NIS帳號實現集中管理:
軟件包的安裝:
portmap NIS是與NFS一樣依賴於RPC的服務,通常這個軟件包系統默認都會安裝。
yp-tools 提供NIS相關指令查尋功能,通常默認會安裝。
ypbind 提供NIS Client 設定檔,通常默認會安裝。
ypserv 提供NIS Server 設定檔。
NIS Server 設定:
1, 確定portmap 已經啓動,並設置爲開機啓動。
[root@station1 ~]# netstat -antulp | grep portmap
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 2851/portmap
udp 0 0 0.0.0.0:111 0.0.0.0:* 2851/portmap
[root@station1 ~]# chkconfig --list | grep portmap
portmap 0:關閉 1:關閉 2:關閉 3:啓用 4:啓用 5:啓用 6:關閉
[root@station1 ~]#
2,啓用time-tcp與time-udp
[root@station1 ~]# chkconfig time-dgram on
[root@station1 ~]# chkconfig time-stream on
[root@station1 ~]# chkconfig --list | grep time
daytime-dgram: 關閉
daytime-stream: 關閉
time-dgram: 啓用
time-stream: 啓用
[root@station1 ~]# /etc/init.d/xinetd restart
停止 xinetd: [確定]
啓動 xinetd: [確定]
[root@station1 ~]# netstat -antulp | grep xin
tcp 0 0 0.0.0.0:37 0.0.0.0:* LISTEN 4677/xinetd
udp 0 0 0.0.0.0:37 0.0.0.0:* 4677/xinetd
[root@station1 ~]#
小結:用以下方式就可以查看以上兩個服務是否正常工作起來了。
[root@station1 ~]# netstat -tulp | grep xinetd
tcp 0 0 *:time *:* LISTEN 4677/xinetd
udp 0 0 *:time *:* 4677/xinetd
[root@station1 ~]# netstat -tulp | grep portmap
tcp 0 0 *:sunrpc *:* LISTEN 2851/portmap
udp 0 0 *:sunrpc *:* 2851/portmap
[root@station1 ~]#
3,建立 NIS域(nisdomainname)
[root@station1 ~]# nisdomainname lwhy
[root@station1 ~]# echo "/bin/nisdomainname lwhy" >> /etc/rc.d/rc.local
[root@station1 ~]# echo "NISDOMAIN=lwhy" >> /etc/sysconfig/network
[root@station1 ~]# cat /etc/sysconfig/network
NETWORKING=yes
NETWORKING_IPV6=yes
HOSTNAME=station1.example.com
NISDOMAIN=lwhy
4,編輯主配置文檔:
[root@station1 ~]# vim /etc/ypserv.conf
[root@station1 ~]# cat /etc/ypserv.conf | grep -v ^# | grep -v "^$"
dns: no
files: 30 #預先讀入緩存的數據庫文件數量.
slp: no
slp_timeout: 3600
trusted_master: #指定主NIS
xfr_check_port: yes # master與slave溝通端口爲小於1024的ports.
* : * : shadow.byname : port
* : * : passwd.adjunct.byname : port
#以上保持默認即可, 注: *表示所有.
#以下分別設置:主機名/IP : 網域 : 數據庫類別 : 訪問控制 port 指 <1024port
127.0.0.0/255.255.255.0 : * : * : port
192.168.1.0/255.255.255.0 : * : * : port
* : * : * : deny
[root@station1 ~]#
5,啓動ypserv
[root@station1 ~]# /etc/init.d/ypserv start
啓動 YP 服務器的服務: [確定]
[root@station1 ~]# /etc/init.d/yppasswdd start
啓動 YP 口令服務: [確定]
[root@station1 ~]# chkconfig ypserv on
[root@station1 ~]# chkconfig yppasswdd on
[root@station1 ~]# rpcinfo -u localhost ypserv
程序 100004 版本 1 就緒並等待
程序 100004 版本 2 就緒並等待
[root@station1 ~]#
6,製作數據庫
[root@station1 ~]# /usr/lib/yp/ypinit -m
At this point, we have to construct a list of the hosts which will run NIS
servers. station1.example.com is in the list of NIS server hosts. Please continue to add
the names for the other hosts, one per line. When you are done with the
list, type a <control D>.
next host to add: station1.example.com
next host to add:
The current list of NIS servers looks like this:
station1.example.com
Is this correct? [y/n: y] y
We need a few minutes to build the databases...
Building /var/yp/lwhy/ypservers...
Running /var/yp/Makefile...
gmake[1]: Entering directory `/var/yp/lwhy'
Updating passwd.byname...
Updating passwd.byuid...
Updating group.byname...
Updating group.bygid...
Updating hosts.byname...
Updating hosts.byaddr...
Updating rpc.byname...
Updating rpc.bynumber...
Updating services.byname...
Updating services.byservicename...
Updating netid.byname...
Updating protocols.bynumber...
Updating protocols.byname...
Updating mail.aliases...
gmake[1]: Leaving directory `/var/yp/lwhy'
station1.example.com has been set up as a NIS master server.
Now you can run ypinit -s station1.example.com on all slave server.
[root@station1 ~]#
[root@station1 ~]# ll /var/yp/
總計 56
drwxr-xr-x 2 root root 4096 2009-04-15 binding
drwxr-xr-x 2 root root 4096 05-19 15:27 lwhy
-rw-r--r-- 1 root root 16669 2008-08-11 Makefile
-rw-r--r-- 1 root root 185 2006-07-13 nicknames
-rw-r--r-- 1 root root 21 05-19 15:26 ypservers
[root@station1 ~]# /etc/init.d/ypserv restart
停止 YP 服務器的服務: [確定]
啓動 YP 服務器的服務: [確定]
[root@station1 ~]# /etc/init.d/yppasswdd restart
停止 YP 口令服務: [確定]
啓動 YP 口令服務: [確定]
[root@station1 ~]#
注:NIS Server上每更動數據庫內容時都要重新制作一次,並重啓服務使之生效.
NIS Server設定基本完成.
NIS Client 設定:
軟件包的安裝:
yp-tools
ypbind
portmap
1,啓用portmap(關於portmap的服務是server與client 兩端都應該啓用的.)
[root@mail ~]# /etc/init.d/portmap start
Starting portmap: [ OK ]
[root@mail ~]# chkconfig portmap on
[root@mail ~]#
2,在/etc/hosts裏添加一條NIS Server對應的記錄.
[root@mail ~]# vim /etc/hosts
[root@mail ~]# cat /etc/hosts
127.0.0.1 localhost.localdomain localhost
::1 localhost6.localdomain6 localhost6
192.168.1.254 station1.example.com station1
[root@mail ~]#
3,指定NIS Server 的domain name
[root@mail ~]# /bin/nisdomainname lwhy
[root@mail ~]# echo "/bin/nisdomainname lwhy" >> /etc/rc.d/rc.local
[root@mail ~]# echo "NISDOMAIN=lwhy" >> /etc/sysconfig/network
[root@mail ~]#
4,建立 NIS 查尋的主機名稱 (分別指定NIS域與NIS Server主機名)
[root@mail ~]# echo "domain lwhy" >> /etc/yp.conf
[root@mail ~]# echo "ypserver station1.example.com" >> /etc/yp.conf
[root@mail ~]#
5,修改密碼驗證的方式:設定以 NIS Server 的數據庫來驗證.
[root@mail ~]# echo "+::::::" >> /etc/passwd
[root@mail ~]#
6,修改系統查詢配置文檔/etc/nsswitch.conf:設定密碼查尋的順序.
[root@mail ~]# cat /etc/nsswitch.conf | grep -v ^# | grep -v ^$
passwd: files nis nisplus
shadow: files nis nisplus
group: files nis nisplus
hosts: files nis dns
[root@mail ~]#
7,啓動客戶端服務ypbind
[root@mail ~]# /etc/init.d/ypbind start
Turning on allow_ypbind SELinux boolean
Binding to the NIS domain: [ OK ]
Listening for an NIS domain server.
[root@mail ~]# chkconfig ypbind on
[root@mail ~]# rpcinfo -p localhost
program vers proto port
100000 2 tcp 111 portmapper
100000 2 udp 111 portmapper
100007 2 udp 902 ypbind
100007 1 udp 902 ypbind
100007 2 tcp 905 ypbind
100007 1 tcp 905 ypbind
[root@mail ~]#
NIC Client 端檢驗 NIS Server工具:yptest, ypwhich, ypcat
[root@mail ~]# yptest
Test 1: domainname
Configured domainname is "lwhy"
Test 2: ypbind
Used NIS server: station1.example.com
Test 3: yp_match
WARNING: No such key in map (Map passwd.byname, key nobody)
Test 4: yp_first
user2 user2:!!:504:504::/home/user2:/bin/bash
Test 5: yp_next
ftpuser1 ftpuser1:!!:501:501::/home/virtual:/sbin/nologin
test test:$1$Je0mP4FM$HbjedupHhS7sOP64ChUx4/:502:502::/home/test:/bin/bash
user1 user1:!!:503:503::/home/user1:/bin/bash
admin admin:!!:505:505::/home/admin:/bin/bash
virtual virtual:!!:500:500::/home/virtual:/bin/bash
usertest usertest:$1$3viKI2C2$g731Q2.FaTeuc3Oh8Edwp/:506:506::/home/usertest:/bin/bash
Test 6: yp_master
station1.example.com
Test 7: yp_order
1274257060
Test 8: yp_maplist
rpc.byname
ypservers
protocols.bynumber
passwd.byname
group.bygid
netid.byname
hosts.byaddr
rpc.bynumber
services.byservicename
protocols.byname
hosts.byname
group.byname
passwd.byuid
services.byname
mail.aliases
Test 9: yp_all
ftpuser1 ftpuser1:!!:501:501::/home/virtual:/sbin/nologin
test test:$1$Je0mP4FM$HbjedupHhS7sOP64ChUx4/:502:502::/home/test:/bin/bash
virtual virtual:!!:500:500::/home/virtual:/bin/bash
usertest usertest:$1$3viKI2C2$g731Q2.FaTeuc3Oh8Edwp/:506:506::/home/usertest:/bin/bash
[root@mail ~]#
[root@mail ~]# ypwhich
station1.example.com
[root@mail ~]# ypwhich -x
Use "ethers" for map "ethers.byname"
Use "aliases" for map "mail.aliases"
Use "services" for map "services.byname"
Use "protocols" for map "protocols.bynumber"
Use "hosts" for map "hosts.byname"
Use "networks" for map "networks.byaddr"
Use "group" for map "group.byname"
Use "passwd" for map "passwd.byname"
[root@mail ~]# ypcat -x
Use "ethers" for map "ethers.byname"
Use "aliases" for map "mail.aliases"
Use "services" for map "services.byname"
Use "protocols" for map "protocols.bynumber"
Use "hosts" for map "hosts.byname"
Use "networks" for map "networks.byaddr"
Use "group" for map "group.byname"
Use "passwd" for map "passwd.byname"
[root@mail ~]#
軟件包的安裝:
portmap NIS是與NFS一樣依賴於RPC的服務,通常這個軟件包系統默認都會安裝。
yp-tools 提供NIS相關指令查尋功能,通常默認會安裝。
ypbind 提供NIS Client 設定檔,通常默認會安裝。
ypserv 提供NIS Server 設定檔。
NIS Server 設定:
1, 確定portmap 已經啓動,並設置爲開機啓動。
[root@station1 ~]# netstat -antulp | grep portmap
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 2851/portmap
udp 0 0 0.0.0.0:111 0.0.0.0:* 2851/portmap
[root@station1 ~]# chkconfig --list | grep portmap
portmap 0:關閉 1:關閉 2:關閉 3:啓用 4:啓用 5:啓用 6:關閉
[root@station1 ~]#
2,啓用time-tcp與time-udp
[root@station1 ~]# chkconfig time-dgram on
[root@station1 ~]# chkconfig time-stream on
[root@station1 ~]# chkconfig --list | grep time
daytime-dgram: 關閉
daytime-stream: 關閉
time-dgram: 啓用
time-stream: 啓用
[root@station1 ~]# /etc/init.d/xinetd restart
停止 xinetd: [確定]
啓動 xinetd: [確定]
[root@station1 ~]# netstat -antulp | grep xin
tcp 0 0 0.0.0.0:37 0.0.0.0:* LISTEN 4677/xinetd
udp 0 0 0.0.0.0:37 0.0.0.0:* 4677/xinetd
[root@station1 ~]#
小結:用以下方式就可以查看以上兩個服務是否正常工作起來了。
[root@station1 ~]# netstat -tulp | grep xinetd
tcp 0 0 *:time *:* LISTEN 4677/xinetd
udp 0 0 *:time *:* 4677/xinetd
[root@station1 ~]# netstat -tulp | grep portmap
tcp 0 0 *:sunrpc *:* LISTEN 2851/portmap
udp 0 0 *:sunrpc *:* 2851/portmap
[root@station1 ~]#
3,建立 NIS域(nisdomainname)
[root@station1 ~]# nisdomainname lwhy
[root@station1 ~]# echo "/bin/nisdomainname lwhy" >> /etc/rc.d/rc.local
[root@station1 ~]# echo "NISDOMAIN=lwhy" >> /etc/sysconfig/network
[root@station1 ~]# cat /etc/sysconfig/network
NETWORKING=yes
NETWORKING_IPV6=yes
HOSTNAME=station1.example.com
NISDOMAIN=lwhy
4,編輯主配置文檔:
[root@station1 ~]# vim /etc/ypserv.conf
[root@station1 ~]# cat /etc/ypserv.conf | grep -v ^# | grep -v "^$"
dns: no
files: 30 #預先讀入緩存的數據庫文件數量.
slp: no
slp_timeout: 3600
trusted_master: #指定主NIS
xfr_check_port: yes # master與slave溝通端口爲小於1024的ports.
* : * : shadow.byname : port
* : * : passwd.adjunct.byname : port
#以上保持默認即可, 注: *表示所有.
#以下分別設置:主機名/IP : 網域 : 數據庫類別 : 訪問控制 port 指 <1024port
127.0.0.0/255.255.255.0 : * : * : port
192.168.1.0/255.255.255.0 : * : * : port
* : * : * : deny
[root@station1 ~]#
5,啓動ypserv
[root@station1 ~]# /etc/init.d/ypserv start
啓動 YP 服務器的服務: [確定]
[root@station1 ~]# /etc/init.d/yppasswdd start
啓動 YP 口令服務: [確定]
[root@station1 ~]# chkconfig ypserv on
[root@station1 ~]# chkconfig yppasswdd on
[root@station1 ~]# rpcinfo -u localhost ypserv
程序 100004 版本 1 就緒並等待
程序 100004 版本 2 就緒並等待
[root@station1 ~]#
6,製作數據庫
[root@station1 ~]# /usr/lib/yp/ypinit -m
At this point, we have to construct a list of the hosts which will run NIS
servers. station1.example.com is in the list of NIS server hosts. Please continue to add
the names for the other hosts, one per line. When you are done with the
list, type a <control D>.
next host to add: station1.example.com
next host to add:
The current list of NIS servers looks like this:
station1.example.com
Is this correct? [y/n: y] y
We need a few minutes to build the databases...
Building /var/yp/lwhy/ypservers...
Running /var/yp/Makefile...
gmake[1]: Entering directory `/var/yp/lwhy'
Updating passwd.byname...
Updating passwd.byuid...
Updating group.byname...
Updating group.bygid...
Updating hosts.byname...
Updating hosts.byaddr...
Updating rpc.byname...
Updating rpc.bynumber...
Updating services.byname...
Updating services.byservicename...
Updating netid.byname...
Updating protocols.bynumber...
Updating protocols.byname...
Updating mail.aliases...
gmake[1]: Leaving directory `/var/yp/lwhy'
station1.example.com has been set up as a NIS master server.
Now you can run ypinit -s station1.example.com on all slave server.
[root@station1 ~]#
[root@station1 ~]# ll /var/yp/
總計 56
drwxr-xr-x 2 root root 4096 2009-04-15 binding
drwxr-xr-x 2 root root 4096 05-19 15:27 lwhy
-rw-r--r-- 1 root root 16669 2008-08-11 Makefile
-rw-r--r-- 1 root root 185 2006-07-13 nicknames
-rw-r--r-- 1 root root 21 05-19 15:26 ypservers
[root@station1 ~]# /etc/init.d/ypserv restart
停止 YP 服務器的服務: [確定]
啓動 YP 服務器的服務: [確定]
[root@station1 ~]# /etc/init.d/yppasswdd restart
停止 YP 口令服務: [確定]
啓動 YP 口令服務: [確定]
[root@station1 ~]#
注:NIS Server上每更動數據庫內容時都要重新制作一次,並重啓服務使之生效.
NIS Server設定基本完成.
NIS Client 設定:
軟件包的安裝:
yp-tools
ypbind
portmap
1,啓用portmap(關於portmap的服務是server與client 兩端都應該啓用的.)
[root@mail ~]# /etc/init.d/portmap start
Starting portmap: [ OK ]
[root@mail ~]# chkconfig portmap on
[root@mail ~]#
2,在/etc/hosts裏添加一條NIS Server對應的記錄.
[root@mail ~]# vim /etc/hosts
[root@mail ~]# cat /etc/hosts
127.0.0.1 localhost.localdomain localhost
::1 localhost6.localdomain6 localhost6
192.168.1.254 station1.example.com station1
[root@mail ~]#
3,指定NIS Server 的domain name
[root@mail ~]# /bin/nisdomainname lwhy
[root@mail ~]# echo "/bin/nisdomainname lwhy" >> /etc/rc.d/rc.local
[root@mail ~]# echo "NISDOMAIN=lwhy" >> /etc/sysconfig/network
[root@mail ~]#
4,建立 NIS 查尋的主機名稱 (分別指定NIS域與NIS Server主機名)
[root@mail ~]# echo "domain lwhy" >> /etc/yp.conf
[root@mail ~]# echo "ypserver station1.example.com" >> /etc/yp.conf
[root@mail ~]#
5,修改密碼驗證的方式:設定以 NIS Server 的數據庫來驗證.
[root@mail ~]# echo "+::::::" >> /etc/passwd
[root@mail ~]#
6,修改系統查詢配置文檔/etc/nsswitch.conf:設定密碼查尋的順序.
[root@mail ~]# cat /etc/nsswitch.conf | grep -v ^# | grep -v ^$
passwd: files nis nisplus
shadow: files nis nisplus
group: files nis nisplus
hosts: files nis dns
[root@mail ~]#
7,啓動客戶端服務ypbind
[root@mail ~]# /etc/init.d/ypbind start
Turning on allow_ypbind SELinux boolean
Binding to the NIS domain: [ OK ]
Listening for an NIS domain server.
[root@mail ~]# chkconfig ypbind on
[root@mail ~]# rpcinfo -p localhost
program vers proto port
100000 2 tcp 111 portmapper
100000 2 udp 111 portmapper
100007 2 udp 902 ypbind
100007 1 udp 902 ypbind
100007 2 tcp 905 ypbind
100007 1 tcp 905 ypbind
[root@mail ~]#
NIC Client 端檢驗 NIS Server工具:yptest, ypwhich, ypcat
[root@mail ~]# yptest
Test 1: domainname
Configured domainname is "lwhy"
Test 2: ypbind
Used NIS server: station1.example.com
Test 3: yp_match
WARNING: No such key in map (Map passwd.byname, key nobody)
Test 4: yp_first
user2 user2:!!:504:504::/home/user2:/bin/bash
Test 5: yp_next
ftpuser1 ftpuser1:!!:501:501::/home/virtual:/sbin/nologin
test test:$1$Je0mP4FM$HbjedupHhS7sOP64ChUx4/:502:502::/home/test:/bin/bash
user1 user1:!!:503:503::/home/user1:/bin/bash
admin admin:!!:505:505::/home/admin:/bin/bash
virtual virtual:!!:500:500::/home/virtual:/bin/bash
usertest usertest:$1$3viKI2C2$g731Q2.FaTeuc3Oh8Edwp/:506:506::/home/usertest:/bin/bash
Test 6: yp_master
station1.example.com
Test 7: yp_order
1274257060
Test 8: yp_maplist
rpc.byname
ypservers
protocols.bynumber
passwd.byname
group.bygid
netid.byname
hosts.byaddr
rpc.bynumber
services.byservicename
protocols.byname
hosts.byname
group.byname
passwd.byuid
services.byname
mail.aliases
Test 9: yp_all
ftpuser1 ftpuser1:!!:501:501::/home/virtual:/sbin/nologin
test test:$1$Je0mP4FM$HbjedupHhS7sOP64ChUx4/:502:502::/home/test:/bin/bash
virtual virtual:!!:500:500::/home/virtual:/bin/bash
usertest usertest:$1$3viKI2C2$g731Q2.FaTeuc3Oh8Edwp/:506:506::/home/usertest:/bin/bash
[root@mail ~]#
[root@mail ~]# ypwhich
station1.example.com
[root@mail ~]# ypwhich -x
Use "ethers" for map "ethers.byname"
Use "aliases" for map "mail.aliases"
Use "services" for map "services.byname"
Use "protocols" for map "protocols.bynumber"
Use "hosts" for map "hosts.byname"
Use "networks" for map "networks.byaddr"
Use "group" for map "group.byname"
Use "passwd" for map "passwd.byname"
[root@mail ~]# ypcat -x
Use "ethers" for map "ethers.byname"
Use "aliases" for map "mail.aliases"
Use "services" for map "services.byname"
Use "protocols" for map "protocols.bynumber"
Use "hosts" for map "hosts.byname"
Use "networks" for map "networks.byaddr"
Use "group" for map "group.byname"
Use "passwd" for map "passwd.byname"
[root@mail ~]#
附:
NIS Client 可以用authconfig-tui這個工具很方便的加入NIS域.
修改使用者密碼: yppasswd, ypchfn, ypchsh.
查看用戶信息:ypcat passwd, getent passwd.
用戶測試:
[root@mail ~]# su - test
su: warning: cannot change directory to /home/test: No such file or directory
id: cannot find name for user ID 502
-bash-3.2$
注:test 用戶是NIS server上的帳戶,由於客戶NIS Client 端並不存在test這個帳戶,當然就得不到屬於這個帳戶的環境變量.
解決:在NIS server上使用NFS分享用戶目錄/home ,在NIS server端利用自動掛載的功能來自動獲得用戶信息.
NIS server設定:
[root@station1 ~]# service nfs start
Starting NFS services: [ OK ]
Starting NFS quotas: [ OK ]
Starting NFS daemon: [ OK ]
Starting NFS mountd: [ OK ]
[root@station1 ~]# exportfs -v
/home/guests 192.168.1.0/255.255.255.0(rw,async,wdelay,root_squash,no_subtree_check,anonuid=65534,anongid=65534)
[root@station1 ~]# showmount -e localhost
Export list for localhost:
/home/guests 192.168.1.0/255.255.255.0
[root@station1 ~]# chkconfig nfs on
[root@station1 ~]#
NIS Client設定:
[root@mail ~]# vim /etc/auto.master
[root@mail ~]# grep /home < /etc/auto.master
/home/guests /etc/auto.nfs --timeout=100
[root@mail ~]# vim /etc/auto.nfs
[root@mail ~]# grep station1 < /etc/auto.nfs
* station1.example.com:/home/guests/&
[root@mail ~]# mkdir /home/guests
[root@mail ~]# chkconfig autofs on
[root@mail ~]# /etc/init.d/autofs restart
Stopping automount: [ OK ]
Starting automount: [ OK ]
[root@mail ~]#
新建一個用戶測試:
[root@station1 ~]# useradd -d /home/guests/nistest nistest
[root@station1 ~]# passwd nistest
Changing password for user nistest.
New UNIX password:
BAD PASSWORD: it is too short
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
[root@station1 ~]# /usr/lib/yp/ypinit -m
[root@station1 ~]# /etc/init.d/ypserv restart
停止 YP 服務器的服務: [確定]
啓動 YP 服務器的服務: [確定]
[root@station1 ~]# /etc/init.d/yppasswdd restart
停止 YP 口令服務: [確定]
啓動 YP 口令服務: [確定]
[root@station1 ~]#
NIS Client 用戶測試:
[root@mail ~]# su - nistest
id: cannot find name for user ID 500
id: cannot find name for group ID 500
id: cannot find name for user ID 500
[I have no name!@mail ~]$
解決:
NIS Server 編輯主配置文件/etc/ypserv.conf:
[root@station1 ~]# vim /etc/ypserv.conf
192.168.1.0/255.255.255.0 : * : * : none
[root@station1 ~]# /etc/init.d/ypserv restart
停止 YP 服務器的服務: [確定]
啓動 YP 服務器的服務: [確定]
NIS Client再次測試:
[root@mail ~]# su - nistest
do_ypcall: clnt_call: RPC: Unable to receive; errno = Connection refused
[nistest@mail ~]$ passwd
Changing password for user nistest.
passwd: Authentication token manipulation error
[nistest@mail ~]$ /usr/bin/yppasswd
Changing NIS account information for nistest on station1.example.com.
Please enter old password:
Changing NIS password for nistest on station1.example.com.
Please enter new password:
Please retype new password:
The NIS password has been changed on station1.example.com.
[nistest@mail ~]$
完結~!
用戶測試:
[root@mail ~]# su - test
su: warning: cannot change directory to /home/test: No such file or directory
id: cannot find name for user ID 502
-bash-3.2$
注:test 用戶是NIS server上的帳戶,由於客戶NIS Client 端並不存在test這個帳戶,當然就得不到屬於這個帳戶的環境變量.
解決:在NIS server上使用NFS分享用戶目錄/home ,在NIS server端利用自動掛載的功能來自動獲得用戶信息.
NIS server設定:
[root@station1 ~]# service nfs start
Starting NFS services: [ OK ]
Starting NFS quotas: [ OK ]
Starting NFS daemon: [ OK ]
Starting NFS mountd: [ OK ]
[root@station1 ~]# exportfs -v
/home/guests 192.168.1.0/255.255.255.0(rw,async,wdelay,root_squash,no_subtree_check,anonuid=65534,anongid=65534)
[root@station1 ~]# showmount -e localhost
Export list for localhost:
/home/guests 192.168.1.0/255.255.255.0
[root@station1 ~]# chkconfig nfs on
[root@station1 ~]#
NIS Client設定:
[root@mail ~]# vim /etc/auto.master
[root@mail ~]# grep /home < /etc/auto.master
/home/guests /etc/auto.nfs --timeout=100
[root@mail ~]# vim /etc/auto.nfs
[root@mail ~]# grep station1 < /etc/auto.nfs
* station1.example.com:/home/guests/&
[root@mail ~]# mkdir /home/guests
[root@mail ~]# chkconfig autofs on
[root@mail ~]# /etc/init.d/autofs restart
Stopping automount: [ OK ]
Starting automount: [ OK ]
[root@mail ~]#
新建一個用戶測試:
[root@station1 ~]# useradd -d /home/guests/nistest nistest
[root@station1 ~]# passwd nistest
Changing password for user nistest.
New UNIX password:
BAD PASSWORD: it is too short
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
[root@station1 ~]# /usr/lib/yp/ypinit -m
[root@station1 ~]# /etc/init.d/ypserv restart
停止 YP 服務器的服務: [確定]
啓動 YP 服務器的服務: [確定]
[root@station1 ~]# /etc/init.d/yppasswdd restart
停止 YP 口令服務: [確定]
啓動 YP 口令服務: [確定]
[root@station1 ~]#
NIS Client 用戶測試:
[root@mail ~]# su - nistest
id: cannot find name for user ID 500
id: cannot find name for group ID 500
id: cannot find name for user ID 500
[I have no name!@mail ~]$
解決:
NIS Server 編輯主配置文件/etc/ypserv.conf:
[root@station1 ~]# vim /etc/ypserv.conf
192.168.1.0/255.255.255.0 : * : * : none
[root@station1 ~]# /etc/init.d/ypserv restart
停止 YP 服務器的服務: [確定]
啓動 YP 服務器的服務: [確定]
NIS Client再次測試:
[root@mail ~]# su - nistest
do_ypcall: clnt_call: RPC: Unable to receive; errno = Connection refused
[nistest@mail ~]$ passwd
Changing password for user nistest.
passwd: Authentication token manipulation error
[nistest@mail ~]$ /usr/bin/yppasswd
Changing NIS account information for nistest on station1.example.com.
Please enter old password:
Changing NIS password for nistest on station1.example.com.
Please enter new password:
Please retype new password:
The NIS password has been changed on station1.example.com.
[nistest@mail ~]$
完結~!