NIS 服务器搭建测试:
测试环境:master + client (各一台)
安装软件: (portmap也是一定要装的,否则将不能通过rpc通信)
On Master
[root@master yum.repos.d]# yum list |grep ^yp
yp-tools.i386 2.8-7 installed
ypbind.i386 3:1.17.2-13 installed
ypserv.i386 2.13-19 installed
On Client:
[root@client ~]# yum list |grep ^yp
yp-tools.i386 2.8-7 installed
ypbind.i386 3:1.17.2-13 installed
配置 On Master:
1)设定nisdomain:
[root@master ~]# nisdomainname nis (设定)
[root@master ~]# nisdomainname (显示)
nis
[root@master ~]# grep nis /etc/rc.local
/bin/nisdomainname nis (开机就进行nisdomain的设定)
[root@master ~]# cat /etc/sysconfig/network (在这个文件中指定nis的网域)
NETWORKING=yes
HOSTNAME=master.nis
NISDOMAIN=nis
2)在/etc/hosts这个文件中记录master & client 的IP及域名
[root@master ~]# cat /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 localhost.localdomain localhost
l0.224.254.17 master.nis
10.224.254.19 client.nis
3)ypserv的配置:
[root@master ~]# cat /etc/ypserv.conf
#
# ypserv.conf In this file you can set certain options for the NIS server,
# and you can deny or restrict access to certain maps based
# on the originating host.
#
# See ypserv.conf(5) for a description of the syntax.
#
# Some options for ypserv. This things are all not needed, if
# you have a Linux net.
# Should we do DNS lookups for hosts not found in the hosts table ?
# This option is ignored in the moment.
dns: no
# How many map file handles should be cached ?
files: 30
# Should we register ypserv with SLP ?
slp: no
# After how many seconds we should re-register ypserv with SLP ?
slp_timeout: 3600
# xfr requests are only allowed from ports < 1024
xfr_check_port: yes
# The following, when uncommented, will give you shadow like passwords.
# Note that it will not work if you have slave NIS servers in your
# network that do not run the same server as you.
# Host : Domain : Map : Security
#
# * : * : passwd.byname : port
# * : * : passwd.byuid : port
# Not everybody should see the shadow passwords, not secure, since
# under MSDOG everbody is root and can access ports < 1024 !!!
#* : * : shadow.byname : port
#* : * : passwd.adjunct.byname : port
#127.0.0.0/255.255.255.0 : * : * : none
#10.224.254.0/255.255.255.0 : * : * : none
* : * : none (可根据需要自行定义)
# If you comment out the next rule, ypserv and rpc.ypxfrd will
# look for YP_SECURE and YP_AUTHDES in the maps. This will make
# the security check a little bit slower, but you only have to
# change the keys on the master server, not the configuration files
# on each NIS server.
# If you have maps with YP_SECURE or YP_AUTHDES, you should create
# a rule for them above, that's much faster.
# * : * : * : none
[root@master ~]#
4)建立资料库:
[root@master ~]# /usr/lib/yp/ypinit -m
At this point, we have to construct a list of the hosts which will run NIS
servers. master.nis is in the list of NIS server hosts. Please continue to add
the names for the other hosts, one per line. When you are done with the
list, type a .
next host to add: master.nis (系统会自动找到这个master server)
next host to add: (按ctrl D)
The current list of NIS servers looks like this:
master.nis
Is this correct? [y/n: y] y
We need a few minutes to build the databases...
Building /var/yp/nis/ypservers...
gethostbyname(): Success
Running /var/yp/Makefile...
gmake[1]: Entering directory `/var/yp/nis'
Updating passwd.byname...
Updating passwd.byuid...
Updating group.byname...
Updating group.bygid...
Updating hosts.byname...
Updating hosts.byaddr...
Updating rpc.byname...
Updating rpc.bynumber...
Updating services.byname...
Updating services.byservicename...
Updating netid.byname...
Updating protocols.bynumber...
Updating protocols.byname...
Updating netgroup...
Updating netgroup.byhost...
Updating netgroup.byuser...
Updating mail.aliases...
Updating shadow.byname... Ignored -> merged with passwd
Updating publickey.byname...
gmake[1]: Leaving directory `/var/yp/nis'
master.nis has been set up as a NIS master server.
Now you can run ypinit -s master.nis on all slave server.
以上,资料库就建好了,所有以上列出的文件均在/var/yp/nis/ 下:
[root@master ~]# ll /var/yp/nis/
total 436
-rw------- 1 root root 12482 Oct 30 22:48 group.bygid
-rw------- 1 root root 12495 Oct 30 22:48 group.byname
-rw------- 1 root root 12526 Oct 30 22:48 hosts.byaddr
-rw------- 1 root root 12548 Oct 30 22:48 hosts.byname
-rw------- 1 root root 13205 Oct 30 22:49 mail.aliases
-rw------- 1 root root 12398 Oct 30 22:49 netgroup
-rw------- 1 root root 12405 Oct 30 22:49 netgroup.byhost
-rw------- 1 root root 12405 Oct 30 22:49 netgroup.byuser
-rw------- 1 root root 13136 Oct 30 22:48 netid.byname
-rw------- 1 root root 12837 Oct 30 22:48 passwd.byname
-rw------- 1 root root 12822 Oct 30 22:48 passwd.byuid
-rw------- 1 root root 29187 Oct 30 22:49 protocols.byname
-rw------- 1 root root 14499 Oct 30 22:49 protocols.bynumber
-rw------- 1 root root 12407 Oct 30 22:49 publickey.byname
-rw------- 1 root root 16378 Oct 30 22:48 rpc.byname
-rw------- 1 root root 14230 Oct 30 22:48 rpc.bynumber
-rw------- 1 root root 49714 Oct 30 22:48 services.byname
-rw------- 1 root root 102400 Oct 30 22:48 services.byservicename
-rw------- 1 root root 12358 Oct 30 22:48 ypservers
5)启动服务:
[root@master ~]# /etc/init.d/ypserv start
Starting YP server services: [ OK ]
[root@master ~]# /etc/init.d/portmap start
Starting portmap: [ OK ]
[root@master ~]# /etc/init.d/yppasswdd start
Starting YP passwd service: [ OK ]
6)检查服务是否成功启动:
[root@master ~]# rpcinfo -p localhost
program vers proto port
100000 2 tcp 111 portmapper
100000 2 udp 111 portmapper
100024 1 udp 799 status
100024 1 tcp 802 status
100009 1 udp 608 yppasswdd
100004 2 udp 772 ypserv
100004 1 udp 772 ypserv
100004 2 tcp 775 ypserv
100004 1 tcp 775 ypserv
若结果如以上,则一切正常。
配置 On Client:
1)设定nisdomain:(这一段同master)
[root@client ~]# nisdomainname nis
[root@client ~]# nisdomainname
nis
[root@client ~]# grep -i nis /etc/rc.local
/bin/nisdomainname nis
[root@client ~]# cat /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=client.nis
NISDOMAIN=nis
2)建立host与IP的对应关系:
[root@client ~]# cat /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 localhost.localdomain localhost
10.224.254.19 client.nis
10.224.254.17 master.nis
3)启用NIS 认证:
[root@client ~]# authconfig
Select "Use NIS"
Input doamin and server
submit
Binding to the NIS domain: [ OK ]
Listening for an NIS domain server.
检查服务是否成功启动:
[root@client ~]# rpcinfo -p localhost
program vers proto port
100000 2 tcp 111 portmapper
100000 2 udp 111 portmapper
100024 1 udp 782 status
100024 1 tcp 785 status
100007 2 udp 626 ypbind
100007 1 udp 626 ypbind
100007 2 tcp 629 ypbind
100007 1 tcp 629 ypbind
/etc/init.d/ypbind start 这个地方曾一直都启动不了,后来发现是iptables的缘故,用iptables -F 将其关掉后,就可以启动了
测试:
[root@client ~]# yptest
Test 1: domainname
Configured domainname is "nis"
Test 2: ypbind
Used NIS server: master.nis
..............
最后会列出所有master 的/etc/passwd里的帐号,这表明测试成功。
[root@client ~]# ypcat -x (列出所有map的资料)
Use "ethers" for map "ethers.byname"
Use "aliases" for map "mail.aliases"
Use "services" for map "services.byname"
Use "protocols" for map "protocols.bynumber"
Use "hosts" for map "hosts.byname"
Use "networks" for map "networks.byaddr"
Use "group" for map "group.byname"
Use "passwd" for map "passwd.byname"
[root@client ~]# ypcat passwd.byname (列出帐号详细信息)
nfsnobody:!!:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
test:$1$HUvo/cDR$K.M555dqnX2edzjmrkns7/:503:503:test:/home/test:/bin/bash
henry:$1$H0XDKato$RIYeiqGypSVadjkvqytAv.:504:504::/home/henry:/bin/bash
[root@client ~]# ypwhich (列出 master nis)
master.nis
[root@client ~]# yppasswd henry (在client 端更改用户登录密码)
Changing NIS account information for henry on master.nis.
Please enter root password:
Changing NIS password for henry on master.nis.
Please enter new password:
Please retype new password:
The NIS password has been changed on master.nis.
更改后,新密码可成功登陆master.
参考文件:
