Posts Tagged ‘ Linux ’

Using parted

How to create a disk partition on a disk greater than 2TB in size.

Fdisk command does not supports partitioning of disk that has greater than 2 TB size. The parted tool supports GPT disk labels which can be used on disks larger than 2TB.
The example below demonstrates how to create a 5TB partition:

1. Use the parted tool to access the partition table of the device:

# parted /dev/sda
Using /dev/sda
Welcome to GNU Parted! Type ‘help’ to view a list of commands.
(parted)

2.

Once at the parted prompt, create a GPT label on the disk:

(parted) mklabel
Warning: The existing disk label on /dev/sdj will be destroyed and all data on this disk will be lost. Do you want to continue?
Yes/No? Yes
New disk label type?  [gpt]? gpt
(parted)

Note: This will remove any existing partition table and partitions on the device.
3. Use the print command to show the size of the disk as reported by parted.  We need this later:

(parted) print

Model: Linux device-mapper (dm)
Disk /dev/sda: 5000GB
Sector size (logical/physical): 512B/512B
Partition Table: gpt

Number  Start  End  Size  File system  Name  Flags

4. Create a primary partition on the device.  In this example, the partition will encompass the entire disk (using size from the step above):

(parted) mkpart primary 0 5000GB

5. Unlike fdisk, you do not have to write out the partition table changes with parted.  Display your new partition and quit.

(parted) print

Model: Linux device-mapper (dm)
Disk /dev/mapper/VolGroup00-gpttest: 5000GB
Sector size (logical/physical): 512B/512B
Partition Table: gpt

Number  Start   End          Size         File system  Name     Flags
1      17.4kB  5000GB  5000GB               primary

(parted) quit
Information: Don’t forget to update /etc/fstab, if necessary.

6.

You can now create a filesystem on the device /dev/sda1

7. Use mkfs.ext3 to make ext3 partition.

mkfs.ext3 /dev/sda1

8. Use print option to displays the partition table.

parted /dev/sda print

Advertisements

ARP cache

ARP cache

The arp table or arp cache keeps track of all devices on your network that your computer is capable of communicating with. It stores the Layer 2 data ( MAC addresses ) as well as the interface in which the device is connected through (i.e. which interface the traffic came in on ). This table can be viewed, modified, flushed using the arp command in Linux

View Arp Cache Entries

arp -n

The output will something like the following.

Address                  HWtype  HWaddress           Flags Mask            Iface 
22.23.24.25             ether   00:22:aa:63:88:3f   C                     eth0

Add Static Arp Entry

To add an arp entry we can use the following arp command.

arp -i eth0 -s 10.10.10.13 de:aa:bb:ef:fe:eg

Remove Entry From Arp Cache

To remove an entry we can use the below command

 arp -i <if>] -d  <host>

Some example usages are given below

 arp -i eth0 -d 10.11.12.13
 arp -d 192.168.1.100

Flush all arp cache entries

 ip neigh flush all --> Flush all arp entires
 ip -s -s neigh flush all --> For verbose output 
 ip neigh flush 10.0.1.13 --> Flush arp entry for host 10.0.1.13

 

mount: /dev/sdb1 already mounted or /mnt busy

[root@]# mount -t ext3  /dev/sdb1 /mnt
mount: /dev/sdb1 already mounted or /mnt busy

lsof didn’t provide any open files that might be linked to this problem or there was any “famd” running. Finally doing the following steps to remove the logical devices from the device-mapper driver helped us fix the problem.

[root@]# dmsetup ls
ddf1_44656c6c202020201028001510281f033832b7a2f6678dab   (253, 0)
ddf1_44656c6c202020201028001510281f033832b7a2f6678dab1  (253, 1)

[root@]# dmsetup remove ddf1_44656c6c202020201028001510281f033832b7a2f6678dab1
[root@]# dmsetup ls
ddf1_44656c6c202020201028001510281f033832b7a2f6678dab   (253, 0)

[root@]# dmsetup remove ddf1_44656c6c202020201028001510281f033832b7a2f6678dab

[root@]# dmsetup ls
No devices found

Mounting using the command “mount -t ext3  /dev/sdb1 /mnt”  after the above steps worked fine.

ext3 to ext4 Migration

Before Migrationg Please make sure that the kernel module ext4 is installed in the Present Kernel.

root@server [~]# lsmod | grep ext
ext4                  285409  1 
jbd2                   47744  1 ext4
crc16                   1027  1 ext4
ext3                   94929  5 
jbd                    31739  1 ext3

1. First of all, its recommended to backup everything first. We will us ‘dd‘ command to backup the whole partition to another hard disk. That hard disk is attached via SATA cable. We will format the backup hard disk with ext3 filesystem and and mount as /backup partition:

fdisk /dev/sdb

The sequence I press in the keyboard is: n > p > 1 > enter > enter > w

2. Then, format the partition table /dev/sdb1 with ext3 filesystem:

mkfs.ext3 /dev/sdb1

3. Mount the backup partition to /backup:

$ mkdir /backup
$ mount /dev/sdb1 /backup

4.Lets backup “/” partition and put the image into backup directory:

dd if=/ of=/backup

5.Now we need to install one package called e4fsprogs. The e4fsprogs packages contain a number of utilities for creating, checking, modifying, and correcting inconsistencies in fourth extended (ext4 and ext4dev) file systems:

$ yum -y install e4fsprogs

We start to do the ext4 filesystem conversion:

umount /dev/sda7
tune4fs -O extents,uninit_bg,dir_index /dev/sda7

Please run e4fsck on the filesystem.

As what has been advised, we need to run filesystem check after tune. I rather do this in single-mode (init 1) to reduce risks. DON’T PROCEED TO REBOOT ONCE THIS STEP COMPLETE!

$ init 1
$ e4fsck -fDC0 /dev/sda7
root@server [~]# fsck.ext4 -yfD /dev/sda7
e4fsck 1.41.12 (17-May-2010)
Pass 1: Checking inodes, blocks, and sizes
Pass 2: Checking directory structure
Pass 3: Checking directory connectivity
Pass 3A: Optimizing directories
Pass 4: Checking reference counts
Pass 5: Checking group summary information

/home: ***** FILE SYSTEM WAS MODIFIED *****
/home: 127401/14499840 files (2.6% non-contiguous), 985022/28981252 blocks
$ vi /etc/fstab

make it as ext4

Now, all’s OK, just mount it as ext4:

mount -t ext4 /dev/sda7 /home/

If you have converted /boot file system , you need to update /boot/grub.conf. Use your favourite editor to open this file, find out current kernel config section and append the following parameter:

rootfstype=ext4

Here is sample config:

title CentOS 5 (2.6.39)
	root (hd0,0)
        kernel /vmlinuz-2.6.39.42.6.39 ro root=LABEL=/ rootfstype=ext4
        initrd /initrd-2.6.39.42.6.39.img

Save and close the file. And run update-grub

Next, update your /etc/fstab file so that it can be mounted as ext4 file system by default. And finally, reboot your system

Rebuild the initrd to make sure our system will mount /sysroot as ext4 and reboot the server once complete:

mkinitrd -v -f initrd-2.6.39.42.6.39.img 2.6.39.42.6.39
reboot

CIDR & Netmask

Netmask              Netmask (binary)                 CIDR     Notes    
_____________________________________________________________________________
255.255.255.255  11111111.11111111.11111111.11111111  /32  Host (single addr)
255.255.255.254  11111111.11111111.11111111.11111110  /31  Unuseable
255.255.255.252  11111111.11111111.11111111.11111100  /30    2  useable
255.255.255.248  11111111.11111111.11111111.11111000  /29    6  useable
255.255.255.240  11111111.11111111.11111111.11110000  /28   14  useable
255.255.255.224  11111111.11111111.11111111.11100000  /27   30  useable
255.255.255.192  11111111.11111111.11111111.11000000  /26   62  useable
255.255.255.128  11111111.11111111.11111111.10000000  /25  126  useable
255.255.255.0    11111111.11111111.11111111.00000000  /24 "Class C" 254 useable

255.255.254.0    11111111.11111111.11111110.00000000  /23    2  Class C's
255.255.252.0    11111111.11111111.11111100.00000000  /22    4  Class C's
255.255.248.0    11111111.11111111.11111000.00000000  /21    8  Class C's
255.255.240.0    11111111.11111111.11110000.00000000  /20   16  Class C's
255.255.224.0    11111111.11111111.11100000.00000000  /19   32  Class C's
255.255.192.0    11111111.11111111.11000000.00000000  /18   64  Class C's
255.255.128.0    11111111.11111111.10000000.00000000  /17  128  Class C's
255.255.0.0      11111111.11111111.00000000.00000000  /16  "Class B"
     
255.254.0.0      11111111.11111110.00000000.00000000  /15    2  Class B's
255.252.0.0      11111111.11111100.00000000.00000000  /14    4  Class B's
255.248.0.0      11111111.11111000.00000000.00000000  /13    8  Class B's
255.240.0.0      11111111.11110000.00000000.00000000  /12   16  Class B's
255.224.0.0      11111111.11100000.00000000.00000000  /11   32  Class B's
255.192.0.0      11111111.11000000.00000000.00000000  /10   64  Class B's
255.128.0.0      11111111.10000000.00000000.00000000  /9   128  Class B's
255.0.0.0        11111111.00000000.00000000.00000000  /8   "Class A"
  
254.0.0.0        11111110.00000000.00000000.00000000  /7
252.0.0.0        11111100.00000000.00000000.00000000  /6
248.0.0.0        11111000.00000000.00000000.00000000  /5
240.0.0.0        11110000.00000000.00000000.00000000  /4
224.0.0.0        11100000.00000000.00000000.00000000  /3
192.0.0.0        11000000.00000000.00000000.00000000  /2
128.0.0.0        10000000.00000000.00000000.00000000  /1
0.0.0.0          00000000.00000000.00000000.00000000  /0   IP space

                                   Net     Host    Total
Net      Addr                      Addr    Addr    Number
Class   Range      NetMask         Bits    Bits   of hosts
----------------------------------------------------------
A        0-127    255.0.0.0         8      24     16777216   (i.e. 114.0.0.0)
B      128-191    255.255.0.0      16      16        65536   (i.e. 150.0.0.0)
C      192-254    255.255.255.0    24       8          256   (i.e. 199.0.0.0)
D      224-239    (multicast)
E      240-255    (reserved)
F      208-215    255.255.255.240  28       4           16
G      216/8      ARIN - North America
G      217/8      RIPE NCC - Europe
G      218-219/8  APNIC
H      220-221    255.255.255.248  29       3            8   (reserved)
K      222-223    255.255.255.254  31       1            2   (reserved)
(ref: RFC1375 & http://www.iana.org/assignments/ipv4-address-space )
(               http://www.iana.org/numbers.htm                    )
----------------------------------------------------------

The current list of special use prefixes:
	0.0.0.0/8	
	127.0.0.0/8
	192.0.2.0/24
	10.0.0.0/8
	172.16.0.0/12
	192.168.0.0/16
	169.254.0.0/16
	all D/E space
(ref: RFC1918 http://www.rfc-editor.org/rfc/rfc1918.txt   )
(       or     ftp://ftp.isi.edu/in-notes/rfc1918.txt     )
(rfc search:   http://www.rfc-editor.org/rfcsearch.html   )
(              http://www.ietf.org/ietf/1id-abstracts.txt )
(              http://www.ietf.org/shadow.html            )


Martians: (updates at: www.iana.org/assignments/ipv4-address-space )
 no ip source-route
 access-list 100 deny   ip host 0.0.0.0 any
  deny ip 0.0.0.0         0.255.255.255  any log  ! antispoof
  deny ip 0.0.0.0 0.255.255.255  0.0.0.0 255.255.255.255 ! antispoof
  deny ip any             255.255.255.128 0.0.0.127 ! antispoof
  deny ip host            0.0.0.0        any log  ! antispoof
  deny ip host            [router intf]  [router intf] ! antispoof
  deny ip xxx.xxx.xxx.0   0.0.0.255      any log  ! lan area
  deny ip 0/8             0.255.255.255  any log  ! IANA - Reserved
  deny ip 1/8             0.255.255.255  any log  ! IANA - Reserved
  deny ip 2/8             0.255.255.255  any log  ! IANA - Reserved
  deny ip 5/8             0.255.255.255  any log  ! IANA - Reserved
  deny ip 7/8             0.255.255.255  any log  ! IANA - Reserved
  deny ip 10.0.0.0        0.255.255.255  any log  ! IANA - Private Use
  deny ip 23/8            0.255.255.255  any log  ! IANA - Reserved
  deny ip 27/8            0.255.255.255  any log  ! IANA - Reserved
  deny ip 31/8            0.255.255.255  any log  ! IANA - Reserved
  deny ip 36-37/8         0.255.255.255  any log  ! IANA - Reserved
  deny ip 39/8            0.255.255.255  any log  ! IANA - Reserved
  deny ip 41-42/8         0.255.255.255  any log  ! IANA - Reserved
  deny ip 50/8            0.255.255.255  any log  ! IANA - Reserved
  deny ip 58-60/8         0.255.255.255  any log  ! IANA - Reserved
  deny ip 69-79/8         0.255.255.255  any log  ! IANA - Reserved
  deny ip 82-95/8         0.255.255.255  any log  ! IANA - Reserved
  deny ip 96-126/8        0.255.255.255  any log  ! IANA - Reserved
  deny ip 127/8           0.255.255.255  any log  ! IANA - Reserved
  deny ip 169.254.0.0     0.0.255.255    any log  ! link-local network
  deny ip 172.16.0.0      0.15.255.255   any log  ! reserved
  deny ip 192.168.0.0     0.0.255.255    any log  ! reserved
  deny ip 192.0.2.0       0.0.0.255      any log  ! test network
  deny ip 197/8           0.255.255.255  any log  ! IANA - Reserved
  deny ip 220/8           0.255.255.255  any log  ! IANA - Reserved
  deny ip 222-223/8       0.255.255.255  any log  ! IANA - Reserved
  deny ip 224.0.0.0       31.255.255.255 any log  ! multicast
  deny ip 224.0.0.0       15.255.255.255 any log  ! unless MBGP-learned routes
  deny ip 224-239/8       0.255.255.255  any log  ! IANA - Multicast
  deny ip 240-255/8       0.255.255.255  any log  ! IANA - Reserved

filtered source addresses
  0/8                 ! broadcast
  10/8                ! RFC 1918 private
  127/8               ! loopback
  169.254.0/16        ! link local
  172.16.0.0/12       ! RFC 1918 private
  192.0.2.0/24        ! TEST-NET
  192.168.0/16        ! RFC 1918 private
  224.0.0.0/4         ! class D multicast
  240.0.0.0/5         ! class E reserved
  248.0.0.0/5         ! reserved
  255.255.255.255/32  ! broadcast

ARIN administrated blocks: (http://www.arin.net/regserv/IPStats.html)
   24.0.0.0/8 (portions of)
   63.0.0.0/8
   64.0.0.0/8
   65.0.0.0/8
   66.0.0.0/8
  196.0.0.0/8
  198.0.0.0/8
  199.0.0.0/8
  200.0.0.0/8
  204.0.0.0/8
  205.0.0.0/8
  206.0.0.0/8
  207.0.0.0/8
  208.0.0.0/8
  209.0.0.0/8
  216.0.0.0/8
----------------------------------------------------------

well known ports: (rfc1700.txt)
 www.iana.org/assignments/port-numbers

protocol numbers:
 www.iana.org/assignments/protocol-numbers
 www.iana.org/numbers.htm

ICMP(Types/Codes)
 Testing Destination Reachability & Status
  (0/0)  Echo-Reply
  (8/0)  Echo
 Unreachable Destinations
  (3/0)  Network Unreachable
  (3/1)  Host Unreachable
  (3/2)  Protocol Unreachable
  (3/3)  Port Unreachable
  (3/4)  Fragmentaion Needed and DF set (Pkt too big)
  (3/5)  Source Route Failed
  (3/6)  Network Unknown
  (3/7)  Host Unknown
  (3/9)  DOD Net Prohibited
  (3/10) DOD Host Prohibited
  (3/11) Net TOS Unreachable
  (3/12) Host TOS Unreachable
  (3/13) Administratively Prohibited
  (3/14) Host Precedence Unreachable
  (3/15) Precedence Unreachable
 Flow Control
  (4/0)  Source-Quench [RFC 1016]
 Route Change Requests from Gateways
  (5/0)  Redirect Datagrams for the Net
  (5/1)  Redirect Datagrams for the Host
  (5/2)  Redirect Datagrams for the TOS and Net
  (5/3)  Redirect Datagrams for the TOS and Host
 Router
  (6/-)  Alternate-Address
  (9/0)  Router-Advertisement
  (10/0) Router-Solicitation
 Detecting Circular or Excessively Long Routes
  (11/0) Time to Live Count Exceeded
  (11/1) Fragment Reassembly Time Exceeded
 Reporting Incorrect Datagram Headers
  (12/0) Parameter-Problem
  (12/1) Option Missing
  (12/2) No Room for Option
 Clock Synchronization and Transit Time Estimation
  (13/0) Timestamp-Request
  (14/0) Timestamp-Reply
 Obtaining a Network Address (RARP Alternative)
  (15/0) Information-Request
  (16/0) Information-Reply
 Obtaining a Subnet Mask [RFC 950]
  (17/0) Address Mask-Request
  (18/0) Address Mask-Reply
 Other
  (30/0) Traceroute
  (31/0) Conversion-Error
  (32/0) Mobile-Redirect

Ref: [RFC 792] [RFC 896] [RFC 950] [RFC 1016]
  www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/sw_5_3/cofigide/qos.htm#19774



Decimal system Prefix's
              Factor               Exponent  Prefix
---------------------------------------------------
 1 000 000 000 000 000 000 000 000...10^24....yotta
     1 000 000 000 000 000 000 000...10^21....zetta
         1 000 000 000 000 000 000...10^18....exa
             1 000 000 000 000 000...10^15....peta
                 1 000 000 000 000...10^12....tera
                     1 000 000 000...10^9.....giga
                         1 000 000...10^6.....mega
                             1 000...10^3.....kilo
                               100...10^2.....hecto
                                10...10^1.....deka
                               0.1...10^-1....deci
                              0.01...10^-2....centi
                             0.001...10^-3....milli
                         0.000 001...10^-6....micro
                     0.000 000 001...10^-9....nano
                 0.000 000 000 001...10^-12...pico
             0.000 000 000 000 001...10^-15...femto
         0.000 000 000 000 000 001...10^-18...atto
     0.000 000 000 000 000 000 001...10^-21...zepto
 0.000 000 000 000 000 000 000 001...10^-24...yocto
---------------------------------------------------

Convert Fahrenheit <> Celsius:
 Celsius = (Fahrenheit - 32) / 1.8
 Fahrenheit = (Celsius * 1.8) + 32

Configuring NIS

Network Information Services (NIS) enables you to create user accounts that can be shared across all systems on your network. The user account is created only on the NIS server. NIS clients download the necessary username and password data from the NIS server to verify each user login.

An advantage of NIS is that users need to change their passwords on the NIS server only, instead of every system on the network. This makes NIS popular in computer training labs, distributed software development projects or any other situation where groups of people have to share many different computers.

The disadvantages are that NIS doesn’t encrypt the username and password information sent to the clients with each login and that all users have access to the encrypted passwords stored on the NIS server. A detailed analysis of NIS security is beyond the scope of this book, but I suggest that you restrict its use to highly secure networks or to networks where access to non-NIS networks is highly restricted.

The Lightweight Directory Access Protocol (LDAP) offers similar features to NIS but has the advantage of supporting encryption without additional software and can support clients across multiple networks without the need for slave servers. It is for this reason that LDAP has become increasingly popular for this type of application. LDAP is discussed in more detail in Chapter 31, “Centralized Logins Using LDAP and RADIUS“.

Scenario

To understand the benefits of NFS, consider an example. A school wants to set up a small computer lab for its students.

  • The main Linux server, bigboy, has a large amount of disk space and will be used as both the NIS server and NFS-based file server for the Linux PCs in the lab.
  • Users logging into the PCs will be assigned home directories on bigboy and not on the PCs themselves.
  • Each user’s home directory will be automatically mounted with each user login on the PCs using NFS.
  • The lab instructor will practice with a Linux PC named smallfry before implementing NIS on all the remaining PCs.
  • The suite of NIS RPMs have been installed on the server and client: ypserve and yp-tools are on the server, and ypbind and yp-tools are on the client.

Downloading and installing RPMs isn’t hard, as discussed in Chapter 6, “Installing Linux Software“. When searching for the RPMs, remember that the filename usually starts with the software package name followed by a version number, as in yp-tools-2.8-3.i386.rpm.

The lab instructor did some research and created an implementation plan:

  1. Configure bigboy as an NFS server to make its /home directory available to the Linux workstations.
  2. Configure smallfry as an NFS client that can access bigboy’s /home directory.
  3. Configure bigboy as an NIS server.
  4. Create a user account (nisuser) on bigboy that doesn’t exist on smallfry. Convert the account to a NIS user account.
  5. Configure smallfry as an NIS client.
  6. Test a remote login from bigboy to smallfry using the username and password of the account nisuser.

You have the scenario and the plan, it’s time to get to work.

Configuring The NFS Server

Here are the steps to configure the NFS server in this scenario:

1. Edit the /etc/exports file to allow NFS mounts of the /home directory with read/write access.

/home                   *(rw,sync)

2. Let NFS read the /etc/exports file for the new entry, and make /home available to the network with the exportfs command.

[root@bigboy tmp]# exportfs -a
[root@bigboy tmp]#

3. Make sure the required nfs, nfslock, and portmap daemons are both running and configured to start after the next reboot.

[root@bigboy tmp]# chkconfig nfslock on
[root@bigboy tmp]# chkconfig nfs on
[root@bigboy tmp]# chkconfig portmap on
[root@bigboy tmp]# service portmap start
Starting portmapper: [  OK  ]
[root@bigboy tmp]# service nfslock start
Starting NFS statd: [  OK  ]
[root@bigboy tmp]# service nfs start
Starting NFS services:  [  OK  ]
Starting NFS quotas: [  OK  ]
Starting NFS daemon: [  OK  ]
Starting NFS mountd: [  OK  ]
[root@bigboy tmp]#

After configuring the NFS server, we have to configure its clients, This will be covered next.

Configuring The NFS Client

You also need to configure the NFS clients to mount their /home directories on the NFS server.

These steps archive the /home directory. In a production environment in which the /home directory would be actively used, you’d have to force the users to log off, backup the data, restore it to the NFS server, and then follow the steps below. As this is a lab environment, these prerequisites aren’t necessary.

1. Make sure the required netfs, nfslock, and portmap daemons are running and configured to start after the next reboot.

[root@smallfry tmp]# chkconfig nfslock on
[root@smallfry tmp]# chkconfig netfs on
[root@smallfry tmp]# chkconfig portmap on
[root@smallfry tmp]# service portmap start
Starting portmapper: [  OK  ]
[root@smallfry tmp]# service netfs start
Mounting other filesystems:  [  OK  ]
[root@smallfry tmp]# service nfslock start
Starting NFS statd: [  OK  ]
[root@smallfry tmp]#

2. Keep a copy of the old /home directory, and create a new directory /home on which you’ll mount the NFS server’s directory.

[root@smallfry tmp]# mv /home /home.save
[root@smallfry tmp]# mkdir /home
[root@smallfry tmp]# ll /
...
...
drwxr-xr-x    1 root   root     11 Nov 16 20:22 home
drwxr-xr-x    2 root   root   4096 Jan 24  2003 home.save
...
...
[root@smallfry tmp]#

3. Make sure you can mount bigboy’s /home directory on the new /home directory you just created. Unmount it once everything looks correct.

[root@smallfry tmp]# mount 192.168.1.100:/home /home/
[root@smallfry tmp]# ls /home
ftpinstall  nisuser  quotauser  smallfry  www
[root@smallfry tmp]# umount /home
[root@smallfry tmp]#

4. Start configuring autofs automounting. Edit your /etc/auto.master file to refer to file /etc/auto.home for mounting information whenever the /home directory is accessed. After five minutes, autofs unmounts the directory.

#/etc/auto.master
/home      /etc/auto.home --timeout 600

5. Edit file /etc/auto.home to do the NFS mount whenever the /home directory is accessed. If the line is too long to view on your screen, you can add a \ character at the end to continue on the next line.

#/etc/auto.home
*   -fstype=nfs,soft,intr,rsize=8192,wsize=8192,nosuid,tcp \
   192.168.1.100:/home/&

6. Start autofs and make sure it starts after the next reboot with the chkconfig command.

[root@smallfry tmp]# chkconfig autofs on
[root@smallfry tmp]# service autofs restart
Stopping automount:[  OK  ]
Starting automount:[  OK  ]
[root@smallfry tmp]#

After doing this, you won’t be able to see the contents of the /home directory on bigboy as user root. This is because by default NFS activates the root squash feature, which disables this user from having privileged access to directories on remote NFS servers. You’ll be able to test this later after NIS is configured.

Note: This automounter feature doesn’t appear to function correctly in my preliminary testing of Fedora Core 3. See Chapter 29, “Remote Disk Access with NFS“, for details.

All newly added Linux users will now be assigned a home directory under the new remote /home directory. This scheme will make the users feel their home directories are local, when in reality they are automatically mounted and accessed over your network.

Configuring The NIS Server

NFS only covers file sharing over the network. You now have to configure NIS login authentication for the lab students before the job is done. The configuration of the NIS server is not difficult, but requires many steps that you may overlook. Don’t worry, we’ll review each one in detail.

Note: In the early days, NIS was called Yellow Pages. The developers had to change the name after a copyright infringement lawsuit, yet many of the key programs associated with NIS have kept their original names beginning with yp.

Install the NIS Server Packages

All the packages required for NIS clients are a standard part of most Fedora installations. The ypserv package for servers is not. Install the package according to the steps outlined in Chapter 6,”Installing Linux Software“.

Edit Your /etc/sysconfig/network File

You need to add the NIS domain you wish to use in the /etc/sysconfig/network file. For the school, call the domain NIS-SCHOOL-NETWORK.

#/etc/sysconfig/network
NISDOMAIN="NIS-SCHOOL-NETWORK"

Edit Your /etc/yp.conf File

NIS servers also have to be NIS clients themselves, so you’ll have to edit the NIS client configuration file /etc/yp.conf to list the domain’s NIS server as being the server itself or localhost.

# /etc/yp.conf - ypbind configuration file
ypserver 127.0.0.1

Start The Key NIS Server Related Daemons

Start the necessary NIS daemons in the /etc/init.d directory and use the chkconfig command to ensure they start after the next reboot.

[root@bigboy tmp]# service portmap start
Starting portmapper: [  OK  ]
[root@bigboy tmp]# service yppasswdd start
Starting YP passwd service: [  OK  ]
[root@bigboy tmp]# service ypserv start
Setting NIS domain name NIS-SCHOOL-NETWORK:  [  OK  ]
Starting YP server services: [  OK  ]
[root@bigboy tmp]# 

[root@bigboy tmp]# chkconfig portmap on
[root@bigboy tmp]# chkconfig yppasswdd on
[root@bigboy tmp]# chkconfig ypserv on

Table 30.1 lists a summary of the daemon’s functions.

Table 30-1 Required NIS Server Daemons

Daemon Name Purpose
portmap The foundation RPC daemon upon which NIS runs.
yppasswdd Lets users change their passwords on the NIS server from NIS clients
ypserv Main NIS server daemon
ypbind Main NIS client daemon
ypxfrd Used to speed up the transfer of very large NIS maps

Make sure they are all running before continuing to the next step. You can use the rpcinfo command to do this.

[root@bigboy tmp]# rpcinfo -p localhost
   program vers proto   port
    100000    2   tcp    111  portmapper
    100000    2   udp    111  portmapper
    100009    1   udp    681  yppasswdd
    100004    2   udp    698  ypserv
    100004    1   udp    698  ypserv
    100004    2   tcp    701  ypserv
    100004    1   tcp    701  ypserv
[root@bigboy tmp]#

The ypbind and ypxfrd daemons won’t start properly until after you initialize the NIS domain. You’ll start these daemons after initialization is completed.

Initialize Your NIS Domain

Now that you have decided on the name of the NIS domain, you’ll have to use the ypinit command to create the associated authentication files for the domain. You will be prompted for the name of the NIS server, which in this case is bigboy.

With this procedure, all nonprivileged accounts are automatically accessible via NIS.

[root@bigboy tmp]# /usr/lib/yp/ypinit -m
At this point, we have to construct a list of the hosts which will run NIS
servers.  bigboy is in the list of NIS server hosts.  Please continue to add
the names for the other hosts, one per line.  When you are done with the
list, type a <control D>.
        next host to add:  bigboy
        next host to add:
The current list of NIS servers looks like this:

bigboy

Is this correct?  [y/n: y]  y
We need a few minutes to build the databases...
Building /var/yp/NIS-SCHOOL-NETWORK/ypservers...
Running /var/yp/Makefile...
gmake[1]: Entering directory `/var/yp/NIS-SCHOOL-NETWORK'
Updating passwd.byname...
Updating passwd.byuid...
Updating group.byname...
Updating group.bygid...
Updating hosts.byname...
Updating hosts.byaddr...
Updating rpc.byname...
Updating rpc.bynumber...
Updating services.byname...
Updating services.byservicename...
Updating netid.byname...
Updating protocols.bynumber...
Updating protocols.byname...
Updating mail.aliases...
gmake[1]: Leaving directory `/var/yp/NIS-SCHOOL-NETWORK'

bigboy has been set up as a NIS master server.

Now you can run ypinit -s bigboy on all slave server.
[root@bigboy tmp]#

Note: Make sure portmap is running before trying this step or you’ll get errors, such as:

failed to send 'clear' to local ypserv: RPC: Port mapper failureUpdating group.bygid...

You will have to delete the /var/yp/NIS-SCHOOL-NETWORK directory and restart portmap, yppasswd, and ypserv before you’ll be able to do this again successfully.

Start The ypbind and ypxfrd Daemons

You can now start the ypbind and the ypxfrd daemons because the NIS domain files have been created.

[root@bigboy tmp]# service ypbind start
Binding to the NIS domain: [  OK  ]
Listening for an NIS domain server.
[root@bigboy tmp]# service ypxfrd start
Starting YP map server: [  OK  ]
[root@bigboy tmp]# chkconfig ypbind on
[root@bigboy tmp]# chkconfig ypxfrd on

Make Sure The Daemons Are Running

All the NIS daemons use RPC port mapping and, therefore, are listed using the rpcinfo command when they are running correctly.

[root@bigboy tmp]# rpcinfo -p localhost
    program vers proto   port
     100000    2   tcp    111  portmapper
     100000    2   udp    111  portmapper
     100003    2   udp   2049  nfs
     100003    3   udp   2049  nfs
     100021    1   udp   1024  nlockmgr
     100021    3   udp   1024  nlockmgr
     100021    4   udp   1024  nlockmgr
     100004    2   udp    784  ypserv
     100004    1   udp    784  ypserv
     100004    2   tcp    787  ypserv
     100004    1   tcp    787  ypserv
     100009    1   udp    798  yppasswdd
  600100069    1   udp    850  fypxfrd
  600100069    1   tcp    852  fypxfrd
     100007    2   udp    924  ypbind
     100007    1   udp    924  ypbind
     100007    2   tcp    927  ypbind
     100007    1   tcp    927  ypbind
[root@bigboy tmp]#

Adding New NIS Users

New NIS users can be created by logging into the NIS server and creating the new user account. In this case, you’ll create a user account called nisuser and give it a new password.

Once this is complete, you then have to update the NIS domain’s authentication files by executing the make command in the /var/yp directory.

This procedure makes all NIS-enabled, nonprivileged accounts become automatically accessible via NIS, not just newly created ones. It also exports all the user’s characteristics stored in the /etc/passwd and /etc/group files, such as the login shell, the user’s group, and home directory.

[root@bigboy tmp]# useradd -g users nisuser
[root@bigboy tmp]# passwd nisuser
Changing password for user nisuser.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
[root@bigboy tmp]# cd /var/yp
[root@bigboy yp]# make
gmake[1]: Entering directory `/var/yp/NIS-SCHOOL-NETWORK'
Updating passwd.byname...
Updating passwd.byuid...
Updating netid.byname...
gmake[1]: Leaving directory `/var/yp/NIS-SCHOOL-NETWORK'
[root@bigboy yp]#

You can check to see if the user’s authentication information has been updated by using the ypmatch command, which should return the user’s encrypted password string.

[root@bigboy yp]# ypmatch nisuser passwd
nisuser:$1$d6E2i79Q$wp3Eo0Qw9nFD/::504:100::/home/nisuser:/bin/bash
[root@bigboy yp]

You can also use the getent command, which has similar syntax. Unlike ypmatch, getent doesn’t provide an encrypted password when run on an NIS server, it just provides the user’s entry in the /etc/passwd file. On a NIS client, the results are identical with both showing the encrypted password.

[root@bigboy yp]# getent passwd nisuser
nisuser:x:504:100::/home/nisuser:/bin/bash
[root@bigboy yp]#

Configuring The NIS Client

Now that the NIS server is configured, it’s time to configure the NIS clients. There are a number of related configuration files that you need to edit to get it to work. Take a look at the procedure.

Run authconfig

The authconfig or the authconfig-tui program automatically configures your NIS files after prompting you for the IP address and domain of the NIS server.

[root@smallfry tmp]# authconfig-tui

Once finished, it should create an /etc/yp.conf file that defines, amongst other things, the IP address of the NIS server for a particular domain. It also edits the /etc/sysconfig/network file to define the NIS domain to which the NIS client belongs.

# /etc/yp.conf - ypbind configuration file
domain NIS-SCHOOL-NETWORK server 192.168.1.100

#/etc/sysconfig/network
NISDOMAIN=NIS-SCHOOL-NETWORK

In addition, the authconfig program updates the /etc/nsswitch.conf file that lists the order in which certain data sources should be searched for name lookups, such as those in DNS, LDAP, and NIS. Here you can see where NIS entries were added for the important login files.

#/etc/nsswitch.conf
passwd:     files nis
shadow:     files nis
group:      files nis

Note: You can also locate a sample NIS nsswitch.conf file in the /usr/share/doc/yp-tools* directory.

Start The NIS Client Related Daemons

Start the ypbind NIS client, and portmap daemons in the /etc/init.d directory and use the chkconfig command to ensure they start after the next reboot. Remember to use the rpcinfo command to ensure they are running correctly.

[root@smallfry tmp]# service portmap start
Starting portmapper: [  OK  ]
[root@smallfry tmp]# service ypbind start
Binding to the NIS domain:
Listening for an NIS domain server.
[root@smallfry tmp]#

[root@smallfry tmp]# chkconfig ypbind on
[root@smallfry tmp]# chkconfig portmap on

Note: Remember to use the rpcinfo -p localhost command to make sure they all started correctly.

Verify Name Resolution

As the configuration examples refer to the NIS client and server by their hostnames, you’ll have to make sure the names resolve correctly to IP addresses. This can be configured either in DNS, when the hosts reside in the same domain, or more simply by editing the /etc/hosts file on both Linux boxes.

#
# File: /etc/hosts (smallfry)
#
192.168.1.100    bigboy

#
# File: /etc/hosts (bigboy)
#
192.168.1.102    smallfry

Test NIS Access To The NIS Server

You can run the ypcat, ypmatch, and getent commands to make sure communication to the server is correct.

[root@smallfry tmp]# ypcat passwd
nisuser:$1$Cs2GMe6r$1hohkyG7ALrDLjH1:505:100::/home/nisuser:/bin/bash
quotauser:!!:503:100::/home/quotauser:/bin/bash
ftpinstall:$1$8WjAVtes$SnRh9S1w07sYkFNJwpRKa.:502:100::/:/bin/bash
www:$1$DDCi/OPI$hwiTQ.L0XqYJUk09Bw.pJ/:504:100::/home/www:/bin/bash
smallfry:$1$qHni9dnR$iKDs7gfyt..BS9Lry3DAq.:501:100::/:/bin/bash
[root@smallfry tmp]#

[root@smallfry tmp]# ypmatch nisuser passwd
nisuser:$1$d6E2i79Q$wp3Eo0Qw9nFD/:504:100::/home/nisuser:/bin/bash
[root@smallfry tmp]#

[root@smallfry tmp]# getent passwd nisuser
nisuser:$1$d6E2i79Q$wp3Eo0Qw9nFD/:504:100::/home/nisuser:/bin/bash
[root@smallfry tmp]#

Possible sources of error would include:

  • Incorrect authconfig setup resulting in errors in the /etc/yp.conf, /etc/sysconfig/network and /etc/nsswitch.conf files
  • Failure to run the ypinit command on the NIS server
  • NIS not being started on the NIS server or client.
  • Poor routing between the server and client, or the existence of a firewall that’s blocking traffic

Try to eliminate these areas as sources of error and refer to the syslog /var/log/messages file on the client and server for entries that may provide additional clues.

Test Logins via The NIS Server

Once your basic NIS functionality testing is complete, try to test a remote login. Failures in this area could be due to firewalls blocking TELNET or SSH access and the TELNET and SSH server process not being started on the clients.

Logging In Via Telnet

Try logging into the NIS client via telnet if it is enabled

[root@bigboy tmp]# telnet 192.168.1.201
Trying 192.168.1.201...
Connected to 192.168.1.201.
Escape character is '^]'.
Red Hat Linux release 9 (Shrike)
Kernel 2.4.20-6 on an i686
login: nisuser
Password:
Last login: Sun Nov 16 22:03:51 from 192-168-1-100.simiya.com
[nisuser@smallfry nisuser]$

Logging In Via SSH

Try logging into the NIS client via SSH.

[root@bigboy tmp]# ssh -l nisuser 192.168.1.102
nisuser@192.168.1.102's password:
[nisuser@smallfry nisuser]$

In some versions of Linux, the NIS client’s SSH daemon doesn’t re-read the /etc/nsswitch.conf file you just modified until SSH is restarted. SSH logins, therefore, won’t query the NIS server until this is done. Restart SSH on the NIS client.

[root@smallfry root]# service sshd restart
Stopping sshd:[  OK  ]
Starting sshd:[  OK  ]
[root@smallfry root]#

NIS Slave Servers

NIS relies a lot on broadcast traffic to operate, which prevents you from having an NIS server on a different network from the clients. You can avoid this problem on your local subnet by using slave servers that are configured to automatically synchronize their NIS data with that of the single master server.

You can also consider placing multiple NIS servers on a single subnet for the sake of redundancy. To do this, configure the NIS clients to have multiple NIS servers for the domain in the /etc/yp.conf file.

Configuring NIS Slave Servers

In this scenario, you need to add an NIS slave server named nisslave (IP address 192.168.1.254) to the NIS-SCHOOL-NETWORK NIS domain. You also must configure the NIS master server, bigboy, to push its database map information to the slave whenever there is an update. Here are the steps you need.
1. As you’re referring to our servers by their hostnames, you’ll have to make sure the names resolve correctly to IP addresses. This can be done either in DNS, when the hosts reside in the same domain, or more simply by editing the /etc/hosts files on both servers as seen in Table 30.2.

Table 30-2 NIS Master / Slave /etc/hosts Files

Master (Bigboy) Slave (Nisslave)
#
# File: /etc/hosts (Bigboy)
#
192.168.1.254    nisslave
#
# File: /etc/hosts (Nisslave)
#
192.168.1.100    bigboy

2. Configure the NIS slave as a NIS client of itself in the /etc/yp.conf file, and configure the NIS domain in the /etc/sysconfig/network file as seen in Table 30.3.

Table 30-3 NIS Master / Slave /etc/yp.conf Files

/etc/yp.conf /etc/sysconfig/network
#
# File: /etc/yp.conf (Bigboy)
#
ypserver 127.0.0.1
#
# File: /etc/sysconfig/network
#
NISDOMAIN="NIS-SCHOOL-NETWORK"

3. On the slave server, run ypbind so the slave can query the master server.

[root@nisslave tmp]# service portmap start
Starting portmapper: [  OK  ]
[root@nisslave tmp]# service ypbind start
Binding to the NIS domain:
Listening for an NIS domain server.
[root@nisslave tmp]#

[root@nisslave tmp]# chkconfig portmap on
[root@nisslave tmp]# chkconfig ypbind on

4. Optimize database map transfers by the NIS map transfer daemon, which should the started on both the master and slave.

[root@nisslave tmp]# service ypxfrd start
Starting YP map server: [  OK  ]
[root@nisslave tmp]#
[root@nisslave tmp]# chkconfig ypxfrd on

[root@bigboy tmp]# service ypxfrd start
Starting YP map server: [  OK  ]
[root@bigboy tmp]#
[root@bigboy tmp]# chkconfig ypxfrd on

5. Do a simple database query of the master from the slave using the ypwhich command with the -m (master) switch. You should get a listing of all the tables.

[root@nisslave tmp]# ypwhich -m
mail.aliases bigboy
group.bygid bigboy
passwd.byuid bigboy
rpc.bynumber bigboy
...
...
[root@nisslave tmp]#

6. Do an initial database download to the slave from the master with the ypinit command using the -s switch for a slave-type operation and specifying server bigboy as the master from which the data is to be obtained. You should see “Trying ypxfrd – success” messages. If the messages say “Trying ypxfrd – not running,” then start ypxfrd on both servers.

[root@nisslave tmp]# /usr/lib/yp/ypinit -s bigboy
We will need a few minutes to copy the data from bigboy.
Transferring services.byservicename...
Trying ypxfrd ... success

Transferring group.byname...
Trying ypxfrd ... success
...
...

nisslave's NIS data base has been set up.
If there were warnings, please figure out what went wrong, and fix it.

At this point, make sure that /etc/passwd and /etc/group have
been edited so that when the NIS is activated, the data bases you
have just created will be used, instead of the /etc ASCII files.
[root@nisslave tmp]#

If your database is corrupt or your /etc/hosts files are incorrect, you’ll get map enumeration errors as shown. Use the make command again to rebuild your database on the master when necessary.

[root@nisslave tmp]# /usr/lib/yp/ypinit -s bigboy
Can't enumerate maps from bigboy. Please check that it is running.
[root@nisslave tmp]#

7. Now that the data has been successfully downloaded, it’s time to make the slave server serve NIS clients with ypserv.

[root@nisslave tmp]# service ypserv start
Starting YP server services:
[root@nisslave tmp]#
[root@nisslave tmp]# chkconfig ypxfrd on

8. Log on to the master server. Add the slave server to the master server’s database map by editing the /var/yp/ypservers file on the master.

[root@bigboy yp]# cd /tmp
[root@bigboy tmp]# cd /var/yp/
[root@bigboy yp]# vi ypservers

Add nisslave to the file.

#
# File: /var/yp/ypservers
#
bigboy
nisslave

9. The make file in the /var/yp directory defines how the NIS server will build the database map and how the master will relate to the NIS slave. Make a copy of the master’s make file for safekeeping.

[root@bigboy yp]# cp Makefile Makefile.old

10. Edit the make file to allow the master to push maps to the slave.

#
# File: /var/vp/Makefile
#

#
# Allow the master to do database pushes to the slave
#
NOPUSH=false

11. Use the make command to rebuild the database. The make command automatically pushes database updates to the servers listed in the /var/yp/servers file.

[root@bigboy yp]# make
gmake[1]: Entering directory `/var/yp/NIS-SCHOOL-NETWORK'
Updating ypservers...
YPPUSH: gethostbyname(): Success
YPPUSH: using not FQDN name
gmake[1]: Leaving directory `/var/yp/NIS-SCHOOL-NETWORK'
gmake[1]: Entering directory `/var/yp/NIS-SCHOOL-NETWORK'
Updating netid.byname...
YPPUSH: gethostbyname(): Success
YPPUSH: using not FQDN name
gmake[1]: Leaving directory `/var/yp/NIS-SCHOOL-NETWORK'
[root@bigboy yp]#

12. On the slave server, create a cron file in the /etc/crond.d directory, in this case named nis_sync, that will run periodic database downloads from the master server. This helps to ensure that the slave servers have current databases even if they miss updates from the master in the event the school goes offline for maintenance. Restart the cron daemon so that the configuration in this file becomes active.

[root@nisslave yp]# vi /etc/cron.d/nis_sync

#
# File: /etc/cron.d/nis_sync
#
20 *    * * *    /usr/lib/yp/ypxfr_1perhour
40 6    * * *    /usr/lib/yp/ypxfr_1perday
55 6,18 * * *    /usr/lib/yp/ypxfr_2perday

[root@nisslave yp]# service crond restart

That’s a lot of work but it’s still not over. There is one final configuration step that needs to be done on the NIS clients before you’re finished.

Configuring NIS Clients With Slaves

Edit the /etc/yp.conf file on all the clients to include nisslave, and restart ypbind.

#
# File: /etc/yp.conf (Smallfry)
#
domain NIS-SCHOOL-NETWORK server 192.168.1.100
domain NIS-SCHOOL-NETWORK server 192.168.1.254

[root@smallfry tmp]# service ypbind restart
Shutting down NIS services: [  OK  ]
Binding to the NIS domain: [  OK  ]
Listening for an NIS domain server..
[root@smallfry tmp]#

Changing Your NIS Passwords

You should also test to make sure your users can change their NIS passwords from the NIS clients with the yppasswd command. The process is different whether there is only a single NIS master or a master-slave server relationship.

When There Is Only An NIS Master

When there is only a single NIS server, password changes can be made only on the NIS server using the yppasswd command.

Users Changing Their Own Passwords

Users can change their passwords by logging into the NIS server and issuing the yppasswd command.

[nisuser@bigboy nisuser]$ yppasswd
Changing NIS account information for nisuser on bigboy.my-site.com.
Please enter old password:
Changing NIS password for nisuser on bigboy.my-site.com.
Please enter new password:
Please retype new password:

The NIS password has been changed on bigboy.my-site.com.

[nisuser@bigboy nisuser]$

User “Root” Changing Passwords

The root user can change other users’ passwords issuing the yppasswd command with the -p switch that specifies the username that needs the change.

[root@bigboy tmp]# yppasswd -p nisuser
Changing NIS account information for nisuser on bigboy.my-site.com.
Please enter root password:
Changing NIS password for nisuser on bigboy.my-site.com.
Please enter new password:
Please retype new password:

The NIS password has been changed on bigboy.my-site.com.

[root@bigboy tmp]#

When There Is A NIS Master / Slave Pair

With an NIS master and slave pair configuration, passwords can be changed on the NIS clients or the NIS slave, but not on the NIS master.

Possible Password Errors

There are a number of unexpected errors you may find when changing passwords – errors that have nothing to do with bad typing.

Segmentation Faults

Running the yppasswd command on the wrong client or server depending on your NIS master and slave configuration can cause segmentation fault errors. (Make sure you follow the chapter’s guidelines for password changes!) Here are some sample password change failures on an NIS client with only one NIS master server.

[nisuser@smallfry nisuser]$ yppasswd
Segmentation fault
[nisuser@smallfry nisuser]$

[root@smallfry root]# yppasswd -p nisuser
Segmentation fault
[root@smallfry root]#

Daemon Errors

The yppasswdd daemon must be running on both the client and server for password changes to work correctly. When they aren’t running, you’ll get errors.

[root@smallfry etc]# yppasswd -p nisuser
yppasswd: yppasswdd not running on NIS master host ("bigboy").
[root@smallfry etc]#

You’ll also get a similar error if you attempt to change an NIS password on an NIS master server in a master and slave configuration.

Considerations For A Non NFS Environment

In many cases NFS, isn’t used to create a centralized home directory for users and, therefore, you’ll have to create it on each NIS client and not on the server.

This example creates the home directory for the NIS client, smallfry. After doing this, you have to copy a BASH login profile file into it and modify the ownership of the directory and all the files to user nisuser.

Logins should proceed normally once this has been done and all the other steps have been followed.

[root@smallfry tmp]# mkdir /home/nisuser
[root@smallfry tmp]# chmod 700 /home/nisuser/
[root@smallfry tmp]# ll /home
total 2
drwx------    2 nisuser users        1024 Aug  4 08:05 nisuser
[root@smallfry tmp]#
[root@smallfry tmp]# cp /etc/skel/.* /home/nisuser/
cp: omitting directory `/etc/skel/.'
cp: omitting directory `/etc/skel/..'
cp: omitting directory `/etc/skel/.kde'
[root@smallfry tmp]# chown -R nisuser:users /home/nisuser
[root@smallfry tmp]#

NIS Troubleshooting

Troubleshooting is always required as any part of your daily routine, NIS is no exception. Here are some simple steps to follow to get it working again.

1. The rpcinfo provides a list of TCP ports that your NIS client or server is using. Make sure you can TELNET to these ports from the client to the server and vice versa. If this fails, make sure all the correct NIS daemons are running and that there are no firewalls blocking traffic on the network or on the servers themselves. These ports change from time to time, so memorizing them won’t help much.

The example tests from the client to the server.

[root@bigboy tmp]# rpcinfo -p
    program vers proto   port
     100000    2   tcp    111  portmapper
     100000    2   udp    111  portmapper
     100024    1   udp  32768  status
     100024    1   tcp  32768  status
     391002    2   tcp  32769  sgi_fam
     100009    1   udp   1018  yppasswdd
     100004    2   udp    611  ypserv
     100004    1   udp    611  ypserv
     100004    2   tcp    614  ypserv
     100004    1   tcp    614  ypserv
     100007    2   udp    855  ypbind
     100007    1   udp    855  ypbind
     100007    2   tcp    858  ypbind
     100007    1   tcp    858  ypbind
  600100069    1   udp    874  fypxfrd
  600100069    1   tcp    876  fypxfrd
[root@bigboy tmp]#

[root@smallfry tmp]# telnet 192.168.1.100 858
Trying 10.41.32.71...
Connected to 10.41.32.71.
Escape character is '^]'.
^]
telnet> quit
Connection closed.
[root@smallfry tmp]#

2. Always use the ypmatch, getent, and ypwhich commands to check your NIS connectivity. If there is any failure, check your steps over again and you should be able to find the source of your problem.

3. Do not fail to create a user’s home directory, set its permissions, and copy the /etc/skel files correctly. If you forget, which is a common error, your users may have incorrect login prompts and no ability to create files in their home directories.

It can never be overemphasized that one of the best places to start troubleshooting is by looking in your error log files in the /var/log directory. You’ll save a lot of time and effort if you always refer to them whenever the problem doesn’t appear to be obvious.

Conclusion

NIS is a very useful tool for centralized login management, but it has two shortcomings: NIS clients are typically limited to Unix or Linux operating systems, and the password information passes over the network unencrypted.

Newer authentication schemes overcome these issues. For example, LDAP, which is discussed in Chapter 31, “Centralized Logins Using LDAP and RADIUS“, provides both encryption and the ability to be used on varied types of equipment. Unfortunately older operating systems don’t support it, making NIS the preferred option in some cases.

As always, explore your options when deciding on a centralized login scheme. A wrong decision could haunt you for a long time.