NIS service setup for Linux

Nis:linux Centralized Certification Services

In the previous article, we resolved the configuration and use of services for NFS, and in this post we look at the configuration and use of NIS services that are used frequently with NFS. NIS (Network information Services) allows account logins and other services such as hostname resolution, XINETD Network Service configuration, and so on, which can be centrally completed on one server for NIS servers, greatly facilitating enterprise operations management personnel. This article mainly focuses on the use and configuration of login authentication for NIS user account. Note that there is no encryption algorithm used when communicating with the client and server side of Nis, so it is recommended to use NIS only on stand-alone networks or private networks with firewall protection.

About NIS

The NIS service moves many of the files that would otherwise need to be provided locally to the server side, and whenever the client needs to use the files, it can initiate a request to the server to obtain the files. In general, commonly used files are:/etc/passwd,/etc/shadow,/etc/groups,/etc/hosts,/etc/services,/etc/networks,/etc/rpc,/etc/protocols ,/etc/aliases and so on. A cluster of NIS server and NIS client that we call an NIS domain. In each NIS domain, time synchronization must be performed, which is typically achieved by using the NTP service.

In fact, with the development of technology, in the centralized authentication service, LDAP has gradually replaced NIS as a more and more enterprise choice, because LDAP has the advantage of cross-platform, better Web client support and desktop application support than NIS. Want to know the friend can own Baidu.

Server-side configuration for NIS

The RPM packages required for server-side configuration of NIS are:

l Ypbind RPC Port Binding service

l Portmap RPC port Mapping service, which has been replaced by Rpcbind service on CENTOS6

l Ypserv NIS Server Service

l Yp-tools NIS Support Command (Ypcat,yppasswd,ypwhich ... ）

l NSCD handles password and group query functions and caches them. This service is required for both LDAP and NIS. It defines the files for NIS support queries, for example, authentication requires support for passwd Shadow and group files. Its configuration file is located in/etc/ncsd.conf.

Configuration files that need to be modified on NIS server side

? /etc/sysconfig/network-This file is used primarily to set Nisdomain domain name

For example:

Networking=yes

Hostname=nisservername

Nisdomain=lab2

? /etc/yp.conf----The file is primarily used to set the IP address of NIS server and the NIS domain in which it is located, which should be set primarily on the client side if the server itself is also intended for NIS authentication , these settings are also required on the server side.

For example: domain LAB2 server 127.0.0.1

In this example, it is assumed that NIS server itself is also NIS authenticated when it logs on, so the address of the server is changed to its own loopback address, andlab2 is the domain name of the nisdomain domain.

? /etc/nsswitch.conf----This file defines the order in which the system logs in to find the appropriate account information

Passwd:files NIS

Shadow:files NIS

Group:files NIS

The meaning of the above configuration file is: When the system logs in, first find the local/etc/passwd (/etc/shadow,/etc/group), if not found the relevant authentication information will be on the NIS server to find the appropriate configuration file.

/etc/ypserv.conf This file is used to set 1) NIS Server related properties, 2) itself which files can be accessed by which clients. The meanings are described as follows:

==========related properties of NIS server ===================

Dns:no whether to use DNS to resolve host names

files:30 number of cache files

Slp:no whether to use SLP

slp_timeout:3600 SLP Timeout Time

Xfr_check_port:yes whether the port used by the XFR is checked

================ access rules ==========================

*: *: Shadow.byname:port

*: *: Passwd.adjunct.byname:port

The access rules are in the following form:

Host:domain:map:security

Host: Defines the address range of a terminal host that can use NIS services * on behalf of all hosts allowed access

Domain: Defines the rule that applies to that domain * represents all NIS domain domains

Map: The name of the map file, * represents all mapping files

Security: A total of three options None,port,deny

None: Allow all Access

Port: Access is allowed if the access port number source is less than 1024, otherwise access is not allowed.

Deny: Access to this map is not allowed

Therefore, if the NIS client does not debug, the access rules can be compiled:

*:*:*: None test is due to a policy issue that prevents access to NIS Server.

After the setup is complete, execute the following command as root user:

# nisdomainname name-of-domain--- set NIS domain name, immediate effect, restart invalidation

# service Rpcbind Start

# service YPPASSWDD Start

# service Ypserv Start

#/usr/lib64/yp/ypinit-m

The YPINT-M command uses the-m parameter to configure this NIS server as a master NIS server, which translates the native/etc/passwd,/etc/shadow,/etc/hosts, and so on into the NIS GNU dbm database format. and produce a make file.

Finally, we can use the rpcinfo–p localhost command to check whether the service, such as native Rpcbind and Ypserv, has been enabled and running.

The above is the server-side configuration for NIS, let's look at the configuration of NIS client side.

NIS Client Configuration

RPM Package Required:

Ypbind

Rpcbind

Yp-tools

Modify the configuration file:/etc/sysconfig/network,/etc/yp.conf,/etc/nsswitch.conf and so on are similar to the server side of the modification, no longer repeat.

Then run the command:

Service Rpcbind Restart

Service Ypbind Restart

Run command: rpcinfo–u localhost ypbind to see if the Portmapper service started successfully and Ypbind has successfully registered. In fact, for the configuration of the client has a graphical configuration tool Authconfig-tui, it is very simple to use, simply enable NIS, and set the host name of NIS server.

With these steps, you can set up the server-side and client-side configuration of Nis, and then test it with the address of the SSH client to see if the NIS service was successfully provisioned. At this point, there is a small problem, because when the client successfully through the server-side authentication and login, it will find the user home directory locally, but at this time we do not have the corresponding user home directory, so there is a small problem, the solution is very simple, that is, the server side through NFS to export the user's home directory// and mounted on the client, which is one reason for NFS and NIS collocation.

Well, about NIS, first share here, there is no place to welcome criticism!

NIS service setup for Linux