Tag Archives | Active Directory

What is NIS?

The NIS is a database that contains a series of tables. Each table is created from text files like /etc/passwd, /etc/services and any other tabular files. Each table may contain one column or more with a unique key on each row.

You can think of it like any normal database.

You can query these tables in two ways:

• Listing the entire table
• Pulling a specific entry by searching

When a program makes a request to search for a user password details, the client checks the /etc/passwd file to check if the user doesn’t exist there; the client then asks the NIS server to search for it in the /etc/passwd table from the NIS server.

The following list is the list of services and tools that are used by NIS server:

ypserv: This service waits for queries and gives answers to NIS clients.

ypbind: This is client-side of NIS.

ypxfrd: This service is used for sending the NIS databases from master MIS servers to slave servers.

Linux NIS Servers

Linux NIS server types are:

• Master server:: where all original files are stored.
• Slave (secondary) server: it’s used for load balancing and helpful in case of master server failure.

You can have multiple secondary NIS servers if you need.

Primary and secondary NIS servers are kept synced and updated. This process is called server push.

NIS Domain Name

NIS domains are just like the domains of a domain controller in Windows, but the difference is that client can join the network without having to wait for admin acceptance.

Keep in mind that the names used for NIS domain names MUST be different from your DNS domain names.

Installing Master Linux NIS Server

On Red Hat based distros, you can install it like this:

$ dnf -y install ypserv

On Debian-based distros, you can install it like this:

$ apt-get -y install nis

After successful installation, you need to set the NIS domain name by using the domainname command.

Let’s name it nis.example.com

$ domainname nis.example.com

To persist our NIS domain name in Red hat based distros, we can create a variable called NISDOMAIN in the /etc/sysconfig/network file.

On Debian-based distros, you can achieve the same result by adding the domainname command with the correct value to one of the rc scripts which run at boot time.

Configuring NIS

As we mentioned earlier, the ypserv waits for queries and gives answers to NIS clients.

NIS is an RPC service, so you need to ensure that the rpcbind program is up and running before you attempt to start the Linux NIS server.

On new Linux distros that rely on systemd as the service manager, systemd will automatically take care of service intra-dependencies that exist between rpcbind and ypserv.

If your distro is not one of them, you can start rpcbind like this:

$ systemctl start rpcbind

On our distro which has systemd, we can start the service like this:

$ systemctl start ypserv

To confirm that the service is running, you can use the rpcinfo command.

$ rpcinfo -p | grep ypserv

Editing the Makefile

The make command is responsible for preparing the list of files that need compilation and the needed program for compilation for each of them.

The make command compiles a file called Makefile.

Taking this concept to work on NIS is straightforward. In this case, a series of text files need to be converted into database format. We want a tool that will re-convert any files that have been changed, we can use the make command.

The Makefile is in /var/yp directory. This file contains all the shared files by NIS server.

Let’s discuss the options in the Makefile.
NOPUSH Option

If you plan to have NIS slave servers, you will need to tell the master Linux NIS server to push the resulting maps to the slave servers. Change the NOPUSH variable to false if you want to have support for slave servers.

NOPUSH=true

Keep in mind that you need to list the hostnames of your slave servers in /var/yp/ypservers file and ensure to list a corresponding entry in the /etc/hosts file.

Min UIDs GIDs

Every user on Linux has a user id and group id, you can get your id by typing the id command and gid command respectively.

You can set the minimum permissions for the files that will be shared via NIS using MINUID and MINGID like this:

MINUID=500

MINGID=500

Merging Shadow Passwords with Real Ones

The Linux NIS server can be used to authenticate their users, NIS server will automatically take the encrypted field from the /etc/shadow file and merge it into the NIS shared copy of /etc/passwd.

This is done using MERGE_PASSWD option:

MERGE_PASSWD=true

Merging Group Shadow Passwords with Real Ones

The /etc/group file allows passwords to be applied to group settings. Since the /etc/group file needs to be publicly readable, most distros have taken to support shadow group files /etc/gshadow.

The option is called MERGE_GROUP:

MERGE_GROUP=true

Shared Entries

In Makefile, there is an option that specifies what is shared, it is (all) option

all: passwd group hosts services shadow networks

The option YPPWDDIR specifies the location of the passwd, group, and shadow files, so you don’t need to type the full path.

Initialize NIS Server Using ypinit

Once you’ve finished editing options in Makefile, you can initialize the NIS server like this:

$ /usr/lib64/yp/ypinit -m

The -m option is used to initialize the server as a master server.

Or if you are using a 32bit system the command will be:

$ /usr/lib/yp/ypinit

This tool will ask about the secondary NIS servers if you have any.

These entries will be stored in the /var/yp/ypservers file.

Congratulations, now your NIS server should work OK and your map will be on the secondary servers if you have any.

Configuring NIS Client

On Red Hat based distros, you can install NIS client like this:

$ dnf -y install ypbind

On Debian-based distros, you can install it like this:

$ apt-get install nis

The /etc/yp.conf file is the configuration for the client-side daemon.

You can start ypbind now:

$ systemctl start ypbind

$ systemctl enable ypbind

The/etc/nsswitch.conf File

This file contains entries of facilities and their corresponding files and services that the system will use for searching.

passwd: files nis

This entry means that search requests for password entries will first be done in the /etc/passwd file. If the requested entry isn’t found there, check NIS server.

NIS Tools

To work better with the Linux NIS server, there are some useful tools that can help you manage the information in the database.

ypcat: This tool is used to get data from the NIS server by extracting it from NIS map.

ypwhich: gets the name of the Linux NIS server that is responding to your requests.

ypmatch: rather than grabbing the entire map, or you can search by key to get a specific entry.

I hope you find the post useful and interesting. Keep coming back.

Thank you.

likegeeks.com