Linux NIS+ Configuration and Administration

The NIS Plus framework goes beyond storing client information in a centralized place for easy accessibility. It also provides authentication and authorization services. It helps system administrators to manage large groups of servers from a centralized point. Besides, administrators can also authenticate users within their networks and authorize them to programs or applications appropriately.

This article focuses on configuring NIS+ servers and clients. But before that, we will introduce you to NIS Plus servers, NIS+ objects, and NIS+ groups.

Introduction to Network Information Service Plus

NIS+ is an information service that allows administrators to store client information in a centralized manner. This information can be user passwords, network services, usernames, and home directories. This lookup and authentication tool uses a hierarchical structure with multiple-domain servers.

The protocol uses tables and has up to 16 standard tables. The tables feature a predetermined structure which you will automatically come on NIS+ installation. Moreover, you can still use NIS+ commands to create other custom tables.

Unlike NIS, which is basic and only useable as a lookup framework, the NIS+ protocol has an array of security components. You can use it to authenticate and authorize users and user activities. The configuration file /etc/nsswitch.com, which each client should have, specifies where a client should search when looking for information. Often, this could either be in the NIS+ maps located at the servers or in the local files.

Configuring NIS+ in the Server Machine

The following are the steps you need to follow when configuring NIS+:

Step 1: Prepare for the Installation

Firstly, you need to ascertain that your systems are ready for installation by preparing for the same, which involves preparing data files for the NIS+ maps. You can accomplish this by copying all the files you need to include in the NIS+ tables for easy and centralized administration. These files usually have similar names and are available in /etc.

For example, if you want group, password, and host home directories administered using NIS+, your commands will look like this:

You can tweak the above commands to create an auto_home. This process is possible if you edit a copy of the passwd file while only keeping the login name alongside the home directory. Typically, an auto_home will look like what is in the figure below:

The first column in the auto home specifies the usernames, while the next one specifies the identities of the machines providing the home directories and the paths to the directories.

Step 2: Install NIS+ Server

You can install the server using the following procedure:

1. Define the Default Domain
   The first step during the installation is to define your default domain if you do not find a default domain already defined in /etc/defaultdomain.

   The below utility should help:
   

2. As a Root

   As a root, change your directory to the /usr/lib/nis. Alternatively, you can add PATH to the directory.

   You can then run the server initialization program using the below command. Proceed to reboot the server once it is set.

   

3. Log In As A Root

   Change the directory to the directory containing the passwd, group, and auto_home files. You can empty the tables by running the command to populate, as shown below.

   

The above utility will help to populate the standard tables from the local directory files. It is also possible to specify file names in the file to populate a single table. For example:

Install and Set Up the NIS+ Client

We assume that you already have the NIS-tools and a new libc installed in your client machine. You can begin this process by creating credentials for your new client from the NIS+ server machine. Note that both the server and client machines must have the same time reading during configuration. Any time difference of more than 5 minutes will cause an error.

The process is as follows:

1. Log in as a Root On Your Client Machine

   Once logged in as a root user on the client, proceed to define your default domain. We will use linhint.com as our domain name for this demonstration.

2. Initialize the Client

   The next step should entail running the initialization program on the client machine, as shown below, before rebooting your client machine.

   

3. Open the /etc/nsswitch.conf file

   You can log in now and check the contents of the /etc/nsswitch.conf file. Confirm that this file only contains entries corresponding to the tables you populated point to NIS+ and the files. The files you never populated should appear in the order of files before NIS+.

Conclusion

You can successfully use the above steps to install NIS+ server and NIS+ client. Once done, you can use the NIS+ system to lookup entries, authenticate, and authorize users as desired.

Sources

• https://docs.oracle.com/cd/E18752_01/html/816-4558/c2setup-95665.html
• https://docs.oracle.com/cd/E18752_01/html/816-4558/c00over-22189.html
• https://www.ibm.com/docs/en/aix/7.1?topic=configuration-setting-up-nis
• https://docs.oracle.com/cd/E18752_01/html/816-4558/c00over-38672.html
• https://tldp.org/HOWTO/NIS-HOWTO/nisplus.html
• https://docs.oracle.com/cd/E18752_01/html/816-4558/c5server-38466.html
• https://www.adminschoice.com/nisplus-installation-administration