180 likes | 375 Views
Network Information System (NIS). Module – Network Information System (NIS). Overview
E N D
Module – Network Information System (NIS) Overview This module focuses on configuring and managing Network Information System (NIS). This is a service to distribute information to be shared by all machines in the Network. It also helps to centrally administer the sharing of information by different users. Lessons covered in this module Introduction to NIS Configuring NIS Managing NIS
Lesson 1 - Introduction to NIS Introduction DNS is used in internet, which is a large public Network. Similarly smaller private Linux networks have their own systems for sharing of information across the Network. Network Information System is one such Linux service. Topics covered in this lesson Essentials of NIS NIS Name Server Hierarchy NIS Domains and Maps NIS Topologies
Topic 1 – Essentials of NIS Essential elements for an NIS are NIS installation packages, NIS servers, NIS domains, NIS maps, NIS daemons and NIS clients. For a complete NIS setup at least one NIS server and one or more NIS clients should be configured. If the network already has NIS servers, NIS client programs should be installed and configured. If network does not have NIS servers, a master server, one or more slave servers and also some NIS clients should be configured.
Topic 2 – NIS Name Server Hierarchy NIS Name servers have a hierarchy. NIS servers are divided into master and slave servers. A master server has the authoritative copies of the NIS maps, while a slave server maintains copies of the maps, received from the master. Whenever the maps on the master server change, the slaves receive updated copies. The difference is : Slave servers receive only copies of the DBM databases, not the ASCII source files. If the master server becomes unavailable for some reason, slave servers can function as backup servers.
Topic 3 - NIS Domains and Maps NIS domain is a unique name that refers to a group of systems using the NIS maps. NIS domains organize groups of systems which need the same information in a logical unit. There are no physical restrictions on the structure of a domain. NIS server has a centrally administered database of information shared across the NIS network. NIS clients use NIS to query servers for information stored in the databases. These databases are known as NIS maps. These are stored in DBM format.
Topic 4 - NIS Topologies NIS is configured in the following combinations known as topologies Single-domain/single-server Single-domain/multiple-server Multiple domains/single server Multiple domains/ multiple-server In a Multiple domains/multiple server NIS configuration. Each domain has a slave server. Some of the clients in each domain prefer to contact the slave servers rather than the master server. Any client communicates with the server for its domain that responds the fastest.
Lesson 2 – Configuring NIS Introduction Configuring NIS involves configuring at least one NIS server and one or more NIS clients. Complete NIS installation needs three NIS packages and two NIS daemons. Topics covered in this lesson NIS Daemons Configuring NIS Servers Configuring NIS Clients
Topic 1 - NIS Daemons NIS password daemon handles password changes and updating other NIS information that depends on user passwords. It runs only on the master server. It is started executing its initialization script with the start argument. root@ server1~]# service yppassword start NIS transfer daemon speeds up the transfer process by enabling slave servers to copy the NIS maps from the Master server. The transfer daemon runs only on the Master server. To start the transfer daemon, execute the command: root@ server1~]# /sbin/service ypxfrd start
Topic 2 - Configuring NIS Servers Configuring NIS server involves the following steps NIS domain name setting Configuration file editing Starting the server and NIS daemons NIS map initialization Startup modification to start the daemons at system reboot NIS packages are ypbind, ypserv and yp-tools. The key configuration files are /var/yp/securenets and /etc/ypserv.conf.
Topic 3 - Configuring NIS Clients The procedure for setting up NIS clients involves setting the NIS domain name, configuring and starting the NIS client daemon, testing it and configuring the client's startup files to use NIS. Install the RPMs : portmap, ypbind, yp-tools. By default authconfig and authconfig-gtk packages will be installed. Restart sshd service to register authentication changes. Use system-config-authentication to configure your host to use NIS and test by running ypwhich.
Lesson 3 - Managing NIS Introduction After installation and configuration the NIS service has to be managed for efficient function. For this the server and the clients should be tested for their access authentication and obtaining of NIS maps. Topics covered in this lesson Testing NIS Prorating and Fetching NIS Maps Restricting Access to NIS Clients and Servers
Topic 1 - Testing NIS Check log files in /var/log Check the registration of NIS services and the ports used Check for ypbind on clients Check for ypserv and rpc.yppasswdd on servers Run ypwhich and getent passwd.
Topic 2 - Prorating and Fetching NIS Maps NIS commands to fetch the required NIS Maps from the NIS servers connected to the network. ypcat --- Print the entries in an NIS Map ypmatch --- Print the value of entries in an NIS map yppasswd --- Change user passwords on the NIS server yppoll --- Show the server and version number of an NIS map ypwhich --- Show the name of the NIS master server ypwhich with the -x option displays the list of available maps. For a specific piece of information, use the ypmatch command.
Topic 3 - Restricting Access to NIS Clients and Servers Sometimes it may be necessary to prevent access for some users managed by the NIS server to the NIS client. Then you should modify your NIS client to allow all local users and selected NIS users to log in, while prohibiting all other NIS users from logging in. These restrictions can be incorporated by editing the account section lines in the /etc/pam.d/system-auth file on NIS client. If there are problems check /var/log/messages and /var/log/secure. Check also if portmap and ypserv services are running.
Lab Exercises Restricting access to the NIS service for specified users.
Conclusion Summary NIS is a service to distribute and centrally administer information to be shared by all machines in the Network. NIS master server stores the authoritative NIS maps and slave servers maintain copies of the maps, received from the master. Test NIS by checking the configuration files and logging on as different users. It should allow only permitted users. Using client commands you can check and fetch NIS maps. Server and client files should both be configured to allow NIS access to authorized users Question and Answer Session