nisがRHEL9から使えなくなった
でも既存のnisシステムがあるので外せない. なら作ってしまおう.
ここではクライアントのypbindを扱います.
gitでypbindのソースが公開されている
https://github.com/thkukuk/ypbind-mt
同じように
libnss
https://github.com/thkukuk/libnss_nis
yp-tools
https://github.com/thkukuk/yp-tools
と用意されている
ypbind-mt †
[root@rockylinux9 ~]# cat /etc/redhat-release
Rocky Linux release 9.1 (Blue Onyx)
[root@rockylinux9 ~]#
[root@rockylinux9 ~]# git clone https://github.com/thkukuk/ypbind-mt
[root@rockylinux9 ~]# cd ypbind-mt
[root@rockylinux9 ypbind-mt]# git checkout v2.7.2
[root@rockylinux9 ypbind-mt]# cd ..
[root@rockylinux9 ~]#
[root@rockylinux9 ~]# tar --exclude-vcs --transform 's/ypbind-mt/ypbind-mt-2.7.2/' -cvzf ypbind-mt-2.7.2.tar.gz ypbind-mt
rockylinux8のypbindのsrpmを取得してそれをテンプレートに作ってみる. それって単に「rpmbuild --rebuild」でよくね?って思うが最新バージョンにしたかったので
[root@rockylinux9 ~]# curl -O http://dl.rockylinux.org/pub/rocky/8/AppStream/source/tree/Packages/y/ypbind-2.5-2.el8.src.rpm
[root@rockylinux9 ~]# rpm -Uvh ypbind-2.5-2.el8.src.rpm
[root@rockylinux9 ~]# vi rpmbuild/SPECS/ypbind.spec
SPECファイルをちょいと修正
| --- rpmbuild/SPECS/ypbind.spec.orig 2021-04-12 18:07:59.000000000 +0900
+++ rpmbuild/SPECS/ypbind.spec 2022-12-24 16:28:51.346494889 +0900
@@ -1,7 +1,7 @@
Summary: The NIS daemon which binds NIS clients to an NIS domain
Name: ypbind
Epoch: 3
-Version: 2.5
+Version: 2.7.2
Release: 2%{?dist}
License: GPLv2
Group: System Environment/Daemons
@@ -58,7 +58,7 @@
%patch1 -p1 -b .gettextdomain
%patch2 -p1 -b .helpman
#%patch3 -p1 -b .systemdso
-%patch4 -b .gettext_version
+#%patch4 -b .gettext_version
autoreconf -fiv
|
gitから取得したソースを rpmbuild/SOURCES に移してrpmbuildする
[root@rockylinux9 ~]# dnf --enablerepo=devel install dbus-glib-devel libnsl2-devel libtirpc-devel systemd-devel
[root@rockylinux9 ~]# cp ypbind-mt-2.7.2.tar.gz rpmbuild/SOURCES/
[root@rockylinux9 ~]# rpmbuild -bb rpmbuild/SPECS/ypbind.spec
[root@rockylinux9 ~]# ls -l rpmbuild/RPMS/x86_64/
total 148
-rw-r--r--. 1 root root 53366 Dec 24 16:28 ypbind-2.7.2-2.el9.x86_64.rpm
-rw-r--r--. 1 root root 61825 Dec 24 16:28 ypbind-debuginfo-2.7.2-2.el9.x86_64.rpm
-rw-r--r--. 1 root root 27261 Dec 24 16:28 ypbind-debugsource-2.7.2-2.el9.x86_64.rpm
[root@rockylinux9 ~]#
このypbindを入れれば..になりますが、あとnss_nisとyp-toolsが必要です
nss_nis †
同じように
[root@rockylinux9 ~]# git clone https://github.com/thkukuk/libnss_nis
[root@rockylinux9 ~]# cd libnss_nis
[root@rockylinux9 libnss_nis]# git checkout v3.1
[root@rockylinux9 libnss_nis]# cd ..
[root@rockylinux9 ~]# tar --exclude-vcs --transform 's/libnss_nis/libnss_nis-3.1/' -cvzf libnss_nis-3.1.tar.gz libnss_nis
[root@rockylinux9 ~]# curl -O http://dl.rockylinux.org/pub/rocky/8/BaseOS/source/tree/Packages/n/nss_nis-3.0-8.el8.src.rpm
[root@rockylinux9 ~]# rpm -Uvh nss_nis-3.0-8.el8.src.rpm
[root@rockylinux9 ~]# vi rpmbuild/SPECS/nss_nis.spec
| --- rpmbuild/SPECS/nss_nis.spec.orig 2021-04-12 14:14:54.000000000 +0900
+++ rpmbuild/SPECS/nss_nis.spec 2022-12-24 16:48:08.980099140 +0900
@@ -1,11 +1,11 @@
Name: nss_nis
-Version: 3.0
+Version: 3.1
Release: 8%{?dist}
Summary: Name Service Switch (NSS) module using NIS
License: LGPLv2+
Group: System Environment/Base
Url: https://github.com/thkukuk/libnss_nis
-Source: https://github.com/thkukuk/libnss_nis/archive/v%{version}.tar.gz
+Source: https://github.com/thkukuk/libnss_nis/archive/v%{version}.tar.gz#/libnss_nis-%{version}.tar.gz
# https://github.com/systemd/systemd/issues/7074
Source2: nss_nis.conf
|
[root@rockylinux9 ~]# cp libnss_nis-3.1.tar.gz rpmbuild/SOURCES/
[root@rockylinux9 ~]# rpmbuild -bb rpmbuild/SPECS/nss_nis.spec
[root@rockylinux9 ~]# ls -l rpmbuild/RPMS/x86_64/nss_nis-*
-rw-r--r--. 1 root root 41595 Dec 24 16:48 rpmbuild/RPMS/x86_64/nss_nis-3.1-8.el9.x86_64.rpm
-rw-r--r--. 1 root root 78677 Dec 24 16:48 rpmbuild/RPMS/x86_64/nss_nis-debuginfo-3.1-8.el9.x86_64.rpm
-rw-r--r--. 1 root root 28081 Dec 24 16:48 rpmbuild/RPMS/x86_64/nss_nis-debugsource-3.1-8.el9.x86_64.rpm
[root@rockylinux9 ~]#
yp-tools †
git由来のversionを調べたら Rokylinux8 と同じ 4.2.3 なので「rpmbuild --rebuild」で済ます
[root@rockylinux9 ~]# curl -O http://dl.rockylinux.org/pub/rocky/8/AppStream/source/tree/Packages/y/yp-tools-4.2.3-1.el8.src.rpm
[root@rockylinux9 ~]# rpmbuild --rebuild yp-tools-4.2.3-1.el8.src.rpm
[root@rockylinux9 ~]# ls -l rpmbuild/RPMS/x86_64/yp-tools-*
-rw-r--r--. 1 root root 83243 Dec 24 16:59 rpmbuild/RPMS/x86_64/yp-tools-4.2.3-1.el9.x86_64.rpm
-rw-r--r--. 1 root root 93508 Dec 24 16:59 rpmbuild/RPMS/x86_64/yp-tools-debuginfo-4.2.3-1.el9.x86_64.rpm
-rw-r--r--. 1 root root 27644 Dec 24 16:59 rpmbuild/RPMS/x86_64/yp-tools-debugsource-4.2.3-1.el9.x86_64.rpm
[root@rockylinux9 ~]#
nisをインストール †
っでインストール
[root@rockylinux9 ~]# dnf localinstall rpmbuild/RPMS/x86_64/ypbind-2.7.2-2.el9.x86_64.rpm \
rpmbuild/RPMS/x86_64/nss_nis-3.1-8.el9.x86_64.rpm \
rpmbuild/RPMS/x86_64/yp-tools-4.2.3-1.el9.x86_64.rpm
[root@rockylinux9 ~]# vi /etc/yp.conf
domain sybyl server nis
[root@rockylinux9 ~]# systemctl enable ypbind --now
これで直接pamやnsswitch.confを修正させてnis対応にすることができるが、RHEL9の行儀に倣えばauthselectを使う事になる
っが、RHEL9で提供される authselect はRHEL9の方針でnisのサポートは当然抜けている.
本来のauthselectはnisもカバー範囲でオリジナルをみると今時点もnisをサポートしている
https://github.com/authselect/authselect
なのでsrpmを取得してnis排除を無効にしてみた
[root@rockylinux9 ~]# curl -O https://dl.rockylinux.org/pub/rocky/9/BaseOS/source/tree/Packages/a/authselect-1.2.5-1.el9.src.rpm
[root@rockylinux9 ~]# rpm -Uvh authselect-1.2.5-1.el9.src.rpm
[root@rockylinux9 ~]# vi rpmbuild/SPECS/authselect.spec
| --- rpmbuild/SPECS/authselect.spec.orig 2022-10-30 13:30:01.000000000 +0900
+++ rpmbuild/SPECS/authselect.spec 2022-12-24 17:39:29.221644991 +0900
@@ -14,7 +14,7 @@
Patch0901: 0901-rhel9-remove-mention-of-Fedora-Change-page-in-compat.patch
Patch0902: 0902-rhel9-remove-ecryptfs-support.patch
Patch0903: 0903-rhel9-Revert-profiles-add-support-for-resolved.patch
-Patch0904: 0904-rhel9-remove-nis-support.patch
+#Patch0904: 0904-rhel9-remove-nis-support.patch
%global makedir %{_builddir}/%{name}-%{version}
@@ -150,6 +150,7 @@
%dir %{_datadir}/authselect/vendor
%dir %{_datadir}/authselect/default
%dir %{_datadir}/authselect/default/minimal/
+%dir %{_datadir}/authselect/default/nis/
%dir %{_datadir}/authselect/default/sssd/
%dir %{_datadir}/authselect/default/winbind/
%{_datadir}/authselect/default/minimal/dconf-db
@@ -162,6 +163,16 @@
%{_datadir}/authselect/default/minimal/REQUIREMENTS
%{_datadir}/authselect/default/minimal/smartcard-auth
%{_datadir}/authselect/default/minimal/system-auth
+%{_datadir}/authselect/default/nis/dconf-db
+%{_datadir}/authselect/default/nis/dconf-locks
+%{_datadir}/authselect/default/nis/fingerprint-auth
+%{_datadir}/authselect/default/nis/nsswitch.conf
+%{_datadir}/authselect/default/nis/password-auth
+%{_datadir}/authselect/default/nis/postlogin
+%{_datadir}/authselect/default/nis/README
+%{_datadir}/authselect/default/nis/REQUIREMENTS
+%{_datadir}/authselect/default/nis/smartcard-auth
+%{_datadir}/authselect/default/nis/system-auth
%{_datadir}/authselect/default/sssd/dconf-db
%{_datadir}/authselect/default/sssd/dconf-locks
%{_datadir}/authselect/default/sssd/fingerprint-auth
|
[root@rockylinux9 ~]# dnf --enablerepo=devel install libcmocka-devel popt-devel po4a python3-devel
[root@rockylinux9 ~]# rpmbuild -bb rpmbuild/SPECS/authselect.spec
[root@rockylinux9 ~]# ls -l rpmbuild/RPMS/x86_64/authselect-*
-rw-r--r--. 1 root root 143683 Dec 24 17:41 rpmbuild/RPMS/x86_64/authselect-1.2.5-1.el9.x86_64.rpm
-rw-r--r--. 1 root root 34508 Dec 24 17:41 rpmbuild/RPMS/x86_64/authselect-compat-1.2.5-1.el9.x86_64.rpm
-rw-r--r--. 1 root root 40416 Dec 24 17:41 rpmbuild/RPMS/x86_64/authselect-debuginfo-1.2.5-1.el9.x86_64.rpm
-rw-r--r--. 1 root root 52525 Dec 24 17:41 rpmbuild/RPMS/x86_64/authselect-debugsource-1.2.5-1.el9.x86_64.rpm
-rw-r--r--. 1 root root 13478 Dec 24 17:41 rpmbuild/RPMS/x86_64/authselect-devel-1.2.5-1.el9.x86_64.rpm
-rw-r--r--. 1 root root 230325 Dec 24 17:41 rpmbuild/RPMS/x86_64/authselect-libs-1.2.5-1.el9.x86_64.rpm
-rw-r--r--. 1 root root 100432 Dec 24 17:41 rpmbuild/RPMS/x86_64/authselect-libs-debuginfo-1.2.5-1.el9.x86_64.rpm
[root@rockylinux9 ~]#
[root@rockylinux9 ~]# dnf reinstall rpmbuild/RPMS/x86_64/authselect-libs-1.2.5-1.el9.x86_64.rpm
[root@rockylinux9 ~]# authselect list
- minimal Local users only for minimal installations
- nis Enable NIS for system authentication
- sssd Enable SSSD for system authentication (also for local users only)
- winbind Enable winbind for system authentication
[root@rockylinux9 ~]#
[root@rockylinux9 ~]# authselect select nis --force
これでnisサーバからアカウント情報が引けます.
RHEL9でサポートから外したnisを復活させてみたけど、自己責任. でもそもそもRHELとか使ってもRHELは瑕疵に賠償はせんよな
autofs †
忘れてたautofsもnis対応に戻します
[root@rockylinux9 ~]# curl -O http://dl.rockylinux.org/pub/rocky/9/devel/source/tree/Packages/a/autofs-5.1.7-31.el9.src.rpm
[root@rockylinux9 ~]# rpm -Uvh autofs-5.1.7-31.el9.src.rpm
[root@rockylinux9 ~]# vi rpmbuild/SOURCES/autofs-5.1.7-fix-dangling-symlink-creation-if-nis-support-is-not-available.patch
| --- rpmbuild/SOURCES/autofs-5.1.7-fix-dangling-symlink-creation-if-nis-support-is-not-available.patch.orig 2022-12-25 14:51:33.725378859 +0900
+++ rpmbuild/SOURCES/autofs-5.1.7-fix-dangling-symlink-creation-if-nis-support-is-not-available.patch 2022-12-25 14:51:40.132430213 +0900
@@ -21,15 +21,3 @@
25/01/2021 autofs-5.1.7
- make bind mounts propagation slave by default.
---- autofs-5.1.7.orig/modules/Makefile
-+++ autofs-5.1.7/modules/Makefile
-@@ -77,7 +77,9 @@ install: all
- install -c $(MODS) -m 755 $(INSTALLROOT)$(autofslibdir)
- -rm -f $(INSTALLROOT)$(autofslibdir)/mount_smbfs.so
- ln -fs lookup_file.so $(INSTALLROOT)$(autofslibdir)/lookup_files.so
-+ifeq ($(YPCLNT), 1)
- ln -fs lookup_yp.so $(INSTALLROOT)$(autofslibdir)/lookup_nis.so
-+endif
- ifeq ($(LDAP), 1)
- ln -fs lookup_ldap.so $(INSTALLROOT)$(autofslibdir)/lookup_ldaps.so
- endif
|
[root@rockylinux9 ~]# rpmbuild -bb rpmbuild/SPECS/autofs.spec
[root@rockylinux9 ~]# ls -l rpmbuild/RPMS/x86_64/autofs-*
-rw-r--r--. 1 root root 378858 Dec 25 14:52 rpmbuild/RPMS/x86_64/autofs-5.1.7-31.el9.x86_64.rpm
-rw-r--r--. 1 root root 733195 Dec 25 14:52 rpmbuild/RPMS/x86_64/autofs-debuginfo-5.1.7-31.el9.x86_64.rpm
-rw-r--r--. 1 root root 268578 Dec 25 14:52 rpmbuild/RPMS/x86_64/autofs-debugsource-5.1.7-31.el9.x86_64.rpm
[root@rockylinux9 ~]#
[root@rockylinux9 ~]# dnf install nfs-utils
[root@rockylinux9 ~]# dnf localinstall rpmbuild/RPMS/x86_64/autofs-5.1.7-31.el9.x86_64.rpm
(既にautofsが入っていたら)
[root@rockylinux9 ~]# dnf reinstall rpmbuild/RPMS/x86_64/autofs-5.1.7-31.el9.x86_64.rpm
![[PukiWiki]](image/picc.png "[PukiWiki]")
