RHEL5部署NIS服务器


当生产环境中的Linux服务器主机越来越多的时候,方管理每台服务器中的账号是一件比较麻烦的工作,

主要是每一个用户分别在每一台服务器上都要建立相应账号,如果涉及组的管理,那情况可能更麻烦。

NIS(网络信息系统)在一定程度上为我们解决这个问题。在一台服务器上集中管理所有Linux的账号。

这样,我们增加一个用户的时候,不需要在每一台Linux上去增加用户了。



服务端:192.168.200.102

客户端:192.168.200.103


服务端:192.168.200.102

[root@crushlinux2~]#serviceiptablesstop

[root@crushlinux2~]#setenforce0

[root@crushlinux2~]#yum-yinstallypserv

[root@crushlinux2~]#nisdomainnameredhat建立redhat域

[root@crushlinux2~]#echo"NISDOMAIN=redhat">>/etc/sysconfig/network

[root@crushlinux2~]#vi/etc/ypserv.conf

127.0.0.0/255.0.0.0:*:*:none

192.168.200.0/255.255.255.0:*:*:none

*:*:*:deny


第一行:允许回环地址访问

第二行:允许客户机网段访问NIS服务器

第三行:禁止其他网段访问NIS服务器


配置NIS客户机的访问控制:

主机记录以host开头后面跟上IP地址,可以设置让本机访问,如果需要增加其他的服务器访问,

可以继续增加:host192.168.200.100,如果是一个网段注意:子网掩码在前,网段地址在后

[root@crushlinux2~]#vim/var/yp/securenets

host127.0.0.1

255.255.255.0192.168.200.0


[root@crushlinux2~]#useraddcrushlinux建立帐号

[root@crushlinux2~]#passwdcrushlinux

[root@crushlinux2~]#serviceportmaprestart

[root@crushlinux2~]#serviceypservrestart

[root@crushlinux2~]#chkconfigportmapon

[root@crushlinux2~]#chkconfigypservon


构建NIS数据库

[root@crushlinux2~]#/usr/lib/yp/ypinit-m

-------------------------------------------------------------------------------------

Atthispoint,wehavetoconstructalistofthehostswhichwillrunNIS

servers.crushlinux2.comisinthelistofNISserverhosts.Pleasecontinuetoadd

thenamesfortheotherhosts,oneperline.Whenyouaredonewiththe

list,typea<controlD>.

nexthosttoadd:crushlinux2.com

nexthosttoadd:<===按CTRL+D

ThecurrentlistofNISserverslookslikethis:


crushlinux2.com


Isthiscorrect?[y/n:y]y<===输入y

Weneedafewminutestobuildthedatabases...

Building/var/yp/redhat/ypservers...

Running/var/yp/Makefile...

gmake[1]:Enteringdirectory`/var/yp/redhat'

Updatingpasswd.byname...

Updatingpasswd.byuid...

Updatinggroup.byname...

Updatinggroup.bygid...

Updatinghosts.byname...

Updatinghosts.byaddr...

Updatingrpc.byname...

Updatingrpc.bynumber...

Updatingservices.byname...

Updatingservices.byservicename...

Updatingnetid.byname...

Updatingprotocols.bynumber...

Updatingprotocols.byname...

Updatingmail.aliases...

gmake[1]:Leavingdirectory`/var/yp/redhat'


crushlinux2.comhasbeensetupasaNISmasterserver.


Nowyoucanrunypinit-scrushlinux2.comonallslaveserver.

-------------------------------------------------------------------------------------

[root@crushlinux2~]#serviceportmaprestart

[root@crushlinux2~]#serviceypservrestart

[root@crushlinux2~]#nisdomainname

redhat

[root@crushlinux2~]#vim/etc/exports

/home*(ro)

[root@crushlinux2~]#servicenfsrestart

[root@crushlinux2~]#chkconfignfson



客户端:192.168.200.103

[root@crushlinux3~]#serviceiptablesstop

[root@crushlinux3~]#setenforce0

[root@crushlinux3~]#setup

验证配置--->选中NIS(用空格选择)下一步--->输入“redhat”和“192.168.200.102”

[root@crushlinux3~]#setup

停止portmap:[确定]

启动portmap:[确定]

关联到NIS域:[确定]

监听NIS域服务器。

[root@crushlinux3~]#nisdomainname

redhat

[root@crushlinux3~]#mount-tnfs192.168.200.102:/home//home

[root@crushlinux3~]#su-crushlinux

[crushlinux@crushlinux3~]$whoami

crushlinux

[root@crushlinux3~]$vi/etc/fstab

192.168.0.10:/home/homenfsdefaults00

[root@crushlinux3~]#umount/home

[root@crushlinux3~]#mount-a

[root@crushlinux3~]#chkconfig--listypbind

ypbind0:关闭1:关闭2:关闭3:启用4:启用5:启用6:关闭