Difference between revisions of "Cluster der kan alt/LDAP eller NIS"
From Teknologisk videncenter
m |
|||
| Line 1: | Line 1: | ||
| − | [[NIS | + | NIS or Network Information Services is a simple - and insecure - way of making [[SSO|Single Sign On]] in a cluster of UNIX/Linux machines. Very useful in a closed network. |
| − | :: | + | |
| + | Originally NIS was called YP - Yellow Pages - and the acronyms YP and NIS are used. | ||
| + | |||
| + | There are up to three roles in a NIS installation | ||
| + | ;Master server:The master server - shares files to slaves and clients. For example the passwd and group file | ||
| + | ;Slave server(s):Maintain copies of the Master Server shared files. Provides redundancy and load balancing | ||
| + | ;Clients:Use the shared files - for example for single sign on. Users added on the master server | ||
| + | =Installation of the master server= | ||
| + | Add the following line to '''/etc/hosts.allow'''. (In this case master,slaves and clients lives in the 10.222.0.0/24 network) | ||
| + | <source lang=cli> | ||
| + | portmap ypserv ypbind: 10.222.0.0/255.255.255.0 | ||
| + | </source> | ||
| + | Install NIS. You will be asked to enter the domain name. The domain name is not the DNS domain name - but a unique name for the the cluster of machines sharing the same information. (I use the DNS domain name - one less thing to remember) | ||
| + | <source lang=cli> | ||
| + | apt-get install portmap nis | ||
| + | </source> | ||
| + | *Edit '''/etc/default/nis''' and set the NISSERVER line to NISSERVER = master | ||
| + | *Edit '''/etc/yp.conf''' and add a server line of the form: (Note my domain-name is '''c1.local''') | ||
| + | <source lang=cli> | ||
| + | domain c1.local server 127.0.0.1 | ||
| + | </source> | ||
| + | *Edit '''/etc/ypserv.securenets''' remove the '''0.0.0.0''' line - insecure - and add your net/nets | ||
| + | ==Adding a user== | ||
| + | When adding a user with '''adduser''' it's necessary to rebuild the NIS maps | ||
| + | <source lang=cli> | ||
| + | root@head:~# <input>make -C /var/yp</input> | ||
| + | make: Går til katalog '/var/yp' | ||
| + | make[1]: Går til katalog '/var/yp/c1.local' | ||
| + | Updating passwd.byname... | ||
| + | Updating passwd.byuid... | ||
| + | Updating netid.byname... | ||
| + | Updating shadow.byname... | ||
| + | make[1]: Forlader katalog '/var/yp/c1.local' | ||
| + | make: Forlader katalog '/var/yp' | ||
| + | </source> | ||
| + | ===Script adding user in a Cluster=== | ||
| + | The following simple script: | ||
| + | *Add a user on the NIS server. | ||
| + | *Add a ssh key to the users '''/home''' library. | ||
| + | **In this cluster '''/home''' is distributed with [[NFS]] to all nodes. Logon to nodes without entering password | ||
| + | *Rebuilding the NIS database with the new user | ||
| + | <source lang=cli> | ||
| + | #!/bin/bash | ||
| + | echo -e "Adding user to cluster" | ||
| + | echo -e "======================\n" | ||
| + | echo -en "User login name: " | ||
| + | read NAME | ||
| + | adduser $NAME | ||
| + | |||
| + | echo -e "Creating keys" | ||
| + | su $NAME -c "ssh-keygen -t dsa" | ||
| + | echo -e "Distributing keys" | ||
| + | su $NAME -c "cat /home/$NAME/.ssh/id_dsa.pub >> /home/$NAME/.ssh/authorized_keys" | ||
| + | echo -e "Rebuild NIS database" | ||
| + | make -C /var/yp | ||
| + | </source> | ||
| + | |||
| + | =Installation on the clients= | ||
| + | Install the software | ||
| + | <source lang=cli> | ||
| + | sudo apt-get install portmap nis | ||
| + | </source> | ||
| + | run the following commands. Remember to change the IP address of the NIS_SERVER_IP to your NIS servers IP address. | ||
| + | <source lang=cli> | ||
| + | echo "portmap : <notice>NIS_SERVER_IP</notice> >> /etc/hosts.allow | ||
| + | echo "+::::::" >> /etc/passwd | ||
| + | echo "+:::" >> /etc/group | ||
| + | echo "+::::::::" >> /etc/shadow | ||
| + | echo "ypserver <notice>NIS_SERVER_IP</notice> >> /etc/yp.conf | ||
| + | /etc/init.d/nis restart | ||
| + | </source> | ||
| + | Test with | ||
| + | <source lang=cli> | ||
| + | yptest | ||
| + | </source> | ||
| + | {{source cli}} | ||
| + | |||
| + | =links= | ||
| + | *https://help.ubuntu.com/community/SettingUpNISHowTo | ||
| + | [[Category:Ubuntu]] | ||
Revision as of 12:57, 19 April 2012
NIS or Network Information Services is a simple - and insecure - way of making Single Sign On in a cluster of UNIX/Linux machines. Very useful in a closed network.
Originally NIS was called YP - Yellow Pages - and the acronyms YP and NIS are used.
There are up to three roles in a NIS installation
- Master server
- The master server - shares files to slaves and clients. For example the passwd and group file
- Slave server(s)
- Maintain copies of the Master Server shared files. Provides redundancy and load balancing
- Clients
- Use the shared files - for example for single sign on. Users added on the master server
Contents
Installation of the master server
Add the following line to /etc/hosts.allow. (In this case master,slaves and clients lives in the 10.222.0.0/24 network)
portmap ypserv ypbind: 10.222.0.0/255.255.255.0Install NIS. You will be asked to enter the domain name. The domain name is not the DNS domain name - but a unique name for the the cluster of machines sharing the same information. (I use the DNS domain name - one less thing to remember)
apt-get install portmap nis- Edit /etc/default/nis and set the NISSERVER line to NISSERVER = master
- Edit /etc/yp.conf and add a server line of the form: (Note my domain-name is c1.local)
domain c1.local server 127.0.0.1- Edit /etc/ypserv.securenets remove the 0.0.0.0 line - insecure - and add your net/nets
Adding a user
When adding a user with adduser it's necessary to rebuild the NIS maps
root@head:~# <input>make -C /var/yp</input>
make: Går til katalog '/var/yp'
make[1]: Går til katalog '/var/yp/c1.local'
Updating passwd.byname...
Updating passwd.byuid...
Updating netid.byname...
Updating shadow.byname...
make[1]: Forlader katalog '/var/yp/c1.local'
make: Forlader katalog '/var/yp'Script adding user in a Cluster
The following simple script:
- Add a user on the NIS server.
- Add a ssh key to the users /home library.
- In this cluster /home is distributed with NFS to all nodes. Logon to nodes without entering password
- Rebuilding the NIS database with the new user
#!/bin/bash
echo -e "Adding user to cluster"
echo -e "======================\n"
echo -en "User login name: "
read NAME
adduser $NAME
echo -e "Creating keys"
su $NAME -c "ssh-keygen -t dsa"
echo -e "Distributing keys"
su $NAME -c "cat /home/$NAME/.ssh/id_dsa.pub >> /home/$NAME/.ssh/authorized_keys"
echo -e "Rebuild NIS database"
make -C /var/ypInstallation on the clients
Install the software
sudo apt-get install portmap nisrun the following commands. Remember to change the IP address of the NIS_SERVER_IP to your NIS servers IP address.
echo "portmap : <notice>NIS_SERVER_IP</notice> >> /etc/hosts.allow
echo "+::::::" >> /etc/passwd
echo "+:::" >> /etc/group
echo "+::::::::" >> /etc/shadow
echo "ypserver <notice>NIS_SERVER_IP</notice> >> /etc/yp.conf
/etc/init.d/nis restartTest with
yptest