企业里面一般都会有好多服务器,如果一个员工要登录多台服务器,则需要在多台服务器中给用户添加用户名密码,如果服务器量大,员工数目也多,则很难以控制添加也麻烦。NIS就是用于用户机制哦能管理。
1 需求
用于多用户集中管理
2 版本
系统版本 Centos 6.8
内核版本2.6.32-642.el6.x86_64
NIS 服务端安装软件 ypserv.x86_64
NIS 客户端安装软件 yp-tools.x86_64 ypbind.x86_64
3 实施
3.1 服务端
3.1.1 安装 ypserv.x86_64
yum install ypserv.x86_64
3.1.2 配置系统文件
/etc/ypserv.conf 在这个文件里面配置显示客户访问的权限添加上一下代码:
50 127.0.0.1/255.0.0.0 :* :* :none
51 192.168.125.0/255.255.255.0 :* :* :none
52 * :* :* :deny
3.1.3 添加用户
3.1.4 初始化
/usr/lib64/yp/ypinit -m 就是生成本地系统的passwd group等等文件的映射文件
root@wzlvm ~]# /usr/lib64/yp/ypinit -m
At this point, we have to construct a list of the hosts which will run NIS
servers. wzlvm is in the list of NIS server hosts. Please continue to add
the names for the other hosts, one per line. When you are done with the
list, type a <control D>.
next host to add: wzlvm
next host to add:
The current list of NIS servers looks like this:
wzlvm
Is this correct? [y/n: y]
3.1.5 添加本地解析
在/etc/hosts 里面添加域名解析
[root@wzlvm ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.125.134 nis
192.168.125.129 nis-client
3.1.6 添加nisdomain
在文件/etc/sysconfig/network 里面添加
/bin/nisdomainname wzlnis 立即生效
3.2 客户机
3.2.1 安装软件
客户机安装软件包 ypbind 和 yp-tools
3.2.2 添加客户机nisdomain
/etc/sysconfig/network 中添加:
NISDOMAIN=wzlnis
[root@myvm2 ~]# /bin/nisdomainname wzlnis 立即生效
3.2.3 添加客户机本地解析
192.168.125.134 nis
192.168.125.129 nis-client
3.2.4 配置客户机配置文件 /etc/yp.conf
/etc/yp.conf
domain wzlnis server nis
/etc/nsswitch.conf
passwd file nis
group file nis
hosts file nis dns
3.2.5 重启客户机
service rpcbind restart
service ypbind restart
[root@myvm2 ~]# service rpcbind restart
Stopping rpcbind: [ OK ]
Starting rpcbind: [ OK ]
[root@myvm2 ~]# service ypbind restart
Shutting down NIS service: [FAILED]
Setting NIS domain: domain is 'wzlnis' [ OK ]
Starting NIS service: [ OK ]
Binding NIS service: . [ OK ]
3.2.6 验证
ypwhich
ypwhich -x
ypcat passwd
ypcat hosts
yptest
ssh test1@nis-client
[root@myvm2 ~]# ypwhich
nis
[root@myvm2 ~]# ypwhich -x
Use "ethers" for map "ethers.byname"
Use "aliases" for map "mail.aliases"
Use "services" for map "services.byname"
Use "protocols" for map "protocols.bynumber"
Use "hosts" for map "hosts.byname"
Use "networks" for map "networks.byaddr"
Use "group" for map "group.byname"
Use "passwd" for map "passwd.byname"
[root@myvm2 ~]# ypcat passwd
user3:$6$HDHeZE34$QTpM5EfAgd2Ksq0CtfRd9xjfxN.wMC2pgi..mV9FKLqsAFRFUzZWPPrGxBclRsvaOP8V7aTM/cw2BOjPO6eQ/1:502:501::/home/user3:/bin/bash
t2:$6$LnwFfPjX$TF5UekSOh6zeHdN1zOuSavRvI8DCSqccKk60Cz.RqIbTBL.KH584a562jyERGxSuTYuzNDALgXDFoSe7ncW5u.:506:506::/home/t2:/bin/bash
t1:$6$MjQnBk.t$/IkzEkjruz94a00KcoVwo/hyNFOXL4txP9LzJk2n66pXZ8fWS/fNRUrLAk8xQSOgTaTJITDd2WMpLo8h82GXA1:505:505::/home/t1:/bin/bash
user1:$6$9NX6wZdm$pTVQ0hw3kJQ/P2eU6VOwthLygHOIqIeLaWzO.D28IbUZebtW3SHTUKOPqykPyQmAwk1V0gyyG2D.eYhHRBFwh0:500:501::/home/user1:/bin/bash
test1:!!:504:504::/home/test1:/sbin/nologin
user4:$6$a4Upk6Gu$tsy4TeOAlzhR2XlBsHZrjEANqdHcT/FdIfDYeYu2vZEGO6pEBbIa40ktLPH4oAfp0yCiSgzV0D45I7BPBcDYZ/:503:501::/home/user4:/bin/bash
user2:$6$/n6SWiTF$/tHJ735..jlITzYGyBJwiRPnR1RdT5Fi6lhCDQ.kMY1LA3zzQU/Wj/rmxFCGe7sjS7ERJbh33BbUeMiMZgJpV0:501:502::/home/user2:/sbin/nologer
[root@myvm2 ~]# ssh t1@nis-client
The authenticity of host 'nis-client (192.168.125.129)' can't be established.
RSA key fingerprint is 1c:29:89:72:21:fd:dc:f1:f2:81:2f:5c:f1:e6:8b:2d.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'nis-client,192.168.125.129' (RSA) to the list of known hosts.
t1@nis-client's password:
Could not chdir to home directory /home/t1: No such file or directory
-bash-4.1$ ls
bin boot data dev etc home lib lib64 lost+found media mnt opt proc root sbin selinux srv sys tmp usr var
客户机登录成功.