The Network Information Service distributes information that needs to be shared throughout a Linux network to all machines on the network.
The information most commonly distributes across a network using
An
Each
A slave server maintains copies of the
Four
Type 1: A single domain with a master server, no slave server and one or more clients.
Type 2: A single domain with a master, one or more slave server and one or more clients.
Type 3: Multiple domains, each with its own master server, no slave server and one or more clients.
Type 4: Multiple domains, each with its own master server, one or more slave servers and one or more clients.
The rpm are required as follows,
[root@localhost RPMS]# rpm -ivh ypserv.rpm
ð For server side.
[root@localhost RPMS]# rpm -ivh ypbind.rpm
ð For client side.
[root@localhost RPMS]# rpm -ivh yptool.rpm
ð For developing the
| | |
| Command/File | Description |
| nisdomainname | Sets a system’s |
| ypserv | Handles the primary |
| ypinit | Builds and installs the |
| yppasswdd | Processes user password changes in an |
| ypxfrd | Speeds up the transfer of large |
| yppush | Propagates updated |
| /var/yp/securenets | Lists hosts permitted to access the |
| /etc/ypserv.conf | Stores runtime configuration options and special host access directives. |
| | |
| ypwhich | Display the name of the master |
| ypcat | Prints the entries in an |
| yppasswd | Changes user passwords and information on the |
| yppoll | Displays the server and version number of an |
| ypmatch | Prints the value of one or more entries in an |
| /etc/yp.conf | Configures the |
| /etc/nsswitch.conf | Configures the system name database lookup. |
| /etc/host.conf | Configures hostname resolution. |
/etc/ypserv.conf File
[root@admin root]# vi /etc/ypserv.conf
| # # ypserv.conf In this file you can set certain options for the #server, # and you can deny or restrict access to certain maps based # on the originating host. # # See ypserv.conf(5) for a description of the syntax. # # Some options for ypserv. This things are all not needed, if # you have a Linux net. # Should we do DNS lookups for hosts not found in the hosts table ? # This option is ignored in the moment. dns: no # How many map file handles should be cached ? files: 30 # Should we register ypserv with SLP ? slp: no # xfr requests are only allowed from ports <> xfr_check_port: yes # The following, when uncommented, will give you shadow like passwords. # Note that it will not work if you have slave # network that do not run the same server as you. # Host : Domain : Map : Security # # * : * : passwd.byname : port # * : * : passwd.byuid : port # Not everybody should see the shadow passwords, not secure, since # under MSDOG everbody is root and can access ports <> * : * : shadow.byname : port * : * : passwd.adjunct.byname : port # If you comment out the next rule, ypserv and rpc.ypxfrd will # look for YP_SECURE and YP_AUTHDES in the maps. This will make # the security check a little bit slower, but you only have to # change the keys on the master server, not the configuration files # on each # If you have maps with YP_SECURE or YP_AUTHDES, you should create # a rule for them above, that's much faster. # * : * : * : none |
ð ypserv and ypxfrd read /etc/ypserv.conf when they start and when sent a SIGHUP signal. An option line has the following format:
option:[yes|no]
ð option can be either dns or xfr_check_port. dns controls whether or not the
host:map:security:mangle[:field]
ð About the fields are explained below,
| Field | Description |
| host | The IP address to match. Wildcards are allowed. Example, 192.168.0. refers to all addresses between 192.168.0.1 and 192.168.0.255. |
| map | The name of a map to match. |
| security | The type of security to use. Can be one of none, port, deny or des. · none enables access to map for host unless mangle is set to yes, in which case access is denied. · port enables access if the connection is coming from a privileged port. If mangle is set to yes, access is enabled, but the password field is mangled. If mangle is no, access is denied. · deny denies the matching host access to this map. · des requires DES authentication. |
| mangle | The type of port to use. If set to yes, field is replaced by x if the requesting port is an unprivileged port. If set to no, field is not mangled if the requesting port is unprivileged. |
| field | The field number in the map to mangle. The default value if field in not specified is 2, which corresponds to the password field in /etc/group, /etc/shadow and /etc/passwd. |
Configuration of an
1. Now you need to edit the "network" file and add the following line. The line nothing but the domain name,
[root@admin root]# vi /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=admin.home.com
NISDOMAIN=home.com
ð To set a permanent
[root@admin root]# nisdomainname home.com
ð This
[root@admin root]# nisdomainname
home.com
2. For
[root@admin root]# service portmap start
[root@admin root]# rpcinfo -p admin.home.com
3. Now we will start the primary server daemon.
[root@admin root]# service ypserv start
Starting YP server services: [ OK ]
ð It will also show the domain name.
4. Again confirm the ypserv is running,
[root@admin root]# rpcinfo -u admin.home.com ypserv
program 100004 version 1 ready and waiting
program 100004 version 2 ready and waiting
5. Initialize the
[root@admin root]# /usr/lib/yp/ypinit -m
At this point, we have to construct a list of the hosts which will run
servers. admin.home.com is in the list of
the names for the other hosts, one per line. When you are done with the
list, type a
next host to add: admin.home.com
next host to add:
The current list of
admin.home.com
Is this correct? [y/n: y] y
We need a few minutes to build the databases...
Building /var/yp/home.com/ypservers...
Running /var/yp/Makefile...
gmake[1]: Entering directory `/var/yp/home.com'
Updating passwd.byname...
Updating passwd.byuid...
Updating group.byname...
Updating group.bygid...
Updating hosts.byname...
Updating hosts.byaddr...
Updating rpc.byname...
Updating rpc.bynumber...
Updating services.byname...
Updating services.byservicename...
Updating netid.byname...
Updating protocols.bynumber...
Updating protocols.byname...
Updating mail.aliases...
gmake[1]: Leaving directory `/var/yp/home.com'
admin.home.com has been set up as a
Now you can run ypinit -s admin.home.com on all slave server.
ð This command uses the –m option to indicate that it is creating maps for the master server.
[root@admin root]# /usr/lib/yp/ypinit -s admin.home.com
ð The –s instructs ypinit to create a slave server using the databases from the master server named admin.home.com.
After the execution of ypinit, there are some files, including a directory named as domain name (home.com), are created in /var/yp directory.
[root@admin root]# cd /var/yp/
[root@admin yp]# ls
binding home.com Makefile nicknames ypservers
6. Start the password daemon.
[root@admin root]# service yppasswdd start
Starting YP passwd service: [ OK ]
7. Confirm that yppasswd is running,
[root@admin yp]# rpcinfo -u admin.home.com yppasswd
program 100009 version 1 ready and waiting
8. Use the Service Configuration tool, as explained earlier, to configure ypserv and yppasswdd to start at boot time.
Configuration of
1. First we have to set a domain name (same as server domain name) for client system.
[root@client root]# vi /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=client.home.com
NISDOMAIN=home.com
2. Edit /etc/yp.conf to identify the default
[root@client root]# vi /etc/yp.conf
| # /etc/yp.conf - ypbind configuration file # Valid entries are # domain NISDOMAIN server HOSTNAME # Use server HOSTNAME for the domain NISDOMAIN. # domain NISDOMAIN broadcast # Use broadcast on the local net for domain NISDOMAIN # domain NISDOMAIN slp # Query local SLP server for ypserver supporting NISDOMAIN # ypserver HOSTNAME # Use server HOSTNAME for the local domain. The # IP-address of server must be listed in /etc/hosts. # broadcast # If no server for the default domain is specified or # none of them is rechable, try a broadcast call to # find a server. # domain home.com server admin.home.com |
Or use the following command to set domain name and
[root@client root]# authconfig
ð Now it will open a dialog box and enter the entire information and server name in the box.
3. Now we need to check the portmapper is running.
[root@client root]# rpcinfo -p admin.home.com
program vers proto port
100000 2 tcp 111 portmapper
100000 2 udp 111 portmapper
4. Start the primary client daemon, ypbind.
[root@client root]# service ypbind start
Binding to the
Listening for an
5. Edit /etc/host.conf and add
[root@client root]# cat /etc/host.conf
order hosts,
6. Use the Service Configuration tool, as explained earlier, to configure ypbind to start at boot time.
Testing
[sroyit@admin sroyit]$ ypwhich
admin.home.com
[sroyit@admin sroyit]$ ypcat passwd
sroyit:$1$L1tTWcvG$gyUEylxocGu8hln/b9QTW0:500:500:Susanta Kumar Roy:/home/sroyit:/bin/bash
[sroyit@admin sroyit]$ ypmatch sroyit passwd
sroyit:$1$L1tTWcvG$gyUEylxocGu8hln/b9QTW0:500:500:Susanta Kumar Roy:/home/sroyit:/bin/bash
[sroyit@admin sroyit]$ ypmatch sroyit group
sroyit:!:500:
[sroyit@admin sroyit]$ ypcat -x
Use "ethers" for map "ethers.byname"
Use "aliases" for map "mail.aliases"
Use "services" for map "services.byname"
Use "protocols" for map "protocols.bynumber"
Use "hosts" for map "hosts.byname"
Use "networks" for map "networks.byaddr"
Use "group" for map "group.byname"
Use "passwd" for map "passwd.byname"
[sroyit@admin sroyit]$ ypchfn
ð This command is used for changing
