You are on page 1of 9


NIS is centralized authentication software in Linux / Unix / Solaris platform. In a network, there will be a NIS server, one or more NIS slaves and lots of NIS lient machines. !his document explains how to install and confi"ue NIS #aster, Slave and lient #achines in $edhat enterprise linux rhel%. It can also be applicable on centos, fedora and other variants. Configuring the NIS MASTER Server: Package : &or installin" NIS the followin" packa"es are re'uired. For erver: (pserv portmap make For c!ient: (pbind portmap authconfi" autofs In ta!!ation: Ste"#: onfi"ure the NIS)*#+IN. It should be different from the &,)N -domain name.. $root%v&' ()* ni +o&ainna&e ni ,!a",co& +nd (ou have to resolve it in -etc-ho t -root/vm0 1.2 cat /etc/hosts 2 )o not remove the followin" line, or various pro"rams 2 that re'uire network functionalit( will fail. 345.6.6.3 localhost.localdomain localhost 773 localhost8.localdomain8 localhost8 394.38:.6.40 -root/vm0 1.2

!o make it permenant add the ent( in -etc- . config-net/ork, !his should be done in order to srvive a reboot. -root/vm0 1.2 cat /etc/s(sconfi"/network N;!<*$=IN>?I@A8Bno C*S!N+#;Bvm0 N;!<*$=IN>B(es >+!;<+DB394.38:.6.3 NIS)* -root/vm0 1.2 restart the network service Ste"0: Install the packa"es for server. $root%v&' ()* .u& in ta!! ."1 if usin" rpm (ouEve to install (pserv, portmapper and dependec( make. +fter installin" these a new director( (p will be created under /var Securit. Ti": !o allow onl( some hosts to access information of NIS, create this file and edit as follows. -+t first time. -root/vm0 1.2 cat /var/(p/securenets 2subnet 2network 4%%.4%%.4%%.6 394.38:.6.6 -root/vm0 1.2 Ste"': Start the service $root%v&' ()* -etc-init,+-." erv tart Starting 2P erver ervice : $ OK ) $root%v&' ()* chkconfig ." erv on heck whether its runnin"7

$root%v&' ()* r"cinfo 3u #40,#56,7,0' ." erv pro"ram 36666F version 3 read( and waitin" pro"ram 36666F version 4 read( and waitin" $root%v&' ()* r"cinfo 3" pro"ram vers proto port 366666 4 tcp 333 portmapper 366666 4 udp 333 portmapper 36664F 3 udp 53% status 36664F 3 tcp 53: status 36666F 4 udp :43 (pserv 36666F 3 udp :43 (pserv 36666F 4 tcp :4F (pserv 36666F 3 tcp :4F (pserv Ste"8: reate Users7 <e are creatin" % users havin" username and passed are same. ;"7 NameG user3 passwordG user3

$root%v&' ()* for i in # 0 ' 8 9: +o u era++ u er;i: echo u er;i < "a /+ 33 t+in u er;i: +one han"in" password for user user3. passwd7 all authentication tokens updated successfull(. han"in" password for user user4. passwd7 all authentication tokens updated successfull(. han"in" password for user user0. passwd7 all authentication tokens updated successfull(. han"in" password for user userF. passwd7 all authentication tokens updated successfull(. han"in" password for user user%. passwd7 all authentication tokens updated successfull(. Ste"9: Now set mastet NIS and initialize NIS maps )H.

* vi -var-."-Makefi!e In this file (ou can specif( #INUI) and #IN>I) -line num 04. and an( files (ou want to read b( NIS. -line num 54.. $ead the omments for details. In this (ou can confi"ure man( parameters. *ne of them is N*@USC. If we have onl( one server, we donEt have to push the maps to the slave servers IN*@USCBtrueJ. If (ou have slave servers, chan"e this to KN*@USCBfalseK and put all hostnames of (our slave servers in the file /var/(p/(pservers. NOP=S>?fa! e Create the Ma": -root/vm0 1.2 /usr/lib/(p/(pinit Gm +t this point, we have to construct a list of the hosts which will run NIS servers. vm0 is in the list of NIS server hosts. @lease continue to add the names for the other hosts, one per line. <hen (ou are done with the list, t(pe a . next host to add7 vm0 next host to add7 vm% 2vm% is the hostname of our slave server. next host to add7 2It is resolved in /etc/hosts.

!he current list of NIS servers looks like this7 vm0 vm% Is this correctL -(/n7 (. ( <e need a few minutes to build the databases... Huildin" /var/(p/

$unnin" /var/(p/#akefile... "make-3.7 ;nterin" director( M/var/(p/nis.lap.comE Updatin" passwd.b(name... Updatin" passwd.b(uid... Updatin" "roup.b(name... Updatin" "roup.b("id...

Updatin" hosts.b(name... Updatin" hosts.b(addr... Updatin" rpc.b(name... Updatin" rpc.b(number... Updatin" services.b(name... Updatin" services.b(servicename... Updatin" netid.b(name... Updatin" protocols.b(number... Updatin" protocols.b(name... Updatin" mail.aliases... "make-3.7 Leavin" director( M/var/(p/nis.lap.comE vm0 has been set up as a NIS master server. Now (ou can run (pinit Gs vm0 on all slave server. -Slave confi"uration we will discuss later in the same document.. -root/vm0 1.2

-root/vm0 1.2 /etc/init.d/(pxfrd start Startin" D@ map server7 - *= . -It should be started in order to forward the map from master to slave machines.. -root/vm0 1.2 -root/vm0 1.2 service (ppasswdd start Startin" D@ passwd service7 - *= . -root/vm0 1.2 chkconfi" (ppasswdd on Share -ho&e +irector. u ing NFS: Dou have to share the /home director( of the NIS server machine inorder to access from the client machines. Hecause when (ou are lo""in" in from client (ou are "ettin" to that users home director(. So it should be mounted to client machine from the server. -Implement the proper backup mechanism for /home in the server.. -root/vm0 1.2 cat /etc/exports -ho&e 1@r/A .ncB -root/vm0 1.2 exportfs Ga -root/vm0 1.2 service nfs start

-root/vm0 1.2 service portmap restart -root/vm0 1.2 chkconfi" nfs on -root/vm0 1.2 chkconfi" portmap on

A++ing ne/ NIS u er : +dd new users in server. +nd "oto the dirctor( -var-." and execute the followin" command * &ake Configuring NIS SCAVE erver: Install the (pserv, portmapper and dependanc( packa"es. +nd set the NIS)*#+INN+#; same as in the server. In this example. +s follows. $root%v&9 ()* ni +o&ainna&e ni ,!a",co& reate entries for name resolutions of server and other hosts in /etc/hosts. Its better (ou cop( the /etc/hosts of server and make proper edits in it. $root%v&9 ()* c" #40,#56,7,0':-etc-ho t -etc-ho t $root%v&9 ()* .u& in ta!! ."1 $root%v&9 ()* ervice ." erv tart $root%v&9 ()* chkconfig ." erv on ;xecute the followin" command in order to "et the NIS maps from the server to the slave. $root%v&9 ()* -u r-!iD-."-."init 3 v&' <here vm0 is the hostname of server and it should be resolved in /etc/hosts. +nd dont for"et to update the serverEs /etc/hosts file with slaveEs information. If the followin" command executed well, (ou will "et output as follows. We /i!! nee+ a fe/ &inute to co". the +ata fro& v&', Tran ferring ho t ,D.a++r,,, ."Efr+ ,,, ucce

Tran ferring neti+,,,, ."Efr+ ,,, ucce Tran ferring grou",,,, ."Efr+ ,,, ucce $,,out"ut truncate+,,) Tran ferring ervice ,D. ervicena&e,,, ."Efr+ ,,, ucce ni c!nt,!a",co&F NIS +ata Da e ha Deen et u", If there /ere /arning A "!ea e figure out /hat /ent /rongA an+ fiE it,

At thi "ointA &ake ure that -etc-"a /+ an+ -etc-grou" have Deen e+ite+ o that /hen the NIS i activate+A the +ata Da e .ou have Gu t create+ /i!! De u e+A in tea+ of the -etc ASCII fi!e , Start the (ppasswd service. -root/vm% 1.2 service (ppasswdd start Startin" D@ passwd service7 - *= . -root/vm% 1.2 chkconfi" (ppasswdd on You might want to edit root's crontab *on the slave* server and add the following lines: 20 * * * * /usr/lib/yp/ypxfr_ perhour !0 " * * * /usr/lib/yp/ypxfr_ perday ## "$ % * * * /usr/lib/yp/ypxfr_2perday &his will ensure that most '() maps are *ept up+to+date$ even if an update is missed because the slave was down at the time the update was done on the master, -n the master server$ add the new slave server name to /var/yp/ypservers and runmake in /var/yp to update the map , Configuring NIS C!ient: Install the followin" packa"es in client machine.

$root%v&5 ()* .u& in ta!! ."Din+ authconfig autof >ive the domain name and Ipof the NIS server in client. *authconfig 3tui or * etu" GN +uthentication onfi"uration GN heck these fields GN ache Information. GNUse NIS GNnext )omain7 2"ive domain name here its Server7 394.38:.6.40 If (ou have slave servers "ive like this. Ips of machines one after one separated b( commas. server 394.38:.6.40, 394.38:.6.4% E+it the -etc-n /itch,conf fi!e

!he username and passwords should be checked in order such that the NIS files should be checked first. So edit the entries as follows.

vi -etc-n /itch,conf "a /+: ni fi!e ha+o/: ni fi!e grou": ni fi!e Configure autof : *pen the confi"uration file of autofs and make edits. 2vi /etc/auto.master /home /etc/auto.misc GGtimeoutB86 2vi /etc/auto.misc

3r/A .nc #40,#56,7,0':-ho&e-H Re tart the autof ervice, * ervice autof re tart *chkconfig autof on So&e u efu! co&&an+ : 2(pcat passwd from client executin" the above command will "ive the entriesof NIS users in /etc/passwd file of master server.