Installing and Administrating NIS+
nisplus is a network information service which allows you to store client information at a central place where all the clients have access. This enables system administrators to manage a group of servers from a central place.
In this article we will discus nisplus objects, installation of servers, clients and administration commands.
Introduction to NIS+
- NIS+ is network information services which allows you to store client information at a central place where all the clients have access. The information can be user passwords , home directories, network services etc.
- The information is stored in NIS+ tables . Some of the standard tables (16 in number) comes with predefined structure when NIS+ is installed . The other tables can be created as per requirement using NIS+ commands.
- NIS+ uses hierarchical structure and can have multiple domains servers .
- NIS+ uses the client server model . The primary server is called master server and the backup server is called the replica server. Both server runs NIS+ and have copies of tables . The changes in master server are propagated to replica servers in increments.
- For security it uses both authentication and authorization for securing the access to system and resources. Authentication verifies validity of a user ; Authorization verifies if the user is allowed to have access to the resources. Access to any NIS+ table can be controlled through the table permissions.
- Clients have a configuration file
/etc/nsswitch.com— entries in this file determines where the clients should look for the information , in local files or NIS+ maps at the server.
Objects in NIS+
There are three objects in NIS+
- Parent domain — represented by domain name e.g. church1e.local (parent domain)
- org_dir — which contains all the NIS+ tables
- groups_dir — contains the groups information, by default only admin group is there.
Standard tables in NIS+
These tables contain same type of information as standard files of the same name .The
passwd table however contains the encrypted password information also. Standard tables in NIS+ are:
Groups in NIS+
By default only the
admin group is created at the time of installation of NIS+.
Preparing for Install
The first step is to prepare the data files for NIS+ maps .This can be done by coping the files which needs to be put in the nisplus tables for centralised administration . The files are located in
/etc and mostly have the same name as NIS+ tables
If you want only passwords, groups, hosts, home directories to be administered then you need to copy the these files in some other directory – say /tmp/nisfiles. You can make additional changes here:
# cp /etc/passwd /tmp/nisfiles # cp /etc/group /tmp/nisfiles # cp /etc/hosts /tmp/nisfiles
auto_home can be created by editing a copy of the passwd file and keeping only the login name and home directory.
auto_home consists of following entries:
# head auto_home +auto_home martin 10.10.1.4:/export/home/& schlumpf 10.10.1.4:/export/home/& smurf 10.10.1.4:/export/home/&
where the first column is user names followed by name of the machine providing home directories & home directory path.
Installing the NIS+ Server
The following steps are necessary to correctly install a NIS+ server:
- Define a default domain if not defined already in
# domainname church1e.local # domainname > /etc/defaultdomain
- As root, run the server initialization program:
# /usr/lib/nis/nisserver -r
If you need to setup your NIS+ server in NIS compatibility mode, run:
# nisserver -r -Y
The above commands will setup the NIS+ server software.
- Reboot the server
- Login as root, change directory to the one containing the files auto_home, passwd and group and run the command to populate the empty nis+ tables:
# cd /tmp/nisfiles # nispopulate –v –FThis will try to populate all the standard tables from the files in local directory, you can also specify a particular file name in for populating a single table e.g.
# nispopulate –v –F auto_home
auto_homeis the local file containg the entries in proper format.
Installing a NIS+ Client
- Login as root in clientDefine a default domain name
# domainname church1e.local # domainname > /etc/defaultdomain
- Run the client initialsation program:
# nisclient –i -h schlumpf -d church1e.local
- reboot the client machine.
- Login again and open
/etc/nsswitch.confand check to see that only entries coreesponding to the populated tables are pointing to nisplus first and then files. Rest of them should be files and nisplus.
The following are examples of commom nisplus administration tasks;
|Listing table & objects in NIS+
# nisls — gives the total objects in NIS+
# nisls org_dir — Lists the tables listed in the directory.
|Listing a contents of tables
# niscat passwd.org_dir
|Listing table structure
# niscat -o passwd.org_dir
|Add a user
# nistbladm -a name=smurf uid=84838 gid=1122 home=/home/smurf shell=/bin/sh passwd.org_dir
|Changing the user information in passwd table (Super user only, replace <> with the correspindong details
# nistbladm –a name=<> passwd=<> uid=<> gid=<> home=<> shelll=<> passwd.org_dir for example:
# nistbladm -a name=smurf uid=84838 gid=1124 home=/home/smurf shell=/bin/sh passwd.org_dirto change only shell
# nistbladm -m shell=/usr/local/bin/bash [name=smurf],passwd.org_dir
|Changing user passwd (root)
# nispasswd username — the user has to update his key through
|Change user passwd (as user)
$ nispasswd $ chkey -p
|Adding user credentials
# nisaddcred -p 84838 -P smurf local # nisaddcred -p email@example.com -P smurf.church1e.local. des
where 84838 is the userid and smurf is the user name.
|Adding / removing a user dir entry in auto_home table
# nistbladm -a key=smurf value=10.10.1.4:/home/smurf auto_home.org_dir # nistbladm -r key=smurf auto_home.org_dir— If key is not unique then more fields needs to be defined!
|Removing a user
# nistbladm -r name=smurf passwd.org_dir
|Modifying the tables for multiple entries.
|Dump the table to a file:
# nisaddent -d passwd > /tmp/passwdEdit the dumpted file:
# vi /tmp/passwdPopulate the table with the amended data entries:
# nisaddent -r -f /tmp/passwd passwdNote:
nisaddent command is available only for some of the standard tables, for others either
nistbladm has to be used.