Difference between revisions of "OPS335 NIS Lab"

From CDOT Wiki
Jump to: navigation, search
m (Minor clarification to instructions.)
m (Change of hostnames)
Line 40: Line 40:
  
 
===PART B: Examining a Problem Solved by NIS===
 
===PART B: Examining a Problem Solved by NIS===
*Ensure your VM03 is still mounting your home directory from VM 2 using autofs. If it is not, revisit last weeks lab.
+
*Ensure your VM3 is still mounting your home directory from VM 2 using autofs. If it is not, revisit last weeks lab.
 
*Many of you had an issue last week when using NFS as you had differing GID & UID's between systems - when attempting to mount the home directory from the VM2 you received various permission issues. In case you did not experience it, we will intentionally create this issue and then correct it with NIS.
 
*Many of you had an issue last week when using NFS as you had differing GID & UID's between systems - when attempting to mount the home directory from the VM2 you received various permission issues. In case you did not experience it, we will intentionally create this issue and then correct it with NIS.
 
*Run the following command
 
*Run the following command
Line 46: Line 46:
 
*Look at the existing users on VM 3 and compare them with the same users on VM 2. Find one whose credentials differ (Specifically, a user name that exists on both machines, but has a different UID).  If you have no such user, create one.
 
*Look at the existing users on VM 3 and compare them with the same users on VM 2. Find one whose credentials differ (Specifically, a user name that exists on both machines, but has a different UID).  If you have no such user, create one.
 
*For example on VM 3:
 
*For example on VM 3:
  [root@vm03 ~]# cat /etc/passwd | grep home
+
  [root@vm3 ~]# cat /etc/passwd | grep home
 
  nis-user:x:1000:1000::/home/nis-user:/bin/bash
 
  nis-user:x:1000:1000::/home/nis-user:/bin/bash
 
  paul:x:1001:1001::/home/paul:/bin/bash
 
  paul:x:1001:1001::/home/paul:/bin/bash
 
*And on VM 2:
 
*And on VM 2:
  [root@fvm02 ~]# cat /etc/passwd | grep home
+
  [root@fvm2 ~]# cat /etc/passwd | grep home
 
  paul:x:1000:1000:paul:/home/paul:/bin/bash
 
  paul:x:1000:1000:paul:/home/paul:/bin/bash
 
  nis-user:x:1001:1001::/home/nis-user:/bin/bash
 
  nis-user:x:1001:1001::/home/nis-user:/bin/bash
 
*While the two hosts share the same users, their UID and GID are different. This will cause a problem when mounting the home directory using NFS.
 
*While the two hosts share the same users, their UID and GID are different. This will cause a problem when mounting the home directory using NFS.
*Back on vm03 try to switch to your learnid (or other account where UID/GID differs between systems)
+
*Back on vm3 try to switch to your learnid (or other account where UID/GID differs between systems)
 
  su <learnid>
 
  su <learnid>
 
  cd ~
 
  cd ~
 
*You should recieve a permission denied error as the UID on the local system differs from the UID of the file owner on the remote server.
 
*You should recieve a permission denied error as the UID on the local system differs from the UID of the file owner on the remote server.
 
*Obtain a listing of the directories in /home:
 
*Obtain a listing of the directories in /home:
  [paul@vm03 /]# ls -l /home
+
  [paul@vm3 /]# ls -l /home
 
  drwx------. 3 nis-user nis-user 4096 Mar 11 19:13 paul
 
  drwx------. 3 nis-user nis-user 4096 Mar 11 19:13 paul
 
*Notice that one user's home directory shows up as being owned by a different user.
 
*Notice that one user's home directory shows up as being owned by a different user.
 
*Try to access the other user's home directory (it should show up as owned by this user):
 
*Try to access the other user's home directory (it should show up as owned by this user):
  [paul@vm03 /]# cd /home/nis-user
+
  [paul@vm3 /]# cd /home/nis-user
 
*You should now be successful.  Obtain a directory listing. Below is some example output:
 
*You should now be successful.  Obtain a directory listing. Below is some example output:
  [paul@vm03 /home/nis-user]$ ll
+
  [paul@vm3 /home/nis-user]$ ll
 
  drwxr-xr-x. 2 paul paul  4096 Mar 14 09:09 Desktop
 
  drwxr-xr-x. 2 paul paul  4096 Mar 14 09:09 Desktop
 
  drwxr-xr-x. 2 paul paul  4096 Feb 17 05:24 Documents
 
  drwxr-xr-x. 2 paul paul  4096 Feb 17 05:24 Documents
Line 75: Line 75:
 
  drwxr-xr-x. 2 paul paul  4096 Jan  4 10:12 Videos
 
  drwxr-xr-x. 2 paul paul  4096 Jan  4 10:12 Videos
 
*Create an empty file and do a listing again
 
*Create an empty file and do a listing again
  [paul@vm03 ~]$ touch empty_from_vm03
+
  [paul@vm3 ~]$ touch empty_from_vm3
  [paul@vm03 ~]$ ll
+
  [paul@vm3 ~]$ ll
  -rw-rw-r--. 1 paul paul      0 Mar 18 14:58 empty_from_vm03
+
  -rw-rw-r--. 1 paul paul      0 Mar 18 14:58 empty_from_vm3
 
  drwxr-xr-x. 2 paul paul  4096 Mar 14 09:09 Desktop
 
  drwxr-xr-x. 2 paul paul  4096 Mar 14 09:09 Desktop
 
  drwxr-xr-x. 2 paul paul  4096 Feb 17 05:24 Documents
 
  drwxr-xr-x. 2 paul paul  4096 Feb 17 05:24 Documents
Line 89: Line 89:
 
*Change users back to root
 
*Change users back to root
 
===Part C: Client Configuration===
 
===Part C: Client Configuration===
*Install ypbind on your vm03.
+
*Install ypbind on your vm3.
* You may wish to follow the logs on vm03.  In addition to your normal log in, ssh from the host to vm03 and get a continuous feed from the logs with:  
+
* You may wish to follow the logs on vm3.  In addition to your normal log in, ssh from the host to vm3 and get a continuous feed from the logs with:  
 
  tail -f /var/log/messages
 
  tail -f /var/log/messages
 
*Edit /etc/yp.conf adding the following line:
 
*Edit /etc/yp.conf adding the following line:
Line 114: Line 114:
 
*Make sure autofs service is installed on your VM 3 (If you completed the nfs lab, it is). If it is not, go back and complete the NFS lab now.
 
*Make sure autofs service is installed on your VM 3 (If you completed the nfs lab, it is). If it is not, go back and complete the NFS lab now.
 
*Copy the autofs files from VM3 to your VM2.
 
*Copy the autofs files from VM3 to your VM2.
  scp /etc/auto.{home,master} root@vm02:/etc/
+
  scp /etc/auto.{home,master} root@vm2:/etc/
  
 
*Edit /etc/auto.master on VM2 and remove the 'etc' prefix from auto.home's path:
 
*Edit /etc/auto.master on VM2 and remove the 'etc' prefix from auto.home's path:
Line 124: Line 124:
 
*You will need to look into the Makefile to determine how to add auto.home and auto.master to the list of files shared by NIS.
 
*You will need to look into the Makefile to determine how to add auto.home and auto.master to the list of files shared by NIS.
 
*After making changes to your Makefile, regenerate your maps again and run the same command as above. You should now see the file and its contents when you run ypcat auto.home.
 
*After making changes to your Makefile, regenerate your maps again and run the same command as above. You should now see the file and its contents when you run ypcat auto.home.
  [root@vm02 yp]# ypcat auto.home
+
  [root@vm2 yp]# ypcat auto.home
 
  -fstype=nfs4,rw,nosuid,soft      192.168.70.3:/home/&
 
  -fstype=nfs4,rw,nosuid,soft      192.168.70.3:/home/&
*On vm03 delete the autofs files, and edit the /etc/nsswitch.conf file so that autofs consults NIS. Reboot the machine.
+
*On vm3 delete the autofs files, and edit the /etc/nsswitch.conf file so that autofs consults NIS. Reboot the machine.
 
*When the VM comes back up, SSH and ensure auto mounting of home occurred.
 
*When the VM comes back up, SSH and ensure auto mounting of home occurred.
  
 
===Part E: Adding the other VM's===
 
===Part E: Adding the other VM's===
*When you have successfully made this change on vm03, repeat these steps so that vm01 will use NIS for user identification, and mount home directories using autofs.
+
*When you have successfully made this change on vm3, repeat these steps so that vm1 will also use NIS for user identification, and mount home directories using autofs files located on vm2.
 
**Warning:  When configuring the location of the NIS server to bind to, use the ip address instead of the hostname.  When the machine is booting, you have no guarantee that named starts before ypbind.
 
**Warning:  When configuring the location of the NIS server to bind to, use the ip address instead of the hostname.  When the machine is booting, you have no guarantee that named starts before ypbind.
  

Revision as of 01:14, 19 March 2015

NIS (Network Information Services)

  • An NIS server is used to synchronize system files and other information between machines in an NIS domain.
  • In this lab you will set a Fedora VM as both an NFS and NIS server. You will then use your other VM's to serve as your NFS and NIS clients.
Important.png
Prerequisites
Before you begin make sure all your machines are up to date (yum update).

Ensure both host and VM's have firewalls set up according to prior labs and all labs have been completed.

Ensure that your NFS server is running on VM2 and exporting the '/home' directory.

PART A: Setting up your NIS Server

  • Install the NIS server and client onto your VM 2.
 yum install ypserv ypbind
  • Add the following line to the bottom of the file /etc/sysconfig/network
 NISDOMAIN="<learn-id>.org"
 YPSERV_ARGS="-p 783"
  • This should be enough to set the domain name, however there is currently a bug in systemd that prevents this from working properly on its own.
    • You will also need to start and enable the fedora-domainname service.
  • Edit the file /etc/yp.conf and set up your domain:
 domain <learn-id>.org server 127.0.0.1
  • Create the file /var/yp/securenets:
 host 127.0.0.1
 255.255.255.0   192.168.x.0
  • Enable and start the NIS (ypserv) service.
systemctl start ypserv.service
systemctl enable ypserv.service
  • Backup the configuration file for NIS databases
 cp /var/yp/Makefile /var/yp/Makefile.orig
  • Verify that your servers (NFS, ypserv) are running correctly with the following command:
 rpcinfo -p
  • At this step you should edit your firewalls to allow RPC and NIS traffic through your firewall (Hint: check the output of rpcinfo -p or iptables traffic on the "lo" interface)
  • The machine will essentially be communicating with its own NIS server when using the Makefile
  • Now change to directory /var/yp and run this command to build the information databases
 make
  • Enable and start the NIS binding (ypbind) service.
systemctl start ypbind.service
  • Use the following command to verify your NIS server is working - you should see your learnid password record.
 ypcat passwd
  • Add a new user named nis-user, with password "ops335".
  • Run 'ypcat passwd' again.
  • In order for the new user to show up you will need to recreate the map files- change directory to /var/yp and run the "make" command again.

PART B: Examining a Problem Solved by NIS

  • Ensure your VM3 is still mounting your home directory from VM 2 using autofs. If it is not, revisit last weeks lab.
  • Many of you had an issue last week when using NFS as you had differing GID & UID's between systems - when attempting to mount the home directory from the VM2 you received various permission issues. In case you did not experience it, we will intentionally create this issue and then correct it with NIS.
  • Run the following command
cat /etc/passwd | grep home
  • Look at the existing users on VM 3 and compare them with the same users on VM 2. Find one whose credentials differ (Specifically, a user name that exists on both machines, but has a different UID). If you have no such user, create one.
  • For example on VM 3:
[root@vm3 ~]# cat /etc/passwd | grep home
nis-user:x:1000:1000::/home/nis-user:/bin/bash
paul:x:1001:1001::/home/paul:/bin/bash
  • And on VM 2:
[root@fvm2 ~]# cat /etc/passwd | grep home
paul:x:1000:1000:paul:/home/paul:/bin/bash
nis-user:x:1001:1001::/home/nis-user:/bin/bash
  • While the two hosts share the same users, their UID and GID are different. This will cause a problem when mounting the home directory using NFS.
  • Back on vm3 try to switch to your learnid (or other account where UID/GID differs between systems)
su <learnid>
cd ~
  • You should recieve a permission denied error as the UID on the local system differs from the UID of the file owner on the remote server.
  • Obtain a listing of the directories in /home:
[paul@vm3 /]# ls -l /home
drwx------. 3 nis-user nis-user 4096 Mar 11 19:13 paul
  • Notice that one user's home directory shows up as being owned by a different user.
  • Try to access the other user's home directory (it should show up as owned by this user):
[paul@vm3 /]# cd /home/nis-user
  • You should now be successful. Obtain a directory listing. Below is some example output:
[paul@vm3 /home/nis-user]$ ll
drwxr-xr-x. 2 paul paul   4096 Mar 14 09:09 Desktop
drwxr-xr-x. 2 paul paul   4096 Feb 17 05:24 Documents
drwxr-xr-x. 2 paul paul   4096 Feb 17 05:45 Downloads
drwxr-xr-x. 2 paul paul   4096 Jan  4 10:12 Music
drwxr-xr-x. 2 paul paul   4096 Jan  4 10:12 Pictures
drwxr-xr-x. 2 paul paul   4096 Jan  4 10:12 Public
drwxr-xr-x. 2 paul paul   4096 Jan  4 10:12 Templates
drwxr-xr-x. 2 paul paul   4096 Jan  4 10:12 Videos
  • Create an empty file and do a listing again
[paul@vm3 ~]$ touch empty_from_vm3
[paul@vm3 ~]$ ll
-rw-rw-r--. 1 paul paul      0 Mar 18 14:58 empty_from_vm3
drwxr-xr-x. 2 paul paul   4096 Mar 14 09:09 Desktop
drwxr-xr-x. 2 paul paul   4096 Feb 17 05:24 Documents
drwxr-xr-x. 2 paul paul   4096 Feb 17 05:45 Downloads
drwxr-xr-x. 2 paul paul   4096 Jan  4 10:12 Music
drwxr-xr-x. 2 paul paul   4096 Jan  4 10:12 Pictures
drwxr-xr-x. 2 paul paul   4096 Jan  4 10:12 Public
drwxr-xr-x. 2 paul paul   4096 Jan  4 10:12 Templates
drwxr-xr-x. 2 paul paul   4096 Jan  4 10:12 Videos
  • Now we will fix this problem by making this machine use NIS for user information
  • Change users back to root

Part C: Client Configuration

  • Install ypbind on your vm3.
  • You may wish to follow the logs on vm3. In addition to your normal log in, ssh from the host to vm3 and get a continuous feed from the logs with:
tail -f /var/log/messages
  • Edit /etc/yp.conf adding the following line:
domain <learnid>.org server 192.168.x.3
  • Add the following line to the bottom of the file /etc/sysconfig/network
 NISDOMAIN="<learn-id>.org"
  • Start the ypbind server with the command.
systemctl start ypbind.service
  • Looking at your logs ensure that ypbind is registered with rpcbind, if it is unable your firewall may need to be adjusted.
  • Now when you run the following command:
ypcat passwd
  • You should be able to see the 'nis-user' entry from the host machine, matching its credentials.
  • If you added a mismatched user, you must update the map files on the host.
  • Edit the /etc/nsswitch.conf file (on VM3 only) and change the following lines so they appear as below:
passwd:     nis files
shadow:     nis files
group:      nis files
  • Save and exit the file.
  • Ensure ypbind will start at boot and restart the vm.
  • Again SSH to the machine, this time using your learnid account. You should now be able to see the files in your home directory with the correct mapping.

Part D: Obtaining autofs maps through NIS:

  • Make sure autofs service is installed on your VM 3 (If you completed the nfs lab, it is). If it is not, go back and complete the NFS lab now.
  • Copy the autofs files from VM3 to your VM2.
scp /etc/auto.{home,master} root@vm2:/etc/
  • Edit /etc/auto.master on VM2 and remove the 'etc' prefix from auto.home's path:
/home   auto.home   --timeout=60
  • Regenerate your NIS maps and run:
ypcat auto.home
  • You should receive the following:
No such map auto.home. Reason: No such map in server's domain
  • You will need to look into the Makefile to determine how to add auto.home and auto.master to the list of files shared by NIS.
  • After making changes to your Makefile, regenerate your maps again and run the same command as above. You should now see the file and its contents when you run ypcat auto.home.
[root@vm2 yp]# ypcat auto.home
-fstype=nfs4,rw,nosuid,soft      192.168.70.3:/home/&
  • On vm3 delete the autofs files, and edit the /etc/nsswitch.conf file so that autofs consults NIS. Reboot the machine.
  • When the VM comes back up, SSH and ensure auto mounting of home occurred.

Part E: Adding the other VM's

  • When you have successfully made this change on vm3, repeat these steps so that vm1 will also use NIS for user identification, and mount home directories using autofs files located on vm2.
    • Warning: When configuring the location of the NIS server to bind to, use the ip address instead of the hostname. When the machine is booting, you have no guarantee that named starts before ypbind.

Completing the Lab

Exploration questions:

  1. What is the purpose of the rpcinfo command?
  2. Explain the purpose of the make command in the lab - what does it do?
  3. Explain the purpose of the /var/yp/securenets file.
  4. What is the function of the portmapper service?
  5. What ports did you need to open on your firewall?