1

Recently i have apply NIS in our testing environment in order to get more control and centralized password management for user in the server.But when I'm finished implementing the NIS,I'm facing some issues.The issues are :

1.How to add existing user into NIS? For example,Let say I have two servers named NIS server and NIS client.If there are existing user in NIS client,can we add it to NIS map in NIS server?or do we need to create these user manually? I can manually add the credential for the user manually but it is not convenient for me to write again all hundred of the users in the system.

2.Is there any way to devide the user to several group? We want to restrict some user to only access some server.Could we do that in NIS?

I've tried to do some research regarding this issue,but it seems that there are lacking documentation for NIS in centos.Any help really appreciated.Thanks.

user119720
  • 380
  • 3
  • 6
  • 19
  • I would strongly advise using something other than NIS (think LDAP, and poke around at some of the questions here). If you are stuck with NIS though I recommend that you get a copy of [Managing NFS and NIS](http://shop.oreilly.com/product/9781565925106.do) – voretaq7 Aug 16 '12 at 03:29
  • I'm using NIS as it is simple and easy to configure.but nevertheless I will try to do some research in LDAP. – user119720 Aug 16 '12 at 03:48
  • 1
    LDAP is a much better way to go. NIS is inherently insecure and not as flexible. Yes NIS is dead easy when compared to LDAP. RHDS (Red Hat Directory Server) is a good LDAP server, or the upstream project 389 Directory Server. – Red Tux Aug 16 '12 at 04:10

1 Answers1

0

1.How to add existing user into NIS?

You add the user to the appropriate passwd file on the NIS server. This may be /etc/passwd on the server, but it may also be another location depending on your configuration. If a user exists on a client system and you want to add them to the global NIS account database, you will probably need to:

  • Remove them from the client.
  • Add them on the server.
  • Rebuild and push your NIS maps.

I can manually add the credential for the user manually but it is not convenient for me to write again all hundred of the users in the system.

Assuming unique usernames and user ids, you could just concatenate all your passwd files together, strip out the system accounts, and add them to your NIS server. If your clients are using shadow passwords (/etc/shadow) you'll need to extract those, too.

2.Is there any way to devide the user to several group? We want to restrict some user to only access some server.Could we do that in NIS?

Sure, NIS offers groups similar in function and behavior to your local /etc/groups file. Just add the users to the appropriate groups in the groups source file on the NIS server, then rebuild and push your maps.

larsks
  • 41,276
  • 13
  • 117
  • 170
  • I think the functionality they're looking for (restricting a group of users to a specific set of machines) might be better accomplished using netgroups and the `+@`syntax. – voretaq7 Aug 16 '12 at 03:28
  • Maybe. We found it more convenient to abandon netgroups in our environment in favor of groups and `pam_listfile`, since this meant we didn't need to replicate access groups as both "standard" groups and as netgroups. – larsks Aug 16 '12 at 03:29
  • 2
    How embarassing. I've as much as admitted that I'm still running NIS. – larsks Aug 16 '12 at 03:30
  • ...and pam_listfile :-) Though the double-maintenance of netgroups was always a headache in my NIS days – voretaq7 Aug 16 '12 at 03:38
  • @larsks based from your answer it seems i DO need to manually add into global NIS account database is it? – user119720 Aug 16 '12 at 03:53
  • @voretaq7 can you show me some example of using netgroups in NIS?i do not know where to start – user119720 Aug 16 '12 at 03:54
  • @user119720 Netgroups start to get into the realm where a full example would be waaaay too much work for me at 1:15 in the morning. Take a look at [the FreeBSD Handbook's section on NIS](http://www.freebsd.org/doc/handbook/network-nis.html) which includes some info about setting up and using netgroups. There may be some procedural differences in building/pushing the maps, but the file syntax and administrative concepts are identical everywhere (NIS is NIS) – voretaq7 Aug 16 '12 at 05:16
  • Yes, you will need to merge accounts into the passwd map on the NIS server. There are probably ways of automating some of this process. voretaq7 has provided some excellent references that should help with netgroups and other aspects of managing a NIS environment. – larsks Aug 16 '12 at 11:18