NIS (Network Information Service)网络信息服务,是Sun Microsystem于1985年发布的一项目录服务技术(Diretory Service),它简化了Linux桌面客户的管理工作,客户端利用它可以使用中心服务器的管理文件。桌面系统的用户无需建立他们自己的/etc/passwd,他们只简单的使用维护在NIS服务器的文件即可,所以NIS和Windows Server的域控制器没有本质的区别。
slave.goodbye.com's NIS data base has been set up.
If there were warnings, please figure out what went wrong, and fix it.
功能:在一个大型的企业网域中会有很多台Linux主机,如果给每台主机设定相同的账号和密码去进行管理还是件比较麻烦的事情。NIS服务器用来管理网域中所有主机的账号、密码,当某一主机登陆时,会到NIS服务器上要求相应的账号、密码等使用者资料的验证。如此一来,如果想要添加、修改、删除使用者的资料,只要到服务器上面处理即可。在几百台或更多主机的网域中,如果只有一台NIS服务器可能繁忙的时候无法快速提供用户数据查询与响应,单一的服务器负载过大会导致用户主机无法登入的风险,这时就需要NIS Server的master与slave架构。
Slave
由来自master主服务器数据加以更新到自己的数据库中,并提供与master相同的查询功能。NIS Server 的 master 先将自己的账号、密码相关档案制作成为数据库档案;NIS Server 的 master 将自己的数据库档案传送到 slave上面;NIS Server 的 slave 接收来自 NIS Server master的数据后,更新自己的数据库,使自己的数据库与 master 主机的数据同步;网域当中的所有 NIS Client 查寻 NIS Server 时,会找寻最先回应的那一台NIS 主机的数据库内容,NIS 的 master 与 slave架构用于分散查寻 NIS时的负载。
master-----slave架构:
master主服务器配置:
运行yum安装相应的软件包 #yum install ypbind yp-tools yp* nfs -y
master:10.1.1.25-----slave 10.1.1.26
第一步:关闭Selinux、主从时间同步、防火墙配置
[root@master ~]# vim /etc/sysconfig/selinux
SELINUX=disabled
配置防火墙
#
iptables -I INPUT 1 -p tcp --dport 111 -j ACCEPT
#iptables -I INPUT 1 -p udp --dport 111 -j ACCEPT
#iptables -I INPUT 1 -p tcp --dport 2049 -j ACCEPT
# iptables -I INPUT 1 -p udp --dport 2049 -j ACCEPT
#iptables -I INPUT 1 -p tcp --dport 2049 -j ACCEPT
# iptables -I INPUT 1 -p udp --dport 2049 -j ACCEPT
#service iptables save
或者直接关闭防火墙
#rdate -s 10.1.1.26
第二步:修改主机文件
#vim /etc/hosts
10.1.1.25 master.goodbye.com
10.1.1.26 slave.goodbye.com
10.1.1.26 slave.goodbye.com
#vim /etc/sysconfig/network
NETWORKING=yes
NETWORKING_IPV6=no
HOSTNAME=master.goodbye.com
NISDOMAIN=nis.com
NETWORKING_IPV6=no
HOSTNAME=master.goodbye.com
NISDOMAIN=nis.com
此处如果不做域名修改slave同步数据的时候会报错
Can't enumerate maps from 10.1.1.25. Please check that it isrunning.
第三步:修改配置文件
#vim /etc/ypserv.conf --在最后加上下面几句,表示只有本机和10网段才可以做此服务器的从服务器或是客户端;
127.0.0.1/255.255.255.0 :* :* :none
10.1.1.0/255.255.255.0 :* :* :none
* :* :* :deny
10.1.1.0/255.255.255.0 :* :* :none
* :* :* :deny
# vim /var/yp/Makefile
NOPUSH=false
第四步:启动服务,初始化主服务器
# /etc/init.d/ypserv start
[root@master ~]# /usr/lib/yp/ypinit -m
At this point, we have to construct a list of the hosts which will run NIS
servers. master.goodbye.com is in the list of NIS server hosts. Please continue to add
the names for the other hosts, one per line. When you are done with the
list, type a <control D>.
next host to add: master.goodbye.com
next host to add:
The current list of NIS servers looks like this:
servers. master.goodbye.com is in the list of NIS server hosts. Please continue to add
the names for the other hosts, one per line. When you are done with the
list, type a <control D>.
next host to add: master.goodbye.com
next host to add:
The current list of NIS servers looks like this:
master.goodbye.com
Is this correct? [y/n: y] y
We need a few minutes to build the databases...
Building /var/yp/nis.com/ypservers...
Running /var/yp/Makefile...
gmake[1]: Entering directory `/var/yp/nis.com'
Updating passwd.byname...
Updating passwd.byuid...
Updating group.byname...
Updating group.bygid...
Updating hosts.byname...
Updating hosts.byaddr...
Updating rpc.byname...
Updating rpc.bynumber...
Updating services.byname...
Updating services.byservicename...
Updating netid.byname...
Updating protocols.bynumber...
Updating protocols.byname...
Updating mail.aliases...
gmake[1]: Leaving directory `/var/yp/nis.com'
We need a few minutes to build the databases...
Building /var/yp/nis.com/ypservers...
Running /var/yp/Makefile...
gmake[1]: Entering directory `/var/yp/nis.com'
Updating passwd.byname...
Updating passwd.byuid...
Updating group.byname...
Updating group.bygid...
Updating hosts.byname...
Updating hosts.byaddr...
Updating rpc.byname...
Updating rpc.bynumber...
Updating services.byname...
Updating services.byservicename...
Updating netid.byname...
Updating protocols.bynumber...
Updating protocols.byname...
Updating mail.aliases...
gmake[1]: Leaving directory `/var/yp/nis.com'
master.goodbye.com has been set up as a NIS master server.
Now you can run ypinit -s master.goodbye.com on all slave server.
第五步:创建普通用户,更新初始化数据
#useradd a1
# /usr/lib/yp/ypinit -m
按下Ctrl-D和回答Y执行下一步操作
# cd /var/yp
# make
按下Ctrl-D和回答Y执行下一步操作
# cd /var/yp
# make
[root@master ~]# authconfig --update --enablenis
停止 portmap:[确定]
启动 portmap:[确定]
关闭 NIS 服务:[确定]
关联到 NIS 域:[确定]
监听 NIS 域服务器。.
停止 portmap:[确定]
启动 portmap:[确定]
关闭 NIS 服务:[确定]
关联到 NIS 域:[确定]
监听 NIS 域服务器。.
[root@master ~]# getent passwd
查看用户口令表
#chkconfig yppasswdd on
#chkconfig ypserv on
#chkconfig portmap on
#chkconfig ypserv on
#chkconfig portmap on
----------------------------------------------------------------------------------------------------------------
配置NIS slave从服务器
第一步:关闭Selinux、主从时间同步、防火墙
第二步:修改主机文件
#vim /etc/hosts
10.1.1.25 master.goodbye.com
10.1.1.26 slave.goodbye.com
10.1.1.26 slave.goodbye.com
#vim /etc/sysconfig/network
NETWORKING=yes
NETWORKING_IPV6=no
NETWORKING_IPV6=no
HOSTNAME=slave.goodbye.com
NISDOMAIN=nis.com
NISDOMAIN=nis.com
第三步:修改配置文件
#vim /etc/ypserv.conf --在最后加上下面几句,表示只有本机和10网段才可以做此服务器的从服务器或是客户端;
127.0.0.1/255.255.255.0 :* :* :none
10.1.1.0/255.255.255.0 :* :* :none
* :* :* :deny
10.1.1.0/255.255.255.0 :* :* :none
* :* :* :deny
# vim /var/yp/Makefile
NOPUSH=true
第四步:启动服务,初始化主服务器
# /etc/init.d/ypserv start
[root@slave ~]# /usr/lib/yp/ypinit -s master.goodbye.com
We will need a few minutes to copy the data from master.goodbye.com.
Transferring hosts.byname...
Trying ypxfrd ... success
We will need a few minutes to copy the data from master.goodbye.com.
Transferring hosts.byname...
Trying ypxfrd ... success
Transferring protocols.byname...
Trying ypxfrd ... success
Trying ypxfrd ... success
Transferring passwd.byuid...
Trying ypxfrd ... success
Trying ypxfrd ... success
Transferring rpc.bynumber...
Trying ypxfrd ... success
Trying ypxfrd ... success
Transferring rpc.byname...
Trying ypxfrd ... success
Trying ypxfrd ... success
Transferring protocols.bynumber...
Trying ypxfrd ... success
Trying ypxfrd ... success
Transferring passwd.byname...
Trying ypxfrd ... success
Trying ypxfrd ... success
Transferring mail.aliases...
Trying ypxfrd ... success
Trying ypxfrd ... success
Transferring group.byname...
Trying ypxfrd ... success
Trying ypxfrd ... success
Transferring services.byservicename...
Trying ypxfrd ... success
Trying ypxfrd ... success
Transferring services.byname...
Trying ypxfrd ... success
Trying ypxfrd ... success
Transferring hosts.byaddr...
Trying ypxfrd ... success
Trying ypxfrd ... success
Transferring netid.byname...
Trying ypxfrd ... success
Trying ypxfrd ... success
Transferring ypservers...
Trying ypxfrd ... success
Trying ypxfrd ... success
Transferring group.bygid...
Trying ypxfrd ... success
Trying ypxfrd ... success
slave.goodbye.com's NIS data base has been set up.
If there were warnings, please figure out what went wrong, and fix it.
At this point, make sure that /etc/passwd and /etc/group have
been edited so that when the NIS is activated, the data bases you
have just created will be used, instead of the /etc ASCII files.
been edited so that when the NIS is activated, the data bases you
have just created will be used, instead of the /etc ASCII files.
# ls /var/yp/nis.com/ --初始化后,就可以看到主服务器的这些文件给同步过来了
group.bygid netid.byname rpc.byname
group.byname passwd.byname rpc.bynumber
hosts.byaddr passwd.byuid services.byname
hosts.byname protocols.byname services.byservicename
mail.aliases protocols.bynumber ypservers
group.bygid netid.byname rpc.byname
group.byname passwd.byname rpc.bynumber
hosts.byaddr passwd.byuid services.byname
hosts.byname protocols.byname services.byservicename
mail.aliases protocols.bynumber ypservers
--------------------------------------------------------------------------------------
客户端的NISDOMAIN配置
yum install ypbind yp-tools
vim /etc/yp.conf 加上下面一句
domain nis.com server 10.1.1.25
vim /etc/hosts
vim /etc/nsswitch.conf --在下面几个里都加上nis的查找
passwd: files nis
shadow: files nis
group: files nis
hosts: files nis dns
shadow: files nis
group: files nis
hosts: files nis dns
#/etc/init.d/ypbind start --启动ypbind服务
-------------------------------------------------------------------------------------------
关于用户家目录和环境变量的问题:
需要使用nfs服务器把家目录给共享出来,--nfs需要在nis服务器上做
[root@master ~]# vim /etc/exports
/home 10.1.1.0/255.255.255.0(rw,sync) --注意这里给的是可读可写
/home 10.1.1.0/255.255.255.0(rw,sync) --注意这里给的是可读可写
/etc/init.d/portmap restart
/etc/init.d/nfs restart
2、客户端需要去手动挂载nis服务器上的/home目录,为了实现自动挂载
还需要借助于autofs服务,--autofs是在客户端做
vim /etc/auto.master
/home /etc/auto.home
/etc/init.d/nfs restart
2、客户端需要去手动挂载nis服务器上的/home目录,为了实现自动挂载
还需要借助于autofs服务,--autofs是在客户端做
vim /etc/auto.master
/home /etc/auto.home
vim /etc/auto.home
* -rw 10.1.1.25:/home/&
* -rw 10.1.1.25:/home/&
# /etc/init.d/nfs restart
#/etc/init.d/autofs restart
# chkconfig ypbind on
# chkconfig autofs on
# chkconfig autofs on
# getent passwd 可以查看到NIS服务端创建的用户
a1:$1$3McXQknX$n0mo9fNNb8Ji.Z4g0f1Y80:500:500::/home/a1:/bin/bash
切换用户a1用户登录成功!
到此nis nfs autofs搭建完毕!!!
转载于:https://blog.51cto.com/cuixinheng/973825
235
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
