Thursday, April 30, 2009

Netgroup (using NIS) implementation - Solaris

I wanted to limit only a certain number of users from NIS to login to some servers using NIS. The simplest way to do this is to use netgroups. It is NIS map created separately to restrict users to login certain machines, to export any file system to certain servers only and provide many other features.

To restrict users to any server, here are the simplest steps:

Step 1:
On NIS server, edit "netgroup" map and add:

#tail -1 /etc/yp/netgroup
splgroup  username1 username2 username3

Step 2:
On NIS server, Re-Make this map by doing following:
# cd /var/yp
# ./make netgroup

Step 3: 
On NIS client (i.e. where I need to restrict users)
Edit /etc/passwd file and add the following line:
+@splgroup:x:::::

Edit /etc/shadow file and add following line:
+@splgroup::::::::

Edit /etc/nsswitch.conf file and in passwd entry, change as follows:
passwd:      compat

Restart NIS client. For Solaris 10, it can be done by:
# svcadm refresh /network/nis/client



With "splgroup" netgroup in place, only "username1 - 3" will be allowed to login to the NIS client.
Posted by Unix Geek at 4:51 PM
Labels: , ,

1 comment:

Kristofer said...

Are there any instructions on how to make this work using the Sun Directory Server (LDAP) instead of NIS?

July 22, 2009 at 9:16 AM

Post a Comment

Subscribe to: Post Comments (Atom)