Lab 9: NFS and NIS

Stephen Jones < sjones@cs.ucr.edu>

Objective

The goal of this lab is to set up an NFS and NIS server on the Router VM and use the Host VM as a client.

Introduction

The Network File System (NFS) allows users, the client, to access files over a network as if they are directly connected to the local disks. The Network Information Service (NIS) allows for the sharing of system configuration data.

With both NFS and NIS setup, from any computer in a network you may "access" any other computer on that network so long as you have authentication. Furthermore, you may still access the filesystem to which the network is accessing along with the files associated with the computer you are logged into.

Procedures

NFS

Setting up the NFS is very straightforward. Simply follow my steps exactly and you will be hunky-dory.

NFS server (Router VM)

$ vi /etc/exports

$ exports -a
$ vi /etc/hosts.allow

/etc/init.d/nfs start
$ chkconfig nfs on

NFS Client (Host VM)

/etc/init.d/portmap start
$ mount 10.0.0.1:/home /home
$ mount 10.0.0.1:/import /import
$ vi /etc/fstab

$ mount -a
$ chkconfig nfs on

The following steps in this section is not neccessary for setting up the NFS server. However, it is enlightening to get an understanding of what you are doing. So... if you are interested, proceed with the steps in this section otherwise skip to the next section named "NIS".

$ showmount -e 10.0.0.1 to view that the server exports are correct

Run $ df and create a file in the mounted directory to ensure the mounts are working correctly

Now unmount the 2 NFS partitions and run$ df again

Change the "options" of the two entries you added to /etc/fstab to be "soft,timeo=5" and remount the 2 NFS partitions

Bring down the eth1: $ ifdown eth1 - and run $ df and $ ls -l /import

Bring eth1 back up: $ ifup eth1 - and run the commands $ df and $ ls -l /import again.

Change the options to "hard,intr" and run the previous two steps again

If you want to set up an automount system... proceed with the following:

Unmount the 2 NFS partitions and remove the 2 entries from the /etc/fstab file.
$ vi /etc/auto.master

$ echo "* -soft,timeo=5 10.0.0.1:/home/&" > /etc/auto.home
$ echo "* -soft,timeo=5 10.0.0.1:/import/&" > /etc/auto.import
$ chkconfig automount on
If it has automounted, you should beable to see the mounted NFS patitions directly after you log in:

NIS

NIS Server (Router VM)

$ yum install ypserv
$ ypdomainname linux.is.better
$ /etc/init.d/ypserv start
$ /usr/lib/yp/ypinit -m

CTRL+D

$ echo "domain linux.is.better server 10.0.0.1" > /etc/yp.conf
$ /etc/init.d/ypbind start
To verify the NIS server

$ ps auxw | grep yp
$ ypwhich
$ ypcat ypservers
$ ypcat passwd
$ ypcat group

To run the NIS server automatcially:

$ chkconfig ypserv on
$ chkconfig ypbind on
$ chkconfig yppasswdd on
$ chkconfig nis on

NIS Client (Host VM)

$ yum install ypserv
$ ypdomainname linux.is.better
$ echo "domain linux.is.better server 10.0.0.1" > /etc/yp.conf
/etc/init.d/ypbind start
Add "nis" in the following lines in /etc/nsswitch.conf

passwd: files nis
group: files nis

To check if its running:

$ ypwhich
$ ypcat passwd

To run the NIS client automatically:

$ echo "NISDOMAIN=linux.is.better" >> /etc/sysconfig/network
$ chkconfig ypbind on
$ chkconfig nis on

Now, to test your newly set up NIS server... proceed with the following:

On the Router VM, create a user account called "user1"

$ useradd user1
$ passwd user1

<set the user's password>

$ cd /var/yp
$ make

Verify that your NIS server is working:

On the host VM, attempt to ssh into your user1 account:

ssh user1@linux.is.better

Conclusion

Well, now that you have the NIS and NFS server running... you can log onto any user from the host VM. The users availible to you can either be created from the Router VM or Host VM. Also, you have access to the /home and /import directories on the Router Vm from the Host VM. You have essentially set up a miniturized system of what UCR uses to network its computers in the Engineering Department.

Glossary

Network File System (NFS)

"Network File System (NFS) is a network file system protocol originally developed by Sun Microsystems in 1984, allowing a user on a client computer to access files over a network as easily as if the network devices were attached to its local disks." (source: www.wikipedia.org)

Network Information Service (NIS)

"The Network Information Service or NIS (originally called Yellow Pages or YP) is Sun Microsystems' client-server directory service protocol for distributing system configuration data such as user and host names between computers on a computer network.

Sun licenses this technology to virtually all other Unix vendors. As the name "Yellow Pages" was a registered trademark in the United Kingdom of British Telecom PLC for their (paper) commercial telephone directory, Sun changed the name of their system to NIS, though all the commands and functions still start with "yp".

NIS/YP is used for maintenance and distribution of a central directory of user and group information, hostnames, e-mail aliases and other text-based tables of information in a computer network. For example, in a common UNIX environment, the list of users for identification is placed in /etc/passwd, and secret authentication hashes in /etc/shadow. NIS adds another "global" user list which is used for identifying users on any client of the NIS domain." (source: www.wikipedia.org)

Lightweight Directory Access Protocol

"The Lightweight Directory Access Protocol, or LDAP, is an application protocol for querying and modifying directory services running over TCP/IP.

A directory is a set of objects with similar attributes organized in a logical and hierarchical manner. The most common example is the telephone directory, which consists of a series of names (either of persons or organizations) organized alphabetically, with each name having an address and phone number attached. Due to this basic design (among other factors) LDAP is often used by other services for authentication, despite the security problems this causes.

An LDAP directory tree often reflects various political, geographic, and/or organizational boundaries, depending on the model chosen. LDAP deployments today tend to use Domain name system (DNS) names for structuring the topmost levels of the hierarchy. Deeper inside the directory might appear entries representing people, organizational units, printers, documents, groups of people or anything else that represents a given tree entry (or multiple entries)." (source: www.wikipedia.org)

Questions

Show that automount works.
See procedures, section NFS... last step
Describe what happens when trying to access a NFS parition that is mounted with options "soft,timeo=5" and "hard,intr" respectively on the Host VM when the Router VM is down.
The "soft, timeo=5" option allows the kernel to time out if the nfs server is not responding for 5 seconds.
The "hard, intr" retries indefinitely if the operation fails.
Show that the Host VM has no "user1" on the /etc/passwd file, yet, the "user1" is able to login. ie. NIS is at work.
Briefly discuss LDAP authentication vs. NIS.
LDAP authentication: Authentication is supplied in the "bind" operation. Ldapv3 supports three types of authentication - anonymus, simple and SASL authentication. Clients that send LDAP a request without doing a "bind" is considered anonymous. Simple authentication consists of sending the LDAP server the fully qualified DN of the user and the client's clear-text password. SASL is the Simple Authentication and Secrurity Layer. It specifies a challenge-response protocol in which data is exchanged between the client and the server for the purposes of authentication and establishment of a security layer.
(source: http://tldp.org/HOWTO/LDAP-HOWTO/authentication.html)
NIS: NIS is used for maintenance and distribution of a central directory and group information, hostnames, e-mail aliases and other text-based tables of information in a computer network. This can be configured to serve password data to authenticate users.