Pick a Free OS

User login

Navigation

Home

Centralised authentication using NIS

Sat, 12/02/2000 - 05:49 |  admin
Email: 
mayank@freeos.com

You can also use the program ypinit.

/usr/lib/yp/ypinit -m

Ypinit will first prompt you for a list of NIS servers on the network. You

will need to enter the list of NIS servers for that domain. This should

also include any slave NIS servers that you are planning to setup. Ypinit

will write this list of servers to /var/yp/ypservers and then go ahead

with the make. Ypinit is fine for the first time you're setting up NIS but

if you make frequent changes to the NIS files then "make" is a better

option. This is because Ypinit re-creates the NIS database from scratch

whereas make will first check the source file for changes, update changes

to the NIS maps and push the changes to slave servers.

While making the NIS maps, you might get some errors message saying that

it could not generate some of the files. If so then edit Makefile, search

for the "all" entry and comment out the files that gave the error. Run

the make again.

The next file you need to edit is /var/yp/securenets. This file defines

the NIS clients that are allowed to access your NIS server. This file only

takes IP addresses -- no hostnames. The IP addresses are specified as a

netmask/IP address pair. Localhost will need to be in this file. The entry

should already be there, but if not then enter the following. The netmask

entry comes first.

255.0.0.0 127.0.0.0

255.255.255.0 192.168.0.0

You can also allow specific hosts by giving the keyword "host" followed by

an IP address.

host 127.0.0.1

Similarly, you can enter other netmask/network pairs to restrict access to

the NIS server and improve security. Here 192.168.0.* has access to the

NIS server.

The server setup is now done. The NIS server can be started now. Make sure

that the portmap daemon is started before the NIS server is.

/etc/rc.d/init.d/portmap start

/etc/rc.d/init.d/ypserv start

If portmap is running, ypserv will start the NIS server and connect with

portmap. Use "rpcinfo -p" to check. You should get output that looks like

the following

100004 2 udp 1003 ypserv

100004 1 udp 1003 ypserv

100004 2 tcp 1006 ypserv

100004 1 tcp 1006 ypserv

You also need to run rpc.yppasswdd. This allows users to change their

passwords over the network. This daemon should be run only on the NIS

master server. Also make sure that this daemon is started after ypserv.

/etc/rc.d/init.d/yppasswdd

Login to post comments |   |  Tags: Articles - Howtos, Linux

Contact Us | Terms of Use | Trademarks | Privacy Statement
Copyright © Freeos.com | Contact Us: info@freeos.com