that node2 is declared at your /etc/hosts file.
Edit lines you want to effected in /etc/nsswitch.conf, like
passwd: nis files shadow: nis files
if you want make common account database for all.
Also as in server side you need to set variable NISDOMAIN at file /etc/syconfig/network:
echo "NISDOMAIN=\"my_net\"" >> /etc/syconfig/network
Now, you are ready to run nis client :
/etc/init.d/ypbind start
If its started without errors put it in autoload:
chkconfig --level 345 ypbind on
Let’s check out if everything work fine. Go to the server and create new nis user nis_test_user:
adduser nis_test_user passwd nis_test_user cd /var/yp make
Back to client box and type:
ypmatch nis_test_user passwd
and if its work you will get something like that:
nis_test_user:$1$qMB3FqLy$XbzjESg3Uuse/.5PTRgPJ1:1000:1000::/home/nis_test_user:/bin/bash
Also you will be able to login as nis_test_user at your box.
To change password for it use:
yppasswd user
!!To use this feature daemon yppasswdd on server side has to be running.
The end.
UPD:
use
ypwhich -m
to print all mapping files
ypcat [mapping file]
– to print file
