rhel5之NIS与NFS组合服务配置

一、环境介绍:
 

  OS:rhel5
 

  master:rhel5.com IP:192.168.1.110
 

  slave:slave.rhel5.com IP:192.168.1.118
 

  client:client.rhel5.com IP:192.168.1.113
 

  所需软件包:ypserv、yptools、ypbind
 

  防火墙关闭
 

二、在master上配置NFS Server:
 

   1.编辑/etc/exportfs,共享/home目录:
 

    [root@master ]#vi /etc/exportfs
 

       /home     *(ro,sync)
 

   2.使配置生效:
 

    [root@master ]#exportfs -a
 

   3.启动NFS Server:
 

    [root@master ]#service nfs start
 

    Starting NFS services:  [  OK  ]
 

    Starting NFS quotas: [  OK  ]
 

    Starting NFS daemon: [  OK  ]
 

    Starting NFS mountd: [  OK  ]
 

    [root@master ]#chkconfig nfs on
 

三、在client端配置NFS Server:
 

    [root@client ]#service nfs start
 

    Starting NFS services:  [  OK  ]
 

    Starting NFS quotas: [  OK  ]
 

    Starting NFS daemon: [  OK  ]
 

    Starting NFS mountd: [  OK  ]
 

    [root@client ]#chkconfig nfs on
 

   创建一个新的/home用来挂载master上的/home
 

    [root@client ]#mv /home /home.old
 

    [root@client ]#mkdir /home
 

    [root@client ]#mount -t nfs 192.168.1.110:/home /home
 

    [root@client ]ls /home #检查一下挂载是否成功
 

    [root@client ]umount /home
 

   接着使用autofs工具在系统启动时自动挂载master上的/home.
 

   首先编辑/etc/auto.master,加入下行:
 

   /home      /etc/auto.home  --timeout 600
 

   其次编辑/etc/auto.home,加入下行:
 

   *    -fstype=nfs,ro   192.168.1.110:/home
 

   启动autofs服务:
 

    [root@client ]#chkconfig autofs on
 

    [root@client ]#service autofs start
 

     Starting automount:[  OK  ]
 

四、配置NIS Server
 

   1.安装所需软件包:
 

     yum -y install ypserv ypbind yptools
 

   2.编辑/etc/sysconfig/network加入下行:
 

     NISDOMAIN=xzxj11
 

   3.编辑/etc/yp.conf,加入下行:
 

     ypserver 127.0.0.1
 

   4.启动所需服务:
 

     [root@master ]# service portmap restart
 

     [root@master ]# service ypserv restart
 

     [root@master ]# service yppasswdd start
 

     [root@master ]# chkconfig ypserv on
 

     [root@master ]# chkconfig yppasswdd on
 

     [root@master ]# chkconfig portmap on
 

     介绍几个相关进程:
 

      portmap   当NIS运行时定义相关RPC进程
 

      yppasswdd 让用户更改或配置密码
 

       ypserv     主NIS Server的守护进程
 

       ypbind     客户端NIS的守护进程
 

       ypxfrd      加速传输NIS较大的maps
 

     5.使用rpcinfo检查对应的服务是否运行:
 

     [root@rhel5 ~]# rpcinfo -p localhost
 

    program vers proto   port
 

    100000    2   tcp    111  portmapper
 

    100000    2   udp    111  portmapper
 

    100024    1   udp    855  status
 

    100024    1   tcp    858  status
 

    100004    2   udp    642  ypserv
 

    100004    1   udp    642  ypserv
 

    100004    2   tcp    645  ypserv
 

    100011    1   udp    980  rquotad
 

    100011    2   udp    980  rquotad
 

    100011    1   tcp    983  rquotad
 

    100011    2   tcp    983  rquotad
 

    100003    2   udp   2049  nfs
 

    100003    3   udp   2049  nfs
 

    100003    4   udp   2049  nfs
 

    100003    2   tcp   2049  nfs
 

    100003    3   tcp   2049  nfs
 

    100003    4   tcp   2049  nfs
 

    100021    1   udp   1026  nlockmgr
 

    100021    3   udp   1026  nlockmgr
 

    100021    4   udp   1026  nlockmgr
 

    100021    1   tcp   3540  nlockmgr
 

    100021    3   tcp   3540  nlockmgr
 

    100021    4   tcp   3540  nlockmgr
 

    100005    1   udp   1008  mountd
 

    100005    1   tcp   1011  mountd
 

    100005    2   udp   1008  mountd
 

    100005    2   tcp   1011  mountd
 

    100005    3   udp   1008  mountd
 

    100005    3   tcp   1011  mountd
 

    100009    1   udp    644  yppasswdd
 

    100007    2   udp    806  ypbind
 

    100007    1   udp    806  ypbind
 

    100007    2   tcp    809  ypbind
 

100007    1   tcp    809  ypbind
 

五、初始化NIS domain:
 

1、初始化:
 

NIS-SCHOOL-NETWORK=xzxj11
 

[root@master ~]#/usr/lib/yp/ypinit –m
 

At this point, we have to construct a list of the hosts which will run NIS
 

servers.  rhel5.com is in the list of NIS server hosts.  Please continue to add
 

the names for the other hosts, one per line.  When you are done with the
 

list, type a <control D>.
 

        next host to add:  rhel5.com
 

        next host to add:
 

The current list of NIS servers looks like this:
 


 

rhel5.com
 


 

Is this correct?  [y/n: y]  y
 

We need a few minutes to build the databases...
 

Building /var/yp/xzxj11/ypservers...
 

Running /var/yp/Makefile...
 

gmake[1]: Entering directory `/var/yp/xzxj11'
 

gmake[1]: Warning: File `/etc/passwd' has modification time 1.7e+04 s in the future
 

Updating passwd.byname...
 

Updating passwd.byuid...
 

Updating group.byname...
 

Updating group.bygid...
 

Updating hosts.byname...
 

Updating hosts.byaddr...
 

Updating rpc.byname...
 

Updating rpc.bynumber...
 

Updating services.byname...
 

Updating services.byservicename...
 

Updating netid.byname...
 

Updating protocols.bynumber...
 

Updating protocols.byname...
 

Updating mail.aliases...
 

gmake[1]: warning:  Clock skew detected.  Your build may be incomplete.
 

gmake[1]: Leaving directory `/var/yp/xzxj11'
 


 

rhel5.com has been set up as a NIS master server.
 


 

Now you can run ypinit -s rhel5.com on all slave server.
 

如果出现以下错误信息:
 

failed to send 'clear' to local ypserv: RPC: Unable to receiveUpdating passwd.byuid...
 

则要删除/var/yp/NIS-SCHOOL-NETWORK目录,然后重新启动portmap、yppasswdd、ypserv,然后再初始化NIS domain.
 

2、接着启动ypbind和ypxfrd:
 

[root@rhel5 yp]# service ypbind start
 

Turning on allow_ypbind SELinux boolean
 

Binding to the NIS domain: [  OK  ]
 

Listening for an NIS domain server..
 

[root@rhel5 yp]# service ypxfrd start
 

Starting YP map server: [  OK  ]
 

[root@rhel5 yp]#
 

3、测试一下:
 

[root@rhel5 yp]# rpcinfo -p localhost
 

   program vers proto   port
 

    100000    2   tcp    111  portmapper
 

    100000    2   udp    111  portmapper
 

    100024    1   udp    855  status
 

    100024    1   tcp    858  status
 

    100011    1   udp    980  rquotad
 

    100011    2   udp    980  rquotad
 

    100011    1   tcp    983  rquotad
 

    100011    2   tcp    983  rquotad
 

    100003    2   udp   2049  nfs
 

    100003    3   udp   2049  nfs
 

    100003    4   udp   2049  nfs
 

    100003    2   tcp   2049  nfs
 

    100003    3   tcp   2049  nfs
 

    100003    4   tcp   2049  nfs
 

    100021    1   udp   1026  nlockmgr
 

    100021    3   udp   1026  nlockmgr
 

    100021    4   udp   1026  nlockmgr
 

    100021    1   tcp   3540  nlockmgr
 

    100021    3   tcp   3540  nlockmgr
 

    100021    4   tcp   3540  nlockmgr
 

    100005    1   udp   1008  mountd
 

    100005    1   tcp   1011  mountd
 

    100005    2   udp   1008  mountd
 

    100005    2   tcp   1011  mountd
 

    100005    3   udp   1008  mountd
 

    100005    3   tcp   1011  mountd
 

    100004    2   udp    822  ypserv
 

    100004    1   udp    822  ypserv
 

    100004    2   tcp    825  ypserv
 

    100004    1   tcp    825  ypserv
 

    100009    1   udp    843  yppasswdd
 

    100007    2   udp    611  ypbind
 

    100007    1   udp    611  ypbind
 

    100007    2   tcp    614  ypbind
 

    100007    1   tcp    614  ypbind
 

600100069    1   udp    638  fypxfrd
 

600100069    1   tcp    640  fypxfrd
 

4.添加用户:
 

[root@rhel5 yp]# useradd –g users nisuser
 

[root@rhel5 yp]#passwd nisuser
 

更改完nisuser用户密码后,进入/var/yp/目录里,运行make命令:
 

[root@rhel5 yp]# make
 

gmake[1]: Entering directory `/var/yp/xzxj11'
 

gmake[1]: `ypservers' is up to date.
 

gmake[1]: Leaving directory `/var/yp/xzxj11'
 

gmake[1]: Entering directory `/var/yp/xzxj11'
 

Updating passwd.byname...
 

Updating passwd.byuid...
 

Updating netid.byname...
 

gmake[1]: Leaving directory `/var/yp/xzxj11'
 

然后测试一下:
 

[root@rhel5 yp]# ypcat passwd
 

ftpuser4:$1$bhbbY31/$Ac55OeaS.zfratZWnqrnE/:503:50::/home/ftpuser4:/sbin/nologin
 

ftpuser2:$1$ToavK8/x$z/5QOeZixUSFoVKunxoPs0:501:50::/home/ftpuser2:/sbin/nologin
 

nisuser:$1$tuRAlu1R$cEFwt8.UrjUcYnqAb8GJs1:507:100::/home/nisuser:/bin/bash
 

ftpuser1:$1$JvtTK2NW$E0f5ULzTk32KswI/U5qUX/:500:50::/home/ftpuser1:/sbin/nologin
 

nisuser1:$1$me3VrKof$PHe4.99xN0pvrN7fVMcWA1:509:100::/home/nisuser1:/bin/bash
 

test:$1$cRX1lKau$KNdiNva7G.mvdqP0rXiRy.:504:50::/home/test:/sbin/nologin
 

candon123:$1$oIDTzk4X$l/.DnGYrZrs2xtcX89Wlc0:506:12::/home/candon123:/bin/bash
 

candon:$1$Brob1q/1$cFMlekBjs5Qdmp3JByi3z.:505:12::/home/candon:/bin/bash
 

ldapuser:$1$koB2A2FZ$wRYTsh1batCqNNYsnigP2/:508:100::/home/ldapuser:/bin/bash
 

ftpuser3:$1$84YJNMq9$evGaHJ0KU/XKv.DV5oYiX1:502:50::/home/ftpuser3:/sbin/nologin
 

[root@rhel5 yp]# ypmatch nisuser1 passwd
 

nisuser1:$1$me3VrKof$PHe4.99xN0pvrN7fVMcWA1:509:100::/home/nisuser1:/bin/bash
 

[root@rhel5 yp]# getent passwd nisuser1
 

nisuser1:x:509:100::/home/nisuser1:/bin/bash
 

六、客户端配置:
 

1、运行authconfig或者authconfig-tui来启用nis验证;
 

2、修改/etc/yp.conf文件,加入下行:
 

Domain xzxj11 server 192.168.1.110
 

修改/etc/sysconfig/network文件,加入下行:
 

NISDOMAIN=xzxj11 #定义NIS域
 

修改/etc/nsswitch.conf,改为以下形式:
 

passwd:     files nis
 

shadow:     files nis
 

group:      files nis
 

3、启动portmap和ypbind服务:
 

[root@client ~]# service portmap start
 

启动portmap服务[确定]
 

[root@client ~]# service ypbind start
 

记得再/etc/hosts文件有对应的主机名和IP
 

Vi /etc/hosts
 

192.168.1.110  rhel5.com  rhel5
 

192.168.1.113  client.rhel5.com client
 

4、测试:
 

[root@client~]# ypcat passwd
 

ftpuser4:$1$bhbbY31/$Ac55OeaS.zfratZWnqrnE/:503:50::/home/ftpuser4:/sbin/nologin
 

ftpuser2:$1$ToavK8/x$z/5QOeZixUSFoVKunxoPs0:501:50::/home/ftpuser2:/sbin/nologin
 

nisuser:$1$tuRAlu1R$cEFwt8.UrjUcYnqAb8GJs1:507:100::/home/nisuser:/bin/bash
 

ftpuser1:$1$JvtTK2NW$E0f5ULzTk32KswI/U5qUX/:500:50::/home/ftpuser1:/sbin/nologin
 

nisuser1:$1$me3VrKof$PHe4.99xN0pvrN7fVMcWA1:509:100::/home/nisuser1:/bin/bash
 

test:$1$cRX1lKau$KNdiNva7G.mvdqP0rXiRy.:504:50::/home/test:/sbin/nologin
 

candon123:$1$oIDTzk4X$l/.DnGYrZrs2xtcX89Wlc0:506:12::/home/candon123:/bin/bash
 

candon:$1$Brob1q/1$cFMlekBjs5Qdmp3JByi3z.:505:12::/home/candon:/bin/bash
 

ldapuser:$1$koB2A2FZ$wRYTsh1batCqNNYsnigP2/:508:100::/home/ldapuser:/bin/bash
 

ftpuser3:$1$84YJNMq9$evGaHJ0KU/XKv.DV5oYiX1:502:50::/home/ftpuser3:/sbin/nologin
 

[root@client ~]# ypmatch nisuser1 passwd
 

nisuser1:$1$me3VrKof$PHe4.99xN0pvrN7fVMcWA1:509:100::/home/nisuser1:/bin/bash
 

[root@client ~]# getent passwd nisuser1
 

nisuser1:$1$me3VrKof$PHe4.99xN0pvrN7fVMcWA1:509:100::/home/nisuser1:/bin/bash
 

试试从master能否ssh/telnet登录到client:
 

[root@master ~]# ssh –l nisuser1 192.168.1.113
 

[email protected]’s password:
 

[nisuser1@client ~]$
 

七、slave NIS server配置:
 

1、首次编辑/etc/hosts文件,加入对应主机名和ip:
 

192.168.1.110  rhel5.com   rhel5
 

192.168.1.118  slave.rhel5.com slave
 

192.168.1.113  client.rhel5.com client
 

其次编辑/etc/yp.conf,加入下行:
 

Ypserver 127.0.0.1
 

还有就是定义nis domain,编辑/etc/sysconfig/network加入下行:
 

NISDOMAIN=xzxj11
 

然后启动portmap、ypserv、ypbind、yppasswdd、ypxfrd
 

2、查询一下master的数据库
 

[root@slave ~]# ypwhich -m
 

services.byservicename rhel5.com
 

rpc.byname rhel5.com
 

services.byname rhel5.com
 

group.bygid rhel5.com
 

protocols.byname rhel5.com
 

hosts.byname rhel5.com
 

ypservers rhel5.com
 

passwd.byuid rhel5.com
 

rpc.bynumber rhel5.com
 

protocols.bynumber rhel5.com
 

mail.aliases rhel5.com
 

group.byname rhel5.com
 

netid.byname rhel5.com
 

hosts.byaddr rhel5.com
 

passwd.byname rhel5.com
 

3、从master上同步数据:
 

[root@slave ~]# /usr/lib/yp/ypinit -s rhel5.com
 

We will need a few minutes to copy the data from rhel5.com.
 

Transferring services.byservicename...
 

Trying ypxfrd ... success
 


 

Transferring rpc.byname...
 

Trying ypxfrd ... success
 


 

Transferring services.byname...
 

Trying ypxfrd ... success
 


 

Transferring group.bygid...
 

Trying ypxfrd ... success
 


 

Transferring protocols.byname...
 

Trying ypxfrd ... success
 


 

Transferring hosts.byname...
 

Trying ypxfrd ... success
 


 

Transferring ypservers...
 

Trying ypxfrd ... success
 


 

Transferring passwd.byuid...
 

Trying ypxfrd ... success
 


 

Transferring rpc.bynumber...
 

Trying ypxfrd ... success
 


 

Transferring protocols.bynumber...
 

Trying ypxfrd ... success
 


 

Transferring mail.aliases...
 

Trying ypxfrd ... success
 


 

Transferring group.byname...
 

Trying ypxfrd ... success
 


 

Transferring netid.byname...
 

Trying ypxfrd ... success
 


 

Transferring hosts.byaddr...
 

Trying ypxfrd ... success
 


 

Transferring passwd.byname...
 

Trying ypxfrd ... success
 


 

slave.rhel5.com's NIS data base has been set up.
 

If there were warnings, please figure out what went wrong, and fix it.
 


 

At this point, make sure that /etc/passwd and /etc/group have
 

been edited so that when the NIS is activated, the data bases you
 

have just created will be used, instead of the /etc ASCII files.
 

4、建立主、从的映射:
 

  进入master上的/var/yp目录里,编辑ypservers文件,加入从服务器的主机名:
 

rhel5.com
 

slave.rhel5.com
 

再编辑Makefile,编辑前最好备份一下,把对应的下行的值改为false:
 

原为NOPUSH=true更改后为NOPUSH=false.
 

最后运行make命令:
 

[root@rhel5 yp]# make
 

gmake[1]: Entering directory `/var/yp/xzxj11'
 

Updating ypservers...
 

slave.rhel5.com: RPC failure talking to server
 

gmake[1]: Leaving directory `/var/yp/xzxj11'
 

gmake[1]: Entering directory `/var/yp/xzxj11'
 

Updating netid.byname...
 

slave.rhel5.com: RPC failure talking to server
 

gmake[1]: Leaving directory `/var/yp/xzxj11'
 

5、设置主、从自动化同步:
 

在/etc/crond.d/目录里编辑一个nis_sync文件:
 

#
 

# File: /etc/cron.d/nis_sync
 

#
 

20 *    * * *    /usr/lib/yp/ypxfr_1perhour
 

40 6    * * *    /usr/lib/yp/ypxfr_1perday
 

55 6,18 * * *    /usr/lib/yp/ypxfr_2perday
 

最后重新启动crond服务。
 

你可能感兴趣的:(职场,nfs,休闲,NIS)