---陳功磊 2009-5-31
(系統環境:[紅帽企業.Linux.5].rhel-5.2-server-i386-dvd.iso)
一、NIS服務配置管理
1、安裝NIS服務的軟件包
[root@linux01 ~]# rpm -qa | grep ^yp # 查詢當前系統中以yp開頭的軟件
ypbind-1.19-8.el5
yp-tools-2.9-0.1
[root@linux01 Server]# rpm -q portmap # 查詢portmap軟件,ypserv服務需要portmap支持(默認已安裝)
portmap-4.0-65.2.2.1
[root@linux01 Server]#
[root@linux01 ~]#mount -t iso9660 /dev/cdrom /media/cdrom # 掛載光盤
mount: block device /dev/cdrom is write-protected, mounting read-only
[root@linux01 ~]# cd /media/cdrom/Server # 進入軟件包所在的目錄
[root@linux01 Server]# ls | grep ^yp # 查找以yp開頭的軟件包
ypbind-1.19-8.el5.i386.rpm
ypserv-2.19-3.i386.rpm
yp-tools-2.9-0.1.i386.rpm
[root@linux01 Server]#
[root@linux01 Server]# rpm -ivh ypserv-2.19-3.i386.rpm # 安裝ypserv軟件包 i安裝 v詳細輸出信息 h安裝進度
warning: ypserv-2.19-3.i386.rpm: Header V3 DSA signature: NOKEY, key ID 37017186
Preparing... ########################################### [100%]
1:ypserv ########################################### [100%]
[root@linux01 Server]#
[root@linux01 Server]# rpm -qa | grep ^yp # 查詢當前系統中以yp開頭的軟件
ypbind-1.19-8.el5
ypserv-2.19-3
yp-tools-2.9-0.1
[root@linux01 Server]#
2、設置time-dgram和ime-stream服務的啓動狀態 (注:linux4中爲time和time-udp)
ypserv服務的啓動和運行需要它們的支持
[root@linux01 Server]# chkconfig --list | grep time # 查詢
daytime-dgram: off
daytime-stream: off
time-dgram: off
time-stream: off
[root@linux01 Server]# chkconfig time-dgram on # 開啓(非獨立服務的開啓的方式,與獨立服務的開啓方式有別)
[root@linux01 Server]# chkconfig time-stream on # 開啓
[root@linux01 Server]# service xinetd restart # 修改後要重啓xinetd服務
Stopping xinetd: [ OK ]
Starting xinetd: [ OK ]
[root@linux01 Server]# chkconfig --list | grep time # 再次查詢
daytime-dgram: off
daytime-stream: off
time-dgram: on
time-stream: on
[root@linux01 Server]#
3、建立NIS的域名(注意:要在client上做此步驟的相同配置)
[root@linux01 ~]# nisdomainname nistest # 建立域名
[root@linux01 ~]# echo '/bin/nisdomainname nistest' >> /etc/rc.d/rc.local # 寫入到啓動配置文件(>>輸出重定向)
[root@linux01 ~]# echo 'NISDOMAIN=nistest' >> /etc/sysconfig/network # 寫入到網絡配置文件
[root@linux01 ~]#
[root@linux01 ~]# cat /etc/rc.d/rc.local | grep '/bin/nisdomainname' # 驗證寫入的信息
/bin/nisdomainname nistest
[root@linux01 ~]# cat /etc/sysconfig/network
NETWORKING=yes
NETWORKING_IPV6=no
HOSTNAME=linux01
GATEWAY=192.168.7.1
NISDOMAIN=nistest
[root@linux01 ~]#
4、設置ypserv服務的配置文件
[root@linux01 ~]# vi /etc/ypserv.conf
#
# ypserv.conf In this file you can set certain options for the NIS server,
# and you can deny or restrict access to certain maps based
# on the originating host.
#
# See ypserv.conf(5) for a description of the syntax.
#
# Some options for ypserv. This things are all not needed, if
# you have a Linux net.
# Should we do DNS lookups for hosts not found in the hosts table ?
# This option is ignored in the moment.
dns: no
# How many map file handles should be cached ?
files: 30
# Should we register ypserv with SLP ?
slp: no
# After how many seconds we should re-register ypserv with SLP ?
slp_timeout: 3600
# xfr requests are only allowed from ports < 1024
xfr_check_port: yes
# The following, when uncommented, will give you shadow like passwords.
# Note that it will not work if you have slave NIS servers in your
# network that do not run the same server as you.
# Host : Domain : Map : Security
#
127.0.0.0/255.255.255.0 : * : * : none # 本地允許
192.168.7.0/255.255.255.0 : nistest : passwd.byname : none # 7.0網段允許
* : * : * : dney # 其他拒絕
# * : * : passwd.byname : port
# * : * : passwd.byuid : port
# Not everybody should see the shadow passwords, not secure, since
# under MSDOG everbody is root and can access ports < 1024 !!!
* : * : shadow.byname : port
* : * : passwd.adjunct.byname : port
# If you comment out the next rule, ypserv and rpc.ypxfrd will
# look for YP_SECURE and YP_AUTHDES in the maps. This will make
# the security check a little bit slower, but you only have to
# change the keys on the master server, not the configuration files
# on each NIS server.
# If you have maps with YP_SECURE or YP_AUTHDES, you should create
# a rule for them above, that's much faster.
# * : * : * : none
[root@linux01 ~]#
5、啓動NIS服務(ypserv和yppasswdd兩個服務)
[root@linux01 ~]# service portmap status # portmap服務啓動時前提條件
portmap (pid 1886) is running...
[root@linux01 ~]# service ypserv start # 啓動ypserv服務
Starting YP server services: [ OK ]
[root@linux01 ~]# service yppasswdd start # 啓動yppasswdd服務
Starting YP passwd service: [ OK ]
[root@linux01 ~]#
[root@linux01 ~]# chkconfig --list | grep yp
ypbind 0:off 1:off 2:off 3:off 4:off 5:off 6:off
yppasswdd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
ypserv 0:off 1:off 2:off 3:off 4:off 5:off 6:off
ypxfrd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
[root@linux01 ~]# chkconfig --level 35 ypserv on
[root@linux01 ~]# chkconfig --level 35 yppasswdd on
[root@linux01 ~]# chkconfig --list | grep yp
ypbind 0:off 1:off 2:off 3:off 4:off 5:off 6:off
yppasswdd 0:off 1:off 2:off 3:on 4:off 5:on 6:off
ypserv 0:off 1:off 2:off 3:on 4:off 5:on 6:off
ypxfrd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
[root@linux01 ~]#
6、構建NIS數據庫
[root@linux01 ~]# file /usr/lib/yp/ypinit
/usr/lib/yp/ypinit: Bourne shell script text executable
[root@linux01 ~]# /usr/lib/yp/ypinit –m # -m參數是用來構建數據庫
At this point, we have to construct a list of the hosts which will run NIS
servers. linux01 is in the list of NIS server hosts. Please continue to add
the names for the other hosts, one per line. When you are done with the
list, type a <control D>.
next host to add: linux01 # 運行NIS服務的服務器名稱,默認本機
next host to add: # 此處按Ctrl + d組合鍵
The current list of NIS servers looks like this:
linux01
Is this correct? [y/n: y] y # 輸入y鍵
We need a few minutes to build the databases...
Building /var/yp/nistest/ypservers...
Running /var/yp/Makefile...
gmake[1]: Entering directory `/var/yp/nistest'
Updating passwd.byname...
Updating passwd.byuid...
Updating group.byname...
Updating group.bygid...
Updating hosts.byname...
Updating hosts.byaddr...
Updating rpc.byname...
Updating rpc.bynumber...
Updating services.byname...
Updating services.byservicename...
Updating netid.byname...
Updating protocols.bynumber...
Updating protocols.byname...
Updating mail.aliases...
gmake[1]: Leaving directory `/var/yp/nistest'
linux01 has been set up as a NIS master server.
Now you can run ypinit -s linux01 on all slave server.
[root@linux01 ~]# file /usr/lib/yp/ypinit -s
/usr/lib/yp/ypinit: Bourne shell script text executable
[root@linux01 ~]# /usr/lib/yp/ypinit -s
usage:
ypinit -m
ypinit -s master
where -m is used to build the data bases on a master NIS server,
and -s is used for a slave data base. master must be an existing
reachable NIS server.
[root@linux01 ~]#
[root@linux01 ~]# ls /var/yp/nistest/ # ypinit命令根據NIS服務器中的本地系統文件信息創建的數據庫文件
group.bygid mail.aliases protocols.byname services.byname
group.byname netid.byname protocols.bynumber services.byservicename
hosts.byaddr passwd.byname rpc.byname ypservers
hosts.byname passwd.byuid rpc.bynumber
[root@linux01 ~]#
(注意:當在NIS服務器主機中對本地系統用戶帳號、組帳號的信息(文件)更改後都需要使用ypinit命令來重新構建數據庫文件的內容,否則NIS客戶端主機獲得的信息不會自動更新)
[root@linux01 ~]# useradd nistest
[root@linux01 ~]# passwd nistest
Changing password for user nistest.
New UNIX password:
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
[root@linux01 ~]#
[root@linux01 ~]# /usr/lib/yp/ypinit –m # -m參數是用來構建數據庫
二、NIS客戶端配置管理
1、NIS客戶端需要的軟件包
ypbind和yp-tools是兩個必需客戶端軟件包
[root@linux02 ~]# rpm -qa | grep ^yp # 查詢所需的軟件包
ypbind-1.19-8.el5
yp-tools-2.9-0.1
[root@linux02 ~]#
2、設置hosts文件
[root@linux02 ~]# cat /etc/hosts # 查看hosts文件
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 linux02 localhost.localdomain localhost
::1 localhost6.localdomain6 localhost6
[root@linux02 ~]# echo '192.168.7.2 linux01' >> /etc/hosts # 寫入NIS服務器主機名和對應ip地址
[root@linux02 ~]# cat /etc/hosts # 再次查看hosts文件
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 linux02 localhost.localdomain localhost
::1 localhost6.localdomain6 localhost6
192.168.7.2 linux01
[root@linux02 ~]#
3、建立NIS的域名
root@linux02 ~]# nisdomainname nistest # 建立域名
root@linux02 ~]# echo 'bin/nisdomainname nistest' >> /etc/rc.d/rc.local # 寫入到啓動配置文件(>>輸出重定向)
[root@linux02 ~]# echo 'NISDOMAIN=nistest' >> /etc/sysconfig/network # 寫入到網絡配置文件
[root@linux02 ~]# cat /etc/rc.d/rc.local | grep '/bin/nisdomainname' # 驗證寫入的信息
/bin/nisdomainname nistest
[root@linux02 ~]#cat /etc/sysconfig/network
NETWORKING=yes
NETWORKING_IPV6=yes
HOSTNAME=linux02
NISDOMAIN=nistest
[root@linux02 ~]#
4、設置/etc/yp.conf配置文件
[root@linux02 ~]# cat /etc/yp.conf | grep 'domain nistest server linux01'
domain nistest server linux01
[root@linux02 ~]#
5、設置/etc/nsswitch.conf文件
nsswitch.conf用於設置系統中信息的查詢方式,對於用戶帳號、組帳號等信息在nsswitch.conf中的默認爲只使用本地文件,對主機名稱解釋使用本地文件和DNS服務器。
[root@linux02 ~]# cat /etc/nsswitch.conf # 查看源文件
# /etc/nsswitch.conf
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
#
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
#
# Legal entries are:
#
# nisplus or nis+ Use NIS+ (NIS version 3)
# nis or yp Use NIS (NIS version 2), also called YP
# dns Use DNS (Domain Name Service)
# files Use the local files
# db Use the local database (.db) files
# compat Use NIS on compat mode
# hesiod Use Hesiod for user lookups
# [NOTFOUND=return] Stop searching if not found so far
#
# To use db, put the "db" in front of "files" for entries you want to be
# looked up first in the databases
#
# Example:
#passwd: db files nisplus nis
#shadow: db files nisplus nis
#group: db files nisplus nis
passwd: files
shadow: files
group: files
#hosts: db files nisplus nis dns
hosts: files dns
# Example - obey only what nisplus tells us...
#services: nisplus [NOTFOUND=return] files
#networks: nisplus [NOTFOUND=return] files
#protocols: nisplus [NOTFOUND=return] files
#rpc: nisplus [NOTFOUND=return] files
#ethers: nisplus [NOTFOUND=return] files
#netmasks: nisplus [NOTFOUND=return] files
bootparams: nisplus [NOTFOUND=return] files
ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files
netgroup: nisplus
publickey: nisplus
automount: files nisplus
aliases: files nisplus
[root@linux02 ~]#
[root@linux02 ~]# vi /etc/nsswitch.conf # 編輯配置文件
# /etc/nsswitch.conf
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
#
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
#
# Legal entries are:
#
# nisplus or nis+ Use NIS+ (NIS version 3)
# nis or yp Use NIS (NIS version 2), also called YP
# dns Use DNS (Domain Name Service)
# files Use the local files
# db Use the local database (.db) files
# compat Use NIS on compat mode
# hesiod Use Hesiod for user lookups
# [NOTFOUND=return] Stop searching if not found so far
#
# To use db, put the "db" in front of "files" for entries you want to be
# looked up first in the databases
#
# Example:
#passwd: db files nisplus nis
#shadow: db files nisplus nis
#group: db files nisplus nis
# 需要修改的地方
passwd: files nis # 添加nis,即優先使用本地,然後使用NIS服務器獲取信息
shadow: files nis # 添加nis,即優先使用本地,然後使用NIS服務器獲取信息
group: files nis # 添加nis,即優先使用本地,然後使用NIS服務器獲取信息
#hosts: db files nisplus nis dns
hosts: files nis dns # 添加nis,即優先使用本地,然後使用NIS服務器獲取信息
# Example - obey only what nisplus tells us...
#services: nisplus [NOTFOUND=return] files
#networks: nisplus [NOTFOUND=return] files
#protocols: nisplus [NOTFOUND=return] files
#rpc: nisplus [NOTFOUND=return] files
#ethers: nisplus [NOTFOUND=return] files
#netmasks: nisplus [NOTFOUND=return] files
bootparams: nisplus [NOTFOUND=return] files
ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files
netgroup: nisplus
publickey: nisplus
automount: files nisplus
aliases: files nisplus
[root@linux02 ~]#
6、設置ypbind服務的隨機啓動
[root@linux02 ~]# service portmap status
portmap (pid 4440) running...
[root@linux02 ~]# service ypbind start
Binding to the NIS domain: [OK]
Listening for an NIS domain server.
[root@linux02 ~]# chkconfig --list | grep yp # 查看
ypbind 0:off 1:off 2:off 3:off 4:off 5:off 6:off
[root@linux02 ~]#
[root@linux02 ~]# chkconfig --level 35 ypbind on
[root@linux02 ~]# chkconfig --list | grep yp
ypbind 0:off 1: off 2: off 3:on 4: off 5:on 6: off
[root@linux02 ~]#
7、使用NIS客戶端測試與NIS服務器的連接
測試命令工具包括yptest、ypwhich和ypcat3ge。
(1) yptest
(2) ypwhich
(3) ypcat
8、NIS客戶端用戶登錄
linux02 login: nistest
Password:
No directory /home/nistest!
Logging in with home = “/”.
-bash-3.2$
-bash-3.2$
本文出自 “Gonglei Chen” 博客,轉載請與作者聯繫!
本文出自 51CTO.COM技術博客