So, in this article, we're going to have some fun with Single-Sign-On and NFS server. And what's that you ask ?
NIS / YPServ is a user management system, for using shared user accounts on a Linux network, and our friend NFS is of couse Network-File-Server, for publishing our home directory from a server and out to all our clients.
So, why would we want this ?, because we're lazy and want one place to make and edit users, and one place to run backup of user files, and this is a fast way to do it.
NOTE, you should run RAID on the file server, and make a slave NIS server on a production network, but this is just for a small network, just to showcase it.
To do this, you would need a Debian server, and a couple of clients, and yes, they can run in VirtualBox or on bare-metal, it's really up to you, depending on what you got.
First install three Debian Linux machines, and make the first user, and a root account, and check it works. Next up, we install the server. In this tutorial, I assume you run both NIS and NFS on the same server, just for simplicity.
First we update the server, and install nfs-kernel-server and nis
apt update
apt install nfs-kernel-server nisNow, we make sure all the systems that uses NIS is in /etc/hosts on the server, because NIS doesn't use DNS, and the entry for 127.0.0.1 in /etc/hosts can NOT be the real hostname of the server, but have to point to "localhost", or else NIS can screw up, so check it.
Next, we need to make a file caled defaultdomain in /etc, and edit it with our NIS_Domain name, here it's blackdragon.
echo "blackdragon" > /etc/defaultdomainNext, we enable the server and start it.
systemctl enable ypserv.service
systemctl enable yppasswdd.service
systemctl enable ypxfrd.service
systemctl start ypserv.service
systemctl start yppasswdd.service
systemctl start ypxfrd.serviceNext, we setup the server
/usr/lib/yp/ypinit -mNow, we need to setup the NFS server, so we have to define an exports file under /etc/exports, with this content.
/home/ your.ip.range.x/24(rw,sync,no_root_squash,no_subtree_check)And, we start the server and enable it at boot like so
systemctl start nfs-kernel-server
systemctl enable nfs-kernel-serverCheck exports is there
showmount -e localhost
Export list for localhost:
/home x.x.x.x/24
So, with that' we're done with the server. Next, let's add a user to YPServ, and regenerate the database.
adduser username
cd /var/yp/
make
Next up, check the nfs server and ypserv is running, it should be, and let's move on to the clients.
Now, here I would like to point out that the clients /home/ get's mounted over, so when you log in you're NOT saving in local /home, only the root user does that, since it's saving into /root.
This can be overridden, but in this config it's not, so use with caution.
On the client, install libnss-nis and nfs-common
apt install nfs-common libnss-nisIn the file called /etc/nsswitch.conf, make sure you insert /edit it to look like this
passwd: compat
group: compat
shadow: compat
netgroup: nisIn /etc/passwd, add this at the bottom of the file.
+::::::In /etc/shadow, add this, again at the bottom of the file.
+::::::::In /etc/group, add this at the bottom of the file
+:::Start the ypbind service and enable it at boot
systemctl enable ypbind.service
systemctl start ypbind.serviceNow, we have to add to our hosts file on the client,
your.nisserver.ip nisserver_host_nameIn /etc/yp.conf, add this
ypserver nisserver.ip.addressLast, we change the mount-points in /etc/fstab, to use our new home on the server
ip.of.nis.server:/home /home nfs defaults 0 0Check all services are running and enabled and shut down the client. Reboot the server, and wait for it to come back online, and start up the client, and see if you can log in using NIS credentials, and that the client writes to the home folder on the server.
Group shares can be set up more or less the same way, but DON'T use /home for that, on Debian, something like /srv/shared would be a good choice, and remember to make the same mount point on the client, to keep things organized.
Now, chmod /srv/shared 777 on the server, and the client. Make group folders, and assign rw rights to them, (chmod 770) and chown root:group. reexport the shares, using exportfs -a, and assign users to groups, and reboot the clients.
Now, your group shares should be there, if you defined them in /etc/fstab on the clients..
BUT, a word of caution. Remember that NFS and NIS sends usernames and passwords in cleartext over the network, so any *** with a sniffer can get creds, but that we'll have a look at in another tutorial, on how to hack NIS networks :)
That's it, enjoy you NIS & NFS setup :)