Set up NIS client and server systems with autofs home

Filed In: sysadmin

NIS is a bit of an old-school solution on UNIX systems for sharing user information, including logins, across systems. This allows administrators to centralize all user account information, as well as home directories, across any number of physical machines. There are some security implications (like having to disable iptables on the server, see below), and maybe LDAP would be a better choice. But for a home or small organization behind a good firewall, an NIS system could be a lot simpler to create.

One nice complement for NIS is that all user’s home directories are centralized on a NFS mounted /home, using autofs. Not only do we want to share user and group information, but have all the user’s same home directories available to them from any machine they happen to sit down at.

There can be more than one NIS server. All clients and servers must belong to the same domain, similar to WinBind.

The following guide is based on Centos 5.4. (actually used a Fedora 11 system as a server).

Setting up the server takes the most work. My server name is xulu, at 192.168.1.28/24. The hostname of the client is flogg, at 192.168.1.110. The NIS domain will be syxyz (yes, the same as the domain of this site, but I also use it for my home network generally. Don’t ask what it means.).

Server side

Install the following packages via yum:

$ yum install yp-tools ypbind ypserv portmap

Edit /etc/yp.conf:

domain syxyz server xulu
ypserver xulu

/etc/ypserve.conf is another configuration file where you can set server options, but this is fine as-is, by default.

to /etc/sysconfig/network add the following important line, which will make the server the first member of the new NIS domain, on the next reboot:

NISDOMAIN=syxyz

run the following commands at the prompt:

root@xulu# domainname syxyz
root@xulu# ypdomainname syxyz

this will immediately bring the server into the new domain. Now start portmap and make sure it comes up in the normal runlevels (after reboot, natch)

root@xulu# service portmap start
root@xulu# chkconfig portmap on

start the NIS server:

root@xulu# service ypserv start

make sure it’s actually running. Since NIS is based on the same RPC protocol as NFS, rpcinfo will help. Here’s what it should look like:

root@xulu# rpcinfo xulu | grep ypbind
    100007    2    udp       0.0.0.0.2.136          ypbind     superuser
    100007    1    udp       0.0.0.0.2.136          ypbind     superuser
    100007    2    tcp       0.0.0.0.2.139          ypbind     superuser
    100007    1    tcp       0.0.0.0.2.139          ypbind     superuser

Now build the NIS maps and database for the master server, based on the text-based files such as /etc/passwd, /etc/group, and so on. The ypinit script will build this from scratch, importing all this data into the yp system as needed.

root@xulu# /usr/lib64/yp/ypinit -m

(note, if you are on a 32-bit system, it will be ‘lib’, not ‘lib64′). Specify the single system that will be the server, and exit with ^D as instructed.

Now start and set up init for the other components of the yp system – these are probably all necessary, who knows.

root@xulu# service ypbind start
root@xulu# service yppasswdd start
root@xulu# service ypxfrd start

root@xulu# for service in ypserv ypbind yppasswdd ypxfrd; do chkconfig $service on; don

Basically make sure everything matching /etc/rc.d/init.d/yp* is running.

Disable the firewall

Here is the part you might not like. Right now it seems to be impossible to smoothly run NIS when iptables is enabled (even on Fedora 12) see the following bugs for details and updates: 505380 458448

So, time to drop your pants. Ensure you have a really good hardware firewall in place and a trusted internal network, mmm’k? The -F argument to iptables will ‘flush’ all the rules.

root@xulu# /sbin/iptables -F

Export /home via NFS

Add a line like the following to /etc/exports, adjusting for your network and subnet:

/home      192.168.1.0/16(rw,sync,no_subtree_check)

And start the NFS server:

root@xulu# service nfs start

That’s done. Lets get the client into this domain.

Client Side:

Make sure ypbind and portmap packages are installed.

Make sure your client can find the server by name, for convenience. If you don’t have a local DNS you can use, add to /etc/hosts

192.168.1.28     xulu    xulu.syxyz

run the GUI for adding the system to the NIS domain (or use authconfig, if you have to).

# system-config-authentication

Check ‘Use NIS’ and fill in the domain (syxyz) and server (xulu), click OK.

This should add you to the domain, check /etc/sysconfig/network to see if the NISDOMAIN is set. Also try:

flogg# ypwhich
xulu
flogg# ypcat passwd

which should show a list of user accounts on the server. Sweet!

At this point, on the client, you should be able to log in as one of the users on the server. However you may get an error about no home directory, or find only an empty one waiting for you.

Set up autofs

Let’s set up autofs to mount the NFS share of /home on the server as needed to provide all your important cherished files.

First make sure we can mount the NFS share from the client

flogg# mkdir tmp-home
flogg# mount xulu:/home tmp-home
flogg# ls tmp-home

you should see the list of user home directories on the server. Great – disconnect and proceed with autofs.

flogg# umount tmp-home; rmdir tmp-home

Add a line to /etc/auto.master, somewhere near the line starting “/misc”

/home           /etc/auto.home

Now create the file /etc/auto.home with

*    -rw,intr,hard        xulu:/home/&

You can move your existing /home dir out of the way, but you don’t have to – unless it is mounted already on its own disk partition. Then you’ll need to do ‘umount /home‘ and remove that entry from /etc/fstab

Run the autofs daemon

flogg# service autofs start

and make sure it runs always.

flogg# chkconfig autofs on

Time for a beer

Now, if you have a user, say “bubba”, on the server, who does not exist on the client, try to login on the client console as bubba. You should then see all of bubba’s files in the home dir via the NFS mount. Check the syslog on both client and server if there is any problem. Give bubba a beer too, he always likes beer.

Maintain

If you make any additions or changes to the accounts on the server side, rebuild the yp databases with:

root@xulu# useradd account
root@xulu# passwd account
root@xulu# cd /var/yp
root@xulu# make

You can also change the password from the server for any user with yppasswd. At this point, when trying to change a user password from the client side, I am getting:

flogg# yppasswd
yppasswd: yppasswdd is not running on NIS master host ("localhost")

Not sure why this is the case, since the NIS master host as revealed by ypwhich above is clearly not localhost. And on the actual master, xulu, yppasswdd is running. So if anyone knows…

See also

http://bradthemad.org/tech/notes/redhat_nis_setup.php

http://www.wains.be/index.php/2007/02/28/setting-up-nis-under-centos-4/

http://www.centos.org/docs/5/html/Deployment_Guide-en-US/s1-nfs-client-config-autofs.html

http://www.yolinux.com/TUTORIALS/NIS.html

1 Comment
Tags: , , , , , , , ,

There are 1 Comments to "Set up NIS client and server systems with autofs home"

Write a Comment

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> <pre lang="" line="" escaped="">

chirp.syxyz.net

Essentials

A service of Onset Corps LLC, and your humble author and fellow journeyer Samuel Beam.

Wherein, we specialize in over-involved explanations of all types, especially as concerning the efficacious use of tools and processes to maintain simplicity in an irreducibly complex world.

Meta

Pages

Categories

© Onset Industries LLC 2008-2012
Design: TAKTEEKMEDIA

Free DNS - afraid.org
fancy clipart - nerfect.com
RSS Feed | CSS and XHTML