一、环境介绍:
OS:rhel5
master:rhel5.com IP:192.168.1.110
slave:slave.rhel5.com IP:192.168.1.118
client:client.rhel5.com IP:192.168.1.113
所需软件包:ypserv、yptools、ypbind
防火墙关闭
二、在master上配置NFS Server:
1.编辑/etc/exportfs,共享/home目录:
[root@master ]#vi /etc/exportfs
/home *(ro,sync)
2.使配置生效:
[root@master ]#exportfs -a
3.启动NFS Server:
[root@master ]#service nfs start
Starting NFS services: [ OK ]
Starting NFS quotas: [ OK ]
Starting NFS daemon: [ OK ]
Starting NFS mountd: [ OK ]
[root@master ]#chkconfig nfs on
三、在client端配置NFS Server:
[root@client ]#service nfs start
Starting NFS services: [ OK ]
Starting NFS quotas: [ OK ]
Starting NFS daemon: [ OK ]
Starting NFS mountd: [ OK ]
[root@client ]#chkconfig nfs on
创建一个新的/home用来挂载master上的/home
[root@client ]#mv /home /home.old
[root@client ]#mkdir /home
[root@client ]#mount -t nfs 192.168.1.110:/home /home
[root@client ]ls /home #检查一下挂载是否成功
[root@client ]umount /home
接着使用autofs工具在系统启动时自动挂载master上的/home.
首先编辑/etc/auto.master,加入下行:
/home /etc/auto.home --timeout 600
其次编辑/etc/auto.home,加入下行:
* -fstype=nfs,ro 192.168.1.110:/home
启动autofs服务:
[root@client ]#chkconfig autofs on
[root@client ]#service autofs start
Starting automount:[ OK ]
四、配置NIS Server
1.安装所需软件包:
yum -y install ypserv ypbind yptools
2.编辑/etc/sysconfig/network加入下行:
NISDOMAIN=xzxj11
3.编辑/etc/yp.conf,加入下行:
ypserver 127.0.0.1
4.启动所需服务:
[root@master ]# service portmap restart
[root@master ]# service ypserv restart
[root@master ]# service yppasswdd start
[root@master ]# chkconfig ypserv on
[root@master ]# chkconfig yppasswdd on
[root@master ]# chkconfig portmap on
介绍几个相关进程:
portmap 当NIS运行时定义相关RPC进程
yppasswdd 让用户更改或配置密码
ypserv 主NIS Server的守护进程
ypbind 客户端NIS的守护进程
ypxfrd 加速传输NIS较大的maps
5.使用rpcinfo检查对应的服务是否运行:
[root@rhel5 ~]# rpcinfo -p localhost
program vers proto port
100000 2 tcp 111 portmapper
100000 2 udp 111 portmapper
100024 1 udp 855 status
100024 1 tcp 858 status
100004 2 udp 642 ypserv
100004 1 udp 642 ypserv
100004 2 tcp 645 ypserv
100011 1 udp 980 rquotad
100011 2 udp 980 rquotad
100011 1 tcp 983 rquotad
100011 2 tcp 983 rquotad
100003 2 udp 2049 nfs
100003 3 udp 2049 nfs
100003 4 udp 2049 nfs
100003 2 tcp 2049 nfs
100003 3 tcp 2049 nfs
100003 4 tcp 2049 nfs
100021 1 udp 1026 nlockmgr
100021 3 udp 1026 nlockmgr
100021 4 udp 1026 nlockmgr
100021 1 tcp 3540 nlockmgr
100021 3 tcp 3540 nlockmgr
100021 4 tcp 3540 nlockmgr
100005 1 udp 1008 mountd
100005 1 tcp 1011 mountd
100005 2 udp 1008 mountd
100005 2 tcp 1011 mountd
100005 3 udp 1008 mountd
100005 3 tcp 1011 mountd
100009 1 udp 644 yppasswdd
100007 2 udp 806 ypbind
100007 1 udp 806 ypbind
100007 2 tcp 809 ypbind
100007 1 tcp 809 ypbind
五、初始化NIS domain:
1、初始化:
NIS-SCHOOL-NETWORK=xzxj11
[root@master ~]#/usr/lib/yp/ypinit –m
At this point, we have to construct a list of the hosts which will run NIS
servers. rhel5.com is in the list of NIS server hosts. Please continue to add
the names for the other hosts, one per line. When you are done with the
list, type a <control D>.
next host to add: rhel5.com
next host to add:
The current list of NIS servers looks like this:
rhel5.com
Is this correct? [y/n: y] y
We need a few minutes to build the databases...
Building /var/yp/xzxj11/ypservers...
Running /var/yp/Makefile...
gmake[1]: Entering directory `/var/yp/xzxj11'
gmake[1]: Warning: File `/etc/passwd' has modification time 1.7e+04 s in the future
Updating passwd.byname...
Updating passwd.byuid...
Updating group.byname...
Updating group.bygid...
Updating hosts.byname...
Updating hosts.byaddr...
Updating rpc.byname...
Updating rpc.bynumber...
Updating services.byname...
Updating services.byservicename...
Updating netid.byname...
Updating protocols.bynumber...
Updating protocols.byname...
Updating mail.aliases...
gmake[1]: warning: Clock skew detected. Your build may be incomplete.
gmake[1]: Leaving directory `/var/yp/xzxj11'
rhel5.com has been set up as a NIS master server.
Now you can run ypinit -s rhel5.com on all slave server.
如果出现以下错误信息:
failed to send 'clear' to local ypserv: RPC: Unable to receiveUpdating passwd.byuid...
则要删除/var/yp/NIS-SCHOOL-NETWORK目录,然后重新启动portmap、yppasswdd、ypserv,然后再初始化NIS domain.
2、接着启动ypbind和ypxfrd:
[root@rhel5 yp]# service ypbind start
Turning on allow_ypbind SELinux boolean
Binding to the NIS domain: [ OK ]
Listening for an NIS domain server..
[root@rhel5 yp]# service ypxfrd start
Starting YP map server: [ OK ]
[root@rhel5 yp]#
3、测试一下:
[root@rhel5 yp]# rpcinfo -p localhost
program vers proto port
100000 2 tcp 111 portmapper
100000 2 udp 111 portmapper
100024 1 udp 855 status
100024 1 tcp 858 status
100011 1 udp 980 rquotad
100011 2 udp 980 rquotad
100011 1 tcp 983 rquotad
100011 2 tcp 983 rquotad
100003 2 udp 2049 nfs
100003 3 udp 2049 nfs
100003 4 udp 2049 nfs
100003 2 tcp 2049 nfs
100003 3 tcp 2049 nfs
100003 4 tcp 2049 nfs
100021 1 udp 1026 nlockmgr
100021 3 udp 1026 nlockmgr
100021 4 udp 1026 nlockmgr
100021 1 tcp 3540 nlockmgr
100021 3 tcp 3540 nlockmgr
100021 4 tcp 3540 nlockmgr
100005 1 udp 1008 mountd
100005 1 tcp 1011 mountd
100005 2 udp 1008 mountd
100005 2 tcp 1011 mountd
100005 3 udp 1008 mountd
100005 3 tcp 1011 mountd
100004 2 udp 822 ypserv
100004 1 udp 822 ypserv
100004 2 tcp 825 ypserv
100004 1 tcp 825 ypserv
100009 1 udp 843 yppasswdd
100007 2 udp 611 ypbind
100007 1 udp 611 ypbind
100007 2 tcp 614 ypbind
100007 1 tcp 614 ypbind
600100069 1 udp 638 fypxfrd
600100069 1 tcp 640 fypxfrd
4.添加用户:
[root@rhel5 yp]# useradd –g users nisuser
[root@rhel5 yp]#passwd nisuser
更改完nisuser用户密码后,进入/var/yp/目录里,运行make命令:
[root@rhel5 yp]# make
gmake[1]: Entering directory `/var/yp/xzxj11'
gmake[1]: `ypservers' is up to date.
gmake[1]: Leaving directory `/var/yp/xzxj11'
gmake[1]: Entering directory `/var/yp/xzxj11'
Updating passwd.byname...
Updating passwd.byuid...
Updating netid.byname...
gmake[1]: Leaving directory `/var/yp/xzxj11'
然后测试一下:
[root@rhel5 yp]# ypcat passwd
ftpuser4:$1$bhbbY31/$Ac55OeaS.zfratZWnqrnE/:503:50::/home/ftpuser4:/sbin/nologin
ftpuser2:$1$ToavK8/x$z/5QOeZixUSFoVKunxoPs0:501:50::/home/ftpuser2:/sbin/nologin
nisuser:$1$tuRAlu1R$cEFwt8.UrjUcYnqAb8GJs1:507:100::/home/nisuser:/bin/bash
ftpuser1:$1$JvtTK2NW$E0f5ULzTk32KswI/U5qUX/:500:50::/home/ftpuser1:/sbin/nologin
nisuser1:$1$me3VrKof$PHe4.99xN0pvrN7fVMcWA1:509:100::/home/nisuser1:/bin/bash
test:$1$cRX1lKau$KNdiNva7G.mvdqP0rXiRy.:504:50::/home/test:/sbin/nologin
candon123:$1$oIDTzk4X$l/.DnGYrZrs2xtcX89Wlc0:506:12::/home/candon123:/bin/bash
candon:$1$Brob1q/1$cFMlekBjs5Qdmp3JByi3z.:505:12::/home/candon:/bin/bash
ldapuser:$1$koB2A2FZ$wRYTsh1batCqNNYsnigP2/:508:100::/home/ldapuser:/bin/bash
ftpuser3:$1$84YJNMq9$evGaHJ0KU/XKv.DV5oYiX1:502:50::/home/ftpuser3:/sbin/nologin
[root@rhel5 yp]# ypmatch nisuser1 passwd
nisuser1:$1$me3VrKof$PHe4.99xN0pvrN7fVMcWA1:509:100::/home/nisuser1:/bin/bash
[root@rhel5 yp]# getent passwd nisuser1
nisuser1:x:509:100::/home/nisuser1:/bin/bash
六、客户端配置:
1、运行authconfig或者authconfig-tui来启用nis验证;
2、修改/etc/yp.conf文件,加入下行:
Domain xzxj11 server 192.168.1.110
修改/etc/sysconfig/network文件,加入下行:
NISDOMAIN=xzxj11 #定义NIS域
修改/etc/nsswitch.conf,改为以下形式:
passwd: files nis
shadow: files nis
group: files nis
3、启动portmap和ypbind服务:
[root@client ~]# service portmap start
启动portmap服务[确定]
[root@client ~]# service ypbind start
记得再/etc/hosts文件有对应的主机名和IP
Vi /etc/hosts
192.168.1.110 rhel5.com rhel5
192.168.1.113 client.rhel5.com client
4、测试:
[root@client~]# ypcat passwd
ftpuser4:$1$bhbbY31/$Ac55OeaS.zfratZWnqrnE/:503:50::/home/ftpuser4:/sbin/nologin
ftpuser2:$1$ToavK8/x$z/5QOeZixUSFoVKunxoPs0:501:50::/home/ftpuser2:/sbin/nologin
nisuser:$1$tuRAlu1R$cEFwt8.UrjUcYnqAb8GJs1:507:100::/home/nisuser:/bin/bash
ftpuser1:$1$JvtTK2NW$E0f5ULzTk32KswI/U5qUX/:500:50::/home/ftpuser1:/sbin/nologin
nisuser1:$1$me3VrKof$PHe4.99xN0pvrN7fVMcWA1:509:100::/home/nisuser1:/bin/bash
test:$1$cRX1lKau$KNdiNva7G.mvdqP0rXiRy.:504:50::/home/test:/sbin/nologin
candon123:$1$oIDTzk4X$l/.DnGYrZrs2xtcX89Wlc0:506:12::/home/candon123:/bin/bash
candon:$1$Brob1q/1$cFMlekBjs5Qdmp3JByi3z.:505:12::/home/candon:/bin/bash
ldapuser:$1$koB2A2FZ$wRYTsh1batCqNNYsnigP2/:508:100::/home/ldapuser:/bin/bash
ftpuser3:$1$84YJNMq9$evGaHJ0KU/XKv.DV5oYiX1:502:50::/home/ftpuser3:/sbin/nologin
[root@client ~]# ypmatch nisuser1 passwd
nisuser1:$1$me3VrKof$PHe4.99xN0pvrN7fVMcWA1:509:100::/home/nisuser1:/bin/bash
[root@client ~]# getent passwd nisuser1
nisuser1:$1$me3VrKof$PHe4.99xN0pvrN7fVMcWA1:509:100::/home/nisuser1:/bin/bash
试试从master能否ssh/telnet登录到client:
[root@master ~]# ssh –l nisuser1 192.168.1.113
[email protected]’s password:
[nisuser1@client ~]$
七、slave NIS server配置:
1、首次编辑/etc/hosts文件,加入对应主机名和ip:
192.168.1.110 rhel5.com rhel5
192.168.1.118 slave.rhel5.com slave
192.168.1.113 client.rhel5.com client
其次编辑/etc/yp.conf,加入下行:
Ypserver 127.0.0.1
还有就是定义nis domain,编辑/etc/sysconfig/network加入下行:
NISDOMAIN=xzxj11
然后启动portmap、ypserv、ypbind、yppasswdd、ypxfrd
2、查询一下master的数据库
[root@slave ~]# ypwhich -m
services.byservicename rhel5.com
rpc.byname rhel5.com
services.byname rhel5.com
group.bygid rhel5.com
protocols.byname rhel5.com
hosts.byname rhel5.com
ypservers rhel5.com
passwd.byuid rhel5.com
rpc.bynumber rhel5.com
protocols.bynumber rhel5.com
mail.aliases rhel5.com
group.byname rhel5.com
netid.byname rhel5.com
hosts.byaddr rhel5.com
passwd.byname rhel5.com
3、从master上同步数据:
[root@slave ~]# /usr/lib/yp/ypinit -s rhel5.com
We will need a few minutes to copy the data from rhel5.com.
Transferring services.byservicename...
Trying ypxfrd ... success
Transferring rpc.byname...
Trying ypxfrd ... success
Transferring services.byname...
Trying ypxfrd ... success
Transferring group.bygid...
Trying ypxfrd ... success
Transferring protocols.byname...
Trying ypxfrd ... success
Transferring hosts.byname...
Trying ypxfrd ... success
Transferring ypservers...
Trying ypxfrd ... success
Transferring passwd.byuid...
Trying ypxfrd ... success
Transferring rpc.bynumber...
Trying ypxfrd ... success
Transferring protocols.bynumber...
Trying ypxfrd ... success
Transferring mail.aliases...
Trying ypxfrd ... success
Transferring group.byname...
Trying ypxfrd ... success
Transferring netid.byname...
Trying ypxfrd ... success
Transferring hosts.byaddr...
Trying ypxfrd ... success
Transferring passwd.byname...
Trying ypxfrd ... success
slave.rhel5.com's NIS data base has been set up.
If there were warnings, please figure out what went wrong, and fix it.
At this point, make sure that /etc/passwd and /etc/group have
been edited so that when the NIS is activated, the data bases you
have just created will be used, instead of the /etc ASCII files.
4、建立主、从的映射:
进入master上的/var/yp目录里,编辑ypservers文件,加入从服务器的主机名:
rhel5.com
slave.rhel5.com
再编辑Makefile,编辑前最好备份一下,把对应的下行的值改为false:
原为NOPUSH=true更改后为NOPUSH=false.
最后运行make命令:
[root@rhel5 yp]# make
gmake[1]: Entering directory `/var/yp/xzxj11'
Updating ypservers...
slave.rhel5.com: RPC failure talking to server
gmake[1]: Leaving directory `/var/yp/xzxj11'
gmake[1]: Entering directory `/var/yp/xzxj11'
Updating netid.byname...
slave.rhel5.com: RPC failure talking to server
gmake[1]: Leaving directory `/var/yp/xzxj11'
5、设置主、从自动化同步:
在/etc/crond.d/目录里编辑一个nis_sync文件:
#
# File: /etc/cron.d/nis_sync
#
20 * * * * /usr/lib/yp/ypxfr_1perhour
40 6 * * * /usr/lib/yp/ypxfr_1perday
55 6,18 * * * /usr/lib/yp/ypxfr_2perday
最后重新启动crond服务。