分类: LINUX
2009-11-10 21:10:15
实验要求:NIS和NFS服务器在一台机器上,客户端在另一台机器上。
user Account Info&Credential Info==>NIS Server
Home Dir Info==>NIS Server
Clients (1)从NIS Server上获得认证信息 (2)从NFS上把家目录通过autofs挂到本地,要满足切换不同的用户挂不同的家目录,以保证信息的安全性。
实验步骤:
NIS服务器
1,/etc/sysconfig/network 加上NISDOMAIN=(随便设定一个domainname,但是要和客户端的domainname统一)
Nisdomainname xxx 是一次性的。
[root@server2 yp]# vim /etc/sysconfig/network
NETWORKING=yes
NETWORKING_IPV6=no
HOSTNAME=server2
NISDOMAIN=
2,service ypserv start
Chkconfig --level 35 reserv on
3,
[root@server2 ~]# cd /usr/lib/yp/
[root@server2 yp]# ./ypinit -m
At this point, we have to construct a list of the hosts which will run NIS
servers. server2 is in the list of NIS server hosts. Please continue to add
the names for the other hosts, one per line. When you are done with the
list, type a
next host to add: server2
next host to add:
The current list of NIS servers looks like this:
server2
Is this correct? [y/n: y] y
We need a few minutes to build the databases...
Building /var/yp//ypservers...
gethostbyname(): Success
Running /var/yp/Makefile...
gmake[1]: Entering directory `/var/yp/'
Updating passwd.byname...
Updating passwd.byuid...
Updating group.byname...
Updating group.bygid...
Updating hosts.byname...
Updating hosts.byaddr...
Updating rpc.byname...
Updating rpc.bynumber...
Updating services.byname...
Updating services.byservicename...
Updating netid.byname...
Updating protocols.bynumber...
Updating protocols.byname...
Updating mail.aliases...
gmake[1]: Leaving directory `/var/yp/'
server2 has been set up as a NIS master server.
Now you can run ypinit -s server2 on all slave server.
4,查看数据库,发现多了 这个子目录
[root@server2 yp]# cd /var/yp/
[root@server2 yp]# ls
binding Makefile nicknames ypservers
[root@server2 yp]# cd /
[root@server2 ]# ls
group.bygid mail.aliases protocols.byname services.byname
group.byname netid.byname protocols.bynumber services.byservicename
hosts.byaddr passwd.byname rpc.byname ypservers
hosts.byname passwd.byuid rpc.bynumber
NIS客户端
装ypbind-1.19-11.el5.i386.rpm yp-tools-2.9-0.1.i386.rpm 这两个包。
[root@localhost Server]# system-config-authentication
Stopping portmap: [ OK ]
Starting portmap: [ OK ]
Binding to the NIS domain: [ OK ]
Listening for an NIS domain server.
在图形界面上勾上那个enable NIS
(用图形改了以下这几个文件
[root@localhost Server]# vim /etc/yp.conf
domain server 192.168.20.23
[root@localhost Server]# vim /etc/nsswitch.conf
passwd: files nis
shadow: files nis
group: files nis
#hosts: db files nisplus nis dns
hosts: files nis dns
netgroup: files nis
publickey: nisplus
automount: files nis
在file后面加上nis
[root@localhost Server]# vim /etc/pam.d/system-auth
password sufficient pam_unix.so md5 shadow nis nullok try_first_pass use_authtok)
[root@localhost ~]# ypcat passwd
yoko:$1$E.9YxWbI$mGvWdBldKI2hfoHxWpyXt1:501:501::/home/yoko:/bin/bash
user:$1$OsYtpCHM$fUYlEjYzpsIzwwiwUEy170:500:500::/home/user:/bin/bash
在服务器端新加一个用户后,要在/var/yp/下重新make一下,客户端才能看到。
[root@server2 yp]# make
gmake[1]: Entering directory `/var/yp/'
Updating passwd.byname...
Updating passwd.byuid...
Updating group.byname...
Updating group.bygid...
Updating netid.byname...
gmake[1]: Leaving directory `/var/yp/'
客户端
[root@localhost ~]# ypcat passwd
yoko:$1$E.9YxWbI$mGvWdBldKI2hfoHxWpyXt1:501:501::/home/yoko:/bin/bash
nisuser:$1$k/201WD4$Xx1UfjBgOc.JeYE7hCpZS.:503:503::/home/nisuser:/bin/bash
user:$1$OsYtpCHM$fUYlEjYzpsIzwwiwUEy170:500:500::/home/user:/bin/bash
NFS服务器
[root@server2 home]# useradd nisuser -d /home/guest/nisuser
[root@server2 home]# useradd nisuser2 -d /home/guest/nisuser2
[root@server2 home]# cat /etc/passwd
nisuser:x:503:503::/home/guest/nisuser:/bin/bash
nisuser2:x:504:504::/home/guest/nisuser2:/bin/bash
[root@server2 ~]# vim /etc/exports
/home/guest/ *(ro,sync)
[root@server2 ~]# service portmap start
Starting portmap: [ OK ]
[root@server2 home]# service nfs start
Starting NFS services: [ OK ]
Starting NFS quotas: [ OK ]
Starting NFS daemon: [ OK ]
Starting NFS mountd: [ OK ]
NFS客户端
[root@localhost misc]# vim /etc/auto.master
/home/guest /etc/auto.misc --timeout=60
[root@localhost misc]# vim /etc/auto.misc
* -fstype=nfs,ro,soft,intr 192.168.20.23:/home/guest/&
#### Wildcard Key
A map key of * denotes a wild-card entry. This entry is consulted if the
specified key does not exist in the map. A typical wild-card entry looks
like this:
* server:/export/home/&
The special character ’&’ will be replaced by the provided key. So, in the
example above, a lookup for the key ’foo’ would yield a mount of
server:/export/home/foo.
#####
在客户端上检验
[root@localhost misc]# su - nisuser
[nisuser@localhost ~]$
[nisuser@localhost ~]$ pwd
/home/guest/nisuser
[nisuser@localhost ~]$ exit
[root@localhost misc]# ls /home/guest/
Nisuser
[root@localhost misc]# su - nisuser2
[nisuser2@localhost ~]$ pwd
/home/guest/nisuser2
[nisuser2@localhost ~]$ exit
[root@localhost misc]# ls /home/guest/
nisuser2 (由于时间超过60s,nisuser被卸载)