2015/10/05

NIS

Introduccion:

Instalar un Network Information System (NIS)

Requerimientos:

* FreeBSD instalado
* Conexion a Internet
* Leer este tutorial

Manuales:

https://www.freebsd.org/doc/handbook/network-nis.html
http://daemon-notes.com/articles/network/unix-lan/nis
http://blog.zespre.com/posts/2014/12/freebsd-nis-nfs

Proceso:

-------------------------------------------------------------------------------------------------------------------------------------
NIS Master Server

# cat /etc/rc.conf
...
# Network Information System (NIS)
# NIS Master Server
nisdomainname="samdom.dominio.com"
nis_server_enable="YES"
nis_yppasswdd_enable="YES"
# A server that is also a client
nis_client_enable="YES" # run client stuff as well
nis_client_flags="-S samdom.dominio.com,alpha"

# mkdir /var/yp/samdom.dominio.com

# service ypserv start

# cp /etc/master.passwd /var/yp/master.passwd
# cd /var/yp
# edit /var/yp/master.passwd

Borro todos los usuarios especiales y solo dejo los que iniciaran en los equipos.

# chmod 0600 /var/yp/master.passwd

# ypinit -m samdom.dominio.com
Server Type: MASTER Domain: samdom.dominio.com

Creating an YP server will require that you answer a few questions.
Questions will all be asked at the beginning of the procedure.

Do you want this procedure to quit on non-fatal errors? [y/n: n] 

Ok, please remember to go back and redo manually whatever fails.
If you don't, something might not work.

Can we destroy the existing /var/yp/samdom.dominio.com and its contents? [y/n: n]  y

At this point, we have to construct a list of this domains YP servers.
alpha.samdom.dominio.com is already known as master server.
Please continue to add any slave servers, one per line. When you are
done with the list, type a <control D>.
        master server   :  alpha.samdom.dominio.com
        next host to add:  ^D
The current list of NIS servers looks like this:

alpha.samdom.dominio.com

Is this correct?  [y/n: y]  y

[..output from map generation..]

NIS Map update completed.

alpha.samdom.dominio.com has been setup as an YP master server without any errors.

# adduser
Username: jdoe
Full name: John Doe
Uid (Leave empty for default):
Login group [jdoe]:
Login group is jdoe. Invite jdoe into other groups? []:
Login class [default]:
Shell (sh csh tcsh nologin) [sh]:
Home directory [/home/jdoe]:
Home directory permissions (Leave empty for default):
Use password-based authentication? [yes]:
Use an empty password? (yes/no) [no]:
Use a random password? (yes/no) [no]:
Enter password:
Enter password again:
Lock out the account after creation? [no]:
Username   : jdoe
Password   : *****
Full Name  : John Doe
Uid        : 1002
Class      :
Groups     : jdoe
Home       : /home/jdoe
Home Mode  :
Shell      : /bin/sh
Locked     : no
OK? (yes/no): yes
adduser: INFO: Successfully added (jdoe) to the user database.
Add another user? (yes/no): no
Goodbye!

# cd /var/yp

# make samdom.dominio.com
`samdom.dominio.com' is up to date.

# cat /var/yp/securenets
# allow connections from local host -- mandatory
127.0.0.1       255.255.255.255
# allow connections from my LAN
# on    the 192.168.128.0 network
#192.168.128.0  255.255.255.0
# on    the 172.16.0.0 network
172.16.0.0      255.255.0.0
# allow connections from any host
# between 10.0.0.0 to 10.0.15.255
#10.0.0.0       255.255.240.0

# shutdown -r now

# dmesg -a
...
Setting NIS domain: samdom.dominio.com.
Starting rpcbind.
Starting ypserv.
Starting ypbind.

-------------------------------------------------------------------------------------------------------------------------------------
NIS Slave Server

# cat /etc/rc.conf
...
# Network Information System (NIS)
# NIS Slave Server
nisdomainname="samdom.dominio.com"
nis_server_enable="YES"
nis_yppasswdd_enable="YES"
# A server that is also a client
nis_client_enable="YES" # run client stuff as well
nis_client_flags="-S samdom.dominio.com,alpha"

# mkdir /var/yp/samdom.dominio.com

# ypinit -s alpha samdom.dominio.com
Server Type: SLAVE Domain: samdom.dominio.com Master: alpha

Creating an YP server will require that you answer a few questions.
Questions will all be asked at the beginning of the procedure.

Do you want this procedure to quit on non-fatal errors? [y/n: n]  n

Ok, please remember to go back and redo manually whatever fails.
If not, something might not work.
There will be no further questions. The remainder of the procedure
should take a few minutes, to copy the databases from alpha.
Transferring netgroup...
ypxfr: Exiting: Map successfully transferred
Transferring netgroup.byuser...
ypxfr: Exiting: Map successfully transferred
Transferring netgroup.byhost...
ypxfr: Exiting: Map successfully transferred
Transferring master.passwd.byuid...
ypxfr: Exiting: Map successfully transferred
Transferring passwd.byuid...
ypxfr: Exiting: Map successfully transferred
Transferring passwd.byname...
ypxfr: Exiting: Map successfully transferred
Transferring group.bygid...
ypxfr: Exiting: Map successfully transferred
Transferring group.byname...
ypxfr: Exiting: Map successfully transferred
Transferring services.byname...
ypxfr: Exiting: Map successfully transferred
Transferring rpc.bynumber...
ypxfr: Exiting: Map successfully transferred
Transferring rpc.byname...
ypxfr: Exiting: Map successfully transferred
Transferring protocols.byname...
ypxfr: Exiting: Map successfully transferred
Transferring master.passwd.byname...
ypxfr: Exiting: Map successfully transferred
Transferring networks.byname...
ypxfr: Exiting: Map successfully transferred
Transferring networks.byaddr...
ypxfr: Exiting: Map successfully transferred
Transferring netid.byname...
ypxfr: Exiting: Map successfully transferred
Transferring hosts.byaddr...
ypxfr: Exiting: Map successfully transferred
Transferring protocols.bynumber...
ypxfr: Exiting: Map successfully transferred
Transferring ypservers...
ypxfr: Exiting: Map successfully transferred
Transferring hosts.byname...
ypxfr: Exiting: Map successfully transferred

bravo has been setup as an YP slave server without any errors.
Remember to update map ypservers on alpha.

-------------------------------------------------------------------------------------------------------------------------------------
NIS Client

# cat /etc/rc.conf
...
# Network Information System (NIS)
# NIS Client
nisdomainname="samdom.dominio.com"
nis_client_enable="YES" # run client stuff as well
nis_client_flags="-S samdom.dominio.com,alpha

# /etc/netstart

# service ypbind start

DDNS + DHCPd

Introduccion:

Instalar un servidor DDNS que sera actualizado desde el servidor DHCPd.

Requerimientos:

* FreeBSD instalado
* Conexion a Internet
* Leer este tutorial

Proceso:
(pendiente, pero los comandos y los archivos son validos para poner a funcionar todo)

Comandos usados:

# bsdconfig
# passwd
# freebsd-update fetch
# freebsd-update install
# portsnap fetch extract
# portsnap fetch update
# cd /usr/ports/dns/bind910
# make config-recursive
# make install clean
# rndc-confgen -a
wrote key file "/usr/local/etc/namedb/rndc.key"
# cd /usr/ports/net/isc-dhcp43-server
# make config-recursive
# make install clean

Por un tema de cambio de rutas en FreeBSD 8.2 y FreeBSD 10.2 creo un link simple
# ln -s /usr/local/etc/namedb/ /etc/namedb

Ajusto y/o creo los siguientes archivos

------------------------------------------------------------------------------------------------------------------------------------
# cat /etc/rc.conf

hostname="alpha.samdom.dominio.com"

# Servicio SSH
sshd_enable="YES"

# Primera tarjeta de red (INTERNET)
ifconfig_em0="inet 192.168.16.22 netmask 255.255.240.0"
defaultrouter="192.168.16.1"

# Segunda tarjeta de red (LAN)
ifconfig_em1="inet 172.16.100.1 netmask 255.255.0.0"

# NTP
ntpd_enable="YES"
ntpd_config="/etc/ntp.conf"

# ISC-DHCPd Server
dhcpd_enable="YES"
dhcpd_conf="/usr/local/etc/dhcpd.conf"
dhcpd_ifaces="em1"

# ISC BIND
named_enable="YES"

# Activamos OpenBSD Packet Filter (PF)
pf_enable="YES"                 # Enable PF (load module if required)
pf_rules="/etc/pf.conf"         # rules definition file for pf
pf_flags=""                     # additional flags for pfctl startup
pflog_enable="YES"              # start pflogd(8)
pflog_logfile="/var/log/pflog"  # where pflogd should store the logfile
pflog_flags=""                  # additional flags for pflogd startup
gateway_enable="YES"            # Enable as LAN gateway (PF)

# Network Information System (NIS)
# NIS Master Server
nisdomainname="samdom.dominio.com"
nis_server_enable="YES"
nis_yppasswdd_enable="YES"
nis_client_enable="YES"
nis_client_enable="YES" # run client stuff as well
nis_client_flags="-S NIS domain,server"

# IPv6
#ipv6_activate_all_interfaces="YES"
ifconfig_em1_ipv6="inet6 2001:0db8:1000:8b00::2 prefixlen 64"
ipv6_defaultrouter="2001:0db8:1000:8b00::1"

------------------------------------------------------------------------------------------------------------------------------------
# cat /etc/ntp.conf

# Associate to the public NTP pool servers
server 0.pool.ntp.org prefer
server 1.pool.ntp.org
server 2.pool.ntp.org
server 3.pool.ntp.org

# Location of drift file
driftfile /var/db/ntp.drift

# Location of the log file
logfile /var/log/ntpd

# Restrictions
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery
restrict 127.0.0.1
restrict -6 ::1
restrict 127.127.1.0

------------------------------------------------------------------------------------------------------------------------------------
# cat resolv.conf

# Generated by resolvconf
#nameserver 192.168.16.1
#nameserver 192.168.16.8

# FreeBSD DNS
search samdom.dominio.com
#nameserver 2001:4860:4860::8888
#nameserver 2001:4860:4860::8844
#nameserver 8.8.8.8
#nameserver 8.8.4.4
nameserver 127.0.0.1

------------------------------------------------------------------------------------------------------------------------------------
# cat /usr/local/etc/namedb/named.conf

Google Drive

------------------------------------------------------------------------------------------------------------------------------------
# cat /usr/local/etc/namedb/dynamic/samdom.dominio.com

Google Drive

------------------------------------------------------------------------------------------------------------------------------------
# cat /usr/local/etc/namedb/dynamic/16.172.in-addr.arpa

Google Drive

------------------------------------------------------------------------------------------------------------------------------------
# cat /usr/local/etc/dhcpd.conf

Google Drive

------------------------------------------------------------------------------------------------------------------------------------
# cat /etc/pf.conf

Google Drive

------------------------------------------------------------------------------------------------------------------------------------
# touch /var/log/ntpd
# /usr/local/etc/rc.d/named start
# /usr/local/etc/rc.d/isc-dhcpd start
# shutdown -r now

# rndc status
version: BIND 9.9.8 (Extended Support Version) <id:2d6d4ba>
CPUs found: 1
worker threads: 1
UDP listeners per interface: 1
number of zones: 163
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running

Para poder editar mis archivos de zonas hay que congelarlos con:

# rndc freeze samdom.dominio.com
# rndc freeze 16.172.in-addr.arpa

Luego de editarlos (recordar actualizar el serial "2015100101" de cada uno) descongelarlos con:

# rndc thaw samdom.dominio.com
# rndc thaw 16.172.in-addr.arpa