Tuesday, October 23, 2012

NIS server-client configuration

NIS Network Information System is one of the centralized way to use the user through-out the network.

At Server
Install the nis server package

----->yum install -y ypserv

Add the needed users ,make sure that u give an uid that is normally not used ..go for 5000 + uids here i will be using ids at range of 6000 . This is may to avoid confilt with the local user uids

----->useradd -u 60000 nisuser1
----->passwd nisuser1
----->useradd -u 60001 nisuser2
----->passwd nisuser2

Give the nisdoamin name in /etc/sysconfig/network and we can make nis services use the port we say by giving following arguments

---->echo "
    NISDOMAIN=virtual19
    YPSERV_ARGS="-p 900"
    YPPASSWRD_ARGS="-p 901"
    YPXFRD_ARGS="-p 902"
    " >> /etc/sysconfig/network

the -p argument will make the service use that port

Now to make the master nis server
----->service ypserv restart

----->/usr/lib64/yp/ypinit -m

will make the nis server and and make the needed changes

to make those changes permanent

------>make -C /var/yp

------>service ypserv restart

we can check the users by
getent passwd

-----------------------------
AT Client
-----------------------------

we neet to configure the authconfig-tui to nis

------->authconfig-tui

Now a window will be opened and we need to select the nis option,system will automatically start the needed service..you will be asked the nisdomain name and server ip  we should provide that and when the window close the clinet configuration is complete

Now at client side if we do
------->getent passwd

we would be able to see the users...
to just see the nis users we need to use ypcat

------->ypcat passwd
this will only show the nis uses from passwd file

switch to the user just like we switch to normal users

at client ------->su nisuser1

Basically nis is not that much secure we can make its client restriction in file /var/yp/securenets .the ips or network given in that file only will have entry to nis server

To change passwd of the user from client we need to use yppasswdd sevice at server and same command at client side.

No comments:

Post a Comment