This article explains how to configure Linux as a NIS (Network Information Service) server. Both server side and client side commands are listed in this tutorial. NIS is a directory service which centralizes user administration. The instructions I outline here will work for Red Hat variant operating systems like CentOS, Fedora etc. NIS was originally called Yellow Pages or YP, but due to copyright issues it was renamed to Network Information Services (NIS). But still packages and services required for NIS start with yp. This tutorial will also explain the usage of autofs for mounting the home directories of users created on the NIS server.
NIS Server Configuration
Step 1:- Install the NIS packages
On the server using the yum command you should install both the server and client packages.
yum install yp-tools ypbind ypserv
Step 2:- Configure a NIS domain name
On the server a NIS domain name has to be set. So edit the following file
vi /etc/sysconfig/network
Add the following to the last line
NISDOMAIN="DOMAINNAME"
The DOMAINNAME is the name of your choice.
Step 3:- Make the NIS server a client to itself
The NIS server has to be it own client.
vi /etc/yp.conf
Add the following line at the end of the file
ypserver 127.0.0.1
Step 4:- Start the NIS server daemons
Issue the following command to start the NIS server related services and use chkconfig to start them automatically the next time Linux starts
service portmap start
service yppasswdd start
service ypserv start
chkconfig portmap on
chkconfig yppasswdd on
chkconfig ypserv on
Step 5:- Initialize the NIS server
To initialize the NIS server type the entire path below.
/usr/lib/yp/ypinit -m
When this executable is run it shows your server’s hostname and prompts you to enter names of other NIS servers on the network. Press Ctrl+D and then y to confirm
Step 6:- Start the NIS client daemon
ypbind is the NIS client service daemon while ypxfrd is used to speed up transfer of very large NIS maps
service ypbind start
service ypxfrd start
chkconfig ypbind on
chkconfig ypxfrd on
Step 7:- Creating users on the NIS server
Creating users is done as usual using the useradd command.
useradd user1
passwd user1
But whenever you create, delete, set password or do any kind of user management tasks you have to execute the following commands.
cd /var/yp
make
This will update the NIS database.
Step 8:- Sharing the home directories through NFS
This is an optional step but doing this is recommended as this will also centralize the users’ home directories. Share the /home directory using NFS
vi /etc/exports
Add the following line
/home *(rw,sync)
Save the file and refresh using the exportfs command
exportfs -av
NIS Client configuration
The client configuration is very simple. It just involves specifying the NIS domain name, NIS server IP address/hostname and creating an auto mount for the home directories. Execute the following command to bind the client to the NIS domain.
authconfig --enablenis --nisdomain=DOMAINNAME --nisserver=SERVERNAME --update
You may also enter the IP address of the server instead of SERVERNAME if DNS is not configured. Next is to configure auto mounting.
vi /etc/auto.master
Edit the file and add the following line
/home /etc/auto.home
Create a file named auto.home inside /etc and add the following line
vi /etc/auto.home
* -rw,soft SERVERNAME:/home
save the file and restart autofs service
service autofs restart
Thats it now you can login on the client using the users created on the NIS server and all information saved in the home directories of users can be accessed from all NIS client computers.
NIS iptables rules
The following iptables firewall rules on the server will allow NIS through the firewall
iptables -I INPUT -p udp --dport 1023 -j ACCEPT
iptables -I INPUT -p udp --dport 111 -j ACCEPT
It is not guaranteed that the ports will remain the same on all computers, so use the following command to find out the port on which portmapper and ypserv are running
rpcinfo -p
To allow NFS through the firewall
iptables -I INPUT -p tcp --dport 2049 -j ACCEPT
Finally to save the iptables configuration
service iptables save
Leave a Reply