NIS服务配置
Linux下的NIS服务类似于windows域环境的域控制器,NIS集中管理和维护用户的账户信息(数据库),供NIS客户机查询。
NIS服务器配置
[root@ypser ~]# rpm -qa|grep ^yp
yp-tools-2.9-0.1
ypbind-1.19-11.el5
[root@ypser ~]# mount /dev/cdrom /mnt/cdrom
mount: block device /dev/cdrom is write-protected, mounting read-only
[root@ypser ~]# rpm -ivh /mnt/cdrom/
[root@ypser ~]# rpm -ivh /mnt/cdrom/CentOS/ypserv-2.19-5.el5.i386.rpm
Preparing... ########################################### [100%]
1:ypserv ########################################### [100%]
[root@ypser ~]# rpm -ql ypserv |head -10 #查看ypserv安装文件的前10行
/etc/rc.d/init.d/yppasswdd
/etc/rc.d/init.d/ypserv
/etc/rc.d/init.d/ypxfrd
/etc/sysconfig/yppasswdd
/etc/ypserv.conf
/usr/include/rpcsvc/ypxfrd.x
/usr/lib/yp
/usr/lib/yp/create_printcap
/usr/lib/yp/makedbm
/usr/lib/yp/match_printcap
[root@ypser ~]# chkconfig time on
在 time 服务中读取信息时出错:没有那个文件或目录 #可能是RHEL版本问题吧,我用的是RHEL 5.4
[root@ypser ~]# chkconfig time-udp on
在 time-udp 服务中读取信息时出错:没有那个文件或目录
[root@ypser ~]# service xinetd restart
停止 xinetd:[确定]
启动 xinetd:[确定]
[root@ypser ~]#
[root@ypser ~]#
[root@ypser ~]#
[root@ypser ~]# vi /etc/ypserv.conf #编辑ypserv的配置文件
修改以下内容
# a rule for them above, that's much faster.
192.168.0.0/255.255.255.0 : * : * : none
127.0.0.1/255.255.255.0 : * : * : none
* : * : * : deny
"/etc/ypserv.conf" 50L, 1881C written
[root@ypser ~]# cd /var/yp
[root@ypser yp]# ll
总计 22
drwxr-xr-x 2 root root 1024 2009-01-21 binding
-rw-r--r-- 1 root root 16669 2009-02-27 Makefile
-rw-r--r-- 1 root root 185 2007-01-06 nicknames
[root@ypser yp]# vi securenets
添加 #创建并编辑安全配置文件,
yp-tools-2.9-0.1
ypbind-1.19-11.el5
[root@ypser ~]# mount /dev/cdrom /mnt/cdrom
mount: block device /dev/cdrom is write-protected, mounting read-only
[root@ypser ~]# rpm -ivh /mnt/cdrom/
[root@ypser ~]# rpm -ivh /mnt/cdrom/CentOS/ypserv-2.19-5.el5.i386.rpm
Preparing... ########################################### [100%]
1:ypserv ########################################### [100%]
[root@ypser ~]# rpm -ql ypserv |head -10 #查看ypserv安装文件的前10行
/etc/rc.d/init.d/yppasswdd
/etc/rc.d/init.d/ypserv
/etc/rc.d/init.d/ypxfrd
/etc/sysconfig/yppasswdd
/etc/ypserv.conf
/usr/include/rpcsvc/ypxfrd.x
/usr/lib/yp
/usr/lib/yp/create_printcap
/usr/lib/yp/makedbm
/usr/lib/yp/match_printcap
[root@ypser ~]# chkconfig time on
在 time 服务中读取信息时出错:没有那个文件或目录 #可能是RHEL版本问题吧,我用的是RHEL 5.4
[root@ypser ~]# chkconfig time-udp on
在 time-udp 服务中读取信息时出错:没有那个文件或目录
[root@ypser ~]# service xinetd restart
停止 xinetd:[确定]
启动 xinetd:[确定]
[root@ypser ~]#
[root@ypser ~]#
[root@ypser ~]#
[root@ypser ~]# vi /etc/ypserv.conf #编辑ypserv的配置文件
修改以下内容
# a rule for them above, that's much faster.
192.168.0.0/255.255.255.0 : * : * : none
127.0.0.1/255.255.255.0 : * : * : none
* : * : * : deny
"/etc/ypserv.conf" 50L, 1881C written
[root@ypser ~]# cd /var/yp
[root@ypser yp]# ll
总计 22
drwxr-xr-x 2 root root 1024 2009-01-21 binding
-rw-r--r-- 1 root root 16669 2009-02-27 Makefile
-rw-r--r-- 1 root root 185 2007-01-06 nicknames
[root@ypser yp]# vi securenets
添加 #创建并编辑安全配置文件,
该文件用于对客户端的访问控制
host 127.0.0.1
255.255.255.0 192.168.0.0
~
~
~
[root@ypser yp]# service portmap status
portmap (pid 2657) 正在运行...
[root@ypser yp]# service ypserv start
设置 NIS 域名 linux.com: [确定]
启动 YP 服务器的服务:[确定]
[root@ypser yp]#
[root@ypser yp]# service yppasswdd start
启动 YP 口令服务:[确定]
[root@ypser yp]#
[root@ypser yp]#
[root@ypser yp]# service xinetd restart #重启守护程序
停止 xinetd:[确定]
启动 xinetd:[确定]
[root@ypser yp]#
[root@ypser yp]#
[root@ypser yp]# useradd lili #添加用户
[root@ypser yp]# passwd lili
Changing password for user lili.
New UNIX password:
BAD PASSWORD: it is WAY too short
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
[root@ypser yp]#
[root@ypser yp]#
[root@ypser yp]#
[root@ypser yp]# pwd
/var/yp
[root@ypser yp]#
[root@ypser yp]#
[root@ypser yp]#
[root@ypser yp]# /usr/lib/yp/ypinit -m #生成NIS数据库
host 127.0.0.1
255.255.255.0 192.168.0.0
~
~
~
[root@ypser yp]# service portmap status
portmap (pid 2657) 正在运行...
[root@ypser yp]# service ypserv start
设置 NIS 域名 linux.com: [确定]
启动 YP 服务器的服务:[确定]
[root@ypser yp]#
[root@ypser yp]# service yppasswdd start
启动 YP 口令服务:[确定]
[root@ypser yp]#
[root@ypser yp]#
[root@ypser yp]# service xinetd restart #重启守护程序
停止 xinetd:[确定]
启动 xinetd:[确定]
[root@ypser yp]#
[root@ypser yp]#
[root@ypser yp]# useradd lili #添加用户
[root@ypser yp]# passwd lili
Changing password for user lili.
New UNIX password:
BAD PASSWORD: it is WAY too short
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
[root@ypser yp]#
[root@ypser yp]#
[root@ypser yp]#
[root@ypser yp]# pwd
/var/yp
[root@ypser yp]#
[root@ypser yp]#
[root@ypser yp]#
[root@ypser yp]# /usr/lib/yp/ypinit -m #生成NIS数据库
At this point, we have to construct a list of the hosts which will run NIS
servers. ypser.linux.com is in the list of NIS server hosts. Please continue to add
the names for the other hosts, one per line. When you are done with the
list, type a <control D>.
next host to add: ypser.linux.com
next host to add:
The current list of NIS servers looks like this:
servers. ypser.linux.com is in the list of NIS server hosts. Please continue to add
the names for the other hosts, one per line. When you are done with the
list, type a <control D>.
next host to add: ypser.linux.com
next host to add:
The current list of NIS servers looks like this:
ypser.linux.com
Is this correct? [y/n: y] y #没有其他服务域名就选y
We need a few minutes to build the databases...
Building /var/yp/linux.com/ypservers...
gethostbyname(): Success
Running /var/yp/Makefile...
gmake[1]: Entering directory `/var/yp/linux.com'
Updating passwd.byname...
Updating passwd.byuid...
Updating group.byname...
Updating group.bygid...
Updating hosts.byname...
Updating hosts.byaddr...
Updating rpc.byname...
Updating rpc.bynumber...
Updating services.byname...
Updating services.byservicename...
Updating netid.byname...
Updating protocols.bynumber...
Updating protocols.byname...
Updating mail.aliases...
gmake[1]: Leaving directory `/var/yp/linux.com'
We need a few minutes to build the databases...
Building /var/yp/linux.com/ypservers...
gethostbyname(): Success
Running /var/yp/Makefile...
gmake[1]: Entering directory `/var/yp/linux.com'
Updating passwd.byname...
Updating passwd.byuid...
Updating group.byname...
Updating group.bygid...
Updating hosts.byname...
Updating hosts.byaddr...
Updating rpc.byname...
Updating rpc.bynumber...
Updating services.byname...
Updating services.byservicename...
Updating netid.byname...
Updating protocols.bynumber...
Updating protocols.byname...
Updating mail.aliases...
gmake[1]: Leaving directory `/var/yp/linux.com'
NIS客户机配置
[root@localhost ~]# ping 192.168.0.99
PING 192.168.0.99 (192.168.0.99) 56(84) bytes of data.
64 bytes from 192.168.0.99: icmp_seq=1 ttl=64 time=7.95 ms #测试客户机与服务器连通
64 bytes from 192.168.0.99: icmp_seq=2 ttl=64 time=0.672 ms
64 bytes from 192.168.0.99: icmp_seq=3 ttl=64 time=0.494 ms
64 bytes from 192.168.0.99: icmp_seq=4 ttl=64 time=0.634 ms
[root@localhost ~]# rpm -ivh | grep ^yp
rpm: no packages given for install
[root@localhost ~]# monut /dev/cdrom
-bash: monut: command not found
[root@localhost ~]# mount
/dev/sda2 on / type ext3 (rw)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)
/dev/sda5 on /var type ext3 (rw)
/dev/sda1 on /boot type ext3 (rw)
tmpfs on /dev/shm type tmpfs (rw)
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw)
none on /var/lib/xenstored type tmpfs (rw)
/dev/hdc on /media/RHEL_5.4 i386 DVD type iso9660 (ro,noexec,nosuid,nodev,uid=0)
[root@localhost ~]# rpm -ivh /media/RHEL_5.4\ i386\ DVD/Server/ypbind-1.19-12.el5.i386.rpm re: NOKEY, key ID 37017186
warning: /media/RHEL_5.4 i386 DVD/Server/ypbind-1.19-12.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID 37017186
Preparing... ########################################### [100%]
package ypbind-1.19-12.el5.i386 is already installed
[root@localhost ~]# rpm -ivh /media/RHEL_5.4\ i386\ DVD/Server/yp-tools-2.9-0.1.i386.rpm re: NOKEY, key ID 37017186
warning: /media/RHEL_5.4 i386 DVD/Server/yp-tools-2.9-0.1.i386.rpm: Header V3 DSA signature: NOKEY, key ID 37017186
Preparing... ########################################### [100%]
package yp-tools-2.9-0.1.i386 is already installed
[root@localhost ~]# vi /etc/hosts
添加
192.168.0.99 ybser.linux.com
[root@localhost ~]# nisdomainname
(none)
[root@localhost ~]# nisdomainname linux.com
[root@localhost ~]# vi /etc/sysconfig/network
添加
NISDOMAIN=linux.com
[root@localhost ~]#
[root@localhost ~]#
[root@localhost ~]# vi /etc/rc.d/rc.local
添加
/bin/nisdomainname linux.com
PING 192.168.0.99 (192.168.0.99) 56(84) bytes of data.
64 bytes from 192.168.0.99: icmp_seq=1 ttl=64 time=7.95 ms #测试客户机与服务器连通
64 bytes from 192.168.0.99: icmp_seq=2 ttl=64 time=0.672 ms
64 bytes from 192.168.0.99: icmp_seq=3 ttl=64 time=0.494 ms
64 bytes from 192.168.0.99: icmp_seq=4 ttl=64 time=0.634 ms
[root@localhost ~]# rpm -ivh | grep ^yp
rpm: no packages given for install
[root@localhost ~]# monut /dev/cdrom
-bash: monut: command not found
[root@localhost ~]# mount
/dev/sda2 on / type ext3 (rw)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)
/dev/sda5 on /var type ext3 (rw)
/dev/sda1 on /boot type ext3 (rw)
tmpfs on /dev/shm type tmpfs (rw)
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw)
none on /var/lib/xenstored type tmpfs (rw)
/dev/hdc on /media/RHEL_5.4 i386 DVD type iso9660 (ro,noexec,nosuid,nodev,uid=0)
[root@localhost ~]# rpm -ivh /media/RHEL_5.4\ i386\ DVD/Server/ypbind-1.19-12.el5.i386.rpm re: NOKEY, key ID 37017186
warning: /media/RHEL_5.4 i386 DVD/Server/ypbind-1.19-12.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID 37017186
Preparing... ########################################### [100%]
package ypbind-1.19-12.el5.i386 is already installed
[root@localhost ~]# rpm -ivh /media/RHEL_5.4\ i386\ DVD/Server/yp-tools-2.9-0.1.i386.rpm re: NOKEY, key ID 37017186
warning: /media/RHEL_5.4 i386 DVD/Server/yp-tools-2.9-0.1.i386.rpm: Header V3 DSA signature: NOKEY, key ID 37017186
Preparing... ########################################### [100%]
package yp-tools-2.9-0.1.i386 is already installed
[root@localhost ~]# vi /etc/hosts
添加
192.168.0.99 ybser.linux.com
[root@localhost ~]# nisdomainname
(none)
[root@localhost ~]# nisdomainname linux.com
[root@localhost ~]# vi /etc/sysconfig/network
添加
NISDOMAIN=linux.com
[root@localhost ~]#
[root@localhost ~]#
[root@localhost ~]# vi /etc/rc.d/rc.local
添加
/bin/nisdomainname linux.com
[root@localhost ~]#
[root@localhost ~]# vi /etc/yp.conf
添加
domain linux.com server ypser.linux.com
[root@localhost ~]# vi /etc/yp.conf
添加
domain linux.com server ypser.linux.com
[root@localhost ~]# service portmap status
portmap (pid 2460) 正在运行...
[root@localhost ~]#
[ root@localhost ~]# service ypbind start
打开 allow_ypbind 的 SELinux 布尔值
关联到 NIS 域:[确定]
关闭 allow_ypbind 的 SELinux 布尔值...[确定]
[root@localhost ~]# ypwhich
ypwhich: 无法与 ypbind 通讯
返回服务端,关闭防火墙
[root@ypser yp]# service iptables stop
清除防火墙规则:[确定]
把 chains 设置为 ACCEPT 策略:filter [确定]
正在卸载 Iiptables 模块:[确定]
[root@ypser yp]#
portmap (pid 2460) 正在运行...
[root@localhost ~]#
[ root@localhost ~]# service ypbind start
打开 allow_ypbind 的 SELinux 布尔值
关联到 NIS 域:[确定]
关闭 allow_ypbind 的 SELinux 布尔值...[确定]
[root@localhost ~]# ypwhich
ypwhich: 无法与 ypbind 通讯
返回服务端,关闭防火墙
[root@ypser yp]# service iptables stop
清除防火墙规则:[确定]
把 chains 设置为 ACCEPT 策略:filter [确定]
正在卸载 Iiptables 模块:[确定]
[root@ypser yp]#
[root@localhost ~]# service ypbind start
打开 allow_ypbind 的 SELinux 布尔值
关联到 NIS 域:[确定]
监听 NIS 域服务器。.
[root@localhost ~]# ypwhich
ypser.linux.com
[root@localhost ~]# ypwhich
ypser.linux.com
打开 allow_ypbind 的 SELinux 布尔值
关联到 NIS 域:[确定]
监听 NIS 域服务器。.
[root@localhost ~]# ypwhich
ypser.linux.com
[root@localhost ~]# ypwhich
ypser.linux.com
[root@localhost ~]# ypcat -x 查看数据库
Use "ethers" for map "ethers.byname"
Use "aliases" for map "mail.aliases"
Use "services" for map "services.byname"
Use "protocols" for map "protocols.bynumber"
Use "hosts" for map "hosts.byname"
Use "networks" for map "networks.byaddr"
Use "group" for map "group.byname"
Use "passwd" for map "passwd.byname"
[root@localhost ~]# ypcat passwd
lili:$1$fh71Qh.Q$kA/R7FdJqFDbnOJp8k/QX.:501:501::/home/lili:/bin/bash
[root@localhost ~]# vi /etc/nsswitch.conf
找到这些行
# Example:
#passwd: db files nisplus nis
#shadow: db files nisplus nis
#group: db files nisplus nis
Use "ethers" for map "ethers.byname"
Use "aliases" for map "mail.aliases"
Use "services" for map "services.byname"
Use "protocols" for map "protocols.bynumber"
Use "hosts" for map "hosts.byname"
Use "networks" for map "networks.byaddr"
Use "group" for map "group.byname"
Use "passwd" for map "passwd.byname"
[root@localhost ~]# ypcat passwd
lili:$1$fh71Qh.Q$kA/R7FdJqFDbnOJp8k/QX.:501:501::/home/lili:/bin/bash
[root@localhost ~]# vi /etc/nsswitch.conf
找到这些行
# Example:
#passwd: db files nisplus nis
#shadow: db files nisplus nis
#group: db files nisplus nis
passwd: files nis
shadow: files nis
group: files nis
shadow: files nis
group: files nis