Thursday, February 23, 2012

Network Information Services

Network Information Services ( NIS )

Descriptions :

The existence of a centralized log on system eases the administrative burdens of network and systems administrators. NIS is one such implementation for linux domains.

Introduction:

  • Network Information Servies ( NIS ) enables you to create user accounts that can be shared across all systems on your network. The user account is crated only on the NIS server. NIS clinets downloads the necessary user name and password data from the NIS server to verify each user login.

  • Network Information Services ( NIS ) originally known as yellow pages, is sometimes called Name Services and follows the client-server architecture. NIS servers maintain replicated servers, with the principal servers being referred to as master servers and the replicated serves referred to as replica or slave servers.

  • NIS master and replica servers provide services to NIS clients. NIS stores information on the master server in a set of files called maps about users, groups, hosts information, address, and network services information. This collection of network information is referred to as the NIS name space.

  • NIS maps store information in a two column table. The first column lists the key and the other column display information about the key. The NIS server responds to the client query based on the information in the maps.

  • An advantage of NIS is that users need to change their passwords on the NIS server only. instead of every system on the network. This makes NIS popular in computer training labs, distributed software development projects or any other situation where group of people have to share many different computers.

  • The disadvantages are that NIS doesn't encrypt the user name and password information send to the client with each login and that all users have access to the encrypted passwords stored on the NIS server.

  • The Lightweight Directory Access Protocol ( LDAP ) offers similar features to NIS but has the advantage of supporting encryption without additional software and can support clients across multiple networks without the need for slave servers. It is for this reason that LDAP has became increasingly popular for this type of application.

Packages required for NIS server and client configuration are given below:

ypserve , yp-tools ------------ server configuration
ypbind ,  yp-tools ------------  client configuration

So before configuration NIS check whether these package are present both in server and client systems by typing the following command in the command prompt.

# rpm -qa yp*

Configuring Network Fine System :

Configuring NFS on server side :

The need for configuring NFS in NIS server is to make the users home directories available across all the remaining linux workstations in the local network. So to export the users home directories across network go to /etc/exports and add the following line

/home    *(rw,sync)

and save changes to the file and come back to the command prompt and type exportfs -a to export users home directories across the network.

Make sure the required nfs, nfslock and portmap daemons are running.

Configuring NFS on client side:

On client side to mount the users respective home directories when they access NIS server for login, create a directory by name home to mount your home directory on the serve to the newly created home directory on the machine from where we are going to access the NFS server. For mounting use the following command.


# mount 192.168.53.2:/home /home/
# mount IP Address:/direcotry /path/

Here 192.168.53.2:/home is home directory of user situated on the NFS server and /home is directory created in the client system.

To unmount the home directory use umount /home.

The other way of mounting the home directory if the user is using auto mounting option. Start configuring auto fs auto mounting. Edit your /etc/auto.master file to refer to file /etc/auto.home for mounting information whenever the /home directory is accessed. After five minutes, autofs umounts the directory.

# vim /etc/auto.master
/home                /etc/auto.home --timeout 600

Edit file /etc/auto.home to do the NIS mount whenever the /home directory is accessed. If the line is too long to view on your screen, you can add a \ character at the end to continue on the next line.


# vim /etc/auto.home


*       -fstype=nfs,soft,intr,rsize=8192,wsize=8192,nosuid,tcp \192.168.53.2:/home:&

Start autofs and make sure it starts after the next reboot with the chkconfig command.

#chkconfig autofs on
#service autofs restart

Configuring NIS Server :

Before configuring NIS server make sure that all the NIS related packages are installed and if not install the required packages. After installing the required packages follow the steps given below for configuring NIS.

  • In /etc/sysconfig/network file and add the domain name as test.com


# vim /etc/sysconfig/network
NISDOMAIN= "test.com"

  • Now edit the /etc/yp.conf file since NIS server also have to be NIS clients themselves, so you'll have to edit the NIS client configuration file /etc/yp.conf to list the domain's NIS server as being the server itself or local host.

# /etc/yp.conf -ypbind configuration file
ypserver 127.0.0.1

  • Start the necessary NIS daemons and use the chkconfig command to ensure they start after the next reboot.


# service portmap start
# service yppasswdd start
# service ypserv start
# chkconfig portmap on
# chkconfig yppasswdd on
# chkconfig ypserv on

Brief description of each daemon is shown below :


Daemon Name
 Purpose
Portmap
 The foundation RPC daemon upon which NIS runs.
Yppasswdd
 Lets users change their passwords on the NIS server from NIS clients
Ypserv
 Main NIS server daemon
Ypbind
 Main NIS client daemon
Ypxfrd
 Used to speed up the fransfer of very large NIS maps

To make sure they that all the daemon are running properly, you can use the rpcinfo command from the command prompt.

Initializing NIS Domain:
To create the associated authentication file for the domain we use ypinit command. When you use this command it will prompt for the domain name at some time where we have to specify test.com. Before running this command sure that port map service is running on your system. Use ypinit command as shown below.

# /usr/lib/yp/ypinit -m 
 
At this point, we have to construct a list of the hosts which will run NIS servers. 'user1' is in the list of NIS server hosts. Please continue to add the names for the other hosts, one per line. When you are done with the list, type a "control D".

next host to add: test.com
next host to add:
The current list of NIS servers looks like this:
user1
Is this correct? [y/n] = y
user1 has been set up as a NIS master server.
Now you can run ypinit -s user1 on all slave server.
#
Now start running ypbind and ypxfrd services from the command promp.

Configuring NIS client:
Now on the client side run authconfig command. The authconfig or the authconfig-tui program automatically configures your NIS files after prompting you for the IP address and domain of the NIS server.
#authconfig-tui

Once finished, it should create an /etc/yp.conf file that defines, amongst other things the IP address of the NIS server for a particular domain. It also edit the /etc/sysconfig/network file to define the NIS domain to which the NIS client belongs. In addition, the authconfig program updates the /etc/nsswitch.conf file that lists the order in which certain data sources should be searched for name lookups such as those in DNS, LDAP and NIS.

  • You can also make changes manually by making changes for the following files as shown below.
In /etc/sysconfig/network file and add the domain name as test.com.
#/etc/sysconfig/network
NISDOMAIN="test.com"

  • Now edit the /etc/yp.conf file since NIS servers also have to be NIS clients themselves, so you'll have to edit the NIS client configuration file /etc/yp.conf to list the domain's NIS server as being the server itself or local host.
#/etc/yp.conf - ypbind configuration file
ypserver 192.168.53.2

  • In /etc/nsswitch.conf file, that lists the order in which certain data sources should be searched for name lookups such as those in DNS, LDAP and NIS. Here you can see where NIS entries were added for the important login files.
#/etc/nsswitch.conf
passwd:  files nis
shadow: files nis
group: files nis

  • After completing the editing of files start client service daemons ypbind and port map and verify that they are automatically starting at reboot.

Testing the NIS Server:
For testing access to NIS server you can ru nthe ypcat, ypmatch and getent commands to make sure communication to the server is correct.

#ypcat passwd
#ypmatch user1 passwd
#getent passwd user1


Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)