Showing posts with label Tips n tracks. Show all posts
Showing posts with label Tips n tracks. Show all posts

NIS on RHEL5

NETWORK INFORMATION SERVICE

NIS is centralized authentication software in Linux / Unix / Solaris platform. In a network, there will be a NIS server, one or more NIS slaves and lots of NIS Client machines. This document explains how to install and configue NIS Master, Slave and Client Machines in Redhat enterprise linux rhel5. It can also be applicable on centos, fedora and other variants.

Configuring the NIS MASTER Server:

Packages :
For installing NIS the following packages are required.
For server:

ypserv
portmap
make

For client:

ypbind
portmap
authconfig
autofs

Installation:

Step1:
Configure the NISDOMAIN. It should be different from the FQDN [domain name].
[root@vm3 ~]# nisdomainname nis.lap.com
And you have to resolve it in /etc/hosts

[root@vm3 ~]# cat /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 localhost.localdomain localhost
::1 localhost6.localdomain6 localhost6
192.168.0.23 nis.lap.com
[root@vm3 ~]#

To make it permenant add the enty in /etc/sysconfig/network. This should be done in order to srvive a reboot.

[root@vm3 ~]# cat /etc/sysconfig/network
NETWORKING_IPV6=no
HOSTNAME=vm3
NETWORKING=yes
GATEWAY=192.168.0.1
NISDOMAIN=nis.lap.com
[root@vm3 ~]#

restart the network service

Step2:

Install the packages for server.

[root@vm3 ~]# yum install yp*
if using rpm you've to install ypserv, portmapper and dependecy make.
After installing these a new directory yp will be created under /var

Security Tip:

To allow only some hosts to access information of NIS, create this file and edit as follows. [At first time]

[root@vm3 ~]# cat /var/yp/securenets
#subnet #network
255.255.255.0 192.168.0.0
[root@vm3 ~]#

Step3:

Start the service
[root@vm3 ~]# /etc/init.d/ypserv start
Starting YP server services: [ OK ]
[root@vm3 ~]# chkconfig ypserv on

Check whether its running:

[root@vm3 ~]# rpcinfo -u 192.168.0.23 ypserv
program 100004 version 1 ready and waiting
program 100004 version 2 ready and waiting

[root@vm3 ~]# rpcinfo -p
program vers proto port
100000 2 tcp 111 portmapper
100000 2 udp 111 portmapper
100024 1 udp 715 status
100024 1 tcp 718 status
100004 2 udp 821 ypserv
100004 1 udp 821 ypserv
100004 2 tcp 824 ypserv
100004 1 tcp 824 ypserv

Step4:

Create Users:

We are creating 5 users having username and passed are same.
Eg: Name- user1 password- user1



[root@vm3 ~]# for i in 1 2 3 4 5; do useradd user$i; echo user$i | passwd --stdin user$i; done

Changing password for user user1.
passwd: all authentication tokens updated successfully.
Changing password for user user2.
passwd: all authentication tokens updated successfully.
Changing password for user user3.
passwd: all authentication tokens updated successfully.
Changing password for user user4.
passwd: all authentication tokens updated successfully.
Changing password for user user5.
passwd: all authentication tokens updated successfully.

Step5:

Now set mastet NIS and initialize NIS maps DB.

# vi /var/yp/Makefile

In this file you can specify MINUID and MINGID [line num 32] and any files you want to read by NIS. [line num 72]. Read the Comments for details.

In this you can configure many parameters. One of them is NOPUSH.

If we have only one server, we don't have to push the maps to the slave servers (NOPUSH=true). If you have slave servers, change this to "NOPUSH=false" and put all hostnames of your slave servers in the file /var/yp/ypservers.
NOPUSH=false

Create the Map:
[root@vm3 ~]# /usr/lib/yp/ypinit -m

At this point, we have to construct a list of the hosts which will run NIS
servers. vm3 is in the list of NIS server hosts. Please continue to add
the names for the other hosts, one per line. When you are done with the
list, type a .
next host to add: vm3
next host to add: vm5 #vm5 is the hostname of our slave server.
next host to add: #It is resolved in /etc/hosts.


The current list of NIS servers looks like this:
vm3
vm5

Is this correct? [y/n: y] y
We need a few minutes to build the databases...
Building /var/yp/nis.lap.com/ypservers...



Running /var/yp/Makefile...
gmake[1]: Entering directory `/var/yp/nis.lap.com'
Updating passwd.byname...
Updating passwd.byuid...
Updating group.byname...
Updating group.bygid...
Updating hosts.byname...
Updating hosts.byaddr...
Updating rpc.byname...
Updating rpc.bynumber...
Updating services.byname...
Updating services.byservicename...
Updating netid.byname...
Updating protocols.bynumber...
Updating protocols.byname...
Updating mail.aliases...
gmake[1]: Leaving directory `/var/yp/nis.lap.com'

vm3 has been set up as a NIS master server.

Now you can run ypinit -s vm3 on all slave server.
[Slave configuration we will discuss later in the same document.]
[root@vm3 ~]#


[root@vm3 ~]# /etc/init.d/ypxfrd start
Starting YP map server: [ OK ]
[It should be started in order to forward the map from master to slave machines.]
[root@vm3 ~]#

[root@vm3 ~]# service yppasswdd start
Starting YP passwd service: [ OK ]
[root@vm3 ~]# chkconfig yppasswdd on

Share /home directory using NFS:

You have to share the /home directory of the NIS server machine inorder to access from the client machines. Because when you are logging in from client you are getting to that users home directory. So it should be mounted to client machine from the server.
[Implement the proper backup mechanism for /home in the server.]

[root@vm3 ~]# cat /etc/exports
/home *(rw,sync)

[root@vm3 ~]# exportfs -a
[root@vm3 ~]# service nfs start
[root@vm3 ~]# service portmap restart
[root@vm3 ~]# chkconfig nfs on
[root@vm3 ~]# chkconfig portmap on


Adding new NIS users:

Add new users in server. And goto the dirctory /var/yp
and execute the following command

# make

Configuring NIS SLAVE server:

Install the ypserv, portmapper and dependancy packages. And set the NISDOMAINNAME same as in the server. In this example. As follows.

[root@vm5 ~]# nisdomainname nis.lap.com

Create entries for name resolutions of server and other hosts in /etc/hosts. Its better you copy the /etc/hosts of server and make proper edits in it.

[root@vm5 ~]# scp 192.168.0.23:/etc/hosts /etc/hosts

[root@vm5 ~]# yum install yp*
[root@vm5 ~]# service ypserv start
[root@vm5 ~]# chkconfig ypserv on

Execute the following command in order to get the NIS maps from the server to the slave.

[root@vm5 ~]# /usr/lib/yp/ypinit -s vm3

Where vm3 is the hostname of server and it should be resolved in /etc/hosts. And dont forget to update the server's /etc/hosts file with slave's information.

If the following command executed well, you will get output as follows.

We will need a few minutes to copy the data from vm3.
Transferring hosts.byaddr...
Trying ypxfrd ... success

Transferring netid.byname...
Trying ypxfrd ... success

Transferring group.byname...
Trying ypxfrd ... success

[..output truncated..]

Transferring services.byservicename...
Trying ypxfrd ... success

nisclnt.lap.com's NIS data base has been set up.
If there were warnings, please figure out what went wrong, and fix it.



At this point, make sure that /etc/passwd and /etc/group have
been edited so that when the NIS is activated, the data bases you
have just created will be used, instead of the /etc ASCII files.

Start the yppasswd service.

[root@vm5 ~]# service yppasswdd start
Starting YP passwd service: [ OK ]
[root@vm5 ~]# chkconfig yppasswdd on

You might want to edit root's crontab *on the slave* server and add the following lines:
20 *    * * *    /usr/lib/yp/ypxfr_1perhour
40 6    * * *    /usr/lib/yp/ypxfr_1perday
55 6,18 * * *    /usr/lib/yp/ypxfr_2perday

This will ensure that most NIS maps are kept up-to-date, even if an update is missed because the slave was down at the time the update was done on the master.

On the master server, add the new slave server name to /var/yp/ypservers and run make in /var/yp to update the map .

Configuring NIS Client:

Install the following packages in client machine.

[root@vm6 ~]# yum install ypbind authconfig autofs

Give the domain name and Ipof the NIS server in client.

#authconfig -tui
or
#setup
-> Authentication Configuration
->Check these fields
->Cache Information.
->Use NIS
->next
Domain: nis.lap.com #give domain name here its nis.lap.com
Server: 192.168.0.23

If you have slave servers give like this. Ips of machines one after one separated by commas.

server 192.168.0.23, 192.168.0.25

Edit the /etc/nsswitch.conf file

The username and passwords should be checked in order such that the NIS files should be checked first. So edit the entries as follows.



vi /etc/nsswitch.conf
passwd: nis files
shadow: nis files
group: nis files

Configure autofs:

Open the configuration file of autofs and make edits.

#vi /etc/auto.master
/home /etc/auto.misc --timeout=60
#vi /etc/auto.misc



  • -rw,sync 192.168.0.23:/home/&
    Restart the autofs service.
#service autofs restart
#chkconfig autofs on

Some useful commands:

#ypcat passwd

from client executing the above command will give the entriesof NIS users in /etc/passwd file of master server.
Posted by at No comments:

Unzip files in particular directory or folder under Linux or UNIX

By default, all files and subdirectories are recreated in the current directory; the -d option allows extraction in an arbitrary directory (always assuming one has permission to write to the directory). This option need not appear at the end of the command line; it is also accepted before the zipfile specification (with the normal options), immediately after the zipfile specification, or between the file(s) and the -x option. The option and directory may be concatenated without any white space between them, but note that this may cause normal shell behavior to be suppressed.
Syntax:
unzip {.zip-file-name}-d {/path/to/extract}
For example extract package.zip into /opt, enter:
# unzip package.zip -d /opt
# cd /opt
# ls
Posted by at No comments:

Ghosting The Linux Machine


This is a handy guide to ghosting one Linux box to another (or simply making a full backup of a desktop/server).
You might have a small office where you customise one desktop just how you like it and need to roll this out to N other PC's or simply want a backup of a server or desktop to another machine or even to an image file.
The main tool here is netcat which is extremely powerful and has a multitude of other great uses that won't be covered here.
Target Machine:
** Boot to linux rescue mode with networking (CentOS/RHEL works fine)
Initiate netcat to listen on port 30 - # nc -l -p | dd of=/dev/sda (assuming the hard drive is sda and not hda):
# nc -l -p 30 | dd of=/dev/sda
Source Machine:
Dump the contents of the disk to the target PC - #dd if=/dev/sda | nc
# dd if=/dev/sda | nc 192.168.0.20 30
Then to check that traffic is flowing, on the source go to another terminal (ALT/F2) and dump the tcp data on the NIC (assuming it's eth0):
tcpdump -tnli eth0 port 30
If you just want a backup image you could change the above output on the taget to:
# nc -l -p 30 | dd of=mybackup.img
That's it. Naturally the target PC/disk cannot be smaller than the source:) I hope this saves someone a lot of time.

Posted by at No comments:

Setting Up a PXE Server


This section discusses how to set up a Pre-boot eXecution Environment (PXE) boot server for machines that cannot boot from CD, DVD, or USB media. PXE is a special extension of services provided by the Dynamic Host Configuration Protocol (DHCP). It uses a Trivial File Transfer Protocol (TFTP) server to provide minimal boot files to a network client. To set up a PXE boot service on a separate Fedora server on the local network, follow this procedure:
1.   Install the tftp-server, dhcp, and syslinux packages:
2.    su -c 'yum install tftp-server
·                dhcp syslinux'
3.   Edit the /etc/dhcpd.conf file to configure the DHCP server. The following example is a minimal configuration for a network that uses the following configuration:
·         192.168.1.0/24 addressing
·         Dynamic addresses provided between 192.168.1.200 and 192.168.1.240
·         DHCP/PXE server at IP address 192.168.1.10
·         No other dynamic configuration provided
4.    allow booting;
5.    allow bootp;
6.    ddns-update-style interim;
7.    ignore client-updates;
8.     
9.    subnet 192.168.1.0 netmask 255.255.255.0 {
10.      option subnet-mask 255.255.255.0;
11.      option broadcast-address 192.168.1.255;
12.      range dynamic-bootp 192.168.1.200 192.168.1.240;
13.      next-server 192.168.1.10;
14.      filename "pxelinux.0";
15. }

16.               As the root user, copy the PXE boot image and Fedora boot files to the TFTP server directory.



17. su -
18. cd /tftpboot
cp /usr/lib/syslinux/pxelinux.0 .
19.               Copy the vmlinuz and initrd.img files from the pxeboot directory on distribution media or a Web mirror to the /tftpboot directory.
20.               Create a minimal /tftpboot/pxelinux.cfg file:
21. DEFAULT pxeboot
22. TIMEOUT 50
23. LABEL pxeboot
24.       KERNEL vmlinuz
25.       APPEND initrd=initrd.img
ONERROR LOCALBOOT 0
26.               Turn on the dhcpd, xinetd and tftp services:
27. su -c '/sbin/service dhcpd start'
28. su -c '/sbin/service xinetd start'
su -c '/sbin/chkconfig tftp on'
Boot the client system and either use the required keys or configure its BIOS to boot from its network interface using PXE. At the boot prompt, hit Enter to boot the default Fedora installation image. If an error occurs, the system boots in its normal configuration, such as a local hard disk.

Posted by at No comments:
Subscribe to: Posts (Atom)