NIS/NFS - centralized ("domain" based) authentication

The machine with the NIS server role should assume the role of NFS server as well.

purpose of NIS (Network Information Service): centralized user management
purpose of NFS (Network File System): file/disk sharing

The reason to have NFS as well as NIS is that users have home directories and we want to centralize those too. If machine A is the NIS and NFS server, when a person seated at client machine X or client machine Y logs in, the credentials he types (user name and password) are measured against those kept remotely in the user/password database on machine A (courtesy NIS). And the home directory he sees is on machine A too (courtesy NFS). He has logged in to his local box, not A, and the other directories he sees are local. But A is a) the gatekeeper to his local box, and b) the home directory provider.


SERVER

Save backup copies of files you will alter:

cp  /etc/exports  /etc/exports.exercise
cp  /etc/sysconfig/network  /etc/sysconfig/network.exercise
cp  /etc/yp.conf  /etc/yp.conf.exercise


Configuring NFS on the server machine

The server's own /home directory will be shared out to clients as their own. All clients, viewing their home directories, will see that of the server. To share it, in /etc/exports on the server enter:

/home   *(rw,sync)

Activate it:

exportfs -av

Make sure needed daemons are running:

service  rpcbind  restart
service  nfslock  restart
service  nfs  restart

Configuring NIS on the server machine

Make needed entries in two configuration files. First, in /etc/sysconfig/network enter:

NISDOMAIN="NIS-SERVER"

In a lab environment where there may be two or more machines setting up as servers, choose a unique variation of the name like "NIS-SERVER1", coordinating verbally with other students to ensure non-duplication of the name within your subnet.

Second, in /etc/yp.conf enter:

ypserver  127.0.0.1

Make sure needed daemons are running:

service  yppasswdd  restart
service  ypserv  restart
service  ypbind  restart

Create a user "jackson" with password "password" here on the server machine:

useradd  jackson
passwd

NIS keeps its own authentication database information, in its own files ( in subdirectory /var/yp/<NIS server name> ) distinct from the standard local ones (such as /etc/passwd). User "jackson" is now defined in the standard local ones but remains unknown to NIS. To "converge" the local data into the NIS data:

/usr/lib/yp/ypinit  -m


CLIENT

Save backup copies of files you will alter:

cp  /etc/sysconfig/network  /etc/sysconfig/network.exercise
cp  /etc/yp.conf  /etc/yp.conf.exercise


Configuring NFS on the client machine

Make sure needed daemons are running:

service  rpcbind  restart
service  nfslock  restart
service  nfs  restart

The machine has an existing /home directory. Rename it out of the way. Then create a fresh one as a moutpoint for the one to be shared from the server. Then share in the one from the server:

mv  /home  /home.save    
mkdir  /home
mount  <server IP>:/home  /home

Configuring NIS on the client machine

Make needed entries in configuration files. First, in /etc/sysconfig/network enter:

NISDOMAIN="NIS-SERVER"

Second, in /etc/yp.conf enter:

domain  NIS-SERVER  server  <server IP>

Third, in /etc/nsswitch.conf ensure there are entries for "passwd..." "shadow..." and "group..." that include "nis" and enter it if not:

passwd: files nis
shadow: files nis
group: files nis

Make sure needed daemons are running:

service  rpcbind  restart
service  ypbind  restart

Test NIS connectivity:

ypmatch  jackson  passwd

You should see a password record for user jackson, delivered to you from the server.

Log out. Log back in as user "jackson" and password "password." The only such account is on the server. If you can log in, the server is responsible. Either you the client, or else the adminstrator at the server, write something into directory /home/jackson and make sure it is visible to the other on the opposite machine (i.e., that the apparent /home/jackson directories are in fact a physically one and the same).

 

CLEANUP

On the server:

service  ypbind  stop
service  ypserv  stop
service  yppasswdd  stop
service  nfs  stop
service  nfslock  stop

cp  /etc/exports.exercise  /etc/exports
cp  /etc/sysconfig/network.exercise  /etc/sysconfig/network
cp  /etc/yp.conf.exercise  /etc/yp.conf

On the client:

Log out and log back in as root.

umount  /home
rmdir  /home
mv  /home.save   /home

service  ypbind  stop
service  nfs  stop
service  nfslock  stop

cp  /etc/sysconfig/network.exercise  /etc/sysconfig/network
cp  /etc/yp.conf.exercise  /etc/yp.conf