Configuration d’un client NIS : (HPUX)
par
popularité : 6%
Configuration d’un client NIS :
en bref :
vérifier si ypserv tourne sur le
Master ?
personnalisé les fichiers
/etc/passwd et /etc/group
domainname domainname
modifier /etc/rc.config.d/namesvrs
/sbin/init.d/nis.client stop
/sbin/init.d/nis.client start
1° modification du fichier /etc/passwd :
Supprimer toutes les entrées superieure ou egale a 100 pour
UID
Ajouter la ligne ci dessous a la fin :
+: :-2:60001:: :
Le signe (+) signifie au processuse de
login d’aller voir les NIS.
The -2 in the user ID field restricts
the access of people who may attempt to log in using "+" as
a valid user name when NIS is not running. Anyone who successfully
logs in as "+" will be granted only the access permissions
of user nobody.
Pour plus d’information man 4 passwd
exemple :
root:0AnhFBmriKvHA:0:3: :/ :/bin/ksh daemon :*:1:5: :/ :/bin/sh bin :*:2:2: :/bin :/bin/sh adm :*:4:4: :/usr/adm :/bin/shuucp :*:5:3: :/usr/spool/uucppublic :/usr/lib/uucp/uucico lp :*:9:7: :/usr/spool/lp :/bin/sh hpdb :*:27:1:ALLBASE :/ :/bin/sh +: :-2:60001:: :
2° modification du fichier /etc/group :
Supprimer tous les groupes non
systemes
Supprimer toutes les entrées
superieure ou egale a 100 pour UID
Ajouter la ligne ci dessous a la fin :
+ :* :*
exemple :
root::0:rootl,sam other::1 : bin::2 : sys::3 : adm::4 : daemon::5 : mail::6 : lp::7 :+ :* :*
3° vérification
vérifier que le serveur NIS
fonctionne, et que ypserv est en mémore.
modification /etc/rc.config.d/namesvrs
avec :
NIS_DOMAIN=domainname NIS_SLAVE_SERVER=0 NIS_CLIENT=1 NIS_MASTER_SERVER=0
4° rien ne va plus ...
/sbin/init.d/nis.client stop/sbin/init.d/nis.client startpour tester faite la commande suivant :
/usr/bin/ypwhich -m
pour en savoir plus ....
To Tell Users How to Use yppasswd
Tell all the users in your NIS domain
that they must use /usr/bin/yppasswd or passwd -r nis instead of the
passwd command when they want to change their login passwords.
Tell users that, when they want to
change their login passwords, they should do so just before they
leave for the day. This will allow time for the updated NIS maps on
the master server to be pushed to the slave servers.
The yppasswd command is a link to the
passwd -r nis command. It changes the /etc/passwd file on the NIS
master server, regenerates the NIS passwd maps from the updated
/etc/passwd file, and then pushes the NIS passwd maps to the slave
servers.
For more information, see the following
man pages : yppasswd(1), yppasswdd(1M), passwd(1), ypxfr(1M), and
yppush(1M).
To Prevent a Client from Binding
to Unknown Servers
1.On the NIS client, create a file
called /var/yp/secureservers, if it does not already exist.
2.Add lines to the file with the
following syntax :
address_mask IP_address
The IP_address is the internet address
of an NIS server or the subnet of an NIS server from which the client
will accept NIS information.
The address_mask indicates which bits
in the IP_address field are important. If a bit is set in the
address_mask field, the corresponding bit in the address of any NIS
server must match the same bit in the IP_address field.
3.Issue the following commands to kill
and restart the ypbind process :
/sbin/init.d/nis.client stop
/sbin/init.d/nis.client start
If an NIS server host has multiple
network interface cards, add a line to the secureservers file for the
IP address of each card.
If you start ypbind with the -ypset
option and issue the ypset command to bind to a specific server, the
/var/yp/secureservers file is ignored, and the client may bind to any
server.
Type man 1M ypbind at the HP-UX prompt
for more information.
Examples from /var/yp/secureservers
The following line from a
/var/yp/secureservers file allows the NIS client to bind only to the
server at IP address 20.21.22.23. Because every bit is set in the
address mask, the IP address of the NIS server must match the
IP_address field exactly, or the client will not bind to it.
255.255.255.255 20.21.22.23
The following line from a
/var/yp/secureservers file allows the client to bind to any NIS
server on the network 20.21.22.0. The last 8 bits of the server’s IP
address are ignored, because the last 8 bits of the address mask are
set to 0. The client may bind to any server whose IP address begins
20.21.22.
255.255.255.0 20.21.22.23
To Bind an NIS Client to a Server on a
Different Subnet Hewlett-Packard recommends that you configure a
server on each subnet where you have NIS clients ; however, if you
cannot do that, follow these steps to force an NIS client to bind to
a server on a different subnet :
1.Log in as root to the NIS client.
2.Add the -ypset option to the
YPBIND_OPTIONS variable in the /etc/rc.config.d/namesvrs file, as
follows :
YPBIND_OPTIONS="-ypset"
3.In the /etc/rc.config.d/namesvrs
file, set the YPSET_ADDR variable to the IP address of an NIS server,
as in the following example :
YPSET_ADDR="15.13.115.168"
4.Issue the following commands to
restart the NIS client :
/sbin/init.d/nis.client stop
/sbin/init.d/nis.client start
If the server you specify in the ypset
command is unavailable when your client boots up, your client will
broadcast a request for a server to its local network. If no server
exists on the local network, the client will hang.
For more information, type man 1M ypset
or man 1M ypbind.
Commentaires Forum fermé