Posts tagged ·

configure

·...

August 6, 2011 3:46 pm

How to Configure and Use NIS Netgroup

Comments Off
by    in AIX

 Technote (FAQ)
 
Question
How to configure and use netgroups in an existing AIX NIS environment.
 
Answer
Here are the typical steps to configure and use netgroups with NIS:

1) Create the /etc/netgroup file on the NIS master
See this link for netgroup file syntax:
http://publib.boulder.ibm.com/infocenter/aix/v6r1/index.jsp?topic=/com.ibm.aix.files/doc/aixfiles/netgroup.htm

Here's an example of a netgroup file that has two groups:
group1 (-,user1,-) (-,user2,-)
group2 (-,user3,-) (-,user4,-)

2) Make the netgroup map
Assuming your NIS master is AIX, you would do this:
# cd /var/yp
# make netgroup

3) Verify that an NIS client can see the netgroup map
# ypcat -k netgroup

4) Edit the /etc/passwd file to control access by netgroup
- Remove the NIS escape line from /etc/passwd file
-- The NIS escape line probably looks like this -> +::0:0:::
- Add the netgroup that you want to allow
+@group1

The above line will only allow NIS users that belong to the group1 netgroup to log into the box.

5) Test netgroup access by logging in as a user in the netgroup and one not in the netgroup

If you have further questions, please contact IBM Support.
 
 
 
tags: , ,
Comments Off
3:35 pm

How to configure Fast Connect for LDAP authentication

Comments Off
by    in AIX

Technote (FAQ)


Question

How to configure Fast Connect for LDAP authentication?

Answer

Note: This document assumes that you already have LDAP integrated login configured and working.

1. Gather the following information:
- LDAP server name, ie
 ldap1.austin.ibm.com
- LDAP bind (admin) DN, ie
 cn=admin2,ou=users,dc=austin,dc=com
- LDAP bind pwd, ie
 secret
- LDAP user base DN, ie
 ou=users,dc=austin,dc=com

2. Create a local AIX user corresponding to the LDAP bind DN
- Discard the "cn=" label, like this:
# mkuser admin2

3. Create a Fast Connect (FC) user for bind/AIX user in step #2
- Use 'smitty smb' to create the FC user (admin2 from step #2)
- The password should be the LDAP bind pwd (secret)
- Verify that the newly created FC user exists, ie:
# net user | grep admin2

4. Enable LDAP authentication for FC
- Run these commands to configure FC LDAP auth
# net config /encrypt_passwords:0
# net config /ldap_auth:1
# net config /ldap_server_name:ldap1.austin.ibm.com
# net config /ldap_userDN:ou=users,dc=austin,dc=com
# net config /ldap_admin_user:cn=admin2,ou=users,dc=austin,dc=com
- Restart FC by running these commands
# net stop /unload
# net start /load

5. Test by mapping a share as an LDAP user that is not defined as a FC user


tags: , ,
Comments Off
September 13, 2010 11:23 pm

How to configure DHCP on AIX

Comments Off
by    in AIX

 Technote (FAQ)
 
Question
Can AIX be configured as a DHCP server,client or a relay agent?
 
Answer
AIX can be configured as a DHCP server, a DHCP client or a DHCP relay agent.
The DHCP client daemon is dhcpcd. The daemon runs on port 68..
The DHCP client configuration file is /etc/dhcpcd.ini

The DHCPserver daemon is dhcpsd. The daemon runs on port 67.
The DHCP server configuration file is /etc/dhcpsd.cnf

The DHCP relay daemon is dhcprd. No well known port.
The DHCP relay agent configuration file is /etc/dhcprd.cnf
dhcprd: Forwards BOOTP and DHCP packets off the local network.

All three DHCP daemons starts from the /etc/rc.tcpip file.

DHCP SERVER:
To configure a DHCP server edit /etc/dhcpsd.cnf and configure the server.
Here is a sample configuration of a dhcpsd.cnf file.
In this example the dhcp server is handing out ip addresses for 2 subnets.
/etc/dhcpsd.cnf:

logging_info
{
numLogFiles 5
logFileSize 400
logFileName /tmp/dhcpsd.log
logItem SYSERR
logItem TRACE
logItem EVENT
logItem CONFIG
logItem ACTION
logItem PROTERR
logItem ACNTING
logItem OBJERR
logItem INFO
}
LeaseExpireInterval 60 minutes # Check database

database db_file
{
leaseTimeDefault 24 hours # Length of lease
supportUnlistedClients yes
supportBootp yes

subnet 10.5.5.0 255.255.255.0 10.5.5.10-10.5.5.20
{
exclude 10.5.5.12-10.5.5.16 # Exclude this range
option 1 255.255.255.0
option 3 9.3.6.147
option 6 9.53.183.2
option 15 austin.ibm.com
}
subnet 10.5.6.0 255.255.255.0 10.5.6.10-10.5.6.20
{
option 1 255.255.255.0 # Netmask
option 3 10.5.6.21 # Default gateway
option 6 10.5.9.25 # DNS server
option 15 test.com # Domain
}
}

Uncomment the start of dhcpsd from /etc/rc.tcpip.

Start the dhcpsd daemon.
# startsrc -s dhcpsd

To list ip addresses that are in the pool.
# dadmin -sv
Or
# lssrc -ls dhcpsd

DHCP CLIENT:
Use smit to configure a DHCP client.

# smitty tcpip
Use DHCP for TCPIP Configuration & Startup
Select the interface that dhcpsd should use
Use DHCP starting Now and System Restart

<enter>

Smit will populate the /etc/dhcpcd.ini file with the interface name that was selected.
The dhcpcd daemon should now be active and the client will try to find a dhcp server to obtain
an ip address.

To list dhcp client status:
# lssrc -s dhcpcd
# lssrc -ls dhcpcd

To stop dhcpcd.
# stopsrc -s dhcpcd

Or use smit.
# smitty dhcpcd
STOP
Both

To configure AIX as a relay agent:
Configure /etc/dhcprd.cnf and also enable ipforwarding.

Enable ipforwarding.
# no -p -o ipforwarding=1

Example dhcprd.cnf file:

numLogFiles 4
logFileSize 100
logFileName /usr/tmp/dhcprd.log
logItem SYSERR
logItem OBJERR
#logItem PROTERR
#logItem WARNING
#logItem EVENT
#logItem ACTION
#logItem INFO
#logItem ACNTING
#logItem TRACE

#
# Keyword Value
#------------------------
# server ip address - Specifies the ip address of a bootp or dhcp
server
# The packet will be forwarded to the servers
listed
# in this file.
#
# server 192.24.24.1 - Server 192.24.24.1 is a server to send
packets to.

server 10.5.5.1

In the above dhcprd.cnf file the DHCP relay agent will forward all dhcp requests that it hears to 10.5.5.1.
Use smit to start the dhcprd daemon.
# smitty dhcprd
START
Both

# lssrc -s dhcprd

SUMMARY:
DHCP daemons:
dhcpcd dhcp client daemon
dhcprd dhcp relay agent daemon
dhcpsd dhcp server daemon
 
 
 
tags: , , ,
Comments Off
Older Posts »