Difference between revisions of "OPS335 NIS Lab"
m (Minor clarification to instructions.) |
m (Change of hostnames) |
||
Line 40: | Line 40: | ||
===PART B: Examining a Problem Solved by NIS=== | ===PART B: Examining a Problem Solved by NIS=== | ||
− | *Ensure your | + | *Ensure your VM3 is still mounting your home directory from VM 2 using autofs. If it is not, revisit last weeks lab. |
*Many of you had an issue last week when using NFS as you had differing GID & UID's between systems - when attempting to mount the home directory from the VM2 you received various permission issues. In case you did not experience it, we will intentionally create this issue and then correct it with NIS. | *Many of you had an issue last week when using NFS as you had differing GID & UID's between systems - when attempting to mount the home directory from the VM2 you received various permission issues. In case you did not experience it, we will intentionally create this issue and then correct it with NIS. | ||
*Run the following command | *Run the following command | ||
Line 46: | Line 46: | ||
*Look at the existing users on VM 3 and compare them with the same users on VM 2. Find one whose credentials differ (Specifically, a user name that exists on both machines, but has a different UID). If you have no such user, create one. | *Look at the existing users on VM 3 and compare them with the same users on VM 2. Find one whose credentials differ (Specifically, a user name that exists on both machines, but has a different UID). If you have no such user, create one. | ||
*For example on VM 3: | *For example on VM 3: | ||
− | [root@ | + | [root@vm3 ~]# cat /etc/passwd | grep home |
nis-user:x:1000:1000::/home/nis-user:/bin/bash | nis-user:x:1000:1000::/home/nis-user:/bin/bash | ||
paul:x:1001:1001::/home/paul:/bin/bash | paul:x:1001:1001::/home/paul:/bin/bash | ||
*And on VM 2: | *And on VM 2: | ||
− | [root@ | + | [root@fvm2 ~]# cat /etc/passwd | grep home |
paul:x:1000:1000:paul:/home/paul:/bin/bash | paul:x:1000:1000:paul:/home/paul:/bin/bash | ||
nis-user:x:1001:1001::/home/nis-user:/bin/bash | nis-user:x:1001:1001::/home/nis-user:/bin/bash | ||
*While the two hosts share the same users, their UID and GID are different. This will cause a problem when mounting the home directory using NFS. | *While the two hosts share the same users, their UID and GID are different. This will cause a problem when mounting the home directory using NFS. | ||
− | *Back on | + | *Back on vm3 try to switch to your learnid (or other account where UID/GID differs between systems) |
su <learnid> | su <learnid> | ||
cd ~ | cd ~ | ||
*You should recieve a permission denied error as the UID on the local system differs from the UID of the file owner on the remote server. | *You should recieve a permission denied error as the UID on the local system differs from the UID of the file owner on the remote server. | ||
*Obtain a listing of the directories in /home: | *Obtain a listing of the directories in /home: | ||
− | [paul@ | + | [paul@vm3 /]# ls -l /home |
drwx------. 3 nis-user nis-user 4096 Mar 11 19:13 paul | drwx------. 3 nis-user nis-user 4096 Mar 11 19:13 paul | ||
*Notice that one user's home directory shows up as being owned by a different user. | *Notice that one user's home directory shows up as being owned by a different user. | ||
*Try to access the other user's home directory (it should show up as owned by this user): | *Try to access the other user's home directory (it should show up as owned by this user): | ||
− | [paul@ | + | [paul@vm3 /]# cd /home/nis-user |
*You should now be successful. Obtain a directory listing. Below is some example output: | *You should now be successful. Obtain a directory listing. Below is some example output: | ||
− | [paul@ | + | [paul@vm3 /home/nis-user]$ ll |
drwxr-xr-x. 2 paul paul 4096 Mar 14 09:09 Desktop | drwxr-xr-x. 2 paul paul 4096 Mar 14 09:09 Desktop | ||
drwxr-xr-x. 2 paul paul 4096 Feb 17 05:24 Documents | drwxr-xr-x. 2 paul paul 4096 Feb 17 05:24 Documents | ||
Line 75: | Line 75: | ||
drwxr-xr-x. 2 paul paul 4096 Jan 4 10:12 Videos | drwxr-xr-x. 2 paul paul 4096 Jan 4 10:12 Videos | ||
*Create an empty file and do a listing again | *Create an empty file and do a listing again | ||
− | [paul@ | + | [paul@vm3 ~]$ touch empty_from_vm3 |
− | [paul@ | + | [paul@vm3 ~]$ ll |
− | -rw-rw-r--. 1 paul paul 0 Mar 18 14:58 | + | -rw-rw-r--. 1 paul paul 0 Mar 18 14:58 empty_from_vm3 |
drwxr-xr-x. 2 paul paul 4096 Mar 14 09:09 Desktop | drwxr-xr-x. 2 paul paul 4096 Mar 14 09:09 Desktop | ||
drwxr-xr-x. 2 paul paul 4096 Feb 17 05:24 Documents | drwxr-xr-x. 2 paul paul 4096 Feb 17 05:24 Documents | ||
Line 89: | Line 89: | ||
*Change users back to root | *Change users back to root | ||
===Part C: Client Configuration=== | ===Part C: Client Configuration=== | ||
− | *Install ypbind on your | + | *Install ypbind on your vm3. |
− | * You may wish to follow the logs on | + | * You may wish to follow the logs on vm3. In addition to your normal log in, ssh from the host to vm3 and get a continuous feed from the logs with: |
tail -f /var/log/messages | tail -f /var/log/messages | ||
*Edit /etc/yp.conf adding the following line: | *Edit /etc/yp.conf adding the following line: | ||
Line 114: | Line 114: | ||
*Make sure autofs service is installed on your VM 3 (If you completed the nfs lab, it is). If it is not, go back and complete the NFS lab now. | *Make sure autofs service is installed on your VM 3 (If you completed the nfs lab, it is). If it is not, go back and complete the NFS lab now. | ||
*Copy the autofs files from VM3 to your VM2. | *Copy the autofs files from VM3 to your VM2. | ||
− | scp /etc/auto.{home,master} root@ | + | scp /etc/auto.{home,master} root@vm2:/etc/ |
*Edit /etc/auto.master on VM2 and remove the 'etc' prefix from auto.home's path: | *Edit /etc/auto.master on VM2 and remove the 'etc' prefix from auto.home's path: | ||
Line 124: | Line 124: | ||
*You will need to look into the Makefile to determine how to add auto.home and auto.master to the list of files shared by NIS. | *You will need to look into the Makefile to determine how to add auto.home and auto.master to the list of files shared by NIS. | ||
*After making changes to your Makefile, regenerate your maps again and run the same command as above. You should now see the file and its contents when you run ypcat auto.home. | *After making changes to your Makefile, regenerate your maps again and run the same command as above. You should now see the file and its contents when you run ypcat auto.home. | ||
− | [root@ | + | [root@vm2 yp]# ypcat auto.home |
-fstype=nfs4,rw,nosuid,soft 192.168.70.3:/home/& | -fstype=nfs4,rw,nosuid,soft 192.168.70.3:/home/& | ||
− | *On | + | *On vm3 delete the autofs files, and edit the /etc/nsswitch.conf file so that autofs consults NIS. Reboot the machine. |
*When the VM comes back up, SSH and ensure auto mounting of home occurred. | *When the VM comes back up, SSH and ensure auto mounting of home occurred. | ||
===Part E: Adding the other VM's=== | ===Part E: Adding the other VM's=== | ||
− | *When you have successfully made this change on | + | *When you have successfully made this change on vm3, repeat these steps so that vm1 will also use NIS for user identification, and mount home directories using autofs files located on vm2. |
**Warning: When configuring the location of the NIS server to bind to, use the ip address instead of the hostname. When the machine is booting, you have no guarantee that named starts before ypbind. | **Warning: When configuring the location of the NIS server to bind to, use the ip address instead of the hostname. When the machine is booting, you have no guarantee that named starts before ypbind. | ||
Revision as of 01:14, 19 March 2015
Contents
NIS (Network Information Services)
- An NIS server is used to synchronize system files and other information between machines in an NIS domain.
- In this lab you will set a Fedora VM as both an NFS and NIS server. You will then use your other VM's to serve as your NFS and NIS clients.
PART A: Setting up your NIS Server
- Install the NIS server and client onto your VM 2.
yum install ypserv ypbind
- Add the following line to the bottom of the file /etc/sysconfig/network
NISDOMAIN="<learn-id>.org" YPSERV_ARGS="-p 783"
- This should be enough to set the domain name, however there is currently a bug in systemd that prevents this from working properly on its own.
- You will also need to start and enable the fedora-domainname service.
- Edit the file /etc/yp.conf and set up your domain:
domain <learn-id>.org server 127.0.0.1
- Create the file /var/yp/securenets:
host 127.0.0.1 255.255.255.0 192.168.x.0
- Enable and start the NIS (ypserv) service.
systemctl start ypserv.service systemctl enable ypserv.service
- Backup the configuration file for NIS databases
cp /var/yp/Makefile /var/yp/Makefile.orig
- Verify that your servers (NFS, ypserv) are running correctly with the following command:
rpcinfo -p
- At this step you should edit your firewalls to allow RPC and NIS traffic through your firewall (Hint: check the output of rpcinfo -p or iptables traffic on the "lo" interface)
- The machine will essentially be communicating with its own NIS server when using the Makefile
- Now change to directory /var/yp and run this command to build the information databases
make
- Enable and start the NIS binding (ypbind) service.
systemctl start ypbind.service
- Use the following command to verify your NIS server is working - you should see your learnid password record.
ypcat passwd
- Add a new user named nis-user, with password "ops335".
- Run 'ypcat passwd' again.
- In order for the new user to show up you will need to recreate the map files- change directory to /var/yp and run the "make" command again.
PART B: Examining a Problem Solved by NIS
- Ensure your VM3 is still mounting your home directory from VM 2 using autofs. If it is not, revisit last weeks lab.
- Many of you had an issue last week when using NFS as you had differing GID & UID's between systems - when attempting to mount the home directory from the VM2 you received various permission issues. In case you did not experience it, we will intentionally create this issue and then correct it with NIS.
- Run the following command
cat /etc/passwd | grep home
- Look at the existing users on VM 3 and compare them with the same users on VM 2. Find one whose credentials differ (Specifically, a user name that exists on both machines, but has a different UID). If you have no such user, create one.
- For example on VM 3:
[root@vm3 ~]# cat /etc/passwd | grep home nis-user:x:1000:1000::/home/nis-user:/bin/bash paul:x:1001:1001::/home/paul:/bin/bash
- And on VM 2:
[root@fvm2 ~]# cat /etc/passwd | grep home paul:x:1000:1000:paul:/home/paul:/bin/bash nis-user:x:1001:1001::/home/nis-user:/bin/bash
- While the two hosts share the same users, their UID and GID are different. This will cause a problem when mounting the home directory using NFS.
- Back on vm3 try to switch to your learnid (or other account where UID/GID differs between systems)
su <learnid> cd ~
- You should recieve a permission denied error as the UID on the local system differs from the UID of the file owner on the remote server.
- Obtain a listing of the directories in /home:
[paul@vm3 /]# ls -l /home drwx------. 3 nis-user nis-user 4096 Mar 11 19:13 paul
- Notice that one user's home directory shows up as being owned by a different user.
- Try to access the other user's home directory (it should show up as owned by this user):
[paul@vm3 /]# cd /home/nis-user
- You should now be successful. Obtain a directory listing. Below is some example output:
[paul@vm3 /home/nis-user]$ ll drwxr-xr-x. 2 paul paul 4096 Mar 14 09:09 Desktop drwxr-xr-x. 2 paul paul 4096 Feb 17 05:24 Documents drwxr-xr-x. 2 paul paul 4096 Feb 17 05:45 Downloads drwxr-xr-x. 2 paul paul 4096 Jan 4 10:12 Music drwxr-xr-x. 2 paul paul 4096 Jan 4 10:12 Pictures drwxr-xr-x. 2 paul paul 4096 Jan 4 10:12 Public drwxr-xr-x. 2 paul paul 4096 Jan 4 10:12 Templates drwxr-xr-x. 2 paul paul 4096 Jan 4 10:12 Videos
- Create an empty file and do a listing again
[paul@vm3 ~]$ touch empty_from_vm3 [paul@vm3 ~]$ ll -rw-rw-r--. 1 paul paul 0 Mar 18 14:58 empty_from_vm3 drwxr-xr-x. 2 paul paul 4096 Mar 14 09:09 Desktop drwxr-xr-x. 2 paul paul 4096 Feb 17 05:24 Documents drwxr-xr-x. 2 paul paul 4096 Feb 17 05:45 Downloads drwxr-xr-x. 2 paul paul 4096 Jan 4 10:12 Music drwxr-xr-x. 2 paul paul 4096 Jan 4 10:12 Pictures drwxr-xr-x. 2 paul paul 4096 Jan 4 10:12 Public drwxr-xr-x. 2 paul paul 4096 Jan 4 10:12 Templates drwxr-xr-x. 2 paul paul 4096 Jan 4 10:12 Videos
- Now we will fix this problem by making this machine use NIS for user information
- Change users back to root
Part C: Client Configuration
- Install ypbind on your vm3.
- You may wish to follow the logs on vm3. In addition to your normal log in, ssh from the host to vm3 and get a continuous feed from the logs with:
tail -f /var/log/messages
- Edit /etc/yp.conf adding the following line:
domain <learnid>.org server 192.168.x.3
- Add the following line to the bottom of the file /etc/sysconfig/network
NISDOMAIN="<learn-id>.org"
- Start the ypbind server with the command.
systemctl start ypbind.service
- Looking at your logs ensure that ypbind is registered with rpcbind, if it is unable your firewall may need to be adjusted.
- Now when you run the following command:
ypcat passwd
- You should be able to see the 'nis-user' entry from the host machine, matching its credentials.
- If you added a mismatched user, you must update the map files on the host.
- Edit the /etc/nsswitch.conf file (on VM3 only) and change the following lines so they appear as below:
passwd: nis files shadow: nis files group: nis files
- Save and exit the file.
- Ensure ypbind will start at boot and restart the vm.
- Again SSH to the machine, this time using your learnid account. You should now be able to see the files in your home directory with the correct mapping.
Part D: Obtaining autofs maps through NIS:
- Make sure autofs service is installed on your VM 3 (If you completed the nfs lab, it is). If it is not, go back and complete the NFS lab now.
- Copy the autofs files from VM3 to your VM2.
scp /etc/auto.{home,master} root@vm2:/etc/
- Edit /etc/auto.master on VM2 and remove the 'etc' prefix from auto.home's path:
/home auto.home --timeout=60
- Regenerate your NIS maps and run:
ypcat auto.home
- You should receive the following:
No such map auto.home. Reason: No such map in server's domain
- You will need to look into the Makefile to determine how to add auto.home and auto.master to the list of files shared by NIS.
- After making changes to your Makefile, regenerate your maps again and run the same command as above. You should now see the file and its contents when you run ypcat auto.home.
[root@vm2 yp]# ypcat auto.home -fstype=nfs4,rw,nosuid,soft 192.168.70.3:/home/&
- On vm3 delete the autofs files, and edit the /etc/nsswitch.conf file so that autofs consults NIS. Reboot the machine.
- When the VM comes back up, SSH and ensure auto mounting of home occurred.
Part E: Adding the other VM's
- When you have successfully made this change on vm3, repeat these steps so that vm1 will also use NIS for user identification, and mount home directories using autofs files located on vm2.
- Warning: When configuring the location of the NIS server to bind to, use the ip address instead of the hostname. When the machine is booting, you have no guarantee that named starts before ypbind.
Completing the Lab
Exploration questions:
- What is the purpose of the rpcinfo command?
- Explain the purpose of the make command in the lab - what does it do?
- Explain the purpose of the /var/yp/securenets file.
- What is the function of the portmapper service?
- What ports did you need to open on your firewall?