| |
Practical Exercises
1. Install NIS package on both your desktop and the cluster node:
Exit the configuration stage (configuring NIS) by pressing < Esc > twice.
Cancel NIS startup by pressing < Ctrl-C >
If there is /etc/shadow file on either of the hosts, run
to simplify NIS configuration.
2. Configure the cluster node as both a NIS server and a client.
Give a unique name to the new NIS domain, for example, domain18. Store it in file /etc/defaultdomain.
Modify file /etc/default/nis, by setting the following parameters
and keep empty entries for the other parameters in the file.
Assuming your NIS server is node18 (you need to change it
for the name of your cluster node), put the following entry in /etc/yp.conf:
You also need to replace domain18 with the name of your domain.
Modify file /var/yp/Makefile for entry "ALL ="
and for MINUID and MINGID:
Build NIS maps:
Ignore the RPC errors.
Start the NIS services:
If the services fail to start, rebuild the NIS maps
then try to start NIS again.
Verify that the NIS services are running with ps and rpcinfo
commands:
3. Configure your desktop as a NIS client.
Put the NIS domain name in file /etc/defaultdomain.
Modify /etc/yp.conf file exactly the same way as for the node above.
In file /etc/default/nis, make the following entries
Make sure there are the following entries in /etc/nsswitch.conf:
Start the NIS client:
In the end of /etc/passwd, add the following cookie:
In the end of /etc/group, add
Verify that the client is bound to the right domain and the right server by
running the following commands:
4. Create several users on the NIS server with uid, gid &ge 5000.
For example,
Give them passwords by executing passwd command for each user.
Rebuild the NIS maps:
On your desktop (NIS client), try to read the password NIS map with these
users:
If you have completed the exercises with NFSv4 in lesson 5, you should have
the home directories shared between the node and the desktop, so re-mount
the file system as shown below:
If you haven't completed the exercises with NFSv4 in lesson 5, create home directories for the users localy on the NIS client and give them the
user ownerships, accordingly.
Try to login to the client as each of the NIS users. Change their passwords
by running command yppasswd
on the client. Note, you need to run command yppasswd as one of these users,
not root.
Disallow user sam to login to the desktop by creating the
following cookie in the end of /etc/passwd
Make sure he can not login:
Allow only user sam to login to the desktop among the NIS users:
Make sure user sam can login to your desktop and the other NIS users
can not.
5. Create a netgroup on the NIS server.
In file /etc/netgroup, create the following entry
Modify file /var/yp/Makefile by including netgroup maps:
Re-build the NIS maps:
On the client host, modify file /etc/passwd for the NIS entry:
Make sure users sam, jenn, and jack can login
to the desktop and users mary, and testu can not.
Check the log file for the authentication, /var/log/auth.log:
For the rejected ssh logins, there should be messages saying:
...User testu not allowed because shell etc/NoShell does not exist
6. Secure remote access to the NIS server.
On the NIS server, edit file /etc/ypserv.securenets and comment-out
the line with 0.0.0.0 0.0.0.0, then add a new line with
the IP address of the server, for example 192.168.5.38:
Restart the NIS services on the server.
On the client, run
and notice the "Internal NIS error".
Modify /etc/ypserv.securenets on the server again and include the
IP and netmask for your desktop. For example, if the IP of your desktop is
192.168.2.18, the entry in the file should look as follows:
Restart the NIS on the server and run ypcat passwd on the client again.
7. Create your own NIS map.
Following the instruction in the lecture notes, create a NIS map for telephone
numbers on the server. Verify you can browse the map on the client host:
|
|