Scribd
Upload
11 views23 pages

Day22 NIS LDAP

Uploaded by

Douglas Kamga
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
11 views23 pages

Day22 NIS LDAP

Uploaded by

Douglas Kamga
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 23

Local Authentication

Linux Client 1 Linux Client 2


192.168.0.1 User:- ravi User:- ali 192.168.0.2

Local Authentication

Ravi Linux Client 1 Linux Client 2


192.168.0.1 User:- ravi User:- ali 192.168.0.2
Local Authentication

Username ravi

Local Authentication

Password ********

Local Authentication

User ravi found


USER DATABASE
authentication
ravisuccessful
****
Access - granted

Ravi Linux Client 1 Linux Client 2


192.168.0.1 User:- ravi User:- ali 192.168.0.2
Local Authentication

Local Authentication

Ali Linux Client 1 Linux Client 2


192.168.0.1 User:- ravi User:- ali 192.168.0.2

Local Authentication

Username ali
Local Authentication

Password ********

Local Authentication

User Ali not found


USER DATABASE
authentication
ravi failed
****
Access – Denied

Ravi Linux Client 1 Linux Client 2


192.168.0.1 User:- ravi User:- ali 192.168.0.2

Local Authentication

Username
Solution 1 - Local Authentication

Linux Client 1 Linux Client 2


192.168.0.1 User:- ravi, ali User:- ravi, ali 192.168.0.2

Solution 1 - Local Authentication

Ravi Linux Client 1 Linux Client 2


192.168.0.1 User:- ravi, ali User:- ravi, ali 192.168.0.2

Solution 1 - Local Authentication

Username ravi
Solution 1 - Local Authentication

Password ********

Solution 1 - Local Authentication

User ravi found


USER DATABASE
authentication
ravisuccessful
****
Access
ali - granted
******

Ravi Linux Client 1 Linux Client 2


192.168.0.1 User:- ravi, ali User:- ravi, ali 192.168.0.2

Solution 1 - Local Authentication


Solution 1 - Local Authentication

Ali Linux Client 1 Linux Client 2


192.168.0.1 User:- ravi, ali User:- ravi, ali 192.168.0.2

Solution 1 - Local Authentication

Username ali

Solution 1 - Local Authentication

Password ********
Solution 1 - Local Authentication

User Ali found


USER DATABASE
authentication
ravisuccessful
****
Access
ali – granted
****

Ali Linux Client 1 Linux Client 2


192.168.0.1 User:- ravi User:- ali 192.168.0.2

Solution 1 - Local Authentication

Solution 2 – Centralized Authentication

NIS Server

User:- ravi, ali 192.168.0.253

Linux Client 1 Linux Client 2


192.168.0.1 192.168.0.2
Solution 2 – Centralized Authentication

NIS Server

User:- ravi, ali 192.168.0.253

Ravi Linux Client 1 Linux Client 2


192.168.0.1 192.168.0.2

Solution 2 – Centralized Authentication

Username ravi

Solution 2 – Centralized Authentication

Password ********
Solution 2 – Centralized Authentication

NIS ServerUser
USERRavi found
DATABASE
authentication
ravi ****
User:- ravi, ali 192.168.0.253 successful
ali ****
Access – granted

Ravi Linux Client 1 Linux Client 2


192.168.0.1 192.168.0.2

Solution 2 – Centralized Authentication

Solution 2 – Centralized Authentication

NIS Server

User:- ravi, ali 192.168.0.253

Ali Linux Client 1 Linux Client 2


192.168.0.1 192.168.0.2
Solution 2 – Centralized Authentication

Username ali

Solution 2 – Centralized Authentication

Password ********

Solution 2 – Centralized Authentication

NIS ServerUser Ali found


USER DATABASE
authentication
ravi
User:- ravi, ali 192.168.0.253 ****
successful
ali ****
Access – granted

Ali Linux Client 1 Linux Client 2


192.168.0.1 192.168.0.2
Solution 2 – Centralized Authentication

Centralized Authentication Services

• The two most commonly used authentication services are

– Network Information Service (NIS)

– Lightweight Directory Access Protocol (LDAP)

• Both NIS and LDAP are used to manage the user accounts centrally.
Network Information Services (NIS)

• Network Information Service (NIS) was originally called as Yellow


Pages or YP.

• It was developed by Sun Microsystems.

• An NIS system maintains a central directory of user and group


information, hostnames, e-mail aliases etc. in a computer network.

NIS

• Packages • Service / Daemon


– ypserv*.rpm – ypserv
– ypbind*.rpm
– yp-tools*.rpm – yppasswdd

• Port Numbers

– NIS uses random ports


[root@comp1 ~]# rpcinfo –p

• Configuration File

– /var/yp/Makefile

NIS Configuration

NIS + NFS
Server
User:- ravi, ali 192.168.0.253

Linux Client 1 Linux Client 2


192.168.0.1 192.168.0.2
NIS Server Configuration

Install the NIS packages


[root@nisserver ~]# yum install yp*

NIS Server Configuration

Assigning NIS domainname - temporarily


[root@nisserver ~]# nisdomainname zoomgroup.com

Assigning NIS domainname - permanently

[root@nisserver ~]# vi /etc/sysconfig/network

Add the line


NISDOMAIN=zoomgroup.com

NIS Server Configuration

Edit the configuration file

[root@nisserver ~]# vi /var/yp/Makefile

Change the below lines


NOPUSH=TRUE
all : passwd group hosts \
NIS Server Configuration

Restart the services


[root@nisserver ~]# service ypserv restart

NIS Server Configuration

Creating the database


[root@nisserver ~]# /usr/lib/yp/ypinit -m

Adding users
[root@nisserver ~]# useradd ravi
[root@nisserver ~]# useradd ali
[root@nisserver ~]# cd /var/yp
[root@nisserver yp]# make

NIS Server Configuration

Restart the services


[root@nisserver ~]# service yppasswdd restart
NFS

• Installation packages • Service


– portmap* – nfs
– nfs* – portmap
• Port numbers • Daemon
– 2049 NFS – nfsd
– 111 Portmap – mountd
• Configuration file – statd
– /etc/exports – lockd

NFS Server Configuration

Install the NFS packages


[root@nisserver ~]# yum install nfs* portmap*
NFS Server Configuration

Edit the NFS configuration file

[root@nisserver ~]# vi /etc/exports

/home 192.168.0.0/255.255.255.0(rw,sync)

Restart the NFS service


[root@nisserver ~]# service nfs restart

NIS Client Configuration

Install the NIS packages


[root@client1 ~]# yum install yp*

NIS Client Configuration

Assigning NIS domainname - temporarily


[root@client1 ~]# nisdomainname zoomgroup.com

Assigning NIS domainname - permanently

[root@client1 ~]# vi /etc/sysconfig/network

Add the line


NISDOMAIN=ZOOM.COM
NIS Client Configuration

Connecting to server for authentication


[root@client1 ~]# authconfig-tui

Mounting the home directories


[root@client1 ~]# mount 192.168.0.253:/home /home

Checking the connectivity


[root@client1 ~]# ypwhich

Lightweight Directory Access Protocol

• LDAP has some advantages over NIS.

– It is an open standard

– Uses fixed ports, 389 TCP for regular communication and 636 TCP
for encrypted communication.

• LDAP is used as the backbone of Microsoft's Active Directory Service


and Novell's Novell Directory Services (NDS) products.

• LDAP can also interact with other login programs, such as Remote
Authentication Dial-in User Service (RADIUS), which is used by many
ISP to manage dialup Internet access.
LDAP Configuration

LDAP + NFS
Server
User:- ravi, ali 192.168.0.253

Linux Client 1 Linux Client 2


192.168.0.1 192.168.0.2

LDAP Server Configuration

Install the Open LDAP packages


[root@ldapserver ~]# yum install *ldap*

LDAP Server Configuration

Create the database directory


[root@ldapserver ~]# mkdir /var/lib/ldap/zoomgroup.com

Change the ownership of the directroy


[root@ldapserver ~]# chown ldap:ldap
/var/lib/ldap/zoomgroup.com
LDAP Server Configuration

Edit the configuration file

[root@ldapserver ~]# vi /etc/openldap/slapd.conf

Add the below lines


database bdb
suffix "dc=zoomgroup,dc=com"
rootdn "cn=Manager,dc=zoomgroup,dc=com"
rootpw password
directory /var/lib/ldap/zoomgroup.com

LDAP Server Configuration

Create users
[root@ldapserver ~]# useradd <username>

Assign password to the users


[root@ldapserver ~]# passwd <username>

LDAP Server Configuration

Edit the configuration file

[root@ldapserver ~]# vi /usr/share/openldap/migration/migrate_common.ph

Replace the word padl with your domainname

:%s/padl/zoomgroup/g
LDAP Server Configuration

Copy the DB_CONFIG.example file to the ldap database directory


[root@ldapserver ~]# cp -p /etc/openldap/DB_CONFIG.example
/var/lib/ldap/zoomgroup.com/DB_CONFIG

Migrate the system authentication files


[root@ldapserver ~]# /usr/share/openldap/migration/migrate_all_offline.sh

Change ownership of the database files


[root@ldapserver ~]# chown -R ldap:ldap
/var/lib/ldap/zoomgroup.com

LDAP Server Configuration

Start the ldap services


[root@ldapserver ~]# service ldap start
[root@ldapserver ~]# chkconfig ldap on

Test the ldap database


[root@ldapserver ~]# ldapsearch -x -b 'dc=zoom,dc=com' '(objectclass=*)'
NFS

• Installation packages • Service


– portmap* – nfs
– nfs* – portmap
• Port numbers • Daemon
– 2049 NFS – nfsd
– 111 Portmap – mountd
• Configuration file – statd
– /etc/exports – lockd

NFS Server Configuration

Install the NFS packages


[root@ldapserver ~]# yum install nfs* portmap*

NFS Server Configuration

Edit the NFS configuration file

[root@ldapserver ~]# vi /etc/exports

/home 192.168.0.0/255.255.255.0(rw,sync)

Restart the NFS service


[root@ldapserver ~]# service nfs restart
LDAP Client Configuration

Edit the configuration file

[root@client1 ~]# vi /etc/openldap/ldap.conf

Add the lines

HOST 192.168.1.100
BASE dc=zoomgroup,dc=com

LDAP Client Configuration

Mounting the home directories


[root@client1 ~]# mount 192.168.0.253:/home /home

You might also like