Capítulo 1. La llegada del post-rock a España (1992-1996)
1.3. Primeros indicios de un post-rock español
1.3.3. El slowcore como elemento diferencial de los paradigmas estadounidenses:
Network Information Services (NIS) allows you to create user accounts that can be shared across all systems on your network. The user account is created only on the NIS server. NIS clients download the necessary username and password data from the NIS server to verify each user login.
An advantage of NIS is that users only need to change their passwords on the NIS server, instead of every system on the network. This makes NIS popular in computer training labs, distributed software development projects or any other situation where groups of people have to share many different computers.
The disadvantage is that NIS doesn't encrypt the username/password information sent to the clients with each login and all users have access to the encrypted passwords stored on the NIS server. A detailed analysis of NIS security is beyond the scope of this book, but I would suggest that you restrict its use to highly secure networks or networks where access to non NIS networks is highly restricted.
13.2 Configuring The NFS Server for NIS
Here are the steps to configure the NFS server in this scenario:
Edit the /etc/exports file to allow NFS mounts of the /home directory with read/write access.
/home *(rw,sync)
Let NFS read the /etc/exports file for the new entry and make /home available to the network with the exportfs command.
[root@skynet tmp]# exportfs -a
Make sure the required NFS, NFS lock and port mapper daemons are both running and configured to start after the next reboot.
13.2.1 Configuring The NFS Client for NIS
You'll also need to configure the NFS clients to mount their /home directories on the NFS server.
The procedure below will archive the /home directory. In a production environment in which the /home directory would be actively used, you'd have to force the users to log off, backup the data, restore it to the NFS server and then follow the steps below. As this is a lab environment, these prerequisites won't be necessary.
1. Make sure the required netfs, NFS lock and port mapper daemons are both running and configured to start after the next reboot.
Linux Administration – Network Information System (NIS) Page 70 of 167
ftpinstall nisuser quotauser skynet www [root@skynet tmp]# umount /home
4. Start configuring autofs automounting. Edit your /etc/auto.master file to refer to file /etc/auto.home for mounting information whenever the /home directory is accessed. After five minutes, autofs will unmount the directory.
#/etc/auto.master
/home /etc/auto.home --timeout 600
5. Edit file /etc/auto.home to do the NFS mount whenever the /home directory is accessed. If the line is too long to view on your screen, you can add a "\" at the end to continue on the next line.
#/etc/auto.home
* -fstype=nfs,soft,intr,rsize=8192,wsize=8192,nosuid,tcp \ 192.168.1.100:/home:&
6. Start autofs and make sure it will start after the next reboot with the chkconfig command.
[root@skynet tmp]# chkconfig autofs on [root@skynet tmp]# service autofs restart Stopping automount:[ OK ]
Starting automount:[ OK ]
Note: After doing this, you won't be able to see the contents of the /home directory on skynet as user "root". This is because by default NFS activates the root squash feature which disables this user from having privileged access to directories on remote NFS servers. We'll be able to test this later once NIS is configured.
All newly added Linux users will now be assigned a home directory under the new remote /home directory. This scheme will make the users feel their home directories are local, when in reality they are automatically mounted and accessed over your network.
13.3 Configuring The NIS Server
In the early days, NIS was called "Yellow Pages". The developers had to change the name after a copyright infringement lawsuit, yet many of the key programs associated with NIS have kept their original names beginning with "yp".
Edit Your /etc/sysconfig/network File
You need to add the NIS domain you wish to use in the /etc/sysconfig/network file. In the case below, we've called the domain "NIS-HOME_NETWORK".
#/etc/sysconfig/network
Linux Administration – Network Information System (NIS) Page 71 of 167
NISDOMAIN="DESTINY.COM"
Edit Your /etc/yp.conf File
NIS servers also have to be NIS clients themselves, so you'll have to edit the NIS client configuration file /etc/yp.conf to list the domain's NIS server as being the server itself or "localhost".
# /etc/yp.conf - ypbind configuration file ypserver 127.0.0.1
Start The Key NIS Server Related Daemons
Start the necessary NIS daemons in the /etc/init.d directory and use the chkconfig command to ensure they start after the next reboot.
13.3.1 Required NIS Server Daemons
portmap The foundation RPC daemon upon which NIS runs.
yppasswdd Lets users change their passwords on the NIS server from NIS clients ypserv Main NIS server daemon
ypbind Main NIS client daemon
ypxfrd Used to speed up the transfer of very large NIS maps [root@skynet tmp]# service portmap start
Now that you have decided on the name of the NIS domain, you'll have to use the ypinit command to create the associated authentication files for the domain. You will be prompted for the name of the NIS server, which in this case is "skynet".
With this procedure, all non privileged accounts will automatically be accessible via NIS.
[root@skynet tmp]# /usr/lib/yp/ypinit -m
At this point, we have to construct a list of the hosts which will run NIS servers. skynet is in the list of NIS server hosts. Please continue to add the names for the other hosts, one per line. When you are done with the list, type a <control D>.
next host to add: skynet next host to add:
The current list of NIS servers looks like this:
skynet
Is this correct? [y/n: y] y
We need a few minutes to build the databases...
Building /var/yp/DESTINY.COM/ypservers...
Linux Administration – Network Information System (NIS) Page 72 of 167 skynet has been set up as a NIS master server.
Now you can run ypinit -s skynet on all slave server.
Note: Make sure portmapper is running before doing this or you'll get errors like the one below. You will have to delete the /var/yp/DESTINY.COM directory and restart portmapper, yppasswd and ypserv before you'll be able to do this again successfully.
failed to send 'clear' to local ypserv: RPC: Port mapper failureUpdating group.bygid...
Start The ypbind and ypxfrd Daemons
You can now start the ypbind and the ypxfrd daemons now that the NIS domain files have been created.
[root@skynet tmp]# service ypbind start
New NIS users can be created by logging into the NIS server and creating the new user account. In this case we'll create a user account called "nisuser" and give it a new password. Once this is complete, you will then have to update the NIS domain's authentication files by executing the make command in the /var/yp directory.
This procedure will make all NIS enabled, non privileged accounts become automatically accessible via NIS, not just newly created ones. It will also export all the user's characteristics stored in the /etc/passwd and /etc/group files such as the login shell, the user's group and home directory.
[root@skynet tmp]# useradd -g users nisuser
You can check to see if the user's authentication information has been updated by using the ypmatch command which should return the user's encrypted password string.
[root@skynet tmp]# ypmatch nisuser passwd
nisuser:$1$d6E2i79Q$wp3Eo0Qw9nFD/::504:100::/home/nisuser:/bin/bash
Linux Administration – Network Information System (NIS) Page 73 of 167
13.5 Configuring The NIS Client
Now that the NIS server has been configured, it's time to configure the NIS clients. There are a number of related configuration files that you'll need to edit to get it to work. The procedure can be seen below:
Run authconfig
The authconfig program will automatically configure your NIS files after prompting you for the IP address and domain of the NIS server.
[root@skynet tmp]# authconfig
Once finished, it should create a /etc/yp.conf file that defines, amongst other things, the IP address of the NIS server for a particular domain. It will also edit the /etc/sysconfig/network file to define the NIS domain to which the NIS client belongs.
# /etc/yp.conf - ypbind configuration file domain DESTINY.COM server 192.168.1.100 #/etc/sysconfig/network
NISDOMAIN=DESTINY.COM
The authconfig program also updates the /etc/nisswitch.conf file which lists the order in which certain data sources should be searched for name lookups like those in DNS, LDAP and NIS. Here we can see where NIS entries have been added for the important login files.
#/etc/nisswitch.conf passwd: files nis shadow: files nis group: files nis
Note: A sample NIS nsswitch.conf file can also be located in the /usr/share/doc/yp-tools* directory Start The NIS Client Related Daemons
Start the ypbind NIS client, yppasswd and portmap daemons in the /etc/init.d directory and use the chkconfig command to ensure they start after the next reboot. Remember to use the "rpcinfo" command to ensure they are running correctly.
Test NIS Access To The NIS Server
You can run the ypcat, ypmatch and getent commands to make sure communication to the server is correct.
Linux Administration – Network Information System (NIS) Page 74 of 167
www.wilshiresoft.com Wilshire Software Technologies Rev Dt: 15-Oct-08 Possible sources of error would include:
Incorrect authconfig setup resulting in errors in the /etc/yp.conf, /etc/sysconfig/network and /etc/nsswitch.conf files Failure to run the ypinit command on the NIS server NIS not being started on the NIS server or client. Poor routing between the server and client, or the existence of a firewall that's blocking traffic
Try to eliminate these areas as sources of error and refer to the syslog /var/log/messages file on the client and server for entries that may provide additional clues.
Test Logins Via The NIS Server
You should next try to test a remote login once your basic NIS functionality testing is complete. Failures in this area could be due to firewalls blocking telnet or SSH access and the telnet and SSH server process not being started on the clients.
Logging In Via Telnet
Try logging into the NIS client via telnet if it is enabled
[root@skynet tmp]# telnet 192.168.1.201 Trying 192.168.1.201...
Connected to 192.168.1.201.
Escape character is '^]'.
Red Hat Linux release 9 (Shrike) Kernel 2.4.20-6 on an i686 login: nisuser
Password:
Last login: Sun Nov 16 22:03:51 from 192-168-1-100.simiya.com Changing Your NIS Passwords
You should also test to make sure your users can change their NIS passwords from the NIS clients with the yppasswd command.
Users Changing Their Own Passwords
Users can change their passwords by logging into the NIS server and issuing the yppasswd command.
[nisuser@skynet nisuser]$ yppasswd
Changing NIS account information for nisuser on skynet.my-site.com.
Please enter old password:
Changing NIS password for nisuser on skynet.my-site.com.
Please enter new password:
Please retype new password:
The NIS password has been changed on skynet.my-site.com.
Linux Administration – DNS Page 75 of 167