====== Сервис NIS ======

  * [[https://www.ibm.com/support/knowledgecenter/en/ssw_aix_72/com.ibm.aix.nis/nis_domain.htm|NIS Domain]]

===== Настройка Unix сервера =====

  * [[Управление учетными записями в Linux#Создание тестового набора учетных записей]]

==== Инсталляция, инициализация БД и запуск ====

=== Debian/Ubuntu ===
  * [[https://help.ubuntu.com/community/SettingUpNISHowTo|SettingUpNISHowTo]]
  * [[https://www.server-world.info/en/note?os=Debian_10&p=nis&f=1|Debian 10 Buster Configure NIS Server]]
  * [[https://www.debian.org/releases/buster/i386/release-notes/ch-information.ru.html#rpcbind-defaults|Debian 10 Buster NIS server does not answer NIS client requests by default]]
  * В течении 5 минут ищет, пока, несуществующий NIS сервер
<code>
root@server:~# apt install nis
</code><code>
...
Nis domain: corpX.un
...
</code><code>
root@server:~# cat /etc/defaultdomain
</code><code>
corpX.un
</code><code>
debian10_ubuntu20# cat /etc/default/nis
</code><code>
...
NISSERVER=master
...
NISCLIENT=false
...
</code><code>
debian10/11/12_ubuntu20# cat /etc/default/rpcbind
</code><code>
OPTIONS="-w -r"
</code><code>
debian10_ubuntu20# init 6

debian11/12# systemctl enable ypserv

debian11/12# systemctl start ypserv

root@server:~# /usr/lib/yp/ypinit -m
</code><code>
...
        next host to add:  server.corpX.un
        next host to add:  ^D
...
</code><code>
debian10# service nis restart
</code>

=== FreeBSD ===
<code>
[server:~] # cat /etc/rc.conf
</code><code>
...
rpcbind_enable="YES"
nisdomainname="corpX.un"
nis_server_enable="YES"
nis_yppasswdd_enable="YES"
</code><code>
[server:~] # /etc/rc.d/rpcbind start

[server:~] # /etc/rc.d/nisdomain start
Setting NIS domain: corpX.un.

[server:~] # mkdir /var/yp/corpX.un

[server:~] # service ypserv start

[server:~] # awk -F: '($3>=1000) && ($3<65533)' /etc/master.passwd > /var/yp/master.passwd

[server:~] # cd /var/yp

[server:/var/yp] # ypinit -m corpX.un
</code><code>
Server Type: MASTER Domain: corpX.un
...
Do you want this procedure to quit on non-fatal errors? [y/n: n]
...
Can we destroy the existing /var/yp/corpX.un and its contents? [y/n: n]  y
...
        master server   :  server.corpX.un
        next host to add:  ^D
...
Is this correct?  [y/n: y]
...
</code><code>
[server:/var/yp] # cd

[server:~] # service yppasswdd start
</code>

=== CentOS/SL ===

[[http://www.server-world.info/en/note?os=CentOS_5&p=nis]]
===== Настройка Windows сервера =====

==== SFU AD Windows 2003 ====

Устанавливаем NIS server из пакета SFU

Опции инсталяции:
<code>
Custom:
        Server for NIS
</code>

==== Identity Management for Unix AD Windows 2008 ====
<code>
Start->Administrative Tools->Server Manager->Roles->Active Directory Domain Services->Add Role Services->Identity Management for Unix
</code>

==== Identity Management for Unix убрали из Windows 2016 ====

  * [[https://blogs.technet.microsoft.com/activedirectoryua/2016/02/09/identity-management-for-unix-idmu-is-deprecated-in-windows-server/|Clarification regarding the status of Identity Management for Unix (IDMU) & NIS Server Role in Windows Server 2016 Technical Preview and beyond]]
  * [[https://access.redhat.com/articles/2203991|FAQ: The removal of Identity Management for Unix (IDMU) in Active Directory and how it affects the authentication of RHEL clients]]

  * Active Directory Users and Computers->View->Advanced Features ... Attribute Editor
==== Настраиваем unix атрибуты пользователей ====

  * [[Хранение учетных записей UNIX в LDAP#Пример назначения UNIX атрибутов в Microsoft AD]]

Аналогично, для user2 !!!

**guser1**
<code>
gidNumber: 10001
</code>
**user1**
<code>
gidNumber: 10001
loginShell: /bin/bash
uidNumber: 10001
unixHomeDirectory: /home/user1
</code>
**group1**
<code>
gidNumber: 15001
memberUid: user2
memberUid: user1
</code>
===== Настройка клиента =====

==== Debian/Ubuntu ====
<code>
# apt install nis
</code><code>
...
NIS domain: corpX.un
...
</code><code>
# cat /etc/defaultdomain
</code><code>
corpX.un
</code><code>
debian11/12# cat /etc/yp.conf
</code><code>
...
domain corpX.un server 192.168.X.10
</code><code>
debian11/12# systemctl enable ypbind

debian11/12# systemctl start ypbind

root@client1:~# ypcat passwd
</code>

  * [[Использование библиотеки NSSWITCH]]

<code>
client1:~# cat /etc/nsswitch.conf
</code><code>
...
passwd:         compat
group:          compat
shadow:         compat
...
</code><code>
root@client1:~# cat /etc/passwd
</code><code>
...
+
</code><code>
root@client1:~# cat /etc/shadow
</code><code>
...
+
</code><code>
root@client1:~# cat /etc/group
</code><code>
...
+
</code><code>
debian11# service nscd restart && service nscd reload
</code>
==== FreeBSD ====
<code>
[client1:~] # cat /etc/rc.conf
</code><code>
rpcbind_enable="YES"
nisdomainname="corpX.un"
nis_client_enable="YES"
</code><code>
[client1:~] # /etc/rc.d/rpcbind start

[client1:~] # /etc/rc.d/nisdomain start
Setting NIS domain: corpX.un.

[client1:~] # /etc/rc.d/ypbind start

[client1:~] # ypcat passwd

[client1:~] # vipw

[client1:~] # cat /etc/master.passwd
</code><code>
...
+:::::::::
</code><code>
[client1:~] # cat /etc/group
</code><code>
...
+:::
</code>

==== Проверка ====
<code>
# id user1

# id user2

# getent passwd
</code>