Professional Documents
Culture Documents
Here are the steps to configure the NFS server in this scenario:
1. Edit the /etc/exports file to allow NFS mounts of the /home directory with read/write access.
/home *(rw,sync)
2. Let NFS read the /etc/exports file for the new entry, and make /home available to the network
with the exportfs command.
[root@bigboy tmp]# exportfs -a
[root@bigboy tmp]#
3. Make sure the required nfs, nfslock, and portmap daemons are both running and configured to
start after the next reboot.
[root@bigboy tmp]# chkconfig nfslock on
[root@bigboy tmp]# chkconfig nfs on
[root@bigboy tmp]# chkconfig portmap on
[root@bigboy tmp]# service portmap start
Starting portmapper: [ OK ]
[root@bigboy tmp]# service nfslock start
Starting NFS statd: [ OK ]
[root@bigboy tmp]# service nfs start
Starting NFS services: [ OK ]
Starting NFS quotas: [ OK ]
Starting NFS daemon: [ OK ]
Starting NFS mountd: [ OK ]
[root@bigboy tmp]#
After configuring the NFS server, we have to configure its clients, This will be covered next.
Configuring The NFS Client
You also need to configure the NFS clients to mount their /home directories on the NFS server.
These steps archive the /home directory. In a production environment in which the /home
directory would be actively used, you'd have to force the users to log off, backup the data, restore
it to the NFS server, and then follow the steps below. As this is a lab environment, these
prerequisites aren't necessary.
1. Make sure the required netfs, nfslock, and portmap daemons are running and configured to
start after the next reboot.
[root@smallfry tmp]# chkconfig nfslock on
[root@smallfry tmp]# chkconfig netfs on
[root@smallfry tmp]# chkconfig portmap on
[root@smallfry tmp]# service portmap start
Starting portmapper: [ OK ]
[root@smallfry tmp]# service netfs start
Mounting other filesystems: [ OK ]
[root@smallfry tmp]# service nfslock start
Starting NFS statd: [ OK ]
[root@smallfry tmp]#
2. Keep a copy of the old /home directory, and create a new directory /home on which you'll
mount the NFS server's directory.
[root@smallfry tmp]# mv /home /home.save
[root@smallfry tmp]# mkdir /home
[root@smallfry tmp]# ll /
...
...
drwxr-xr-x 1 root root 11 Nov 16 20:22 home
drwxr-xr-x 2 root root 4096 Jan 24 2003 home.save
...
...
[root@smallfry tmp]#
3. Make sure you can mount bigboy's /home directory on the new /home directory you just
created. Unmount it once everything looks correct.
[root@smallfry tmp]# mount 192.168.1.100:/home /home/
[root@smallfry tmp]# ls /home
ftpinstall nisuser quotauser smallfry www
[root@smallfry tmp]# umount /home
[root@smallfry tmp]#
4. Start configuring autofs automounting. Edit your /etc/auto.master file to refer to file
/etc/auto.home for mounting information whenever the /home directory is accessed. After five
minutes, autofs unmounts the directory.
#/etc/auto.master
/home /etc/auto.home --timeout 600
5. Edit file /etc/auto.home to do the NFS mount whenever the /home directory is accessed. If the
line is too long to view on your screen, you can add a \ character at the end to continue on the
next line.
#/etc/auto.home
* -fstype=nfs,soft,intr,rsize=8192,wsize=8192,nosuid,tcp \
192.168.1.100:/home/&
6. Start autofs and make sure it starts after the next reboot with the chkconfig command.
[root@smallfry tmp]# chkconfig autofs on
[root@smallfry tmp]# service autofs restart
Stopping automount:[ OK ]
Starting automount:[ OK ]
[root@smallfry tmp]#
After doing this, you won't be able to see the contents of the /home directory on bigboy as user
root. This is because by default NFS activates the root squash feature, which disables this user
from having privileged access to directories on remote NFS servers. You'll be able to test this
later after NIS is configured.
Note: This automounter feature doesn't appear to function correctly in my preliminary testing of
Fedora Core 3. See Chapter 29, "Remote Disk Access with NFS", for details.
All newly added Linux users will now be assigned a home directory under the new remote /home
directory. This scheme will make the users feel their home directories are local, when in reality
they are automatically mounted and accessed over your network.
Configuring The NIS Server
NFS only covers file sharing over the network. You now have to configure NIS login
authentication for the lab students before the job is done. The configuration of the NIS server is
not difficult, but requires many steps that you may overlook. Don't worry, we'll review each one in
detail.
Note: In the early days, NIS was called Yellow Pages. The developers had to change the name
after a copyright infringement lawsuit, yet many of the key programs associated with NIS have
kept their original names beginning with yp.
Install the NIS Server Packages
All the packages required for NIS clients are a standard part of most Fedora installations. The
ypserv package for servers is not. Install the package according to the steps outlined in Chapter
6,"Installing Linux Software".
Edit Your /etc/sysconfig/network File
You need to add the NIS domain you wish to use in the /etc/sysconfig/network file. For the
school, call the domain NIS-SCHOOL-NETWORK.
#/etc/sysconfig/network
NISDOMAIN="NIS-SCHOOL-NETWORK"
Edit Your /etc/yp.conf File
NIS servers also have to be NIS clients themselves, so you'll have to edit the NIS client
configuration file /etc/yp.conf to list the domain's NIS server as being the server itself or localhost.
# /etc/yp.conf - ypbind configuration file
ypserver 127.0.0.1
Start The Key NIS Server Related Daemons
Start the necessary NIS daemons in the /etc/init.d directory and use the chkconfig command to
ensure they start after the next reboot.
[root@bigboy tmp]# service portmap start
Starting portmapper: [ OK ]
[root@bigboy tmp]# service yppasswdd start
Starting YP passwd service: [ OK ]
[root@bigboy tmp]# service ypserv start
Setting NIS domain name NIS-SCHOOL-NETWORK: [ OK ]
Starting YP server services: [ OK ]
[root@bigboy tmp]#
Now that you have decided on the name of the NIS domain, you'll have to use the ypinit
command to create the associated authentication files for the domain. You will be prompted for
the name of the NIS server, which in this case is bigboy.
With this procedure, all nonprivileged accounts are automatically accessible via NIS.
[root@bigboy tmp]# /usr/lib/yp/ypinit -m
At this point, we have to construct a list of the hosts which will run NIS
servers. bigboy is in the list of NIS server hosts. Please continue to add
the names for the other hosts, one per line. When you are done with the
list, type a <control D>.
next host to add: bigboy
next host to add:
The current list of NIS servers looks like this:
bigboy
You can now start the ypbind and the ypxfrd daemons because the NIS domain files have been
created.
[root@bigboy tmp]# service ypbind start
Binding to the NIS domain: [ OK ]
Listening for an NIS domain server.
[root@bigboy tmp]# service ypxfrd start
Starting YP map server: [ OK ]
[root@bigboy tmp]# chkconfig ypbind on
[root@bigboy tmp]# chkconfig ypxfrd on
Make Sure The Daemons Are Running
All the NIS daemons use RPC port mapping and, therefore, are listed using the rpcinfo command
when they are running correctly.
[root@bigboy tmp]# rpcinfo -p localhost
program vers proto port
100000 2 tcp 111 portmapper
100000 2 udp 111 portmapper
100003 2 udp 2049 nfs
100003 3 udp 2049 nfs
100021 1 udp 1024 nlockmgr
100021 3 udp 1024 nlockmgr
100021 4 udp 1024 nlockmgr
100004 2 udp 784 ypserv
100004 1 udp 784 ypserv
100004 2 tcp 787 ypserv
100004 1 tcp 787 ypserv
100009 1 udp 798 yppasswdd
600100069 1 udp 850 fypxfrd
600100069 1 tcp 852 fypxfrd
100007 2 udp 924 ypbind
100007 1 udp 924 ypbind
100007 2 tcp 927 ypbind
100007 1 tcp 927 ypbind
[root@bigboy tmp]#
Adding New NIS Users
New NIS users can be created by logging into the NIS server and creating the new user account.
In this case, you'll create a user account called nisuser and give it a new password.
Once this is complete, you then have to update the NIS domain's authentication files by executing
the make command in the /var/yp directory.
This procedure makes all NIS-enabled, nonprivileged accounts become automatically accessible
via NIS, not just newly created ones. It also exports all the user's characteristics stored in the
/etc/passwd and /etc/group files, such as the login shell, the user's group, and home directory.
[root@bigboy tmp]# useradd -g users nisuser
[root@bigboy tmp]# passwd nisuser
Changing password for user nisuser.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
[root@bigboy tmp]# cd /var/yp
[root@bigboy yp]# make
gmake[1]: Entering directory `/var/yp/NIS-SCHOOL-NETWORK'
Updating passwd.byname...
Updating passwd.byuid...
Updating netid.byname...
gmake[1]: Leaving directory `/var/yp/NIS-SCHOOL-NETWORK'
[root@bigboy yp]#
You can check to see if the user's authentication information has been updated by using the
ypmatch command, which should return the user's encrypted password string.
[root@bigboy yp]# ypmatch nisuser passwd
nisuser:$1$d6E2i79Q$wp3Eo0Qw9nFD/::504:100::/home/nisuser:/bin/bash
[root@bigboy yp]
You can also use the getent command, which has similar syntax. Unlike ypmatch, getent doesn't
provide an encrypted password when run on an NIS server, it just provides the user's entry in
the /etc/passwd file. On a NIS client, the results are identical with both showing the encrypted
password.
[root@bigboy yp]# getent passwd nisuser
nisuser:x:504:100::/home/nisuser:/bin/bash
[root@bigboy yp]#
Configuring The NIS Client
Now that the NIS server is configured, it's time to configure the NIS clients. There are a number of
related configuration files that you need to edit to get it to work. Take a look at the procedure.
Run authconfig
The authconfig or the authconfig-tui program automatically configures your NIS files after
prompting you for the IP address and domain of the NIS server.
[root@smallfry tmp]# authconfig-tui
Once finished, it should create an /etc/yp.conf file that defines, amongst other things, the IP
address of the NIS server for a particular domain. It also edits the /etc/sysconfig/network file to
define the NIS domain to which the NIS client belongs.
# /etc/yp.conf - ypbind configuration file
domain NIS-SCHOOL-NETWORK server 192.168.1.100
#/etc/sysconfig/network
NISDOMAIN=NIS-SCHOOL-NETWORK
In addition, the authconfig program updates the /etc/nsswitch.conf file that lists the order in which
certain data sources should be searched for name lookups, such as those in DNS, LDAP, and
NIS. Here you can see where NIS entries were added for the important login files.
#/etc/nsswitch.conf
passwd: files nis
shadow: files nis
group: files nis
Note: You can also locate a sample NIS nsswitch.conf file in the /usr/share/doc/yp-tools*
directory.
Start The NIS Client Related Daemons
Start the ypbind NIS client, and portmap daemons in the /etc/init.d directory and use the
chkconfig command to ensure they start after the next reboot. Remember to use the rpcinfo
command to ensure they are running correctly.
[root@smallfry tmp]# service portmap start
Starting portmapper: [ OK ]
[root@smallfry tmp]# service ypbind start
Binding to the NIS domain:
Listening for an NIS domain server.
[root@smallfry tmp]#
As the configuration examples refer to the NIS client and server by their hostnames, you'll have to
make sure the names resolve correctly to IP addresses. This can be configured either in DNS,
when the hosts reside in the same domain, or more simply by editing the /etc/hosts file on both
Linux boxes.
#
# File: /etc/hosts (smallfry)
#
192.168.1.100 bigboy
#
# File: /etc/hosts (bigboy)
#
192.168.1.102 smallfry
Test NIS Access To The NIS Server
You can run the ypcat, ypmatch, and getent commands to make sure communication to the
server is correct.
[root@smallfry tmp]# ypcat passwd
nisuser:$1$Cs2GMe6r$1hohkyG7ALrDLjH1:505:100::/home/nisuser:/bin/bash
quotauser:!!:503:100::/home/quotauser:/bin/bash
ftpinstall:$1$8WjAVtes$SnRh9S1w07sYkFNJwpRKa.:502:100::/:/bin/bash
www:$1$DDCi/OPI$hwiTQ.L0XqYJUk09Bw.pJ/:504:100::/home/www:/bin/bash
smallfry:$1$qHni9dnR$iKDs7gfyt..BS9Lry3DAq.:501:100::/:/bin/bash
[root@smallfry tmp]#
Once your basic NIS functionality testing is complete, try to test a remote login. Failures in this
area could be due to firewalls blocking TELNET or SSH access and the TELNET and SSH server
process not being started on the clients.
Logging In Via Telnet
Try logging into the NIS client via telnet if it is enabled
[root@bigboy tmp]# telnet 192.168.1.201
Trying 192.168.1.201...
Connected to 192.168.1.201.
Escape character is '^]'.
Red Hat Linux release 9 (Shrike)
Kernel 2.4.20-6 on an i686
login: nisuser
Password:
Last login: Sun Nov 16 22:03:51 from 192-168-1-100.simiya.com
[nisuser@smallfry nisuser]$
Logging In Via SSH
Try logging into the NIS client via SSH.
[root@bigboy tmp]# ssh -l nisuser 192.168.1.102
nisuser@192.168.1.102's password:
[nisuser@smallfry nisuser]$
In some versions of Linux, the NIS client's SSH daemon doesn't re-read the /etc/nsswitch.conf file
you just modified until SSH is restarted. SSH logins, therefore, won't query the NIS server until
this is done. Restart SSH on the NIS client.
[root@smallfry root]# service sshd restart
Stopping sshd:[ OK ]
Starting sshd:[ OK ]
[root@smallfry root]#