Configuration d’un client NIS : (HPUX)

vendredi 17 avril 2009
par  Jerome ROBERT
popularité : 3%

Configuration d’un client NIS :

en bref :

vérifier si ypserv tourne sur le
Master ?


personnalisé les fichiers
/etc/passwd et /etc/group


domainname domainname

modifier /etc/rc.config.d/namesvrs


/sbin/init.d/nis.client stop

/sbin/init.d/nis.client start

1° modification du fichier /etc/passwd :

   

Supprimer toutes les entrées superieure ou egale a 100 pour
UID


Ajouter la ligne ci dessous a la fin :


+: :-2:60001:: :

Le signe (+) signifie au processuse de
login d’aller voir les NIS.


The -2 in the user ID field restricts
the access of people who may attempt to log in using "+" as
a valid user name when NIS is not running. Anyone who successfully
logs in as "+" will be granted only the access permissions
of user nobody.


Pour plus d’information man 4 passwd


exemple :


root:0AnhFBmriKvHA:0:3: :/ :/bin/ksh
daemon :*:1:5: :/ :/bin/sh
bin :*:2:2: :/bin :/bin/sh
adm :*:4:4: :/usr/adm :/bin/sh
uucp :*:5:3: :/usr/spool/uucppublic :/usr/lib/uucp/uucico
lp :*:9:7: :/usr/spool/lp :/bin/sh
hpdb :*:27:1:ALLBASE :/ :/bin/sh
+: :-2:60001:: :

2° modification du fichier /etc/group :

Supprimer tous les groupes non
systemes


Supprimer toutes les entrées
superieure ou egale a 100 pour UID


Ajouter la ligne ci dessous a la fin :


+ :* :*

exemple :


root::0:rootl,sam
other::1 :
bin::2 :
sys::3 :
adm::4 :
daemon::5 :
mail::6 :
lp::7 :
+ :* :*

3° vérification

vérifier que le serveur NIS
fonctionne, et que ypserv est en mémore.


modification /etc/rc.config.d/namesvrs
avec :


NIS_DOMAIN=domainname
NIS_SLAVE_SERVER=0
NIS_CLIENT=1
NIS_MASTER_SERVER=0

4° rien ne va plus ...

/sbin/init.d/nis.client stop
/sbin/init.d/nis.client start

pour tester faite la commande suivant :


/usr/bin/ypwhich -m

pour en savoir plus ....

To Tell Users How to Use yppasswd



Tell all the users in your NIS domain
that they must use /usr/bin/yppasswd or passwd -r nis instead of the
passwd command when they want to change their login passwords.


Tell users that, when they want to
change their login passwords, they should do so just before they
leave for the day. This will allow time for the updated NIS maps on
the master server to be pushed to the slave servers.


The yppasswd command is a link to the
passwd -r nis command. It changes the /etc/passwd file on the NIS
master server, regenerates the NIS passwd maps from the updated
/etc/passwd file, and then pushes the NIS passwd maps to the slave
servers.


For more information, see the following
man pages : yppasswd(1), yppasswdd(1M), passwd(1), ypxfr(1M), and
yppush(1M).


To Prevent a Client from Binding
to Unknown Servers



1.On the NIS client, create a file
called /var/yp/secureservers, if it does not already exist.


2.Add lines to the file with the
following syntax :


address_mask IP_address


The IP_address is the internet address
of an NIS server or the subnet of an NIS server from which the client
will accept NIS information.


The address_mask indicates which bits
in the IP_address field are important. If a bit is set in the
address_mask field, the corresponding bit in the address of any NIS
server must match the same bit in the IP_address field.


3.Issue the following commands to kill
and restart the ypbind process :


/sbin/init.d/nis.client stop

/sbin/init.d/nis.client start


If an NIS server host has multiple
network interface cards, add a line to the secureservers file for the
IP address of each card.


If you start ypbind with the -ypset
option and issue the ypset command to bind to a specific server, the
/var/yp/secureservers file is ignored, and the client may bind to any
server.


Type man 1M ypbind at the HP-UX prompt
for more information.


Examples from /var/yp/secureservers


The following line from a
/var/yp/secureservers file allows the NIS client to bind only to the
server at IP address 20.21.22.23. Because every bit is set in the
address mask, the IP address of the NIS server must match the
IP_address field exactly, or the client will not bind to it.


255.255.255.255 20.21.22.23


The following line from a
/var/yp/secureservers file allows the client to bind to any NIS
server on the network 20.21.22.0. The last 8 bits of the server’s IP
address are ignored, because the last 8 bits of the address mask are
set to 0. The client may bind to any server whose IP address begins
20.21.22.


255.255.255.0 20.21.22.23

To Bind an NIS Client to a Server on a
Different Subnet Hewlett-Packard recommends that you configure a
server on each subnet where you have NIS clients ; however, if you
cannot do that, follow these steps to force an NIS client to bind to
a server on a different subnet :


1.Log in as root to the NIS client.


2.Add the -ypset option to the
YPBIND_OPTIONS variable in the /etc/rc.config.d/namesvrs file, as
follows :


YPBIND_OPTIONS="-ypset"


3.In the /etc/rc.config.d/namesvrs
file, set the YPSET_ADDR variable to the IP address of an NIS server,
as in the following example :


YPSET_ADDR="15.13.115.168"


4.Issue the following commands to
restart the NIS client :


/sbin/init.d/nis.client stop

/sbin/init.d/nis.client start


If the server you specify in the ypset
command is unavailable when your client boots up, your client will
broadcast a request for a server to its local network. If no server
exists on the local network, the client will hang.


For more information, type man 1M ypset
or man 1M ypbind.


Commentaires  Forum fermé

Statistiques

Dernière mise à jour

mercredi 4 octobre 2023

Publication

273 Articles
Aucun album photo
Aucune brève
6 Sites Web
2 Auteurs

Visites

183 aujourd’hui
205 hier
864002 depuis le début
8 visiteurs actuellement connectés