Difference between revisions of "Cluster der kan alt/LDAP eller NIS"
m |
|||
Line 1: | Line 1: | ||
− | [[NIS | + | NIS or Network Information Services is a simple - and insecure - way of making [[SSO|Single Sign On]] in a cluster of UNIX/Linux machines. Very useful in a closed network. |
− | :: | + | |
+ | Originally NIS was called YP - Yellow Pages - and the acronyms YP and NIS are used. | ||
+ | |||
+ | There are up to three roles in a NIS installation | ||
+ | ;Master server:The master server - shares files to slaves and clients. For example the passwd and group file | ||
+ | ;Slave server(s):Maintain copies of the Master Server shared files. Provides redundancy and load balancing | ||
+ | ;Clients:Use the shared files - for example for single sign on. Users added on the master server | ||
+ | =Installation of the master server= | ||
+ | Add the following line to '''/etc/hosts.allow'''. (In this case master,slaves and clients lives in the 10.222.0.0/24 network) | ||
+ | <source lang=cli> | ||
+ | portmap ypserv ypbind: 10.222.0.0/255.255.255.0 | ||
+ | </source> | ||
+ | Install NIS. You will be asked to enter the domain name. The domain name is not the DNS domain name - but a unique name for the the cluster of machines sharing the same information. (I use the DNS domain name - one less thing to remember) | ||
+ | <source lang=cli> | ||
+ | apt-get install portmap nis | ||
+ | </source> | ||
+ | *Edit '''/etc/default/nis''' and set the NISSERVER line to NISSERVER = master | ||
+ | *Edit '''/etc/yp.conf''' and add a server line of the form: (Note my domain-name is '''c1.local''') | ||
+ | <source lang=cli> | ||
+ | domain c1.local server 127.0.0.1 | ||
+ | </source> | ||
+ | *Edit '''/etc/ypserv.securenets''' remove the '''0.0.0.0''' line - insecure - and add your net/nets | ||
+ | ==Adding a user== | ||
+ | When adding a user with '''adduser''' it's necessary to rebuild the NIS maps | ||
+ | <source lang=cli> | ||
+ | root@head:~# <input>make -C /var/yp</input> | ||
+ | make: Går til katalog '/var/yp' | ||
+ | make[1]: Går til katalog '/var/yp/c1.local' | ||
+ | Updating passwd.byname... | ||
+ | Updating passwd.byuid... | ||
+ | Updating netid.byname... | ||
+ | Updating shadow.byname... | ||
+ | make[1]: Forlader katalog '/var/yp/c1.local' | ||
+ | make: Forlader katalog '/var/yp' | ||
+ | </source> | ||
+ | ===Script adding user in a Cluster=== | ||
+ | The following simple script: | ||
+ | *Add a user on the NIS server. | ||
+ | *Add a ssh key to the users '''/home''' library. | ||
+ | **In this cluster '''/home''' is distributed with [[NFS]] to all nodes. Logon to nodes without entering password | ||
+ | *Rebuilding the NIS database with the new user | ||
+ | <source lang=cli> | ||
+ | #!/bin/bash | ||
+ | echo -e "Adding user to cluster" | ||
+ | echo -e "======================\n" | ||
+ | echo -en "User login name: " | ||
+ | read NAME | ||
+ | adduser $NAME | ||
+ | |||
+ | echo -e "Creating keys" | ||
+ | su $NAME -c "ssh-keygen -t dsa" | ||
+ | echo -e "Distributing keys" | ||
+ | su $NAME -c "cat /home/$NAME/.ssh/id_dsa.pub >> /home/$NAME/.ssh/authorized_keys" | ||
+ | echo -e "Rebuild NIS database" | ||
+ | make -C /var/yp | ||
+ | </source> | ||
+ | |||
+ | =Installation on the clients= | ||
+ | Install the software | ||
+ | <source lang=cli> | ||
+ | sudo apt-get install portmap nis | ||
+ | </source> | ||
+ | run the following commands. Remember to change the IP address of the NIS_SERVER_IP to your NIS servers IP address. | ||
+ | <source lang=cli> | ||
+ | echo "portmap : <notice>NIS_SERVER_IP</notice> >> /etc/hosts.allow | ||
+ | echo "+::::::" >> /etc/passwd | ||
+ | echo "+:::" >> /etc/group | ||
+ | echo "+::::::::" >> /etc/shadow | ||
+ | echo "ypserver <notice>NIS_SERVER_IP</notice> >> /etc/yp.conf | ||
+ | /etc/init.d/nis restart | ||
+ | </source> | ||
+ | Test with | ||
+ | <source lang=cli> | ||
+ | yptest | ||
+ | </source> | ||
+ | {{source cli}} | ||
+ | |||
+ | =links= | ||
+ | *https://help.ubuntu.com/community/SettingUpNISHowTo | ||
+ | [[Category:Ubuntu]] |
Revision as of 11:57, 19 April 2012
NIS or Network Information Services is a simple - and insecure - way of making Single Sign On in a cluster of UNIX/Linux machines. Very useful in a closed network.
Originally NIS was called YP - Yellow Pages - and the acronyms YP and NIS are used.
There are up to three roles in a NIS installation
- Master server
- The master server - shares files to slaves and clients. For example the passwd and group file
- Slave server(s)
- Maintain copies of the Master Server shared files. Provides redundancy and load balancing
- Clients
- Use the shared files - for example for single sign on. Users added on the master server
Contents
Installation of the master server
Add the following line to /etc/hosts.allow. (In this case master,slaves and clients lives in the 10.222.0.0/24 network)
portmap ypserv ypbind: 10.222.0.0/255.255.255.0
Install NIS. You will be asked to enter the domain name. The domain name is not the DNS domain name - but a unique name for the the cluster of machines sharing the same information. (I use the DNS domain name - one less thing to remember)
apt-get install portmap nis
- Edit /etc/default/nis and set the NISSERVER line to NISSERVER = master
- Edit /etc/yp.conf and add a server line of the form: (Note my domain-name is c1.local)
domain c1.local server 127.0.0.1
- Edit /etc/ypserv.securenets remove the 0.0.0.0 line - insecure - and add your net/nets
Adding a user
When adding a user with adduser it's necessary to rebuild the NIS maps
root@head:~# <input>make -C /var/yp</input>
make: Går til katalog '/var/yp'
make[1]: Går til katalog '/var/yp/c1.local'
Updating passwd.byname...
Updating passwd.byuid...
Updating netid.byname...
Updating shadow.byname...
make[1]: Forlader katalog '/var/yp/c1.local'
make: Forlader katalog '/var/yp'
Script adding user in a Cluster
The following simple script:
- Add a user on the NIS server.
- Add a ssh key to the users /home library.
- In this cluster /home is distributed with NFS to all nodes. Logon to nodes without entering password
- Rebuilding the NIS database with the new user
#!/bin/bash
echo -e "Adding user to cluster"
echo -e "======================\n"
echo -en "User login name: "
read NAME
adduser $NAME
echo -e "Creating keys"
su $NAME -c "ssh-keygen -t dsa"
echo -e "Distributing keys"
su $NAME -c "cat /home/$NAME/.ssh/id_dsa.pub >> /home/$NAME/.ssh/authorized_keys"
echo -e "Rebuild NIS database"
make -C /var/yp
Installation on the clients
Install the software
sudo apt-get install portmap nis
run the following commands. Remember to change the IP address of the NIS_SERVER_IP to your NIS servers IP address.
echo "portmap : <notice>NIS_SERVER_IP</notice> >> /etc/hosts.allow
echo "+::::::" >> /etc/passwd
echo "+:::" >> /etc/group
echo "+::::::::" >> /etc/shadow
echo "ypserver <notice>NIS_SERVER_IP</notice> >> /etc/yp.conf
/etc/init.d/nis restart
Test with
yptest