Wednesday, June 5, 2013

NIS server setup on RHEL/CentOS

NIS SERVER SETUP:

1. Install required packages:
# yum install ypserv portmap

2. Edit /etc/sysconfig/network and add static NIS ports:
YPSERV_ARGS="-p 841"
YPPASSWDD_ARGS="-p 842"
YPXFRD_ARGS="-p 843"

To verify currently used ports run:
# rpcinfo -p localhost

3. Open required ports in firewall. Edit /etc/sysconfig/iptables and add:
-A RH-Firewall-1-INPUT -p udp --dport 111 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp --dport 111 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp --dport 841 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 841 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp --dport 842 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 842 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp --dport 843 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 843 -j ACCEPT
# service iptables restart

4. Setup NIS domain name - edit /etc/sysconfig/network and add:
NISDOMAIN="internal"

5. Initialize NIS maps:
/usr/lib/yp/ypinit -m

6. Secure NIS - permit only trusted networks. You may allow only specified subnets using iptables (i.e. by adding -s 192.168.0.0/24 to the portmap and NIS ports) or by editing /var/yp/securenets and including permitted networks in following format:
255.255.255.0 192.168.0.0

7. Start services and include them in rc3.d scripts:
# service portmap start
# service ypserv start
# chkconfig portmap on
# chkconfig ypserv on
You may include yppasswdd and ypxfrd as well if you need them.

UPDATING NIS MAPS:

# cd /var/yp; make


NIS CLIENT SETUP:

Execute:
# authconfig --update --nisdomain=internal --nisserver=nis.example.com --enablenis

Or:
# authconfig-tui

Finally make sure that ypbind is running and it's added to rc3.d services:
# service ypbind start
# chkconfig ypbind on

VIEWING NIS MAPS:

On the client:
# getent <mapname>
# getent passwd

On any allowed host:
# ypcat -d internal -h nis.example.com <mapname>
# ypcat -d internal -h nis.example.com passwd

2 comments:

  1. The above procedure works perfectly. Grate help. Thanks.

    ReplyDelete
  2. You may have forgotten to enable the yppasswdd service. Other than that, the only thing missing here is instructions on setting up the yp slave server...

    ReplyDelete