---陈功磊 2009-5-31
(系统环境:[红帽企业.Linux.5].rhel-5.2-server-i386-dvd.iso)
一、NIS服务配置管理
1、安装NIS服务的软件包
[root@linux01 ~]# rpm -qa | grep ^yp
# 查询当前系统中以yp开头的软件
ypbind-1.19-8.el5
yp-tools-2.9-0.1
[root@linux01 Server]# rpm -q portmap
# 查询portmap软件,ypserv服务需要portmap支持(默认已安装)
portmap-4.0-65.2.2.1
[root@linux01 Server]#
[root@linux01 ~]#mount -t iso9660 /dev/cdrom /media/cdrom
# 挂载光盘
mount: block device /dev/cdrom is write-protected, mounting read-only
[root@linux01 ~]# cd /media/cdrom/Server
# 进入软件包所在的目录
[root@linux01 Server]# ls | grep ^yp
# 查找以yp开头的软件包
ypbind-1.19-8.el5.i386.rpm
ypserv-2.19-3.i386.rpm
yp-tools-2.9-0.1.i386.rpm
[root@linux01 Server]#
[root@linux01 Server]# rpm -ivh ypserv-2.19-3.i386.rpm
# 安装ypserv软件包 i安装 v详细输出信息 h安装进度
warning: ypserv-2.19-3.i386.rpm: Header V3 DSA signature: NOKEY, key ID 37017186
Preparing... ########################################### [100%]
1:ypserv ########################################### [100%]
[root@linux01 Server]#
[root@linux01 Server]# rpm -qa | grep ^yp
# 查询当前系统中以yp开头的软件
ypbind-1.19-8.el5
ypserv-2.19-3
yp-tools-2.9-0.1
[root@linux01 Server]#
2、设置time-dgram和ime-stream服务的启动状态 (注:linux4中为time和time-udp)
ypserv服务的启动和运行需要它们的支持
[root@linux01 Server]# chkconfig --list | grep time
# 查询
daytime-dgram: off
daytime-stream: off
time-dgram: off
time-stream: off
[root@linux01 Server]# chkconfig time-dgram on
# 开启(非独立服务的开启的方式,与独立服务的开启方式有别)
[root@linux01 Server]# chkconfig time-stream on
# 开启
[root@linux01 Server]# service xinetd restart
# 修改后要重启xinetd服务
Stopping xinetd: [ OK ]
Starting xinetd: [ OK ]
[root@linux01 Server]# chkconfig --list | grep time
# 再次查询
daytime-dgram: off
daytime-stream: off
time-dgram: on
time-stream: on
[root@linux01 Server]#
3、建立NIS的域名(注意:要在client上做此步骤的相同配置)
[root@linux01 ~]# nisdomainname nistest
# 建立域名
[root@linux01 ~]# echo '/bin/nisdomainname nistest' >> /etc/rc.d/rc.local
# 写入到启动配置文件(>>输出重定向)
[root@linux01 ~]# echo 'NISDOMAIN=nistest' >> /etc/sysconfig/network
# 写入到网络配置文件
[root@linux01 ~]#
[root@linux01 ~]# cat /etc/rc.d/rc.local | grep '/bin/nisdomainname'
# 验证写入的信息
/bin/nisdomainname nistest
[root@linux01 ~]# cat /etc/sysconfig/network
NETWORKING=yes
NETWORKING_IPV6=no
HOSTNAME=linux01
GATEWAY=192.168.7.1
NISDOMAIN=nistest
[root@linux01 ~]#
4、设置ypserv服务的配置文件
[root@linux01 ~]# vi /etc/ypserv.conf
#
# ypserv.conf In this file you can set certain options for the NIS server,
# and you can deny or restrict access to certain maps based
# on the originating host.
#
# See ypserv.conf(5) for a description of the syntax.
#
# Some options for ypserv. This things are all not needed, if
# you have a Linux net.
# Should we do DNS lookups for hosts not found in the hosts table ?
# This option is ignored in the moment.
dns: no
# How many map file handles should be cached ?
files: 30
# Should we register ypserv with SLP ?
slp: no
# After how many seconds we should re-register ypserv with SLP ?
slp_timeout: 3600
# xfr requests are only allowed from ports < 1024
xfr_check_port: yes
# The following, when uncommented, will give you shadow like passwords.
# Note that it will not work if you have slave NIS servers in your
# network that do not run the same server as you.
# Host : Domain : Map : Security
#
127.0.0.0/255.255.255.0 : * : * : none
# 本地允许
192.168.7.0/255.255.255.0 : nistest : passwd.byname : none
# 7.0网段允许
* : * : * : dney
# 其他拒绝
# * : * : passwd.byname : port
# * : * : passwd.byuid : port
# Not everybody should see the shadow passwords, not secure, since
# under MSDOG everbody is root and can access ports < 1024 !!!
* : * : shadow.byname : port
* : * : passwd.adjunct.byname : port
# If you comment out the next rule, ypserv and rpc.ypxfrd will
# look for YP_SECURE and YP_AUTHDES in the maps. This will make
# the security check a little bit slower, but you only have to
# change the keys on the master server, not the configuration files
# on each NIS server.
# If you have maps with YP_SECURE or YP_AUTHDES, you should create
# a rule for them above, that's much faster.
# * : * : * : none
[root@linux01 ~]#
5、启动NIS服务(ypserv和yppasswdd两个服务)
[root@linux01 ~]# service portmap status
# portmap服务启动时前提条件
portmap (pid 1886) is running...
[root@linux01 ~]# service ypserv start
# 启动ypserv服务
Starting YP server services: [ OK ]
[root@linux01 ~]# service yppasswdd start
# 启动yppasswdd服务
Starting YP passwd service: [ OK ]
[root@linux01 ~]#
[root@linux01 ~]# chkconfig --list | grep yp
ypbind 0:off 1:off 2:off 3:off 4:off 5:off 6:off
yppasswdd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
ypserv 0:off 1:off 2:off 3:off 4:off 5:off 6:off
ypxfrd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
[root@linux01 ~]# chkconfig --level 35 ypserv on
[root@linux01 ~]# chkconfig --level 35 yppasswdd on
[root@linux01 ~]# chkconfig --list | grep yp
ypbind 0:off 1:off 2:off 3:off 4:off 5:off 6:off
yppasswdd 0:off 1:off 2:off 3:on 4:off 5:on 6:off
ypserv 0:off 1:off 2:off 3:on 4:off 5:on 6:off
ypxfrd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
[root@linux01 ~]#
6、构建NIS数据库
[root@linux01 ~]# file /usr/lib/yp/ypinit
/usr/lib/yp/ypinit: Bourne shell script text executable
[root@linux01 ~]# /usr/lib/yp/ypinit –m
# -m参数是用来构建数据库
At this point, we have to construct a list of the hosts which will run NIS
servers. linux01 is in the list of NIS server hosts. Please continue to add
the names for the other hosts, one per line. When you are done with the
list, type a <control D>.
next host to add: linux01
# 运行NIS服务的服务器名称,默认本机
next host to add:
# 此处按Ctrl + d组合键
The current list of NIS servers looks like this:
linux01
Is this correct? [y/n: y] y
# 输入y键
We need a few minutes to build the databases...
Building /var/yp/nistest/ypservers...
Running /var/yp/Makefile...
gmake[1]: Entering directory `/var/yp/nistest'
Updating passwd.byname...
Updating passwd.byuid...
Updating group.byname...
Updating group.bygid...
Updating hosts.byname...
Updating hosts.byaddr...
Updating rpc.byname...
Updating rpc.bynumber...
Updating services.byname...
Updating services.byservicename...
Updating netid.byname...
Updating protocols.bynumber...
Updating protocols.byname...
Updating mail.aliases...
gmake[1]: Leaving directory `/var/yp/nistest'
linux01 has been set up as a NIS master server.
Now you can run ypinit -s linux01 on all slave server.
[root@linux01 ~]# file /usr/lib/yp/ypinit -s
/usr/lib/yp/ypinit: Bourne shell script text executable
[root@linux01 ~]# /usr/lib/yp/ypinit -s
usage:
ypinit -m
ypinit -s master
where -m is used to build the data bases on a master NIS server,
and -s is used for a slave data base. master must be an existing
reachable NIS server.
[root@linux01 ~]#
[root@linux01 ~]# ls /var/yp/nistest/
# ypinit命令根据NIS服务器中的本地系统文件信息创建的数据库文件
group.bygid mail.aliases protocols.byname services.byname
group.byname netid.byname protocols.bynumber services.byservicename
hosts.byaddr passwd.byname rpc.byname ypservers
hosts.byname passwd.byuid rpc.bynumber
[root@linux01 ~]#
(
注意:当在NIS服务器主机中对本地系统用户帐号、组帐号的信息(文件)更改后都需要使用ypinit命令来重新构建数据库文件的内容,否则NIS客户端主机获得的信息不会自动更新)
[root@linux01 ~]# useradd nistest
[root@linux01 ~]# passwd nistest
Changing password for user nistest.
New UNIX password:
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
[root@linux01 ~]#
[root@linux01 ~]# /usr/lib/yp/ypinit –m
# -m参数是用来构建数据库
二、NIS客户端配置管理
1
、NIS客户端需要的软件包
ypbind和yp-tools是两个必需客户端软件包
[root@linux02 ~]# rpm -qa | grep ^yp
# 查询所需的软件包
ypbind-1.19-8.el5
yp-tools-2.9-0.1
[root@linux02 ~]#
2、设置hosts文件
[root@linux02 ~]# cat /etc/hosts
# 查看hosts文件
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 linux02 localhost.localdomain localhost
::1 localhost6.localdomain6 localhost6
[root@linux02 ~]# echo '192.168.7.2 linux01' >> /etc/hosts
# 写入NIS服务器主机名和对应ip地址
[root@linux02 ~]# cat /etc/hosts
# 再次查看hosts文件
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 linux02 localhost.localdomain localhost
::1 localhost6.localdomain6 localhost6
192.168.7.2 linux01
[root@linux02 ~]#
3、建立NIS的域名
root@linux02 ~]# nisdomainname nistest
# 建立域名
root@linux02 ~]# echo 'bin/nisdomainname nistest' >> /etc/rc.d/rc.local
# 写入到启动配置文件(>>输出重定向)
[root@linux02 ~]# echo 'NISDOMAIN=nistest' >> /etc/sysconfig/network
# 写入到网络配置文件
[root@linux02 ~]# cat /etc/rc.d/rc.local | grep '/bin/nisdomainname'
# 验证写入的信息
/bin/nisdomainname nistest
[root@linux02 ~]#cat /etc/sysconfig/network
NETWORKING=yes
NETWORKING_IPV6=yes
HOSTNAME=linux02
NISDOMAIN=nistest
[root@linux02 ~]#
4、设置/etc/yp.conf配置文件
[root@linux02 ~]# cat /etc/yp.conf | grep 'domain nistest server linux01'
domain nistest server linux01
[root@linux02 ~]#
5、设置/etc/nsswitch.conf文件
nsswitch.conf用于设置系统中信息的查询方式,对于用户帐号、组帐号等信息在nsswitch.conf中的默认为只使用本地文件,对主机名称解释使用本地文件和DNS服务器。
[root@linux02 ~]# cat /etc/nsswitch.conf
# 查看源文件
# /etc/nsswitch.conf
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
#
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
#
# Legal entries are:
#
# nisplus or nis+ Use NIS+ (NIS version 3)
# nis or yp Use NIS (NIS version 2), also called YP
# dns Use DNS (Domain Name Service)
# files Use the local files
# db Use the local database (.db) files
# compat Use NIS on compat mode
# hesiod Use Hesiod for user lookups
# [NOTFOUND=return] Stop searching if not found so far
#
# To use db, put the "db" in front of "files" for entries you want to be
# looked up first in the databases
#
# Example:
#passwd: db files nisplus nis
#shadow: db files nisplus nis
#group: db files nisplus nis
passwd: files
shadow: files
group: files
#hosts: db files nisplus nis dns
hosts: files dns
# Example - obey only what nisplus tells us...
#services: nisplus [NOTFOUND=return] files
#networks: nisplus [NOTFOUND=return] files
#protocols: nisplus [NOTFOUND=return] files
#rpc: nisplus [NOTFOUND=return] files
#ethers: nisplus [NOTFOUND=return] files
#netmasks: nisplus [NOTFOUND=return] files
bootparams: nisplus [NOTFOUND=return] files
ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files
netgroup: nisplus
publickey: nisplus
automount: files nisplus
aliases: files nisplus
[root@linux02 ~]#
[root@linux02 ~]# vi /etc/nsswitch.conf
# 编辑配置文件
# /etc/nsswitch.conf
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
#
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
#
# Legal entries are:
#
# nisplus or nis+ Use NIS+ (NIS version 3)
# nis or yp Use NIS (NIS version 2), also called YP
# dns Use DNS (Domain Name Service)
# files Use the local files
# db Use the local database (.db) files
# compat Use NIS on compat mode
# hesiod Use Hesiod for user lookups
# [NOTFOUND=return] Stop searching if not found so far
#
# To use db, put the "db" in front of "files" for entries you want to be
# looked up first in the databases
#
# Example:
#passwd: db files nisplus nis
#shadow: db files nisplus nis
#group: db files nisplus nis
# 需要修改的地方
passwd: files nis
# 添加nis,即优先使用本地,然后使用NIS服务器获取信息
shadow: files nis
# 添加nis,即优先使用本地,然后使用NIS服务器获取信息
group: files nis
# 添加nis,即优先使用本地,然后使用NIS服务器获取信息
#hosts: db files nisplus nis dns
hosts: files nis dns
# 添加nis,即优先使用本地,然后使用NIS服务器获取信息
# Example - obey only what nisplus tells us...
#services: nisplus [NOTFOUND=return] files
#networks: nisplus [NOTFOUND=return] files
#protocols: nisplus [NOTFOUND=return] files
#rpc: nisplus [NOTFOUND=return] files
#ethers: nisplus [NOTFOUND=return] files
#netmasks: nisplus [NOTFOUND=return] files
bootparams: nisplus [NOTFOUND=return] files
ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files
netgroup: nisplus
publickey: nisplus
automount: files nisplus
aliases: files nisplus
[root@linux02 ~]#
6、设置ypbind服务的随机启动
[root@linux02 ~]# service portmap status
portmap (pid 4440) running...
[root@linux02 ~]# service ypbind start
Binding to the NIS domain: [OK]
Listening for an NIS domain server.
[root@linux02 ~]# chkconfig --list | grep yp
# 查看
ypbind 0:off 1:off 2:off 3:off 4:off 5:off 6:off
[root@linux02 ~]#
[root@linux02 ~]# chkconfig --level 35 ypbind on
[root@linux02 ~]# chkconfig --list | grep yp
ypbind 0:off 1: off 2: off 3:on 4: off 5:on 6: off
[root@linux02 ~]#
7、使用NIS客户端测试与NIS服务器的连接
测试命令工具包括yptest、ypwhich和ypcat3ge。
(1) yptest
(2) ypwhich
(3) ypcat
8、NIS客户端用户登录
linux02 login: nistest
Password:
No directory /home/nistest!
Logging in with home = “/”.
-bash-3.2$
-bash-3.2$
本文出自 “
Gonglei Chen” 博客,转载请与作者联系!
本文出自 51CTO.COM技术博客
转载于:https://blog.51cto.com/beautymm/244004
2709
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
