Nagios Client Install on Linux CentOS

Packages you will need:
1.      Create an install dir:
mkdir /install
2.      Download NRPE:
3.  tar -zxvf nrpe-2.12.tar.gz
4.  cd nrpe-2.12
5.  ./configure
should end with an output like this:
*** Configuration summary for nrpe 2.12 03-10-2008 ***:

 General Options:
 NRPE port:    5666
 NRPE user:    nagios
 NRPE group:   nagios
 Nagios user:  nagios
 Nagios group: nagios

Review the options above for accuracy.  If they look okay,
type 'make all' to compile the NRPE daemon and client.
6.      Run
make all
7.  useradd nagios
8.  make install
9.      Edit and install nrpe.cfg into /usr/local/nagios/etc
10.  Go back into
cd /install
11.  Download Nagios-Plugisns:
12.tar -zxvf nagios-plugins-1.4.14.tar.gz nagios-plugins-1.4.14
15.make all
16.make install
17.  Install nrpe into /etc/init.d
18.chmod a+x nrpe
19.  Run
 chkconfig --add nrpe
20.chkconfig --level 235 nrpe on
Labels parameters

How to update Gateway, network settings on RHEL

Changing Your IP Address

If you wanted, you could give this eth0 interface an IP address using the ifconfig command.
[root@bigboy tmp]# ifconfig eth0 netmask up
The "up" at the end of the command activates the interface. To make this permanent each time you boot up you'll have to add this command in your /etc/rc.local file which is run at the end of every reboot.

How to View Your Current Routing Table 

[root@bigboy tmp]# netstat -nr

Kernel IP routing table
Destination     Gateway     Genmask         Flags MSS Window irtt Iface UH    40  0      0    wlan0   U     40  0      0    wlan0       U     40  0      0    lo         UG    40  0      0    wlan0

How to Configure Two Gateways

Some networks may have multiple router/firewalls providing connectivity. Here's a typical scenario:
  • You have one router providing access to the Internet that you'd like to have as your default gateway (see the default gateway example earlier)
  • You also have another router providing access to your corporate network using addresses in the range to Let's assume that this router has an IP address of
The Linux box used in this example uses interface wlan0 for its Internet connectivity. You might be most likely using interface eth0, please adjust your steps accordingly.
There are a number of ways to add this new route.

Adding Temporary Static Routes

The route add command can be used to add new routes to your server that will last till the next reboot. It has the advantage of being univeral to all versions of Linux and is well documented in the man pages. In our example the reference to the network has to be preceded with a -net switch and the subnet mask and gateway values also have to be preceded by the netmask and gw switches respectively.
[root@bigboy tmp]# route add -net netmask gw wlan0 If you wanted to add a route to an individual server, then the "-host" switch would be used with no netmask value. (The route command automatically knows the mask should be Here is an example for a route to host
[root@bigboy tmp]# route add -host gw wlan0 A universal way of making this change persistent after a reboot would be to place this route add command in the file /etc/rc.d/rc.local, which is always run at the end of the booting process.

Adding Permanent Static Routes

In Fedora Linux, permanent static routes are added on a per interface basis in files located in the /etc/sysconfig/network-scripts directory. The filename format is route-interface-name so the filename for interface wlan0 would be route-wlan0.
The format of the file is quite intuitive with the target network coming in the first column followed by the word via and then the gateway's IP address. In our routing example, to set up a route to network with a subnet mask of (a mask with the first 8 bits set to 1) via the gateway, we would have to configure file /etc/sysconfig/network-scripts/route-wlan0 to look like this:
# # File /etc/sysconfig/network-scripts/route-wlan0 # via Note: The /etc/sysconfig/network-scripts/route-* filename is very important. Adding the wrong interface extension at the end will result in the routes not being added after the next reboot. There will also be no reported errors on the screen or any of the log files in the /var/log/ directory.
You can test the new file by running the /etc/sysconfig/network-scripts/ifup-routes command with the interface name as the sole argument. In the next example we check the routing table to see no routes to the network and execute the ifup-routes command, which then adds the route:

[root@bigboy tmp]# netstat -nr Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface U 0 0 0 wlan0 U 0 0 0 wlan0 UG 0 0 0 wlan0 [root@bigboy tmp]# ./ifup-routes wlan0 [root@bigboy tmp]# netstat -nr Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface U 0 0 0 wlan0 U 0 0 0 wlan0 UG 0 0 0 wlan0 UG 0 0 0 wlan0 [root@bigboy tmp]# Note: In Debian based systems, permanent static routes are configured using the /etc/network/interfaces file. See the section "Debian / Ubuntu Network Configuration" later in this chapter for more details.

How to Delete a Route

Here's how to delete the routes added in the previous section.
[root@bigboy tmp]# route del -net netmask gw wlan0 The file /etc/sysconfig/network-scripts/route-wlan0 will also have to be updated so that when you reboot the server will not reinsert the route. Delete the line that reads: via

Changing NIC Speed and Duplex

There is no better Linux investment than the purchase of a fully Linux compatible NIC card. Most Linux vendors will have a list of compatible hardware on their Web sites: read this carefully before you start hooking up you machine to the network. If you can't find any of the desired models in your local computer store, then a model in the same family or series should be sufficient. Most cards will work, but only the fully compatible ones will provide you with error-free, consistent throughput.
Linux defaults to automatically negotiating the speed and duplex of it's NIC automatically with that of the switch to which it is attached. Configuring a switch port to auto-negotiate the speed and duplex often isn't sufficient because there are frequently differences in the implementation of the protocol standard.
Typically, NICs with failed negotiation will work, but this is usually accompanied by many collision type errors being seen on the NIC when using the ifconfig -a command and only marginal performance. Don't limit your troubleshooting of these types of errors to just failed negotiation; the problem could also be due to a bad NIC card, switch port, or cabling.

Using mii-tool

One of the original Linux tools for setting the speed and duplex of your NIC card was the mii-tool command. It is destined to be deprecated and replaced by the newer ethtool command, but many older NICs support only mii-tool so you'll need to be aware of it. Issuing the command without any arguments gives a brief status report, as seen in the next example, with unsupported NICs providing an Operation not supported message. NICs that are not compatible with mii-tool often will still work, but you have to refer to the manufacturer's guides to set the speed and duplex to anything but auto-negotiate.
[root@bigboy tmp]# mii-tool SIOCGMIIPHY on 'eth0' failed: Operation not supported eth1: 100 Mbit, half duplex, link ok [root@bigboy tmp]# By using the verbose mode -v switch you can get much more information. In this case, negotiation was OK, with the NIC selecting 100Mbps, full duplex mode (FD):
[root@bigboy tmp]# mii-tool -v eth1: negotiated 100baseTx-FD, link ok product info: vendor 00:10:18, model 33 rev 2 basic mode: autonegotiation enabled basic status: autonegotiation complete, link ok capabilities: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD advertising: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD link partner: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-control [root@bigboy tmp]#

Setting Your NIC's Speed Parameters with mii-tool

You can set your NIC to force itself to a particular speed and duplex by using the -F switch with any of the following options: 100baseTx-FD, 100baseTx-HD, 10baseT-FD, or 10baseT-HD. Remember that you could lose all network connectivity to your server if you force your NIC to a particular speed/duplex that doesn't match that of your switch:
[root@bigboy tmp]# mii-tool -F 100baseTx-FD eth0 Unfortunately there is no way to set this on reboot permanently except by placing it the command in the /etc/rc.local file to let it be run at the very end of the booting process or by creating your own startup script if you need it set earlier. Creating your own startup scripts is covered in Chapter 7, "The Linux Boot Process".

Using ethtool

The ethtool command is slated to be the replacement for mii-tool in the near future and tends to be supported by newer NIC cards.
The command provides the status of the interface you provide as its argument. Here we see interface eth0 not doing autonegotiation and set to a speed of 100 Mbps, full duplex. A list of supported modes is also provided at the top of the output.
[root@bigboy tmp]# ethtool eth0 Settings for eth0: Supported ports: [ TP MII ] Supported link modes: 10baseT/Half 10baseT/Full 100baseT/Half 100baseT/Full Supports auto-negotiation: Yes Advertised link modes: 10baseT/Half 10baseT/Full 100baseT/Half 100baseT/Full Advertised auto-negotiation: No Speed: 100Mb/s Duplex: Full Port: MII PHYAD: 1 Transceiver: internal Auto-negotiation: off Supports Wake-on: g Wake-on: g Current message level: 0x00000007 (7) Link detected: yes [root@bigboy tmp]#

Setting Your NIC's Speed Parameters with ethtool

Unlike mii-tool, ethtool settings can be permanently set as part of the interface's configuration script with the ETHTOOL_OPTS variable. In our next example, the settings will be set to 100 Mbps, full duplex with no chance for auto-negotiation on the next reboot:

# # File: /etc/sysconfig/network-scripts/ifcfg-eth0 # DEVICE=eth0 IPADDR= NETMASK= BOOTPROTO=static ONBOOT=yes ETHTOOL_OPTS="speed 100 duplex full autoneg off" You can test the application of these parameters by shutting down the interface and activating it again with the ifup and ifdown commands. These settings can also be changed from the command line using the -s switch followed by the interface name and its desired configuration parameters.
[root@bigboy tmp]# ethtool -s eth1 speed 100 duplex full autoneg off [root@bigboy tmp]# The Linux man pages give more details on other ethtool options, but you can get a quick guide by just entering the ethtool command alone, which provides a quicker summary.
[root@bigboy tmp]# ethtool ... ... ethtool -s DEVNAME \ [ speed 10|100|1000 ] \ [ duplex half|full ] \ [ port tp|aui|bnc|mii|fibre ] \ ... ... [root@bigboy tmp]#

A Note About Duplex Settings

By default, Linux NICs negotiate their speed and duplex settings with the switch. This is done by exchanging electronic signals called Fast Link Pulses (FLP). When the speed and duplex are forced to a particular setting the FLPs are not sent. When a NIC is in auto-negotiation mode and detects a healthy, viable link but receives no FLPs, it errs on the side of caution and sets its duplex to half-duplex and sometimes it will also set its speed to the lowest configurable value. It is therefore possible to force a switch port to 100 Mbps full duplex, but have the auto-negotiating server NIC set itself to 100Mbps half-duplex which will result in errors. The same is true for the switch if the switch port is set to auto-negotiate and server NIC is set to 100 Mbps full duplex. It is best to either force both the switch port and server NIC to either auto-negotiate or the same forced speed and duplex values.

How to Convert Your Linux Server into a Simple Router

Router/firewall appliances that provide basic Internet connectivity for a small office or home network are becoming more affordable every day, but when budgets are tight you might seriously want to consider modifying an existing Linux server to do the job.
Details on how to configure Linux firewall security are covered in Chapter 14, "Linux Firewalls Using iptables", but you need to understand how to activate routing through the firewall before it can become a functioning networking device.

Configuring IP Forwarding

For your Linux server to become a router, you have to enable packet forwarding. In simple terms packet forwarding enables packets to flow through the Linux box from one network to another. The Linux kernel configuration parameter to activate this is named net.ipv4.ip_forward and can be found in the file /etc/sysctl.conf. Remove the "#" from the line related to packet forwarding.
Before: # Disables packet forwarding net.ipv4.ip_forward=0 After: # Enables packet forwarding net.ipv4.ip_forward=1 This enables packet forwarding only when you reboot at which time Linux will create a file in one of the subdirectories of the special RAM memory-based /proc filesystem. To activate the feature immediately you have to force Linux to read the /etc/sysctl.conf file with the sysctl command using the -p switch. Here is how it's done:
[root@bigboy tmp] sysctl -p sysctl -p net.ipv4.ip_forward = 1 net.ipv4.conf.default.rp_filter = 1 kernel.sysrq = 0 kernel.core_uses_pid = 1 [root@bigboy tmp]#

Configuring Proxy ARP

If a server needs to send a packet to another device on the same network, it sends out an ARP request to the network asking for the MAC address of the other device.
If the same server needs to send a packet to another device on a remote network the process is different. The server first takes a look at its routing table to find out the IP address of the best router on its network that will be able to relay the packet to the destination. The server then sends an ARP request for the MAC address that matches the router's IP address. It then sends the packet to the router using the router's MAC address and a destination IP address of the remote server.
If there is no suitable router on its network, the server will then send out an ARP request for the MAC address of the remote server. Some routers can be configured to answer these types of ARP requests for remote networks. This feature is called proxy ARP. There are some disadvantages with this. One of the most common problems occurs if two routers are on the network configured for proxy ARP. In this scenario there is the possibility that either one will answer the local server's ARP request for the MAC address of the remote server. If one of the routers has an incorrect routing table entry for the remote network, then there is the risk that traffic to the remote server will occasionally get lost. In other words you can lose routing control.
Note: It is for this and other reasons that it is generally not a good idea to configure proxy ARP on a router. It is also good to always configure a default gateway on your server and use separate routing entries via other routers for all networks your default gateway may not know about.
Some types of bridging mode firewalls need to have proxy ARP enabled to operate properly. These devices are typically inserted as part of a daisy chain connecting multiple network switches together on the same LAN while protecting one section of a LAN from traffic originating on another section. The firewall typically isn't configured with an IP address on the LAN and appears to be an intelligent cable capable of selectively blocking packets.
If you need to enable proxy ARP on a Linux server the /proc filesystem comes into play again. Proxy ARP is handled by files in the /proc/sys/net/ipv4/conf/ directory. This directory then has subdirectories corresponding to each functioning NIC card on your server. Each subdirectory then has a file called proxy_arp. If the value within this file is 0, then proxy ARP on the interface is disabled; if the value is 1 then it is enabled.
You can use the /etc/sysctl.conf file mentioned in " Appendix I, Miscellaneous Linux Topics" to activate or disable proxy ARP. The next example activates proxy ARP, first for all interfaces and then for interfaces eth0 and wlan0.
# # File: /etc/sysctl.conf # # Enables Proxy ARP on all interfaces net/ipv4/conf/all/proxy_arp = 1 # Enables Proxy ARP on interfaces eth1 and wlan0 net/ipv4/conf/eth1/proxy_arp = 1 net/ipv4/conf/wlan0/proxy_arp = 1 You can then activate these settings with the sysctl command.
[root@bigboy tmp] sysctl -p

Configuring Your /etc/hosts File

The /etc/hosts file is just a list of IP addresses and their corresponding server names. Your server will typically check this file before referencing DNS. If the name is found with a corresponding IP address then DNS won't be queried at all. Unfortunately, if the IP address for that host changes, you also have to also update the file. This may not be much of a concern for a single server, but can become laborious if it has to be done companywide. For ease of management, it is often easiest to limit entries in this file to just the loopback interface and also the server's own hostname, and use a centralized DNS server to handle most of the rest. Sometimes you might not be the one managing the DNS server, and in such cases it may be easier to add a quick /etc/hosts file entry till the centralized change can be made. smallfry In the example above server smallfry has an IP address of You can access using the ping, telnet or any other network aware program by referring to it as smallfry. Here is an example using the ping command to see whether smallfry is alive and well on the network:
[root@bigboy tmp]# ping smallfry PING zero ( 56(84) bytes of data. 64 bytes from smallfry ( icmp_seq=0 ttl=64 time=0.197 ms 64 bytes from smallfry ( icmp_seq=1 ttl=64 time=0.047 ms --- smallfry ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 2017ms rtt min/avg/max/mdev = 0.034/0.092/0.197/0.074 ms, pipe 2 [root@bigboy tmp]# You can also add aliases to the end of the line which enable you to refer to the server using other names. Here we have set it up so that smallfry can also be accessed using the names tiny and littleguy. smallfry tiny littleguy You should never have an IP address more than once in this file because Linux will use only the values in the first entry it finds. smallfry # (Wrong) tiny # (Wrong) littleguy # (Wrong)

The loopback Interface's localhost Entry

Usually the first entry in /etc/hosts defines the IP address of the server's virtual loopback interface. This is usually mapped to the name localhost.localdomain (the universal name used when a server refers to itself) and localhost (the shortened alias name). By default, Fedora inserts the hostname of the server between the and the localhost entries like this: bigboy localhost.localdomain localhost When the server is connected to the Internet this first entry after the needs to be the fully qualified domain name (FQDN) of the server. For example,, like this: localhost.localdomain localhost Some programs such as Sendmail are very sensitive to this and if they detect what they feel is an incorrect FQDN they will default to using the name localhost.localdomain when communicating with another server on the network. This can cause confusion, as the other server also feels it is localhost.localdomain.
Note: You must always have a localhost and localhost.localdomain entry mapping to for Linux to work properly and securely.

Creating Interface Aliases

IP aliases can be easily created in the /etc/network/interfaces file once the main interface has already been defined. A modified duplicate of the main interfaces' iface stanza is required. A colon followed by the sub interface number needs to be added to the first line, and only the subnet mask and the new IP address needs to follow as can be seen in this example for interface eth1:1 with the IP address
auto eth1:1 iface eth1:1 inet static address netmask

Adding Permanent Static Routes

The up option in the appropriate iface stanza of the /etc/network/interfaces file allows you to selectively run commands once the specified interface becomes activated with the ifup command. This makes it useful when adding permanent static routes.
In this example, a route to the network via router address has been added. Remember, the up option and the command must reside on the same line of the stanza.
# The primary network interface auto eth1 iface eth1 inet static ... ... ... up route add -net netmask gw eth1

A complete /etc/network/interfaces file

We can now construct a complete file based on the previous examples we discussed. Just like in Fedora, interfaces can be activated with the ifup and ifdown commands.
# # Debian / Ubuntu # # # File: /etc/network/interfaces # # The loopback network interface auto lo iface lo inet loopback # This is a list of hotpluggable network interfaces. # They will be activated automatically by the hotplug subsystem. mapping hotplug script grep map eth0 eth0 map eth1 eth1 # The primary network interface auto eth1 iface eth1 inet static address netmask network broadcast gateway # dns-* options are implemented by the resolvconf package, if installed dns-nameservers wireless-key 98d126d5ac wireless-essid schaaffe up route add -net netmask gw eth1 auto eth1:1 iface eth1:1 inet static address netmask # The secondary network interface auto eth0 iface eth0 inet dhcp For more information on the /etc/network/interfaces file just issue the command man interfaces from the command line.

How to uninstall GRUB ie Installed by Ubuntu Installer

You can overwrite MBR with standard dd command. You can also use old good MS-DOS fdisk command to overwrite MBR.

Using MS-DOS/Windows 9x boot disk

In order to remove the GRUB bootloader from a Linux and Windows XP machine, boot with a Windows 9x startup disk or CD and execute the MS-DOS command:
fdisk /mbr

Using Windows XP boot disk

Boot computer using Windows XP (Windows 2000) setup disc / CD / DVD. Next, type the following commands:
# fixmbr
# exit

Using Linux

You can also use dd command from Linux itself (it removes partition table):
# dd if=/dev/null of=/dev/sdX bs=512 count=1
Just remove MBR, without the partition table (see comment below):
# dd if=/dev/null of=/dev/sdX bs=446 count=1
Replace /dev/hdX with your actual device name such as /dev/hda. Use fdisk -l command to find out device name:
# fdisk -lOutput:
Disk /dev/sda: 251.0 GB, 251000193024 bytes
255 heads, 63 sectors/track, 30515 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

   Device Boot      Start         End      Blocks   Id  System
/dev/sda1   *           1          13      104391   83  Linux
/dev/sda2              14       30384   243955057+  83  Linux
/dev/sda3           30385       30515     1052257+  82  Linux swap

Fix Windows MBR (remove GRUB)

Since I publish information for reinstalling GRUB I assume may be useful information also for reinstalling Windows MBR.

A) Using a DOS or Windows 9x/ME Boot Floppy

In case you have DOS or Windows 9x/ME on your system, you can use fdisk for this purpose. Create a rescue disk in DOS or Windows 9x/ME, use it to boot the computer, and execute fdisk as follows:

fdisk /mbr

The MBR will be rewritten and GRUB will be uninstalled.

B) Using Windows XP

In Windows XP, you can uninstall GRUB as follows:
Boot from the Windows XP CD and press the "R" key during the setup in order to start the Recovery Console. Select your Windows XP installation from the list and enter the administrator password. At the input prompt, enter the command "FIXMBR" and confirm the query with "y". The MBR will be rewritten and GRUB will be uninstalled. Press "exit" to reboot the computer.

C) Using Windows 2000

In Windows 2000, you can uninstall GRUB as follows:
Boot from the Windows 2000 CD and press the "R" key during the setup and then the "K" key in the following menu in order to start the Recovery Console. Select your Windows 2000 installation from the list and enter the administrator password. At the input prompt, enter the command "FIXMBR" and confirm the query with "y". The MBR will be rewritten and GRUB will be uninstalled. Press "exit" to reboot the computer.

E) Using Freedos

If none of the above-mentioned boot media is available, a floppy or CD image from a free DOS system can be downloaded from You can create the CD image with any burning program on any operating system. Just make sure not to create a data CD but a CD image.
Creating the floppy image with Linux:
Enter the following command (or equivalent) in a root shell:

dd if=/tmp/fdos1440.img of=/dev/fd0

Creating the floppy image with Windows:
The directory /dosutils/rawrite/ on the first CD/DVD includes the program rawrite.exe that can be used to write the image to a floppy. Copy this program to the directory containing the file fdos1440.img.
Insert a floppy in the drive and start rawrite.exe. Enter the file fdos1440.img as the source file and confirm with Enter. Then enter the name of the floppy drive (usually "A") as the write medium. The image will be written to the floppy.
Boot from this CD/floppy and select "1" for "Boot FreeDOS Setup" first and then

"3 - Clean Boot" from the start menu. Start fdisk with:

fdisk /mbr

By doing this, the boot loader GRUB will be overwritten.
Method 2: Use a Windows XP installation CD/DVD
Grab a Windows XP installation CD and boot from the CD with the hard drive attached and select the “Repair” (choose “R”) option when it is presented to you. After that you will taken a common prompt. Once you get to the command prompt give the following command after selecting “1″ for :
and now type the following commands:
C:\> BOOTCFG /rebuild

The last command (BOOTCFG) will rebuild your boot.ini as per your hard drive partition table and will put appropriate entries for Windows XP. Also this command will most likley add a new entry to your Windows XPboot menu. You can easily delete the old entry by modifying the C:\boot.ini file once you successfully boot into Windows using the newly created entry.
Note: You will need to know the “Administrator” password before you can enter into the command prompt. If you don’t have one, just press “Enter” key.
Method 3: Use Linux dd command
Lastly you can use the powerful “dd” comamnd in Linux. For this the best thing to do is to boot from a LiveCD with your hard drive attached and give the following command:
# dd if=/dev/null of=/dev/sdX bs=446 count=1
X = Your hard drive device name
You can use the following command to find your hard drive letter:
# fdisk -l
Disk /dev/sda: 750.1 GB, 750155292160 bytes
255 heads, 63 sectors/track, 91201 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk identifier: 0x90ee8262

Device Boot      Start         End      Blocks   Id  System
/dev/sda1   *           1       18237   146488671    7  HPFS/NTFS
/dev/sda2           18238       67366   394628692+   5  Extended
/dev/sda5           18238       66880   390724866   83  Linux
/dev/sda6           66881       67366     3903763+  82  Linux swap / Solaris
That’s it. Hopefully by using any one of the above 3 methods you should be able to get your Windows booting back.

NTFS Support on RHEL5

RHEL doesn’t come with NTFS support by deffault.
1. Download fuse & ntfs-3g components:
fuse: get it from
ntfs-3g: get it from
2. Install the RPM’s
3. Once you’re done with it mount the drive
#mount.ntfs-3g /dev/sda1 /media/ntfsmount
There you go!



NIS is centralized authentication software in Linux / Unix / Solaris platform. In a network, there will be a NIS server, one or more NIS slaves and lots of NIS Client machines. This document explains how to install and configue NIS Master, Slave and Client Machines in Redhat enterprise linux rhel5. It can also be applicable on centos, fedora and other variants.

Configuring the NIS MASTER Server:

Packages :
For installing NIS the following packages are required.
For server:


For client:



Configure the NISDOMAIN. It should be different from the FQDN [domain name].
[root@vm3 ~]# nisdomainname
And you have to resolve it in /etc/hosts

[root@vm3 ~]# cat /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail. localhost.localdomain localhost
::1 localhost6.localdomain6 localhost6
[root@vm3 ~]#

To make it permenant add the enty in /etc/sysconfig/network. This should be done in order to srvive a reboot.

[root@vm3 ~]# cat /etc/sysconfig/network
[root@vm3 ~]#

restart the network service


Install the packages for server.

[root@vm3 ~]# yum install yp*
if using rpm you've to install ypserv, portmapper and dependecy make.
After installing these a new directory yp will be created under /var

Security Tip:

To allow only some hosts to access information of NIS, create this file and edit as follows. [At first time]

[root@vm3 ~]# cat /var/yp/securenets
#subnet #network
[root@vm3 ~]#


Start the service
[root@vm3 ~]# /etc/init.d/ypserv start
Starting YP server services: [ OK ]
[root@vm3 ~]# chkconfig ypserv on

Check whether its running:

[root@vm3 ~]# rpcinfo -u ypserv
program 100004 version 1 ready and waiting
program 100004 version 2 ready and waiting

[root@vm3 ~]# rpcinfo -p
program vers proto port
100000 2 tcp 111 portmapper
100000 2 udp 111 portmapper
100024 1 udp 715 status
100024 1 tcp 718 status
100004 2 udp 821 ypserv
100004 1 udp 821 ypserv
100004 2 tcp 824 ypserv
100004 1 tcp 824 ypserv


Create Users:

We are creating 5 users having username and passed are same.
Eg: Name- user1 password- user1

[root@vm3 ~]# for i in 1 2 3 4 5; do useradd user$i; echo user$i | passwd --stdin user$i; done

Changing password for user user1.
passwd: all authentication tokens updated successfully.
Changing password for user user2.
passwd: all authentication tokens updated successfully.
Changing password for user user3.
passwd: all authentication tokens updated successfully.
Changing password for user user4.
passwd: all authentication tokens updated successfully.
Changing password for user user5.
passwd: all authentication tokens updated successfully.


Now set mastet NIS and initialize NIS maps DB.

# vi /var/yp/Makefile

In this file you can specify MINUID and MINGID [line num 32] and any files you want to read by NIS. [line num 72]. Read the Comments for details.

In this you can configure many parameters. One of them is NOPUSH.

If we have only one server, we don't have to push the maps to the slave servers (NOPUSH=true). If you have slave servers, change this to "NOPUSH=false" and put all hostnames of your slave servers in the file /var/yp/ypservers.

Create the Map:
[root@vm3 ~]# /usr/lib/yp/ypinit -m

At this point, we have to construct a list of the hosts which will run NIS
servers. vm3 is in the list of NIS server hosts. Please continue to add
the names for the other hosts, one per line. When you are done with the
list, type a .
next host to add: vm3
next host to add: vm5 #vm5 is the hostname of our slave server.
next host to add: #It is resolved in /etc/hosts.

The current list of NIS servers looks like this:

Is this correct? [y/n: y] y
We need a few minutes to build the databases...
Building /var/yp/

Running /var/yp/Makefile...
gmake[1]: Entering directory `/var/yp/'
Updating passwd.byname...
Updating passwd.byuid...
Updating group.byname...
Updating group.bygid...
Updating hosts.byname...
Updating hosts.byaddr...
Updating rpc.byname...
Updating rpc.bynumber...
Updating services.byname...
Updating services.byservicename...
Updating netid.byname...
Updating protocols.bynumber...
Updating protocols.byname...
Updating mail.aliases...
gmake[1]: Leaving directory `/var/yp/'

vm3 has been set up as a NIS master server.

Now you can run ypinit -s vm3 on all slave server.
[Slave configuration we will discuss later in the same document.]
[root@vm3 ~]#

[root@vm3 ~]# /etc/init.d/ypxfrd start
Starting YP map server: [ OK ]
[It should be started in order to forward the map from master to slave machines.]
[root@vm3 ~]#

[root@vm3 ~]# service yppasswdd start
Starting YP passwd service: [ OK ]
[root@vm3 ~]# chkconfig yppasswdd on

Share /home directory using NFS:

You have to share the /home directory of the NIS server machine inorder to access from the client machines. Because when you are logging in from client you are getting to that users home directory. So it should be mounted to client machine from the server.
[Implement the proper backup mechanism for /home in the server.]

[root@vm3 ~]# cat /etc/exports
/home *(rw,sync)

[root@vm3 ~]# exportfs -a
[root@vm3 ~]# service nfs start
[root@vm3 ~]# service portmap restart
[root@vm3 ~]# chkconfig nfs on
[root@vm3 ~]# chkconfig portmap on

Adding new NIS users:

Add new users in server. And goto the dirctory /var/yp
and execute the following command

# make

Configuring NIS SLAVE server:

Install the ypserv, portmapper and dependancy packages. And set the NISDOMAINNAME same as in the server. In this example. As follows.

[root@vm5 ~]# nisdomainname

Create entries for name resolutions of server and other hosts in /etc/hosts. Its better you copy the /etc/hosts of server and make proper edits in it.

[root@vm5 ~]# scp /etc/hosts

[root@vm5 ~]# yum install yp*
[root@vm5 ~]# service ypserv start
[root@vm5 ~]# chkconfig ypserv on

Execute the following command in order to get the NIS maps from the server to the slave.

[root@vm5 ~]# /usr/lib/yp/ypinit -s vm3

Where vm3 is the hostname of server and it should be resolved in /etc/hosts. And dont forget to update the server's /etc/hosts file with slave's information.

If the following command executed well, you will get output as follows.

We will need a few minutes to copy the data from vm3.
Transferring hosts.byaddr...
Trying ypxfrd ... success

Transferring netid.byname...
Trying ypxfrd ... success

Transferring group.byname...
Trying ypxfrd ... success

[..output truncated..]

Transferring services.byservicename...
Trying ypxfrd ... success's NIS data base has been set up.
If there were warnings, please figure out what went wrong, and fix it.

At this point, make sure that /etc/passwd and /etc/group have
been edited so that when the NIS is activated, the data bases you
have just created will be used, instead of the /etc ASCII files.

Start the yppasswd service.

[root@vm5 ~]# service yppasswdd start
Starting YP passwd service: [ OK ]
[root@vm5 ~]# chkconfig yppasswdd on

You might want to edit root's crontab *on the slave* server and add the following lines:
20 *    * * *    /usr/lib/yp/ypxfr_1perhour
40 6    * * *    /usr/lib/yp/ypxfr_1perday
55 6,18 * * *    /usr/lib/yp/ypxfr_2perday

This will ensure that most NIS maps are kept up-to-date, even if an update is missed because the slave was down at the time the update was done on the master. 

On the master server, add the new slave server name to /var/yp/ypservers and run make in /var/yp to update the map .

Configuring NIS Client:

Install the following packages in client machine.

[root@vm6 ~]# yum install ypbind authconfig autofs

Give the domain name and Ipof the NIS server in client.

#authconfig -tui
-> Authentication Configuration
->Check these fields
->Cache Information.
->Use NIS
Domain: #give domain name here its

If you have slave servers give like this. Ips of machines one after one separated by commas.


Edit the /etc/nsswitch.conf file

The username and passwords should be checked in order such that the NIS files should be checked first. So edit the entries as follows.

vi /etc/nsswitch.conf
passwd: nis files
shadow: nis files
group: nis files

Configure autofs:

Open the configuration file of autofs and make edits.

#vi /etc/auto.master
/home /etc/auto.misc --timeout=60
#vi /etc/auto.misc

  • -rw,sync
    Restart the autofs service.
#service autofs restart
#chkconfig autofs on

Some useful commands:

#ypcat passwd

from client executing the above command will give the entriesof NIS users in /etc/passwd file of master server.