Configuring NIS-based authentication

The Network Information Service (NIS)-based authentication is useful in NFS-only environment where NIS acts as an ID mapping server and also used for netgroups. When the file access is configured with NIS, SMB access cannot be enabled.

Ensure that you have the following details before you start NIS-based authentication:
  • NIS domain name. This domain name is case-specific.
  • IP address or host name of the NIS server
  • Primary DNS is added in the /etc/resolv.conf file on all the protocol nodes. It resolves the authentication server system with which the IBM Storage Scale system is configured. The manual changes made in the configuration files might be overwritten by the operating system's network manager. Therefore, ensure that the DNS configuration is persistent even after you restart the system. For more information on the circumstances where the configuration files are overwritten, refer the corresponding operating system documentation.

NIS has many security weaknesses in contrast to current IT security standards. The default configuration of the NIS server is inherently insecure. The communication with the NIS server over RPC calls can be sniffed on the network. Because of these security risks, it is highly recommended to migrate to more secure directory server implementations such as LDAP or Active Directory. If the NIS infrastructure replacement is not feasible, refer the operating system documentation to secure the NIS server and the communication with the NIS server.

You need to run the mmuserauth service create command with the following mandatory parameters to configure NIS as the authentication method:
  • --type nis
  • --data-access-method file
  • --domain domainName
  • --servers comma-delimited IP address or host name
For more information on each parameter, see the mmuserauth service create command.
Note: NIS authentication is not supported for RHEL 9.
Provides an example on how to configure NIS as the authentication method for file access.
  1. Issue the mmuserauth service create command as shown in the following example: 
    # mmuserauth service create --type nis --data-access-method file 
--servers myNISserver --domain nisdomain3
    The system displays the following output: 
    File Authentication configuration completed successfully.
  2. To verify the authentication configuration, issue the mmuserauth service list command as shown in the following example: 
    # mmuserauth service list
    The system displays the following output: 
    FILE access configuration : NIS
PARAMETERS               VALUES
-------------------------------------------------
SERVERS                  myNISserver
DOMAIN                   nisdomain3

OBJECT access not configured
PARAMETERS               VALUES
-------------------------------------------------.