NIS : Network Information Server

Publié: 13 mars 2013 dans Debian, Linux, Securité
Tags:, , , , , , , , , , , , , ,

1. Installation du serveur

#apt-get install nis

2. Configuration

2.1 Configuration : /etc/default/nis

#NISSERVER=false
NISSERVER=master
NISCLIENT=true
YPPWDDIR=/etc
YPCHANGEOK=chsh
NISMASTER=
YPSERVARGS=
YPBINDARGS=-no-dbus
YPPASSWDDARGS=
YPXFRDARGS=

2.2 Configuration : /etc/YPServ.conf

#
# ypserv.conf   In this file you can set certain options for the NIS server,
#               and you can deny or restrict access to certain maps based
#               on the originating host.
#
#               See ypserv.conf(5) for a description of the syntax.
#
# The following, when uncommented,  will give you shadow like passwords.
# Note that it will not work if you have slave NIS servers in your
# network that do not run the same server as you.
Host                       : Domain  : Map              : Security
*                          : *       : passwd.byname    : port/mangle
*                          : *       : passwd.byuid     : port/mangle
# This is the default - restrict access to the shadow password file,
# allow access to all others.
*                            : *       : shadow.byname    : port
*                            : *       : passwd.adjunct.byname : port
*                            : *       : *                : none

2.3 Configuration : /etc/yp.conf

#
# yp.conf       Configuration file for the ypbind process. You can define
#               NIS servers manually here if they can't be found by
#               broadcasting on the local net (which is the default).
#
#               See the manual page of ypbind for the syntax of this file.
#
# IMPORTANT:    For the "ypserver", use IP addresses, or make sure that
#               the host is in /etc/hosts. This file is only interpreted
#               once, and if DNS isn't reachable yet the ypserver cannot
#               be resolved and ypbind won't ever bind to the server.
# ypserver ypserver.network.com
ypserver monserveurnis.mondomaine.priv

2.4 Configuration : /etc/defaultdomain

mondomaine.priv

2.4 Configuration : /etc/ypserv.securenets

#
# securenets    This file defines the access rights to your NIS server
#               for NIS clients (and slave servers - ypxfrd uses this
#               file too). This file contains netmask/network pairs.
#               A clients IP address needs to match with at least one
#               of those.
#
#               One can use the word "host" instead of a netmask of
#               255.255.255.255. Only IP addresses are allowed in this
#               file, not hostnames.
#
# Always allow access for localhost
255.0.0.0       127.0.0.0
# This line gives access to everybody. PLEASE ADJUST!
0.0.0.0         0.0.0.0

3. Initialisation

Création de la base de données d’authentification

#/usr/lib/yp/ypinit -m

3.1 Installation du client NIS

# yp.conf       Configuration file for the ypbind process. You can define
#               NIS servers manually here if they can't be found by
#               broadcasting on the local net (which is the default).
#
#               See the manual page of ypbind for the syntax of this file.
#
# IMPORTANT:    For the "ypserver", use IP addresses, or make sure that
#               the host is in /etc/hosts. This file is only interpreted
#               once, and if DNS isn't reachable yet the ypserver cannot
#               be resolved and ypbind won't ever bind to the server.
# ypserver ypserver.network.com
ypserver monserveurnis.mondomaine.priv

3.2 Configuration du client NIS

3.2.1 /etc/hosts

10.11.12.13          monserveurnis.mondomaine.priv     monserveurnis

3.2.2 /etc/defaultdomain

mondomaine.priv

3.2.3 /etc/nsswitch.conf

# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.
passwd:         nis compat
group:          compat
shadow:         compat
hosts:          files nis mdns4_minimal [NOTFOUND=return] dns mdns4
networks:       files
protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

3.2.4  Modification des fichiers locaux

# echo "+::::::" >>/etc/passwd
# echo "+::::::::" >>/etc/shadow
# echo "+:::" >>/etc/group

4. Maintenance

4.1 Création d’un utilisateur

Sur le serveur client configuré Client NIS :

NIS client # mkdir /home/<user>
NIS client # chown <user>:<user> <user>

Sur le serveur NIS :

NIS server # adduser <user>
NIS server # cd /var/yp
NIS server # make

4.2 Modification d’un mot de passe

NIS server # yppasswd <user>
NIS server # mot de passe root :
NIS server # nouveau mot de passe :
NIS server #
NIS server # cd /var/yp
NIS server # make

4.3 Supprimer un utilisateur

Sur le serveur client configuré Client NIS :

NIS client # rm –r /home/<user>

Sur le serveur NIS :

NIS server # deluser <user>
NIS server # cd /var/yp
NIS server # make
Publicités

Laisser un commentaire

Entrez vos coordonnées ci-dessous ou cliquez sur une icône pour vous connecter:

Logo WordPress.com

Vous commentez à l'aide de votre compte WordPress.com. Déconnexion / Changer )

Image Twitter

Vous commentez à l'aide de votre compte Twitter. Déconnexion / Changer )

Photo Facebook

Vous commentez à l'aide de votre compte Facebook. Déconnexion / Changer )

Photo Google+

Vous commentez à l'aide de votre compte Google+. Déconnexion / Changer )

Connexion à %s