Configuring an Example NIS Server This section illustrates the process of setting up a simple master server. The NIS domain name is eng, running on the server nisbeast.example.com, which has an IP address 192.168.0.4. There are no slave servers, and all hosts in the example.com DNS domain are permitted to access the NIS server. 1. Set the NIS domain name: # nisdomainname eng # nisdomainname eng 2. Edit /var/yp/securenets to permit access to the NIS server for the specified hosts. The default configuration enables all hosts to have access (0.0.0.0 0.0.0.0), so change that line to read 255.255.255.0 192.168.0.0. The complete file now resembles the following: 255.255.255.255 127.0.0.1 255.255.255.0 192.168.0.0 NOTE If /var/yp/securenets does not exist on your system, create it. 3. Make sure that the portmapper is running: # rpcinfo -u nisbeast portmapper program 100000 version 2 ready and waiting 4. Start the primary server daemon, ypserv: # service ypserv start Starting YP server services: [ OK ] 5. Confirm that ypserv is running: # rpcinfo -u nisbeast ypserv program 100004 version 1 ready and waiting program 100004 version 2 ready and waiting 6. Initialize the NIS maps: # /usr/lib/yp/ypinit -m At this point, we have to construct a list of the hosts which will run NIS servers. nistbeast.kurtwerks.com is in the list of NIS server hosts. Please continue to add the names for the other hosts, one per line. When you are done with the list, type a <control D>. next host to add: nisbeast.kurtwerks.com next host to add: The current list of NIS servers looks like this: 324 Chapter 13 19_599496 ch13.qxd 8/30/05 6:24 PM Page 324 nisbeast.kurtwerks.com Is this correct? [y/n: y] y We need a few minutes to build the databases Building /var/yp/eng/ypservers Running /var/yp/Makefile gmake[1]: Entering directory `/var/yp/eng’ Updating passwd.byname Updating passwd.byuid Updating group.byname Updating group.bygid Updating hosts.byname Updating hosts.byaddr Updating rpc.byname Updating rpc.bynumber Updating services.byname Updating services.byservicename Updating netid.byname Updating protocols.bynumber Updating protocols.byname Updating mail.aliases gmake[1]: Leaving directory `/var/yp/eng’ nisbeast.kurtwerks.com has been set up as a NIS master server. Now you can run ypinit -s nisbeast.kurtwerks.com on all slave servers. After running the ypinit command as shown, a new directory con- taining the NIS map files exists, /var/yp/nisbeast. Storing NIS maps in domain-specific directories makes it easy for a single system to act as an NIS server for multiple NIS domains. 7. Start the password daemon, yppasswdd: # service yppaswdd start Starting YP passwd services: [ OK ] 8. Confirm that yppasswd is running: # rpcinfo -u nisbeast yppasswd program 100009 version 1 ready and waiting 9. Edit /etc/sysconfig/network and add the following line, com- menting out or deleting any other line that begins with NISDOMAIN: NISDOMAIN=eng 10. Use the chkconfig utility or the Service Configuration tool, as shown earlier, to configure ypserv and yppasswdd to start at boot time. The Network Information System 325 19_599496 ch13.qxd 8/30/05 6:24 PM Page 325 If you run slave servers, repeat Steps 7 and 8 for the transfer daemon, ypxfrd (that is, start ypxfrd and make sure that it is running). Also make sure to set ypxfrd to start at boot time in Step 10. Your shiny new NIS master server is now up and running and ready to answer requests from NIS clients. What’s that? No clients? Read on. Configuring an NIS Client After you have successfully configured at least one master NIS server, you are ready to configure one or more NIS clients. The general procedure for setting up an NIS client involves the following steps: 1. Set the NIS domain name. 2. Configure and start the NIS client daemon. 3. Test the client daemon. 4. Configure the client’s startup files to use NIS. The following subsections describe these steps in detail and discuss the command and configuration file syntax. Note that there is some overlap between configuring a client and a server, so the discussion emphasizes client configuration tasks. The final subsection configures an example NIS client to illustrate the process of setting up a no-frills NIS client system that connects to the server configured at the end of the previous section. Setting the NIS Domain Name The initial step in configuring an NIS client is to set the NIS domain name. As explained in the previous section, execute the following command to set it: # nisdomainname nisdomain As before, replace nisdomain with the name of your NIS domain. Configuring and Starting the Client Daemon The NIS client daemon, ypbind uses a configuration file named /etc /yp.conf that specifies which NIS that server’s clients should use and how to locate them, a process known as binding the client to the server. NIS clients can use one of three methods to bind the server, and the type of entry in /etc/yp.conf controls the way binding takes place. The simplest entry takes the form: 326 Chapter 13 19_599496 ch13.qxd 8/30/05 6:24 PM Page 326 ypserver nisserverip This entry tells clients to use the server whose IP address is nisserverip. An example of this kind of entry might be: ypserver 192.168.0.1 A somewhat more flexible approach enables clients to broadcast a query for the server to contact for a given NIS domain. This method saves tedious edit- ing of client configuration files if (or, perhaps, when) the IP address of the NIS server changes. This entry takes the form shown here, where nisdomain is the name of the NIS domain of which the local host is a member. domain nisdomain broadcast An example entry for broadcast clients might resemble the following: domain eng broadcast Finally, if client systems are members of multiple NIS domains or if they can connect to one of several servers for the same NIS domain, the following form enables you to associate a given server with a given NIS domain: domain nisdomain server nisserverip This type of entry in /etc/yp.conf associates the NIS domain nisdomain with the NIS server (either master or slave) whose IP address is nisserverip. One example of this type of entry might be: domain eng server 192.168.0.4 domain eng server 192.168.0.2 domain finance server 192.168.0.2 The first two lines identify two servers as the NIS servers for the eng NIS domain. The second and third lines indicate that the NIS server whose IP address is 192.168.0.2 serves two NIS domains, eng, and finance. TIP If the client system can resolve hostnames to IP addresses without NIS (if, for example, the client runs a caching name server or has an entry in /etc/hosts for the NIS server), you can use a hostname instead of an IP address, but your best bet is to use IP addresses in /etc/yp.conf to minimize problems that might arise if name lookup services become inoperable for some reason. The Network Information System 327 19_599496 ch13.qxd 8/30/05 6:24 PM Page 327 To set up the client’s NIS daemons, you can edit /etc/yp.conf directly or use the Authentication Configuration tool, a graphical tool for configuring user authentication. The following procedure shows you how to use the Authentication Configuration tool to configure a client system to use NIS: 1. Select Red Hat ➪ System Settings ➪ Authentication or type system- config-authentication (as root) in a terminal window to open the Authentication Configuration tool shown in Figure 13-7. 2. Check the Cache User Information check box. Setting this option causes the client to cache information retrieved from the server, making subse- quent NIS lookups considerably faster. 3. Click the User Information tab. 4. Click the Enable NIS Support check box. 5. Click the Configure NIS button to open the NIS Settings dialog box (see Figure 13-8). 6. If the NIS Domain Name text box is not already filled in, type the NIS domain name. 7. Type the NIS server’s IP address or name in the NIS Server text box. The NIS Settings dialog box should now resemble Figure 13-8. The NIS domain name is eng and the NIS server is nisbeast.example.com. 8. Check the Cache User Information check box to store authentication information at runtime. This will make lookups for NIS-based informa- tion faster. 9. Click OK to close the NIS Settings dialog box. 10. Click OK to close the Authentication Configuration tool. Figure 13-7 The Authentication Configuration tool. 328 Chapter 13 19_599496 ch13.qxd 8/30/05 6:24 PM Page 328 Figure 13-8 The completed NIS Settings dialog box. The following listing shows the edits made to /etc/yp.conf by the Authentication Configuration tool. # /etc/yp.conf - ypbind configuration file # Valid entries are # # domain NISDOMAIN server HOSTNAME # Use server HOSTNAME for the domain NISDOMAIN. # # domain NISDOMAIN broadcast # Use broadcast on the local net for domain NISDOMAIN # # domain NISDOMAIN slp # Query local SLP server for ypserver supporting NISDOMAIN # # ypserver HOSTNAME # Use server HOSTNAME for the local domain. The # IP-address of server must be listed in /etc/hosts. # # broadcast # If no server the default domain is specified or # none of them is reachable, try a broadcast call to # find a server domain eng server nisbeast.example.com NOTE If you use the server’s IP address instead of its name, the IP address will appear in place of the server name. NIS client programs, like the NIS servers, require RPC to function properly, so make sure the portmapper is running before starting the client daemon, ypbind. To start the client daemon, execute the following command, which invokes the ypbind initialization script: # service ypbind start Binding to the NIS domain: [ OK ] Listening for an NIS domain server. The Network Information System 329 19_599496 ch13.qxd 8/30/05 6:24 PM Page 329 After starting the NIS client daemon, use the command rpcinfo -u localhost ypbind to confirm that ypbind was able to register its service with the portmapper. The output should resemble the following: # rpcinfo –u luther ypbind program 100007 version 1 ready and waiting program 100007 version 2 ready and waiting NOTE If you skip the test procedure outlined in this section, you must at least set the domain name and create the /var/yp directory. Without this directory, ypbind does not start. Finally, use one of the NIS client commands discussed in the section titled “Key NIS Client Files and Commands” to test whether the client and server are communicating properly. For example, use the ypcat command to display the contents of the NIS shared password file: # ypcat passwd.byname For user lookups to work properly on the client, do not add users whose authentication information will be retrieved using NIS on the client system. Instead, add a + sign to the end of /etc/passwd and /etc/group on your NIS clients. Experienced system administrators might use properly formatted entries for the password and group files (+:*:0:0:: and +:*:*, respec- tively), but this isn’t necessary for NIS to work properly. Now edit /etc/host.conf so that it uses NIS for hostname lookups. By default, the Fedora Core and Red Hat Enterprise Linux host.conf file looks like the following: order hosts,bind This configuration means that name service lookups first look in /etc /hosts, then use bind, the name server, to perform name lookups. Change this line so that it reads: order hosts,nis,bind This entry causes name lookups to query NIS after looking in /etc/hosts and before using the resolver library. Last, edit /etc/nsswitch.conf. By default, Red Hat Linux is configured to perform standard NIS (as opposed to NIS+) lookups when user authentica- tion and related information is requested. Among other entries, you should see lines that look like the following: 330 Chapter 13 19_599496 ch13.qxd 8/30/05 6:24 PM Page 330 passwd: files nis shadow: files nis group: files nis hosts: files nis If you don’t see these entries, add them. Configuring the Client Startup Files As when configuring an NIS server, you must modify some system configuration files and make sure that the client daemon starts and stops when the system starts and stops. In addition to setting the NIS domain name in /etc/sysconfig/ network and setting the server information in /etc/yp.conf, you must enable ypbind, the NIS client, at boot time. You can use the chkconfig util- ity or the Service Configuration tool to start ypbind when the system boots. Using chkconfig, issue the following commands: # chkconfig levels 0123456 ypbind off # chkconfig levels 345 ypbind on To use the Service Configuration tool, start system-config-services as demonstrated earlier, scroll down to the bottom of the services list, and place a check mark beside the ypbind service. When you’re done, select File ➪ Save to save your changes, and then select File ➪ Exit to close the Service Configu- ration tool. NIS Client Commands Table 13-2 lists the key NIS client commands and briefly describes their purpose. The ypcat command enables you to view the contents of an NIS map. ypcat displays maps from the default server unless you request a specific NIS server using -d nisdomain. Similarly, to view the maps from a specific machine, use -h hostname, replacing hostname with the host in which you are interested. Table 13-2 NIS Client Configuration Files and Commands COMMAND DESCRIPTION ypcat Prints the entries in an NIS database ypmatch Prints the value of one or more entries in an NIS map yppasswd Changes user passwords and information on the NIS server yppoll Displays the server and version number of an NIS map ypwhich Displays the name of the master NIS server The Network Information System 331 19_599496 ch13.qxd 8/30/05 6:24 PM Page 331 ypwhich invoked with no arguments displays the name of the default NIS server. If invoked with the -d nisdomain option, it queries the master NIS server for the NIS domain named nisdomain. You can also specify use ypwhich hostname to query the NIS server, if any, on the machine named hostname. The -x option causes ypwhich to display the list of available maps. Suppose, for example, that you want to know the list of hosts that the NIS server nisbeast knows about. First, use ypwhich -x command to see a list of map nicknames available on nisbeast: $ ypwhich -x Use “ethers” for map “ethers.byname” Use “aliases” for map “mail.aliases” Use “services” for map “services.byname” Use “protocols” for map “protocols.bynumber” Use “hosts” for map “hosts.byname” Use “networks” for map “networks.byaddr” Use “group” for map “group.byname” Use “passwd” for map “passwd.byname” This output means, for example, that the map hosts.byname can be accessed using the nickname or hosts. So, try ypcat hosts: $ ypcat hosts 192.168.0.1 coondog.example.com coondog 192.168.0.2 hounddog.example.com hounddog 192.168.0.3 moonshine.example.com moonshine 127.0.0.1 localhost.localdomain localhost 127.0.0.1 localhost.localdomain localhost 192.168.0.4 nisbeast.example.com nisbeast If you are looking for a specific piece of information, use the ypmatch com- mand. For example, to find the user bubba’s password file entry, use the command: $ ypcat passwd | grep bubba bubba:$1$KXv8uWVw$Uk96z3r0bdHrM9gCfR.Ge0:501:501::/home/bubba:/bin/csh A more elegant method is to tell ypmatch to do it: $ ypmatch -k bubba passwd bubba:$1$KXv8uWVw$Uk96z3r0bdHrM9gCfR.Ge0:501:501::/home/bubba:/bin/csh As you can see, the output is the same, but ypmatch enables you to zero in on precisely the information you want without having to retrieve the entire map and filter the output. ypmatch’s -k option defines the key, or the infor- mation you want; the second argument tells ypmatch the map you want to 332 Chapter 13 19_599496 ch13.qxd 8/30/05 6:24 PM Page 332 search (passwd in this case). To see bubba’s group file entry, for example, you would specify the map group: $ ypmatch -k bubba group bubba bubba:!:501: The yppasswd command enables users to change their NIS passwords. What’s wrong with using plain vanilla passwd? The passwd command affects only the client machine. The yppasswd command, on the other hand, updates the NIS maps on the NIS server, which means that the updated pass- word will be effective across the network, not just on the client machine. In fact, if you use the passwd command for a user that is authenticated via NIS, the password change, if it succeeds, will not be propagated to other NIS clients and will be discarded from the local machine’s authentication databases the next time the NIS maps are updated. Before you test the configuration, you need to have an NIS client configured — it’s hard to test a server without a client — so we’ll delay test- ing the server configuration until the end of the next section. Configuring an Example NIS Client This subsection illustrates configuring an NIS client to use the NIS services pro- vided by the NIS server configured earlier in this chapter. As before, the NIS domain name is eng, running on the server nisbeast.kurtwerks.com, which has an IP address 192.168.0.1. 1. Set the NIS domain name: # nisdomainname eng # nisdomainname eng 2. Edit /etc/yp.conf to identify the default NIS server. The complete configuration file is (without comments): ypserver 192.168.0.1 3. Make sure that the portmapper is running on the client: # rpcinfo -u localhost portmapper program 100000 version 2 ready and waiting 4. Start the primary client daemon, ypbind: # service ypbind start Binding to the NIS domain: [ OK ] Listening for an NIS domain server. The Network Information System 333 19_599496 ch13.qxd 8/30/05 6:24 PM Page 333 [...]... and high-performance computing: Linux is fast, stable, reliable, tunable, and flexible; the source is available; and it runs on commodity hardware Most of the major databases, including Oracle, DB/ 2, Informix, MySQL, and PostgreSQL, 351 352 Chapter 15 run on it As a result, system administrators have to contend with running database servers As a system administrator, you rarely have the final say or... this point, you should have a functioning Samba server running on your system It is configured to allow users who have accounts on your Red Hat Enterprise Linux system to access their home directories from a Windows PC Logged-in users are also able to use the printers configured with the Red Hat system Connecting to a Samba Client In this section, you learn how to connect your system to other systems... The export is configured as read-write, with subtree checking disabled, allows the server to handle NFS requests asynchronously, and permits the server to delay disk writes 2 On the NIS server, create an automount file for /net Keep in mind that this file, auto.net, will be used on client systems, not the server # /etc/auto.net home -rw,soft,rsize=32678,wsize=32678,nfsvers=2 luther:/export/homes This... to Novell Networks With Red Hat Enterprise Linux, you can easily configure your system to connect to Novell Netware servers In this section, you learn how to configure your Red Hat system to be a Novell client Two packages need to be installed to enable communication between the Novell servers and your Fedora or Red Hat Enterprise system The first package to load is ipxutils, which is Internetwork... Windows file system can be mounted on your Linux system, and you can browse the Windows files from your Linux PC Before you can use Samba to connect to the Windows computers, it must first be installed on the Linux PC All current distributions of Fedora Core and Red Hat Enterprise Linux include three Samba packages: Samba, Sambaclient, and Samba-common They may not have been installed during the system installation... its speed, ease of use, flexibility, and, to be sure, its cost Most Linux distributions include MySQL as part of server-class installations Another important element of MySQL’s popularity is that it integrates smoothly and seamlessly with the other pillars of the LAMPpost, Linux, Apache, and PHP For example, Apache’s mod_auth_mysql module integrates MySQL authentication directly into Apache, making... in which you have to install, configure, and maintain a database server Configuring a Database Server Using MySQL MySQL is the most popular open-source RDBMS in the world It is popular enough, at least, that it is the third part of an acronym widely used to describe Web services built with free tools, LAMP, which stands for Linux, Apache, MySQL, and PHP (or Perl or Python, depending on who you ask)... Samba, you can emulate the Windows file-sharing protocol and connect your Fedora Core and Red Hat Enterprise network to a Windows network to share files and printers Novell networks before version 5.0 use a native protocol known as IPX, and with Fedora Core and Red Hat Enterprise Linux you can emulate this protocol to enable file sharing and printing between Red Hat systems and Novell Netware systems... management systems (RDBMSs) on Fedora Core and Red Hat Enterprise Linux: MySQL, and PostgreSQL, the two most popular open source RDBMSs, and Oracle, the 800-pound gorilla of commercial RDBMSs This chapter’s scope is limited to helping you install these database systems and to verify the basic functionality of the installed system In the interests of setting your expectations appropriately, you will... in the file system /export/homes ■ ■ The client system is marta.kurtwerks.com, which has the IP address 192.168.0. 1, and is running NFSv2 ■ ■ To keep the example clear, the exports will be mounted on the client system at the mount point /net And here’s the procedure: The server system has already been configured as an NIS and NFS server Likewise, the client system has already been configured as an NIS . 6:36 PM Page 340 For Samba to provide its services, the Red Hat Linux PC needs to be configured. NOTE In this chapter, I refer to the Red Hat Linux PC as the Samba server and the Windows PC as. protocol known as IPX, and with Fedora Core and Red Hat Enterprise Linux you can emulate this protocol to enable file sharing and printing between Red Hat systems and Novell Netware systems. Novell. hosts,nis,bind This entry causes name lookups to query NIS after looking in /etc/hosts and before using the resolver library. Last, edit /etc/nsswitch.conf. By default, Red Hat Linux is configured to