CentOS 6
Sponsored Link

Configure NIS Server
2015/03/08
 
Configure NIS Server in order to share users' accounts in your local networks.
[1] Install and Configure Ypserv.
[root@dlp ~]#
yum -y install ypserv rpcbind
# set NIS domain

[root@dlp ~]#
ypdomainname srv.world

[root@dlp ~]#
echo 'NISDOMAIN=srv.world' >> /etc/sysconfig/network

[root@dlp ~]#
vi /var/yp/Makefile
# MERGE_PASSWD=true|false
# line 42: change

MERGE_PASSWD=
false
# MERGE_GROUP=true|false
# line 46: change

MERGE_GROUP=
false
# line 117: add

all: passwd
shadow
 group hosts rpc services netid protocols
[root@dlp ~]#
vi /var/yp/securenets
# create new (specify networks you allow to access)

255.0.0.0       127.0.0.0
255.255.255.0   10.0.0.0

[root@dlp ~]#
vi /etc/hosts
# add own IP for NIS database

10.0.0.30   dlp.srv.world dlp

[root@dlp ~]#
/etc/rc.d/init.d/rpcbind start

Starting portmap:     [  OK  ]
[root@dlp ~]#
/etc/rc.d/init.d/ypserv start

Starting YP server services:     [  OK  ]
[root@dlp ~]#
/etc/rc.d/init.d/ypxfrd start

Starting YP server services:     [  OK  ]
[root@dlp ~]#
/etc/rc.d/init.d/yppasswdd start

Starting YP passwd service:     [  OK  ]
[root@dlp ~]#
chkconfig rpcbind on

[root@dlp ~]#
chkconfig ypserv on

[root@dlp ~]#
chkconfig ypxfrd on

[root@dlp ~]#
chkconfig yppasswdd on
# update NIS database

[root@dlp ~]#
/usr/lib64/yp/ypinit -m
At this point, we have to construct a list of the hosts which will run NIS servers. dlp is in the list of NIS server hosts. Please continue to add the names for the other hosts, one per line. When you are done with the
list, type a <control D>.
next host to add: dlp

next host to add:
   
# Ctrl + D key

The current list of NIS servers looks like this:
dlp
Is this correct? [y/n: y]
y
   
# y key

We need a few minutes to build the databases...
Building /var/yp/srv.world/ypservers...
Running /var/yp/Makefile...
gmake[1]: Entering directory `/var/yp/srv.world'
Updating passwd.byname...
Updating passwd.byuid...
Updating shadow.byname...
Updating group.byname...
Updating group.bygid...
Updating hosts.byname...
Updating hosts.byaddr...
Updating rpc.byname...
Updating rpc.bynumber...
Updating services.byname...
Updating services.byservicename...
Updating netid.byname...
Updating protocols.bynumber...
Updating protocols.byname...
Updating mail.aliases...
gmake[1]: Leaving directory `/var/yp/srv.world'
dlp has been set up as a NIS master server.
Now you can run ypinit -s dlp on all slave server.
[2] It's neccessary to update NIS database like follows if new user is added in the System.
[root@dlp ~]#
cd /var/yp

[root@dlp yp]#
[3] If IPTables is running, it needs to allow NIS service ports. Some services listen different ports when they restart, so fix ports for them and allow them by IPTables.
For "-I INPUT 5" section below, Replace it to your own environment.
[root@dlp ~]#
vi /etc/sysconfig/network
# add to the end

YPSERV_ARGS="-p 944"
YPXFRD_ARGS="-p 945"
[root@dlp ~]#
vi /etc/sysconfig/yppasswdd
# add it

YPPASSWDD_ARGS="
--port 946
"
[root@dlp ~]#
for service in rpcbind ypserv ypxfrd yppasswdd
do
    /etc/rc.d/init.d/$service restart
done
[root@dlp ~]#
iptables -I INPUT 5 -p tcp -m state --state NEW -m tcp --dport 111 -j ACCEPT

[root@dlp ~]#
iptables -I INPUT 6 -p udp -m state --state NEW -m udp --dport 111 -j ACCEPT

[root@dlp ~]#
iptables -I INPUT 7 -p tcp -m state --state NEW -m tcp --dport 944 -j ACCEPT

[root@dlp ~]#
iptables -I INPUT 8 -p udp -m state --state NEW -m udp --dport 944 -j ACCEPT

[root@dlp ~]#
iptables -I INPUT 9 -p tcp -m state --state NEW -m tcp --dport 945 -j ACCEPT

[root@dlp ~]#
iptables -I INPUT 10 -p udp -m state --state NEW -m udp --dport 945 -j ACCEPT

[root@dlp ~]#
iptables -I INPUT 11 -p udp -m state --state NEW -m udp --dport 946 -j ACCEPT

 
Tweet