Wednesday, March 18, 2015

NIS (Network Information Service)


Originally known as Yellow Pages (YP). Thus, the commands still begin with 'yp'. It is an RPC based client-server system used for distributed configuration of data such as 'user' and 'hostname' between computers on a computer network.

A NIS/YP system maintains and distributes central directory of user and group information, hostnames, email aliases and other text based tables of information in a network.

Note:  Portmap has been replaced by rpcbind in distros like RHEL-6, CentOS-6, Fedora8 and theire
         later versions. Portmap service is associated with RPCBind package.
/etc/rc.d/init.d/rpcbind

 This setup is done on CentOS-6.6 system

A. NIS Server:

1. start the rpcbind (portmap in earlier versions) service;
# service rpcbind start
Starting rpcbind:                                          [  OK  ]

2. If reqd, do a yum search for 'ypserv'

# yum search ypserv
Loaded plugins: fastestmirror, presto
Loading mirror speeds from cached hostfile
* base: mirrors.tummy.com
* extras: mirrors.psychz.net
* updates: mirror.supremebytes.com
======================================= N/S Matched: ypserv ========================================
ypserv.x86_64 : The NIS (Network Information Service) server

  Name and summary matches only, use "search all" for everything.

3. Install 'ypserv' package;
# yum install ypserv -y

4. Set the NISDOMAIN in /etc/sysconfig/network;
NISDOMAIN=blueangle.srv

5. Start the NIS service (ypserv);
# service ypserv start
Setting NIS domain name blueangle.srv:        [  OK  ]
Starting YP server services:                               [  OK  ]

6. # rpcinfo -u localhost ypserv
program 100004 version 1 ready and waiting
program 100004 version 2 ready and waiting

7. Generate NIS Database:

# /usr/lib64/yp/ypinit -m
At this point, we have to construct a list of the hosts which will run NIS
servers.  host-192-168-1-13 is in the list of NIS server hosts.  Please continue to add
the names for the other hosts, one per line.  When you are done with the
list, type a .
next host to add:  host-192-168-1-13
next host to add:
The current list of NIS servers looks like this:

host-192-168-1-13

Is this correct?  [y/n: y]  y
We need a few minutes to build the databases...
Building /var/yp/blueangle.srv/ypservers...
gethostbyname(): Success
Running /var/yp/Makefile...
gmake[1]: Entering directory `/var/yp/blueangle.srv'
Updating passwd.byname...
Updating passwd.byuid...
Updating group.byname...
Updating group.bygid...
Updating hosts.byname...
Updating hosts.byaddr...
Updating rpc.byname...
Updating rpc.bynumber...
Updating services.byname...
Updating services.byservicename...
Updating netid.byname...
Updating protocols.bynumber...
Updating protocols.byname...
Updating mail.aliases...
gmake[1]: Leaving directory `/var/yp/blueangle.srv'

host-192-168-1-13 has been set up as a NIS master server.

Now you can run ypinit -s host-192-168-1-13 on all slave server.

9. After generating the database, you can see a new directory for your domain is created under
        /var/yp as shown below.
# ls -l /var/yp/
total 28
drwxr-xr-x. 2 root root  4096 Mar 18 09:06 blueangle.srv
-rw-r--r--. 1 root root 16675 Oct  7  2013 Makefile
-rw-r--r--. 1 root root    18 Mar 18 09:05 ypservers


B. NIS Client:

1. Install the client packages;
# yum install ypbind -y

2. Start rpcbind service (portmapper in older version)
# service rpcbind start
Starting rpcbind:                                          [  OK  ]

3. Provide the domainname and host info of the NIS server as;
In /etc/yp.conf,
domain blueangle.srv server host-192-168-1-13

4. Resolve the host information in /etc/hosts file on the client as;
192.168.1.13 host-192-168-1-13

5. Test the NIS server using the client tool (this is without starting 'ypbind');
# ypcat passwd
No such map passwd.byname. Reason: Can't bind to server which serves this domain

6. Start the ypbind (client) service and test again;

# service ypbind start
Starting NIS service:                                      [  OK  ]
Binding NIS service: .                                     [  OK  ]

7. # ypcat passwd
bijit:$1$cWrsV2Yk$7Ywe9qJ7x7c3C9ZAPWdBK.:500:500::/home/bijit:/bin/bash
ajith:$1$SWi8yVce$ooPNgNfhEhT9VOCkGkdaR1:501:501::/home/ajith:/bin/bash

These two users do not exist on the client system, they are read from the NIS server the client is
        connected to.

8. Check the NIS server the client is connected to;
# ypwhich
host-192-168-1-13

9. One may add the 'NIS' entry in /etc/nsswitch.conf (Name Service Switch)

passwd:     files nis
shadow:     files nis
group:      files nis


Once done, one may check with 'getent' command (it actually displays entries from the
        databases as supported in /etc/nsswitch.conf)

        [root@host-192-168-1-14 ~]# getent passwd | grep bijit
bijit:$1$cWrsV2Yk$7Ywe9qJ7x7c3C9ZAPWdBK.:500:500::/home/bijit:/bin/bash

10.   Now, try and switch user to 'bijit'

NOTE: To create user's home directory, one need to add the following line in
        /etc/pam.d/system-auth;

# add if you need ( create home directory automatically if it's none )
session     optional      pam_mkhomedir.so skel=/etc/skel umask=077 ## Added

[root@host-192-168-1-14 ~]# su - bijit
Creating directory '/home/bijit'.
By at
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)