ACC SHELL
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 3. Using NIS</title><link rel="stylesheet" href="susebooks.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><link rel="home" href="index.html" title="Documentation"><link rel="up" href="part.auth.html" title="Part I. Authentication"><link rel="prev" href="cha.pam.html" title="Chapter 2. Authentication with PAM"><link rel="next" href="cha.security.ldap.html" title="Chapter 4. LDAP—A Directory Service"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header" border="0" class="bctable"><tr><td width="80%"><div class="breadcrumbs"><p><a href="index.html"> Documentation</a><span class="breadcrumbs-sep"> > </span><a href="book.security.html">Security Guide</a><span class="breadcrumbs-sep"> > </span><a href="part.auth.html">Authentication</a><span class="breadcrumbs-sep"> > </span><strong><a accesskey="p" title="Chapter 2. Authentication with PAM" href="cha.pam.html"><span>◀</span></a> <a accesskey="n" title="Chapter 4. LDAP—A Directory Service" href="cha.security.ldap.html"><span>▶</span></a></strong></p></div></td></tr></table></div><div class="chapter" title="Chapter 3. Using NIS"><div class="titlepage"><div><div><h2 class="title"><a name="cha.nis"></a>Chapter 3. Using NIS<span class="permalink"><a alt="Permalink" title="Copy Permalink" href="#cha.nis">¶</a></span></h2></div></div></div><div class="toc"><p><b>Contents</b></p><dl><dt><span class="sect1"><a href="cha.nis.html#sec.nis.server">3.1. Configuring NIS Servers</a></span></dt><dt><span class="sect1"><a href="cha.nis.html#sec.nis.client">3.2. Configuring NIS Clients</a></span></dt></dl></div><a class="indexterm" name="id376716"></a><a class="indexterm" name="id571862"></a><a class="indexterm" name="idx.NIS"></a><div class="abstract" title="Abstract"><p class="title"><b>Abstract</b></p><p>
As soon as multiple UNIX systems in a network want to access common
resources, it becomes imperative that all user and group identities are
the same for all machines in that network. The network should be
transparent to users: their environments should not vary, regardless of
which machine they are actually using. This can be done by means of NIS
and NFS services. NFS distributes file systems over a network and is
discussed in Chapter <i>Sharing File Systems with NFS</i> (↑Reference).
</p><p>
NIS (Network Information Service) can be described as a database-like
service that provides access to the contents of
<code class="filename">/etc/passwd</code>, <code class="filename">/etc/shadow</code>, and
<code class="filename">/etc/group</code> across networks. NIS can also be used for
other purposes (making the contents of files like
<code class="filename">/etc/hosts</code> or <code class="filename">/etc/services</code>
available, for example), but this is beyond the scope of this
introduction. People often refer to NIS as <span class="emphasis"><em>YP</em></span>,
because it works like the network's <span class="quote">“<span class="quote">yellow pages.</span>”</span>
</p></div><div class="sect1" title="3.1. Configuring NIS Servers"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="sec.nis.server"></a>3.1. Configuring NIS Servers<span class="permalink"><a alt="Permalink" title="Copy Permalink" href="#sec.nis.server">¶</a></span></h2></div></div></div><a class="indexterm" name="idx.NIS_Master"></a><a class="indexterm" name="idx.NIS_Slave"></a><p>
To distribute NIS information across networks, either install one single
server (a <span class="emphasis"><em>master</em></span>) that serves all clients, or NIS
slave servers requesting this information from the master and relaying it
to their respective clients.
</p><div class="itemizedlist"><ul class="itemizedlist" type="bullet"><li class="listitem" style="list-style-type: disc"><p>
To configure just one NIS server for your network, proceed with
<a class="xref" href="cha.nis.html#sec.nis.server.master" title="3.1.1. Configuring a NIS Master Server">Section 3.1.1, “Configuring a NIS Master Server”</a>.
</p></li><li class="listitem" style="list-style-type: disc"><p>
If your NIS master server needs to export its data to slave servers,
set up the master server as described in
<a class="xref" href="cha.nis.html#sec.nis.server.master" title="3.1.1. Configuring a NIS Master Server">Section 3.1.1, “Configuring a NIS Master Server”</a> and set up slave servers in the
subnets as described in <a class="xref" href="cha.nis.html#sec.nis.server.slave" title="3.1.2. Configuring a NIS Slave Server">Section 3.1.2, “Configuring a NIS Slave Server”</a>.
</p></li></ul></div><div class="sect2" title="3.1.1. Configuring a NIS Master Server"><div class="titlepage"><div><div><h3 class="title"><a name="sec.nis.server.master"></a>3.1.1. Configuring a NIS Master Server<span class="permalink"><a alt="Permalink" title="Copy Permalink" href="#sec.nis.server.master">¶</a></span></h3></div></div></div><p>
To configure a NIS master server for your network, proceed as follows:
</p><div class="procedure"><ol class="procedure" type="1"><li><p>
To check whether the YaST NIS server configuration module is already
installed, start YaST and select
<span class="guimenu">Software</span>+<span class="guimenu">Software
Management</span>. Search for and, if needed, install
the <code class="systemitem">yast2-nis-server</code> package. Once done,
close YaST.
</p></li><li><p>
Start <span class="guimenu">YaST</span>+<span class="guimenu">Network
Services</span>+<span class="guimenu">NIS Server</span>.
</p></li><li><p>
If you need just one NIS server in your network or if this server is
to act as the master for further NIS slave servers, select
<span class="guimenu">Install and Set Up NIS Master Server</span>. YaST
installs the required packages.
</p><div class="tip"><table border="0" cellpadding="3" cellspacing="0" width="100%" summary="Tip"><tr class="head"><td width="32"><img alt="[Tip]" src="admon/tip.png"></td><th align="left"></th></tr><tr><td colspan="2" align="left" valign="top"><p>
If NIS server software is already installed on your machine, initiate
the creation of a NIS master server by clicking <span class="guimenu">Create NIS
Master Server</span>.
</p></td></tr></table></div><div class="figure"><a name="fig.inst.nisserver1"></a><p class="title"><b>Figure 3.1. NIS Server Setup</b><span class="permalink"><a alt="Permalink" title="Copy Permalink" href="#fig.inst.nisserver1">¶</a></span></p><div class="figure-contents"><div class="mediaobject"><table border="0" summary="manufactured viewport for HTML img" cellspacing="0" cellpadding="0" width="75%"><tr><td><img src="images/yast2_nis1_no_nis_installed.png" width="100%" alt="NIS Server Setup"></td></tr></table></div></div></div><br class="figure-break"></li><li><p>
Determine basic NIS setup options:
</p><ol type="a" class="substeps"><li><p>
Enter the NIS domain name.
</p></li><li><p>
Define whether the host should also be a NIS client (enabling users
to log in and access data from the NIS server) by selecting
<span class="guimenu">This Host is also a NIS Client</span>.
</p></li><li><p>
If your NIS server needs to act as a master server to NIS slave
servers in other subnets, select <span class="guimenu">Active Slave NIS Server
Exists</span>.
</p><p>
The option <span class="guimenu">Fast Map Distribution</span> is only useful
in conjunction with <span class="guimenu">Active Slave NIS Servers
Exist</span>. It speeds up the transfer of maps to the slaves.
</p></li><li><p>
Select <span class="guimenu">Allow Changes to Passwords</span> to allow users
in your network (both local users and those managed through the NIS
server) to change their passwords on the NIS server (with the
command <span class="command"><strong>yppasswd</strong></span>). This makes the options
<span class="guimenu">Allow Changes to GECOS Field</span> and <span class="guimenu">Allow
Changes to Login Shell</span> available. <span class="quote">“<span class="quote">GECOS</span>”</span>
means that the users can also change their names and address
settings with the command <span class="command"><strong>ypchfn</strong></span>.
<span class="quote">“<span class="quote">Shell</span>”</span> allows users to change their default shell with
the command <span class="command"><strong>ypchsh</strong></span> (for example, to switch from
bash to sh). The new shell must be one of the predefined entries in
<code class="filename">/etc/shells</code>.
</p></li><li><p>
Select <span class="guimenu">Open Port in Firewall</span> to have YaST adapt
the firewall settings for the NIS server.
</p><div class="figure"><a name="fig.yast.nis.master"></a><p class="title"><b>Figure 3.2. Master Server Setup</b><span class="permalink"><a alt="Permalink" title="Copy Permalink" href="#fig.yast.nis.master">¶</a></span></p><div class="figure-contents"><div class="mediaobject"><table border="0" summary="manufactured viewport for HTML img" cellspacing="0" cellpadding="0" width="75%"><tr><td><img src="images/yast2_nis_master.png" width="100%" alt="Master Server Setup"></td></tr></table></div></div></div><br class="figure-break"></li><li><p>
Leave this dialog with <span class="guimenu">Next</span> or click
<span class="guimenu">Other Global Settings</span> to make additional
settings.
</p><p>
<span class="guimenu">Other Global Settings</span> include changing the source
directory of the NIS server (<code class="filename">/etc</code> by default).
In addition, passwords can be merged here. The setting should be
<span class="guimenu">Yes</span> to create the user database from the system
authentication files <code class="filename">/etc/passwd</code>,
<code class="filename">/etc/shadow</code>, and
<code class="filename">/etc/group</code>. Also, determine the smallest user
and group ID that should be offered by NIS. Click
<span class="guimenu">OK</span> to confirm your settings and return to the
previous screen.
</p><div class="figure"><a name="fig.inst.nisserver2"></a><p class="title"><b>Figure 3.3. Changing the Directory and Synchronizing Files for a NIS Server</b><span class="permalink"><a alt="Permalink" title="Copy Permalink" href="#fig.inst.nisserver2">¶</a></span></p><div class="figure-contents"><div class="mediaobject"><table border="0" summary="manufactured viewport for HTML img" cellspacing="0" cellpadding="0" width="75%"><tr><td><img src="images/yast2_inst_nisserver2.png" width="100%" alt="Changing the Directory and Synchronizing Files for a NIS Server"></td></tr></table></div></div></div><br class="figure-break"></li></ol></li><li><p>
If you previously enabled <span class="guimenu">Active Slave NIS Server
Exists</span>, enter the hostnames used as slaves and click
<span class="guimenu">Next</span>.
</p></li><li><p>
If you do not use slave servers, the slave configuration is skipped
and you continue directly to the dialog for the database
configuration. Here, specify the <span class="emphasis"><em>NIS Server Maps</em></span>,
the partial databases to transfer from the NIS server to the client.
The default settings are usually adequate. Leave this dialog with
<span class="guimenu">Next</span>.
</p></li><li><p>
Check which maps should be available and click <span class="guimenu">Next</span>
to continue.
</p><div class="figure"><a name="fig.yast.nis.maps"></a><p class="title"><b>Figure 3.4. NIS Server Maps Setup</b><span class="permalink"><a alt="Permalink" title="Copy Permalink" href="#fig.yast.nis.maps">¶</a></span></p><div class="figure-contents"><div class="mediaobject"><table border="0" summary="manufactured viewport for HTML img" cellspacing="0" cellpadding="0" width="75%"><tr><td><img src="images/yast2_nis_maps.png" width="100%" alt="NIS Server Maps Setup"></td></tr></table></div></div></div><br class="figure-break"></li><li><p>
Determine which hosts are allowed to query the NIS server. You can
add, edit, or delete hosts by clicking the appropriate button. Specify
from which networks requests can be sent to the NIS server. Normally,
this is your internal network. In this case, there should be the
following two entries:
</p><pre class="screen">255.0.0.0 127.0.0.0
0.0.0.0 0.0.0.0
</pre><p>
The first entry enables connections from your own host, which is the
NIS server. The second one allows all hosts to send requests to the
server.
</p><div class="figure"><a name="fig.inst.nisserver3"></a><p class="title"><b>Figure 3.5. Setting Request Permissions for a NIS Server</b><span class="permalink"><a alt="Permalink" title="Copy Permalink" href="#fig.inst.nisserver3">¶</a></span></p><div class="figure-contents"><div class="mediaobject"><table border="0" summary="manufactured viewport for HTML img" cellspacing="0" cellpadding="0" width="75%"><tr><td><img src="images/yast2_nis_hosts.png" width="100%" alt="Setting Request Permissions for a NIS Server"></td></tr></table></div></div></div><br class="figure-break"></li><li><p>
Click <span class="guimenu">Finish</span> to save your changes and exit the
setup.
</p></li></ol></div></div><div class="sect2" title="3.1.2. Configuring a NIS Slave Server"><div class="titlepage"><div><div><h3 class="title"><a name="sec.nis.server.slave"></a>3.1.2. Configuring a NIS Slave Server<span class="permalink"><a alt="Permalink" title="Copy Permalink" href="#sec.nis.server.slave">¶</a></span></h3></div></div></div><p>
To configure additional NIS <span class="emphasis"><em>slave servers</em></span> in your
network, proceed as follows:
</p><div class="procedure"><ol class="procedure" type="1"><li><p>
Start <span class="guimenu">YaST</span>+<span class="guimenu">Network
Services</span>+<span class="guimenu">NIS Server</span>.
</p></li><li><p>
Select <span class="guimenu">Install and Set Up NIS Slave Server</span> and
click <span class="guimenu">Next</span>.
</p><div class="tip"><table border="0" cellpadding="3" cellspacing="0" width="100%" summary="Tip"><tr class="head"><td width="32"><img alt="[Tip]" src="admon/tip.png"></td><th align="left"></th></tr><tr><td colspan="2" align="left" valign="top"><p>
If NIS server software is already installed on your machine, initiate
the creation of a NIS slave server by clicking <span class="guimenu">Create NIS
Slave Server</span>.
</p></td></tr></table></div></li><li><p>
Complete the basic setup of your NIS slave server:
</p><ol type="a" class="substeps"><li><p>
Enter the NIS domain.
</p></li><li><p>
Enter hostname or IP address of the master server.
</p></li><li><p>
Set <span class="guimenu">This Host is also a NIS Client</span> if you want to
enable user logins on this server.
</p></li><li><p>
Adapt the firewall settings with <span class="guimenu">Open Ports in
Firewall</span>.
</p></li><li><p>
Click <span class="guimenu">Next</span>.
</p></li></ol></li><li><p>
Enter the hosts that are allowed to query the NIS server. You can add,
edit, or delete hosts by clicking the appropriate button. Specify from
which networks requests can be sent to the NIS server. Normally, this
is all hosts. In this case, there should be the following two entries:
</p><pre class="screen">255.0.0.0 127.0.0.0
0.0.0.0 0.0.0.0
</pre><p>
The first entry enables connections from your own host, which is the
NIS server. The second one allows all hosts with access to the same
network to send requests to the server.
</p></li><li><p>
Click <span class="guimenu">Finish</span> to save changes and exit the setup.
</p></li></ol></div><a class="indexterm" name="id570490"></a><a class="indexterm" name="id570496"></a></div></div><div class="sect1" title="3.2. Configuring NIS Clients"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="sec.nis.client"></a>3.2. Configuring NIS Clients<span class="permalink"><a alt="Permalink" title="Copy Permalink" href="#sec.nis.client">¶</a></span></h2></div></div></div><a class="indexterm" name="id566129"></a><a class="indexterm" name="id566138"></a><p>
To use NIS on a workstation, do the following:
</p><div class="procedure"><ol class="procedure" type="1"><li><p>
Start <span class="guimenu">YaST</span>+<span class="guimenu">Network
Services</span>+<span class="guimenu">NIS Client</span>.
</p></li><li><p>
Activate the <span class="guimenu">Use NIS</span> button.
</p></li><li><p>
Enter the NIS domain. This is usually a domain name given by your
administrator or a static IP address received by DHCP.
<span>For information about DHCP, see
Chapter <i>DHCP</i> (↑Reference).</span>
</p><div class="figure"><a name="fig.inst.nisclient"></a><p class="title"><b>Figure 3.6. Setting Domain and Address of a NIS Server</b><span class="permalink"><a alt="Permalink" title="Copy Permalink" href="#fig.inst.nisclient">¶</a></span></p><div class="figure-contents"><div class="mediaobject"><table border="0" summary="manufactured viewport for HTML img" cellspacing="0" cellpadding="0" width="75%"><tr><td><img src="images/yast2_inst_nisclient.png" width="100%" alt="Setting Domain and Address of a NIS Server"></td></tr></table></div></div></div><br class="figure-break"></li><li><p>
Enter your NIS servers and separate their addresses by spaces. If you
do not know your NIS server, click on <span class="guimenu">Find</span> to let
YaST search for any NIS servers in your domain. Depending on the size
of your local network, this may be a time-consuming process.
<span class="guimenu">Broadcast</span> asks for a NIS server in the local network
after the specified servers fail to respond.
</p></li><li><p>
Depending on your local installation, you may also want to activate the
automounter. This option also installs additional software if required.
</p></li><li><p>
If you do not want other hosts to be able to query which server your
client is using, go to the <span class="guimenu">Expert</span> settings and
disable <span class="guimenu">Answer Remote Hosts</span>. By checking
<span class="guimenu">Broken Server</span>, the client is enabled to receive
replies from a server communicating through an unprivileged port. For
further information, see
<span class="command"><strong>man</strong></span> <code class="option">ypbind</code>.
</p><a class="indexterm" name="id570608"></a></li><li><p>
Click <span class="guimenu">Finish</span> to save them and return to the YaST
control center. Your client is now configured with NIS.
</p></li></ol></div></div></div><div class="navfooter"><table width="100%" summary="Navigation footer" border="0" class="bctable"><tr><td width="80%"><div class="breadcrumbs"><p><a href="index.html"> Documentation</a><span class="breadcrumbs-sep"> > </span><a href="book.security.html">Security Guide</a><span class="breadcrumbs-sep"> > </span><a href="part.auth.html">Authentication</a><span class="breadcrumbs-sep"> > </span><strong><a accesskey="p" title="Chapter 2. Authentication with PAM" href="cha.pam.html"><span>◀</span></a> <a accesskey="n" title="Chapter 4. LDAP—A Directory Service" href="cha.security.ldap.html"><span>▶</span></a></strong></p></div></td></tr></table></div></body></html>
ACC SHELL 2018