To be completed by 2/28/2007
Practical Exercises

1. Install NIS package on both your desktop and the cluster node: 
apt-get install nis
Exit the configuration stage (configuring NIS) by pressing < Esc > twice. Cancel NIS startup by pressing < Ctrl-C >
If there is /etc/shadow file on either of the hosts, run 
pwunconv
to simplify NIS configuration.

2. Configure the cluster node as both a NIS server and a client.
Give a unique name to the new NIS domain, for example, domain18. Store it in file /etc/defaultdomain.
Modify file /etc/default/nis, by setting the following parameters 
NISSERVER=master
NISCLIENT=true
YPPWDDIR=/etc
YPCHANGEOK=chsh
and keep empty entries for the other parameters in the file.
Assuming your NIS server is node18 (you need to change it for the name of your cluster node), put the following entry in /etc/yp.conf: 
domain domain18 server node18
You also need to replace domain18 with the name of your domain.
Modify file /var/yp/Makefile for entry "ALL =" 
ALL =   passwd group
and for MINUID and MINGID: 
MINUID=5000
MINGID=5000
Build NIS maps: 
cd /var/yp; make
Ignore the RPC errors.
Start the NIS services: 
/etc/init.d/portmap stop
/etc/init.d/portmap start
/etc/init.d/nis stop
/etc/init.d/nis start
If the services fail to start, rebuild the NIS maps 
cd /var/yp; make
then try to start NIS again.

Verify that the NIS services are running with ps and rpcinfo commands: 
ps -ef | grep yp
rpcinfo -p | grep yp


3. Configure your desktop as a NIS client.
Put the NIS domain name in file /etc/defaultdomain.
Modify /etc/yp.conf file exactly the same way as for the node above. In file /etc/default/nis, make the following entries 
NISSERVER=false
NISCLIENT=true

Make sure there are the following entries in /etc/nsswitch.conf: 
passwd:         compat
group:          compat
shadow:         compat

hosts:          files dns
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis

Start the NIS client: 
/etc/init.d/portmap stop
/etc/init.d/portmap start 
/etc/init.d/nis stop
/etc/init.d/nis start

In the end of /etc/passwd, add the following cookie: 
+::::::
In the end of /etc/group, add 
+:::

Verify that the client is bound to the right domain and the right server by running the following commands: 
domainname
ypwhich


4. Create several users on the NIS server with uid, gid &ge 5000.
For example, 
groupadd -g 5000 nisusers
useradd -u 5000 -g 5000 -m -s /bin/bash jack
useradd -u 5001 -g 5000 -m -s /bin/bash sam 
useradd -u 5002 -g 5000 -m -s /bin/bash mary 
useradd -u 5003 -g 5000 -m -s /bin/bash jenn 
useradd -u 5004 -g 5000 -m -s /bin/bash testu
Give them passwords by executing passwd command for each user. Rebuild the NIS maps: 
cd /var/yp; make

On your desktop (NIS client), try to read the password NIS map with these users: 
ypcat passwd

Create home directories for the users on the NIS client and give them the user ownerships, accordingly. Try to login to the client as each of the NIS users. Change their passwords by running command yppasswd on the client.
Disallow user sam to login to the desktop by creating the following cookie in the end of /etc/passwd 
-sam::::::
+::::::
Make sure he can not login: 
ssh sam@localhost

Allow only user sam to login to the desktop among the NIS users: 
+sam::::::
+:*:::::/etc/NoShell
Make sure user sam can login to your desktop and the other NIS users can not.

5. Create a netgroup on the NIS server. In file /etc/netgroup, create the following entry 
powerusers  (,sam,) (,jenn,) (,jack,)

Modify file /var/yp/Makefile by including netgroup maps: 
ALL =   passwd group netgrp
Re-build the NIS maps: 
cd /var/yp; make

On the client host, modify file /etc/passwd for the NIS entry: 
+@powerusers:::::: 
+:*:::::/etc/NoShell
Make sure users sam, jenn, and jack can login to the desktop and users mary, and testu can not.
Check the log file for the authentication, /var/log/auth.log: 
tail /var/log/auth.log
For the rejected ssh logins, there should be messages saying: ...User testu not allowed because shell etc/NoShell does not exist

6. Secure remote access to the NIS server.
On the NIS server, edit file /etc/ypserv.securenets and comment-out the line with "0.0.0.0 0.0.0.0": 
#0.0.0.0                0.0.0.0
Restart the NIS services on the server. 
/etc/init.d/nis restart

On the client, run 
ypcat passwd
and notice the "Internal NIS error".
Modify /etc/ypserv.securenets on the server again and include the IP and netmask for your desktop. For example, if the IP of your desktop is 192.168.5.18, the entry in the file should look as follows: 
255.255.255.255         192.168.5.18
Restart the NIS on the server and run ypcat passwd on the client again.

7. Create your own NIS map.
Following the instruction in the lecture notes, create a NIS map for telephone numbers on the server. Verify you can browse the map on the client host: 
ypcat telephones

Previous Pageprevious First Pagetop