This post include 2 part. In first one I’ll describe step which should be taken on linux machine and in second one step for windows client.

Linux(server side)

We use this host to share internet connection between users over wireless network, so the machine has to have at least two connection:

1. Internet ( regular ethernet connection)
2. Wireless connection( provided by wi-fi card)

I will skip how to setup your Internet connection, therefore make sure its work properly.
If you mounted your wi-fi card to pci slot use lspci to check it out:

[root@localhost ~]# lspci  | grep -i wireless
02:01.0 Ethernet controller: Atheros Communications Inc. Atheros AR5001X+ Wireless Network Adapter (rev 01)

For this card kernel module ath5k should be loaded into the kernel. Check it:

lsmod | grep ath5k

Use modprobe unless module is not loaded.

modprobe ath5k

If you done it without any problem I will able to set up the wi-fi card. Here is network configuration file for interface wlan0 with some comments:

[root@localhost ~]# cat /etc/sysconfig/network-scripts/ifcfg-wlan0# Atheros Communications Inc. Atheros AR5001X+ Wireless Network Adapter
DEVICE=wlan0
ONBOOT=yes
IPADDR=192.168.0.1
NETMASK=255.255.255.0
HWADDR=00:17:9a:b7:d6:01
TYPE=Wireless
MODE=Ad-Hoc  # set this mode if want to make this card as access point
ESSID=homeee # the name of this connection which will be displayed for users
KEY=dffb9e2cc2 # secret key for connection

To generate connection key run:

dd if=/dev/random bs=1 count=5| xxd -ps

Now restart the network service:

service network restart

and verify:

iwconfig wlan0

and

ifconfig wlan0

So 50% of linux part is done. Tune your kernel to make it forward ip traffic:

vi /etc/sysctl.conf

and set

net.ipv4.ip_forward

to 1:
net.ipv4.ip_forward = 1
Make changes affected:

sysctl -p /etc/sysctl.conf

Verify:

sysctl -a | grep all.forwarding | grep ipv4

And last but very important step. Its firewall and nat settings:
!!! Be careful because this command flush all your rules in OUTPUT chain

iptables -F OUTPUT

turn masquerading on:

 iptables -t nat -I POSTROUTING -s 192.168.0.2/32 -o eth0 -j MASQUERADE

where eth0 your interface for share.
save it all:

service iptables save

The linux router is ready on all 100%.

Windows(client side)

I use windows Vista for this, but this steps can be used to Windows XP as well. Go to:
Start->Control Panel->Network and Internet-> Network and Sharing center -> manage network connections
Click right button on your Wireless Network Connection and choose Properties.
Make double click on Internet Protocol Version 4.
When new window is appear fill it up:
Ip address: 192.168.0.2
Subnet mask: 255.255.255.0
Default gateway: 192.168.0.1
Also you need to specify you DNS server. Put the ip address of DNS server provided by your ISP.

We should edit to files for this:
/etc/pam.d/login
/etc/security/time.conf

Let’s begin from first one. Put next line into the file:

account    required     pam_time.so

after that go to the /etc/security/time.conf, and insert next:

login;tty*;user1|user2|user3;Wk0009-1800 & !Wd0000-2400

where
login – the type of pam service
tty* – terminal name(in this case all terminal ttyXXX, you also specify defined terminal as well)
user1|user2|user3 – users or user name which should be restricted
Wk0009-1800 & !Wd0000-2400 – time frame. Time where actions is allowed. To inverse it put “!” before. There is 7 types of day:
Mo Tu We Th Fr Sa Su Wk Wd Al
First seven is according to weeks day.
Wk – means all work days(Mo-Fr)
Wd – it’s week end(Sa,SU)
Al – all days of week.

Now, you new rules was applied. And users user1, user2, user3 can’t log on system at no working time. No restart is required.

But we still have one problem. Users which logined at work time can be continuous use system without problem. To prevent this situation I have written little script.

Rename it to time.sh and put anywhere at your system. After this new crontab entry should be added:

crontab -e

55 17 * * 1-5    /path/to/time.sh

Now all session will be destroyed at the end of working day and script notify user via user’s terminal 5 minutes before this. After that nobody from specified users willn’t be able to login on the system.

The Network Information Service or NIS (originally called Yellow Pages or YP) consists of a client-server directory service protocol for distributing system configuration data such as user and host names between computers on a computer network.

Before we start I would like to say couple words about my environment:
- I have to boxes (node2 has ip address 10.0.30.2 and node1 with ip 10.0.30.1)
- node2 used as NIS server and node1 as NIS client
- Both machines uses CentOS

I will divide post on two part. First part will be describe what have to done on the server side and second on the client side.

Let’s get nis software over yum:

yum install ypbind
yum install ypserv
yum install yp-tools

And configure ypserv configuration files:

vi /etc/ypserv.conf

The main line is :
Host : Domain : Map : Security , it’s commented by default
In our server we have next lines:

10.0.30. : my-net : * : port 

It’s means that:
- we allow access to our database all machines in subnet 10.0.30.0/24 .
- the name of our nis domain is “my-net”
- we allow for replicate all files which described at /var/yp/Makefile
- allow access if source port < 1024. Otherwise deny access.

If you want to get more information concerning ypserv.conf, type:

man ypserv.conf 

Do not forget set variable NISDOMAIN at file /etc/syconfig/network, because your service will not start at next boot:

echo "NISDOMAIN=\"my_net\"" >> /etc/syconfig/network

Start server services :

/etc/init.d/ypserv start
/etc/init.d/yppasswdd start

and add its to loading scripts :

chkconfig --level 345 ypserv on
chkconfig --level 345 yppasswdd on

Where ,
ypserv – main server
yppasswdd – password daemon, which allows users change their password in NIS database

Also you need to create /var/yp/securenets file restrict access to your NIS server. To allow acces for subnet 10.0.30.0/24, put next in file:

255.255.255.0   10.0.30.0

Use

man securenets

to get more details.

Next, generate nis database :

cd /usr/lib/yp/
./ypinit -m 

you will be prompted to input the name of client servers(they should be declared at /etc/hosts)

Make these steps every time after updating of maped files:

cd /var/yp/
make 

That all for the first part. Now your server should be work.

Go to the client side.

Install nis client software:

yum install ypbind

and switch off SELinux rule which block ypbind running:

# setsebool -P allow_ypbind on

Edit /etc/yp.conf file. Put into it next string:

domain my_net server node2

!!Please make sure that node2 is declared at your /etc/hosts file.

Edit lines you want to effected in /etc/nsswitch.conf, like

passwd: nis files
shadow: nis files

if you want make common account database for all.

Also as in server side you need to set variable NISDOMAIN at file /etc/syconfig/network:

echo "NISDOMAIN=\"my_net\"" >> /etc/syconfig/network

Now, you are ready to run nis client :

/etc/init.d/ypbind start

If its started without errors put it in autoload:

chkconfig --level 345 ypbind on

Let’s check out if everything work fine. Go to the server and create new nis user nis_test_user:

adduser nis_test_user
passwd nis_test_user
cd /var/yp
make

Back to client box and type:

ypmatch nis_test_user passwd 

and if its work you will get something like that:

nis_test_user:$1$qMB3FqLy$XbzjESg3Uuse/.5PTRgPJ1:1000:1000::/home/nis_test_user:/bin/bash

Also you will be able to login as nis_test_user at your box.

To change password for it use:

yppasswd user

!!To use this feature daemon yppasswdd on server side has to be running.

The end.

UPD:
use

ypwhich -m 

to print all mapping files

ypcat [mapping file]

– to print file