Setup and configure NIS server and NIS client on Fedora Core Linux operating system

 NIS required only when NIS (Network Information Service) is used, Nis involve only with the user registration etc. only to the server.  The article below the step by step setup and configure the NISserver and NIS client on Fedora operating system, the article also include the setup of portmap, nsswitch and using tools such as ypwhich, ypcat and ypmatch.

Setting of NIS domain server and client

The following line is added to /etc/sysconfig/network.

NISDOMAIN=nisdomain.com

Portmapper should start to operate NIS and NFS.

Portmapper allocates the TCP/UDP port number in the RPC service program.

The main RPC service program

PORTMAPPER,NFS,YPSERV,MOUNTD,YPBIND,YPPASSWDD

Portmap installation

[root@tenouk ~]# mount /dev/cdrom

[root@tenouk ~]# cd /mnt/cdrom/RedHat/RPMS

[root@tenouk ~]# rpm –Uhv portmap-4.0-38.i386.rpm

[root@tenouk ~]# cd /

[root@tenouk ~]# umount /dev/cdrom

Start  and stop portmap service

[root@tenouk ~]# /sbin/service portmap start

[root@tenouk ~]# /sbin/service portmap stop

Confirmation of automatic start of portmap

List the automatic start for portmap service.

[root@tenouk ~]# /sbin/chkconfig --list portmap

Setting of automatic start of portmap.

[root@tenouk ~]# /sbin/chkconfig --level 35 portmap on

Setting of NIS Server

NIS installation

[root@tenouk ~]# mount /dev/cdrom

[root@tenouk ~]# cd /mnt/cdrom/RedHat/RPMS

[root@tenouk ~]# rpm –Uhv ypserv-1.3.12-2.i386.rpm

[root@tenouk ~]# cd /

[root@tenouk ~]# umount /dev/cdrom

Control of ypserv

[root@tenouk ~]# /sbin/service ypserv start

[root@tenouk ~]# /sbin/service ypserv stopt

Setting of automatic start of ypserv

[root@tenouk ~]# /sbin/chkconfig --level 35 ypserv on

Confirmation of automatic start of ypserv

[root@tenouk ~]# /sbin/chkconfig --list ypserv

Ypserv controls the access by /var/yp/securenets.

[root@tenouk ~]# vi /var/yp/securenets

0.0.0.0 0.0.0.0 //The access from all hosts is permitted.

255.255.255.0 192.168.0.0

Ypserv responds only from the host who belongs to 192.168.0.0/24.

NIS Map

   One NIS server or more is necessary to use NIS. NIS data bases contains user information and host information, etc. are put on the NIS server. One of NIS must becomes a master server when two or more NIS servers are prepared, and the remain becomes a slave server.  All information is set on the master server, and the slave server maintains the copy.  The file such as /etc/passwd on the master server is converted into the NIS map.

Example of NIS map

(file) (nis map)

passwd passwd.byname passwd.byuid

hosts hosts.byname hosts.byaddr

Making NIS map

1. Information necessary for the file is written If it is for instance /etc/hosts, the host name and Internet Protocol address are written.

2. The NIS data base is made from these files.

[root@tenouk ~]# cd /var/yp

[root@tenouk ~]# make

Setting of master server

Information in the NIS map is reflected in the mastering server.

[root@tenouk ~]# /usr/lib/yp/ypinit –m

The NIS slave server name is heard when executing.

Besides, when the NIS server does not exist, ends if CTRL+D is input.

Setting of slave server

[root@tenouk ~]# /usr/lib/yp/ypinit –s masterservername

Information in the NIS map is automatically copied from the master server.

Setting of NIS client

The installation process of ypbind and yp-tools.

[root@tenouk ~]# mount /dev/cdrom

[root@tenouk ~]# cd /mnt/cdrom/RedHat/RPMS

[root@tenouk ~]# rpm –Uhv ypbind-1.8-1.i386.rpm

[root@tenouk ~]# rpm –Uhv yp-tools-2.5-1.i386.rpm

[root@tenouk ~]# cd /

[root@tenouk ~]# umount /dev/cdrom

Beginning and stop of ypbind)

[root@tenouk ~]# /sbin/service ypbind start

[root@tenouk ~]# /sbin/service ypbind stop

Setting of automatic start)

[root@tenouk ~]# /sbin/chkconfig --level 35 ypbind on

Confirmation of automatic start

[root@tenouk ~]# /sbin/chkconfig --list ypbind

Specification of nis server

Open and edirt yp.conf file.

[root@tenouk ~]# vi /etc/yp.conf

# /etc/yp.conf - ypbind configuration file

# Valid entries are

#

#domain NISDOMAIN server HOSTNAME

# Use server HOSTNAME for the domain NISDOMAIN.

#

#domain NISDOMAIN broadcast

# Use broadcast on the local net for domain NISDOMAIN

#

#ypserver HOSTNAME

# Use server HOSTNAME for the local domain. The

# IP-address of server must be listed in /etc/hosts.

#

Setting of name service switch

   For instance, information on the user has two of information from /etc/passwd and NIS of each client. Moreover, the host name has three of information from /etc/hosts, NIS, and DNS of each client. By what priority level these information is used specifies the name service switch depending.

[root@tenouk ~]# vi /etc/nsswitch.conf

#
# /etc/nsswitch.conf
#
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
#
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
#
# Legal entries are:
#
# nisplus or nis+ Use NIS+ (NIS version 3)
# nis or yp Use NIS (NIS version 2), also called YP
# dns Use DNS (Domain Name Service)
# files Use the local files
# db Use the local database (.db) files
# compat Use NIS on compat mode
# hesiod Use Hesiod for user lookups
# [NOTFOUND=return] Stop searching if not found so far
#

# To use db, put the "db" in front of "files" for entries you want to be
# looked up first in the databases
#
# Example:
#passwd: db files nisplus nis
#shadow: db files nisplus nis
#group: db files nisplus nis

passwd: files nisplus
shadow: files nisplus
group: files nisplus

#hosts: db files nisplus nis dns
hosts: files nisplus dns

# Example - obey only what nisplus tells us...
#services: nisplus [NOTFOUND=return] files
#networks: nisplus [NOTFOUND=return] files
#protocols: nisplus [NOTFOUND=return] files
#rpc: nisplus [NOTFOUND=return] files
#ethers: nisplus [NOTFOUND=return] files
#netmasks: nisplus [NOTFOUND=return] files

bootparams: nisplus [NOTFOUND=return] files

ethers: files
netmasks: files
networks: files
protocols: files nisplus
rpc: files
services: files nisplus

netgroup: files nisplus

publickey: nisplus

automount: files nisplus
aliases: files nisplus

Using ypwhich

Ypwhich displays which NIS server to be used.

[root@tenouk ~]# ypwhich

nisdomainA

[root@tenouk ~]#

The list of the data base map is output

[root@tenouk ~]# ypwhich –x

Use "ethers" for map "ethers.byname"

Use "aliases" for map "mail.aliases"

Use "services" for map "services.byname"

Use "protocols" for map "protocols.bynumber"

Use "hosts" for map "hosts.byname"

Use "networks" for map "networks.byaddr"

Use "group" for map "group.byname"

Use "passwd" for map "passwd.byname"

$

Using ypcat

Display the content of the NIS data base output.

Nis passwd

[root@tenouk ~]# ypcat passwd

nfsnobody:!!:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin

kimura:$1$e9/Rybex$xgn0t2ioIJuCjzLOiFIua1:500:500::/home/kimura:/bin/bash

[root@tenouk ~]#

hosts file

[root@tenouk ~]# ypcat hosts

10.10.0.234 nt

127.0.0.1 RedHatA localhost.localdomain localhost

127.0.0.1 RedHatA localhost.localdomain localhost

10.10.0.235 RedHatA

[root@tenouk ~]#

Using ypmatch

A specific key word of the NIS data base is retrieved, and the result is output.

[root@tenouk ~]# ypmatch nt hosts

10.10.0.234 nt

[root@tenouk ~]#

Related:

Setup of NFS server and NFS cilent on Fedora Core system.

Keywords: nis server, nis client, setup nis, configure nis, nis on fedora, using ypmatch, ypmatch, using ypcat, ypcat, using ypwhich, ypwhich, using nsswitch, setup nsswitch, configure nsswitch, nisname server switch, nis switch.

LDAP for authentication

Authenticating to a LDAP serverReasons for authenticating to an LDAP server.

We assume that you would like to create a web server where a client can log in and then retrieve their e-mails via internet and/or send e-mails etc. (example: www.gmx.de, www.web.de orhttp://linuxali.dyndns.org:4141 ).

Therefore the client has to become a user on the web server. That means they have to run the web server as root (not recommended) to be able to use the commands useradd and groupadd. Your second option is to put all users into a database, where the system looks at every login and controls individual access if the user exists.

This second opportunity is safer as you have one single location in the network where all users log in (like the NDS from Novell); you can administrate the users at a central point (Single Point of Administration).

Necessary software

OpenLDAP 2.x.x (http://www.openldap.org/software/download/) (In this tutorial OpenLDAP 2.0.12 is used)

Nss_ldap (http://www.padl.com/nss_ldap.html)

Pam_ldap (http://www.padl.com/pam_ldap.html)

Pam-devel (http://www.tuxfinder.com) (only necessary if you did not compile PAM yourself)

Debian users only need the package libpam0g-dev ("apt-get install libpam0g-dev")

OpenLDAP should already be completly configured; if it is not and you have problems look for the tutorial by Thomas Kroll (http://www.linuxnetmag.com/de/issue6/m6ldap 1.html)

Installing the software

First, decompress the packages nss_ldap and pam_ldap by:

>> tar xvfz nss_ldap....tar.gz
>> tar xvfz pam_ldap....tar.gz

Then compile and install them by:
>> ./configure
>> make
>> make install

in each directory.

Installation time will depend on your computer.

Configuring the software

In order to store the following objects, for the LDAP account, you have to adapt the file slapd.conf ( it is in the configuration directory of OpenLDAP).

It should look like this:

Slapd.conf

include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/inetorgperson.schema

# These are the files which define the objects
# that are included before starting the server.
# These entries must be changed.

# The following files should already be present,
# otherwise the LDAP server would not work properly.

pidfile /usr/local/var/slapd.pid
argsfile /usr/local/var/slapd.args

# This data is necessary for starting the LDAP server.

database ldbm
suffix "dc=alkronet,dc=de"

# This entry determines the highest object in your LDAP database.
# This value must be adapted.

rootdn "cn=Manager,dc=alkronet,dc=de"

# This entry determines a person who has all permissions
# for the following object in the LDAP database.
# This value must be adapted.

rootpw test

# The root password.

directory /usr/local/var/openldap-ldbm

# Directory with the LDAP database.

defaultaccess write

# Standard permissions for every user.

# Indices to maintain
index objectClass eq

The file /etc/ldap.conf must also be adapted because the programs nss_ldap and pam_ldap are accessing it (Be careful, do not edit the file: /etc/openldap/ldap.conf). It is also possible that the files are in a different place. If you use the option -sysconfdir= ... at configuration time, the files will reside in the corresponding directory.


Ldap.conf
host 127.0.0.1
# host where you can reach the LDAP server

base dc=alkronet,dc=de

# the base of the LDAP server

pam_filter objectclass=posixAccount

# At log in all objects which are contained in the object class
# posixAccount are searched for the user

pam_login_attribute uid

# also those which have the attribute uid

nss_base_passwd o=auth_user,dc=alkronet,dc=de?one
nss_base_shadow o=auth_user,dc=alkronet,dc=de?one
nss_base_group o=auth_group,dc=alkronet,dc=de?one

# names the LDAP place where the account data must be

sslno

# ssl connections = no

Afterwards a file should be created where an organizations container object is put in. This file could look like the following:

User.ldif
dn: o=auth_user, dc=alkronet, dc=de
o: auth_user
objectclass: organization

# these lines create an organizations object
# which is named "auth_user". Later, new
# users will be inserted in this object.

dn: o=auth_group, dc=alkronet, dc=de
o: auth_group
objectclass: organization

dn: cn=user, o=auth_group, dc=alkronet, dc=de
objectClass: posixGroup
objectClass: top
cn: user
userPassword: {crypt}x
gidNumber: 10

# here the group "user" with the number 10 is created

dn: uid=tester, o=auth_user, dc=alkronet, dc=de
uid: tester
cn: Test Tester
objectclass: account
objectclass: posixAccount
objectclass: top
objectclass: shadowAccount
userPassword: test
shadowLastChange: 11472
shadowMax: 99999
shadowWarning: 7
uidNumber: 1000
gidNumber: 10
homeDirectory: /home/tester
loginShell: /bin/bash

# uid = user- und login name
# cn = christian name, surname would be sn
# afterwards the object classes are defined
# for the quite tricky values with shadow*
# the manpages of passwd, useradd and
# shadow should probably be consulted
# uidNumber = user number or user id
# gidNumber = group number or id the user belongs to
# homeDirectory = home directory
# loginShell = login shell


After this file is created it can be added to the LDAP server.

This is done with the command ldapadd.

>> ldapadd -x -D "cn=manager, dc=alkronet, dc=de" -W -f User.ldif

Now the user is included in the LDAP database but the database is not accessed during log in.

So the PAM service must be adapted to the LDAP server.

Preparing the system for authenticating to a LDAP server

First /etc/nsswitch.conf must be edited to tell the system that group-, user- and password information is not only held in files but also on a LDAP server.

This could look like the following:

/etc/nsswitch.conf
passwd: ldap files
group: ldap files
shadow: ldap files

# ldap was added here

hosts: files dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis


If you compiled the packages nss_ldap and pam_ldap yourself, a file named ldap.conf should exist in the directory /usr/local/etc. If it is not, the option -sysconfdir was used at compile time. You should look in the directory you chose then.

Debian users who have worked with apt-get own the two files pam-ldap.conf and libnss-ldap.conf. These files are the same and you could also create a link (e.g.: ln -snf /etc/pam-ldap.conf /etc/libnss-ldap.conf).

The content of this file determines which LDAP server to authenticate to and which objects contain the user- and password information.

It could look like the following:

Ldap.conf oder ldap-pam.conf

host 127.0.0.1
# IP des LDAP Servers

base dc=alkronet,dc=de
# base object of the server

# binddn cn=proxyuser,dc=padl,dc=com
# bindpw secret
# rootbinddn cn=manager,dc=padl,dc=com
# port 389

# if you have to authenticate to the LDAP server to be able
# to browse data, the user and password have to be
# named here

# timelimit 30
# sets how long a user is allowed to browse the LDAP server

# bind_timelimit 30
# sets how long a user is allowed to be connected
# to the LDAP server

# idle_timelimit 3600
# sets the time the connection is automatically cut
# when the user is idle

pam_filter objectclass=posixAccount
# search all entries where the object class equals posixAccount

pam_login_attribute uid
# the username is stored in the attribute uid

nss_base_passwd o=auth_user, dc=alkronet,dc=de?one
nss_base_shadow o=auth_user, dc=alkronet,dc=de?one
nss_base_group o=auth_group, dc=alkronet,dc=de?one

# sets the path to the passwords, the shadow entries and the
# group information
# ?one means, that only one entry may be used
# if there is more than one entry the first found
# password is used

sslno
# SSL connections are not supported

Furthermore the configuration files of every service that is running on the system that will authenticate to the LDAP server must be adapted.

The configuration files reside in /etc/pam.d. Some examples are already included with the PAM software and can be found in example.

If you did not compile PAM yourself they should be in /usr/share/doc/pam, /usr/share/doc/packages/pam or /usr/share/doc/libpam.

The file that is accessed during log in is named login and could look like this:

/etc/pam.d/login
auth required /lib/security/pam_securetty.so
auth required /lib/security/pam_nologin.so
auth sufficient /lib/security/pam_ldap.so use_first_pass
auth required /lib/security/pam_unix_auth.so try_first_pass
account sufficient /lib/security/pam_ldap.so
account required /lib/security/pam_unix_acct.so
password required /lib/security/pam_cracklib.so
password required /lib/security/pam_ldap.so
password required /lib/security/pam_pwdb.so use_first_pass
session required /lib/security/pam_unix_session.so

# /lib/security/pam_ldap.so should be available
# for every section (auth, account, password) now

# use_first_pass means that the first entered password is used
# and the files (shadow and passwd) are omitted

The other files in the directory can also be adapted this way; or you could take the example files from PAM.

Now logging in should be working, but I had to reboot (perhaps some services must be restarted).

PHP script for adding users

add_user.php
$username = testuser;
$password = testuser;
$user_id = 1005;

$ldap_server = "127.0.0.1";
$ldap_base = "dc=alkronet,dc=de";

# Attention: Double user ids could lead to authenticating errors

$entries["uid"]=strtolower($username);
$entries["cn"]=$username;
$entries["objectclass"][0]="account";
$entries["objectclass"][1]="posixAccount";
$entries["objectclass"][2]="top";
$entries["objectclass"][3]="shadowAccount";
$entries["userPassword"]=$password;
$entries["shadowLastChange"]="11472";
$entries["shadowMax"]="99999";
$entries["shadowWarning"]="7";
$entries["uidNumber"]=$user_id;
$entries["gidNumber"]="10";
$entries["homeDirectory"]="/home/".$username;
$entries["loginShell"]="/bin/false";

$connect = ldap_connect($ldap_server);
$bind = ldap_bind($connect, "cn=manager, ".$ldap_base, "test");

if (!$bind || !$connect) {
echo "Connection could not be established.";
exit;
}

ldap_add($connect, "uid=".strtolower($username).", o=auth_user, ".$ldap_base, $entries);

if (ldap_error($connect) != "Success") {
echo "
".ldap_error($connect)."
";
}

Configuring NIS under Red Hat Linux

The following describes a procedure to set up NIS network name service under Red Hat Linux. This is geared toward a small intallation with only one domain. However, it should be fairly evident how to add more NIS domains. The NIS domain name has nothing to do with any DNS naming convention being used.
In these examples, the following conventions are used:
NIS domain: "internal"
Code or configuration file data: colored
Root prompt on NIS master server: master#
Root prompt on NIS client host: client#

Setting up a NIS master server:

Required packages: yp-tools ypbind ypserv portmap
Set up "time" service to run via inetd/xinetd, or configure xntpd, or otherwise make sure the host's clock is synchronized.
Edit /etc/yp.conf:

domain internal server ip.of.nis.server

Edit /etc/ypserv.conf:

dns: no
files: 30
xfr_check_port: yes
* : * : shadow.byname : port
* : * : passwd.adjunct.byname : port 

Edit /etc/sysconfig/network:

NISDOMAIN="internal"

Set NIS domain name:

master# domainname internal
master# ypdomainname internal

Create file /var/yp/securenets:

host 127.0.0.1
255.255.255.0   10.0.0.0

Make sure the "portmap" service is running:

master# service portmap start
master# chkconfig portmap on

Portmap will need a rule in /etc/hosts.allow to allow access from localhost and any hosts that need to access NIS.
Start ypserv service:

master# service ypserv start

Check that it's listening:

master# rpcinfo -u localhost ypserv

You should see:

program 100004 version 1 ready and waiting
program 100004 version 2 ready and waiting

Initialize the NIS maps:

master# /usr/lib/yp/ypinit -m

Specify local hostname, Ctrl-D, y, let finish.
Start up ypbind, yppasswdd, ypxfrd:

master# service ypbind start
master# service yppasswdd start
master# service ypxfrd start

Set YP services to run on boot-up:

master# chkconfig ypserv on
master# chkconfig ypbind on
master# chkconfig yppasswdd on
master# chkconfig ypxfrd on

NIS client host setup

Required packages: yp-tools ypbind portmap
Edit /etc/sysconfig/network:

NISDOMAIN=internal

Edit /etc/yp.conf:

domain internal server ip.of.master.server

Edit /etc/hosts:

ip.of.master.server    hostname.domain hostname

Set NIS domain-name:

client# domainname internal
client# ypdomainname internal

Edit /etc/nsswitch.conf:

passwd:     files nis
shadow:     files nis
group:      files nis

Make sure the portmap service is running:

client# service portmap start
client# chkconfig portmap on

The /etc/hosts.allow file will need rules allowing access from localhost and the NIS master server.
Start ypbind service:

client# service ypbind start
client# chkconfig ypbind on

Test it out:

client# rpcinfo -u localhost ypbind
client# ypcat passwd

Step by step to configure NIS in RHEL5

1: pre-setting up
NIS domain name: linuxcream
NIS master server IP100.0.0.1,hostname:master.linuxcream   /* create user01 in master server
NIS slave server  IP100.0.0.2,hostname: slave.linuxcream
NIS client side IP100.0.0.3,  hostname: client.linuxcream

2: setting up

a: install all needed package
———————————————————————————————–
[root@localhost ~]# yum install portmap ypserv ypbind yp-tools
[root@localhost ~]# rpm -qa | grep ^yp

ypbind-1.19-11.el5
ypserv-2.19-5.el5
yp-tools-2.9-0.1
[root@localhost ~]# rpm -qa | grep portmap
portmap-4.0-65.2.2.1
———————————————————————————————–

b: setting up NIS domain name
———————————————————————————————————————–
[root@localhost ~]# nisdomainname linuxcream
[root@localhost ~]# echo “/bin/nisdomainname linuxcream” >> /etc/rc.d/rc.local
[root@localhost ~]# echo “NISDOMAIN=linuxcream” >> /etc/sysconfig/network
———————————————————————————————————————–
/bin/nisdomainname linuxcream            /*  start when turn on server
add NISDOMAIN=linuxcream in /etc/sysconfig/network               /*auto set nis domain when start sevices

c: configure ypserv
——————————————————————————————————
[root@linuxcream /]# vi /etc/ypserv.conf
/* only allow 127.0.0.0/255.0.0.0 and 100.0.0.0/255.0.0.0 access，
127.0.0.0/255.0.0.0    :  *  :  *  :  none
100.0.0.0/255.0.0.0        :  *  :  *  :  none
*                              :  *  :  *  :  deny
[root@localhost ~]# cat /var/yp/securenets    /*created  by user
host 127.0.0.1
255.0.0.0 100.0.0.0
———————————————————————————————————-

d: configure /etc/hosts and create /etc/netgroup
——————————————————————————
[root@localhost ~]# touch /etc/netgroup
[root@localhost ~]# vi /etc/hosts
127.0.0.1        localhost.localdomain localhost
::1             localhost6.localdomain6 localhost6
100.0.0.1       master.linuxcream
100.0.0.2       slave.linuxcream
100.0.0.3       client.linuxcream
———————————————————————————–

e: setting NIS datalist：
———————————————————————————–
[root@localhost ~]# useradd user01
[root@localhost ~]# passwd user01
Changing password for user user01.
New UNIX password:
BAD PASSWORD: it is WAY too short
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
[root@localhost ~]# /usr/lib/yp/ypinit –m
At this point, we have to construct a list of the hosts which will run NIS
servers.  master.linuxcream is in the list of NIS server hosts.  Please continue to add
the names for the other hosts, one per line.  When you are done with the
list, type a .                                   /*  type ctrl+D =enter
next host to add:  master.linuxcream
next host to add:
The current list of NIS servers looks like this:

master.linuxcream

Is this correct?  [y/n: y]  y
We need a few minutes to build the databases…
Building /var/yp/linuxcream/ypservers…
Running /var/yp/Makefile…
gmake[1]: Entering directory `/var/yp/linuxcream’
Updating passwd.byname…
failed to send ‘clear’ to local ypserv: RPC: Port mapper failureUpdating passwd.byuid…
failed to send ‘clear’ to local ypserv: RPC: Port mapper failureUpdating group.byname…
failed to send ‘clear’ to local ypserv: RPC: Port mapper failureUpdating group.bygid…
failed to send ‘clear’ to local ypserv: RPC: Port mapper failureUpdating hosts.byname…
failed to send ‘clear’ to local ypserv: RPC: Port mapper failureUpdating hosts.byaddr…
failed to send ‘clear’ to local ypserv: RPC: Port mapper failureUpdating rpc.byname…
failed to send ‘clear’ to local ypserv: RPC: Port mapper failureUpdating rpc.bynumber…
failed to send ‘clear’ to local ypserv: RPC: Port mapper failureUpdating services.byname…
failed to send ‘clear’ to local ypserv: RPC: Port mapper failureUpdating services.byservicename…
failed to send ‘clear’ to local ypserv: RPC: Port mapper failureUpdating netid.byname…
failed to send ‘clear’ to local ypserv: RPC: Port mapper failureUpdating protocols.bynumber…
failed to send ‘clear’ to local ypserv: RPC: Port mapper failureUpdating protocols.byname…
failed to send ‘clear’ to local ypserv: RPC: Port mapper failureUpdating mail.aliases…
failed to send ‘clear’ to local ypserv: RPC: Port mapper failuregmake[1]: Leaving directory `/var/yp/linuxcream’

master.linuxcream has been set up as a NIS master server.

Now you can run ypinit -s master.linuxcream on all slave server.
——————————————————————————————————————————————–

f:start services
——————————————————————————————————-
[root@localhost ~]# service portmap restart
stop portmap：[OK]
starportmap：[OK]
[root@localhost ~]# service ypserv restart
Stop YP services：[Failure]
Start YP services：[OK]
[root@localhost ~]# service yppasswd restart
yppasswd: unrecognised services
[root@localhost ~]# service yppasswdd restart
Stop  YP services：[Failure]
Start YP services：[OK]
[root@localhost ~]# chkconfig –level 35 portmap on
[root@localhost ~]# chkconfig –level 35 ypserv on
[root@localhost ~]# chkconfig –level 35 yppasswdd on
[root@localhost ~]# ps –aux | grep yp
[root@localhost ~]# tail /var/log/message
—————————————————————————————————

7．configure for slave server
————————————————————–
[root@linuxcream /]# vim /var/yp/Makefile
NOPUSH=true   /* around line 23
NOPUSH=false   /* update for slave server from master server
[root@localhost ~]# cat /var/yp/ypservers    /*  add nis slave
master.linuxcream
slave.linuxcream
[root@localhost ~]# service ypxfrd restart  /* allow slave server connect to ypxfrd for updating
Stop YP services：[failure]
Start YP services：[OK]
/* allow slave server to master server database
[root@crazylinux]# yppush -h slave.linuxcream passwd.*
—————————————————————————————————-

Configure NIS salve server (same with master server configure)
1：check package including portmap、ypserv、ypbind、yp-tools
—————————————————————————————————-
[root@localhost ~]# yum install portmap ypbind yp-tools ypserv
[root@localhost ~]# rpm -qa | grep ^yp
ypbind-1.19-11.el5
yp-tools-2.9-0.1
ypserv-2.19-5.el5
[root@localhost ~]# rpm -qa | grep portmap
portmap-4.0-65.2.2.1
2．create nis domain name
[root@localhost ~]# nisdomainname linuxcream
[root@localhost ~]# echo “/bin/nisdomainname linuxcream” >> /etc/rc.d/rc.local
[root@localhost ~]# echo “NISDOMAIN=crazylinux” >> /etc/sysconfig/network
3. configure ypserv
[root@linuxcream /]# vi /etc/ypserv.conf           /* add from bottom line
127.0.0.0/255.0.0.0    :  *  :  *  :  none
100.0.0.0/255.0.0.0        :  *  :  *  :  none
*                              :  *  :  *  :  deny
[root@localhost ~]# cat /var/yp/securenets
host 127.0.0.1
255.0.0.0 100.0.0.0
4．set /etc/hosts and create /etc/netgroup
[root@linuxcream /]#vi /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1               localhost.localdomain localhost
100.0.0.1               master.linuxcream
100.0.0.2               slave.linuxcream
100.0.0.3               client.linuxcream
[root@linuxcream /]# touch /etc/netgroup
5．Start services
[root@crazylinux /]#service portmap restart
[root@crazylinux /]# service ypserv start
[root@crazylinux /]#/usr/lib/yp/ypinit -s master.crazylinux
[root@crazylinux /]# ypcat -h localhost passwd.byname       //check if work
[root@crazylinux /]#vi /etc/crontab             /add from bottom line
20 * * * * root /usr/lib/yp/ypxfr_1perhour
40 6 * * * root /usr/lib/yp/ypxfr_2perday
55 6,18 * * * root /usr/lib/yp/ypxfr_2perday
[root@linuxcream /]# vi /usr/lib/yp/ypxfr_1perhour
$YPBINDIR/ypxfr $map /*change to
$YPBINDIR/ypxfr $map –h master.linuxcream
[root@linuxcream /]#service ypbind restart
—————————————————————————————————-
Configure for client side：
1：check  ypbind、yp-tools  package
[root@localhost ~]# yum install portmap ypbind yp-tools
[root@localhost ~]# rpm -qa | grep ^yp
ypbind-1.19-11.el5
yp-tools-2.9-0.1
[root@localhost ~]# rpm -qa | grep portmap
portmap-4.0-65.2.2.1
2．create NIS domain name
[root@localhost ~]# nisdomainname linuxcream
[root@localhost ~]# echo “/bin/nisdomainname linuxcream” >> /etc/rc.d/rc.local
[root@localhost ~]# echo “NISDOMAIN=linuxcream” >> /etc/sysconfig/network
3．set /etc/hosts and /etc/netgroup
[root@linuxcream /]#vi /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1               localhost.localdomain localhost
100.0.0.1               master.linuxcream
100.0.0.2               slave.linuxcream
100.0.0.3               client.linuxcream
[root@crazylinux /]# touch /etc/netgroup
4．configure nsswitch.conf
[root@linuxcream /]# vi /etc/nsswitch.conf
passwd:     files nis nisplus
shadow:     files nis nisplus
group:      files nis nisplus
hosts:      files nis dns
5．set /etc/sysconfig/authconfig
[root@linuxcream /]# vi /etc/sysconfig/authconfig
USENIS=no–>yes
6．set /etc/yp.conf
[root@localhost ~]# cat /etc/yp.conf
domain linuxcream server master.linuxcream  /* line 4
domain linuxcream server slave.linuxcream
7．start ypbind
[root@localhost ~]# service portmap status
portmap (pid 1683) is running…
[root@localhost ~]# service  ypbind start
Binding to the NIS domain: [  OK  ]
Listening for an NIS domain server..set nis server
[root@localhost ~]# vi /etc/exports
/home        100.0.0.0/8(rw,async,np_root_squash)
[root@localhost ~]#service nfs start
set nis client
[root@localhost ~]#vi /etc/fstab
master.linuxcream:/home/        /home        nfs        defaults        0        0
testing……

Configure NIS + autofs sevices in RHEL 5

step 1: configure NIS services in client side

# authconfig-tui

//enter NIS domain name=netexample;

//hostname=server1.example.com.

step 2: checking folder and user info from NIS server

# ypcat passwd | grep username  //username home directory in server

step 3: configure autofs master file in client computer

# vim /etc/auto.master

/home/guests          /etc/auto.my

//do not need create /home/guests directory in advanced

//info of /home/guests, user can use ypcat passwd to find

step 4:configure autofs slave file

# vim /etc/auto.my

*    server1.example.com:/home/guests/&

//showmount -e server1.example.com

step 5: restart autofs service

# service autofs restart

# chkconfig autofs on

step 6: test

Ctrl+Alt+F1

login with username and password

Requirement

· Installation and Management of Red Hat Linux.

· Setup and Management of LVM.

· Setup and Management of NIS, NFS

· Setup and Management DHCP

· Setup and Management of DNS

· Setup and Management of Samba.

· Setup and Management of Web Server (APACHE)

· Installation and Configuration of SCO Openserver 5, RHEL4 & 5

· Installation of SCO patches, Maintenance packs, EFS, Driver Files and H/W RAID.

· Use Shell Scripting on system administrative level.

· Administration of Checkpoint Firewall & Linux Based Firewall. It involves providing rule based internet access, port management and network intrusion detection and troubleshooting.

· Implementation SAMBA, NFS, and FTP servers for file and printing sharing.

· System Administration, Network designing and troubleshooting of Linux Servers.

· Configured YUM, FTP and NFS server for automatic remote installations of Linux Machines and Applications Software.

· Configured Linux Machine as a Gateway Server for Routing functionality.

· Implementation DNS, MAIL, WEB, TUX,SQUID, DHCP and Log Servers in Linux..

· Kernel Recompilation.

· Implementation RAID, LVM, Disk Quota .

· Implemented Centralized Login Server using NIS, LDAP

· Responsibilities include providing 24 X 7 remote support

Certification on red hat Linux is preferred

Linux OS ( RHEL 3, RHEL 4, RHEL 5 ) : - BIND/DNS, Apache, Tomcat, Sendmail, Postfix, Squid, FTP, NFS, Samba, NIS, LDAP, DHCP,RPMS, RAID, LVM, Disk Quota, OpenSSH, SELinux, , Dump, , Bash Shell Scripting, Users and Group administration, Editor, Kickstart, Installation