The tutorial about NIS, NFS server in Ubuntu documentation is hopeless.
I really do not understand why there are NO guis made for this, except in OpenSuSE(Yast2). Here I have put a step by step user guide including firewall configuration. Most tutorials have no firewall or no user authentication but this could be used to share user-home directories across several computers.
NIS client name is mg48 and NFS Server is mg44
apt-get install rpcbind nfs-kernel-server nis
You do not need auto.master or auto.home in the NIS server. Be careful these files MUST not have +x enabled. If you are exporting /home please be warned that if you do not have the lists properly done it causes some type of bashrc loop for the user account in the server when user logins to server as +auto.home is sources infinitely. Better to have it in client only.
root@mg44:~# cat /etc/auto.master cat: /etc/auto.master: No such file or directory
root@mg44:~# cat /etc/auto.home cat: /etc/auto.home: No such file or directory
root@mg44:~# cat /etc/yp.conf # ypserver ypserver.network.com
# also empty
root@mg44:/etc# cat ypserv.conf # # ypserv.conf In this file you can set certain options for the NIS server, # and you can deny or restrict access to certain maps based # on the originating host. # # See ypserv.conf(5) for a description of the syntax. # # The following, when uncommented, will give you shadow like passwords. # Note that it will not work if you have slave NIS servers in your # network that do not run the same server as you. # Host : Domain : Map : Security # # * : * : passwd.byname : port/mangle # * : * : passwd.byuid : port/mangle # This is the default - restrict access to the shadow password file, # allow access to all others. * : * : shadow.byname : port * : * : passwd.adjunct.byname : port * : * : * : none
##### I did NO changes at all
root@mg44:/etc# cat hosts.allow # /etc/hosts.allow: list of hosts that are allowed to access the system. # See the manual pages hosts_access(5) and hosts_options(5). # # Example: ALL: LOCAL @some_netgroup # ALL: .foobar.edu EXCEPT terminalserver.foobar.edu #
# Add client IP addresses here
portmap rpcbind mountd nfsd statd lockd rquotad : 188.8.131.52
root@mg44:/etc# cat defaultdomain robotics
root@mg44:/etc# cat hosts 127.0.0.1 localhost 184.108.40.206 mg44 220.127.116.11 mg48 # The following lines are desirable for IPv6 capable hosts ::1 ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters
root@mg44:/etc# cat nsswitch.conf # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc-reference' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file. passwd: files nis shadow: files group: files nis hosts: files nis dns #bootparams: nisplus [NOTFOUND=return] files ethers: files netmasks: files networks: files protocols: files rpc: files services: files netgroup: files nis #publickey: nisplus automount: files nis aliases: files nis
root@mg44:/etc# cat /etc/ypserv.securenets # # securenets This file defines the access rights to your NIS server # for NIS clients (and slave servers - ypxfrd uses this # file too). This file contains netmask/network pairs. # A clients IP address needs to match with at least one # of those. # # One can use the word "host" instead of a netmask of # 255.255.255.255. Only IP addresses are allowed in this # file, not hostnames. # # Always allow access for localhost 255.0.0.0 127.0.0.0 # This line gives access to everybody. PLEASE ADJUST! #0.0.0.0 0.0.0.0 host 18.104.22.168
root@mg44:/etc# cat /etc/exports /home/karthik 22.214.171.124(rw,sync,root_squash,no_subtree_check) /data2/datasets 126.96.36.199(rw,sync,root_squash,no_subtree_check)
root@mg44: exportfs -ra
service ypserv restart
service portmap restart
service nfs-kernel-server restart
make -C /var/yp
NIS Client (mg48)
apt-get install portmap nis autofs nfs-common
You will be asked for the name of your NIS domain. Enter the name of your NIS domain. If you entered wrongly or want to change the defaultdomain of NIS change it in the file /etc/defaultdomain
For example, robotics is the name of my NIS server. Remember this parameter is case sensitive. It is probably a good idea to then add a portmap line to /etc/hosts.allow for security reasons:
portmap : <NIS server IP address>
Where "NIS server IP address" is the IP address of the NIS server.
3. Set up name services to use NIS:
Edit /etc/passwd to add a line at the end saying:
Edit /etc/group to add a line at the end saying:
Edit /etc/shadow to add a line at the end saying:
This sets up those services to include NIS entries if a match isn't found in the file. You could change other services to use NIS by using the NIS service in /etc/nsswitch.conf, but these are the important ones.
4. Edit /etc/yp.conf and add the line:
ypserver 188.8.131.52 ypserver 9184.108.40.206
Where 220.127.116.11 and 918.104.22.168 are the NIS servers.
5. Restart NIS:
Note: sshd will need to be restarted to use the new authentication system. Just an FYI.
Note: A frequently asked question is how to give NIS users audio, DRI, video privileges. Simply add the user's group to video in file /etc/group
6. If you are using autofs with NIS you need this file nsswitch.conf in ubuntu: # /etc/nsswitch.conf # # An example Name Service Switch config file. This file should be # sorted with the most-used services at the beginning. # # The entry '[NOTFOUND=return]' means that the search for an # entry should stop if the search in the previous entry turned # up nothing. Note that if the search failed due to some other reason # (like no NIS server responding) then the search continues with the # next entry. # # Legal entries are: # # compat Use compatibility setup # nisplus Use NIS+ (NIS version 3) # nis Use NIS (NIS version 2), also called YP # dns Use DNS (Domain Name Service) # files Use the local files # [NOTFOUND=return] Stop searching if not found so far # # For more information, please read the nsswitch.conf.5 manual page. # # passwd: files nis # shadow: files nis # group: files nis passwd: compat group: compat hosts: files dns networks: files dns services: files nis protocols: files rpc: files ethers: files netmasks: files netgroup: files nis publickey: files bootparams: files automount: files nis aliases: files nis shadow: compat
If you get an error likestartkde: kpersonalizer not found! Please install to properly configure your user. This means problem with normal user accessing video. Add the user to group "video" (/etc/group).
mg48:/etc # cat /etc/auto.master
#+auto.master /home auto.home /data2 auto.data2
mg48:/etc # cat /etc/auto.home karthik -rw,soft 22.214.171.124:/home/karthik
mg48:/etc # cat /etc/auto.data2 datasets -rw,soft 126.96.36.199:/data2/datasets
mg48:/etc # cat hosts 127.0.0.1 localhost # special IPv6 addresses ::1 localhost ipv6-localhost ipv6-loopback fe00::0 ipv6-localnet ff00::0 ipv6-mcastprefix ff02::1 ipv6-allnodes ff02::2 ipv6-allrouters ff02::3 ipv6-allhosts 188.8.131.52 mg48 linux-ynpq 184.108.40.206 mg44 linux-ynpq
Test the exports from client
mg48:~ # showmount -e mg44 Export list for mg44: /data2/datasets 220.127.116.11 /home/karthik 18.104.22.168
In the server
NFS requires portmap, rpc.nfsd and rpc.mountd to run.
So you need to open:
So you need to open:
- rpc.nfs – 2049 tcp/udp
- portmap – 111 tcp/udp
root@mg44:/etc# cat /etc/default/nfs-kernel-server # Number of servers to start up # To disable nfsv4 on the server, specify '--no-nfs-version 4' here RPCNFSDCOUNT=8 # Runtime priority of server (see nice(1)) RPCNFSDPRIORITY=0 # Options for rpc.mountd. # If you have a port-based firewall, you might want to set up # a fixed port here using the --port option. For more information, # see rpc.mountd(8) or http://wiki.debian.org/SecuringNFS # To disable NFSv4 on the server, specify '--no-nfs-version 4' here #RPCMOUNTDOPTS=--manage-gids
## USE SINGLE QUOTES BELOW RPCMOUNTDOPTS='-p 32771 -g' # Do you want to start the svcgssd daemon? It is only required for Kerberos # exports. Valid alternatives are "yes" and "no"; the default is "no". NEED_SVCGSSD= # Options for rpc.svcgssd. RPCSVCGSSDOPTS= # Options for rpc.nfsd. RPCNFSDOPTS=Restart the NFS Kernel Daemon:
service nfs-kernel-server restartConfigure UFW to accept incoming connections on port 32771 2049 and port 111
* Stopping NFS kernel daemon [ OK ]
* Exporting directories for NFS kernel daemon… [ OK ]
* Starting NFS kernel daemon [ OK ]
ufw allow from 22.214.171.124 to any port 32771 ufw allow from 126.96.36.199 to any port 111 ufw allow from 188.8.131.52 to any port 2049 ufw status numbered
Test if the service-32771 as given above works in server
root@mg44:/etc# nmap localhost Starting Nmap 5.21 ( http://nmap.org ) at 2013-05-17 13:17 CEST Nmap scan report for localhost (127.0.0.1) Host is up (0.0000070s latency). Not shown: 995 closed ports PORT STATE SERVICE 22/tcp open ssh 111/tcp open rpcbind 631/tcp open ipp 2049/tcp open nfs 32771/tcp open sometimes-rpc5 Nmap done: 1 IP address (1 host up) scanned in 0.22 seconds
The ip addresses have been changed for security reasons.