NIS网络信息服务
38-1
注:
1)rpc 远程进程调用
2)Ypserver 验证用户身份
3)yppasswd 用户更改服务器的口令
NIS、域、工作组的区别:
1).NIS网络信息服务
NIS:MASTER,SLAVE
2).域:
是集中管理的。DC(域的管理者)
--NIS管理类似于域管理。
3).工作组:
是管理分散的的
1.安装NIS服务相关的包
安装ypserver,yppasswdd,默认portmap是安装过的。
[root@myhost ~]# mount /dev/cdrom /mnt/cdrom
[root@myhost ~]# rpm -qa ypserver
[root@myhost ~]# rpm -qa |grep portmap
portmap-4.0-65.2.2.1
[root@myhost ~]# LANG=en_US.UTF-8
--查看portmap 是否正常工作的 (后跟地址可以查看某一服务器的)
[root@myhost ~]# rpcinfo -p
program vers proto port
100000 2 tcp 111 portmapper
100000 2 udp 111 portmapper
100024 1 udp 789 status
100024 1 tcp 792 status
--查包是否已安装
[root@myhost ~]# rpm -qa |grep ypser
[root@myhost ~]# rpm -qa |grep yppass
[root@myhost ~]# cd /mnt/cdrom/
[root@myhost cdrom]# cd /mnt/cdrom/Server/
[root@myhost Server]# ll ypser*
-r--r--r-- 99 root root 137048 Aug 12 2008 ypserv-2.19-5.el5.i386.rpm
--查看yppass 服务是否存在
[root@myhost Server]# chkconfig --list |grep yppass
-- ypass 包裹在ypserver
[root@myhost Server]# rpm -qlp ypserv-2.19-5.el5.i386.rpm |less|grep yppass*
/etc/rc.d/init.d/yppasswdd
/etc/sysconfig/yppasswdd
/usr/sbin/rpc.yppasswdd
/usr/share/man/man8/rpc.yppasswdd.8.gz
/usr/share/man/man8/yppasswdd.8.gz
[root@myhost Server]# rpm -ivh ypserv-2.19-5.el5.i386.rpm
2.启动服务
[root@myhost Server]# chkconfig
chkconfig version 1.3.30.1 - Copyright (C) 1997-2000 Red Hat, Inc.
This may be freely redistributed under the terms of the GNU Public License.
usage: chkconfig --list [name]
chkconfig --add <name>
chkconfig --del <name>
chkconfig [--level <levels>] <name> <on|off|reset|resetpriorities>
--启动ypserv
[root@myhost Server]# chkconfig ypserv on
--chkconfig --level 35 yppasswdd on 可以设置在某一基本启动
[root@myhost Server]# chkconfig --list |grep ypserv
ypserv 0:off 1:off 2:on 3:on 4:on 5:on 6:off
--启动yppasswd
[root@myhost Server]# chkconfig yppasswdd on
[root@myhost Server]# chkconfig --list |grep yppass
yppasswdd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
[root@myhost Server]#
3.创建本地账号导入到nis server 的资料库
3.1创建本地账号
[root@myhost ~]# useradd user1
[root@myhost ~]# passwd user1
[root@myhost ~]# useradd user2
[root@myhost ~]# passwd user2
[root@myhost ~]# cat /etc/passwd
[root@myhost ~]# cat /etc/shadow
3.2编辑Makefile文件
[root@myhost Server]# cd /var/yp
[root@myhost yp]# vim Makefile
# If we have only one server, we don't have to push the maps to the
# slave servers (NOPUSH=true). If you have slave servers, change this
# to "NOPUSH=false" and put all hostnames of your slave servers in the file
# /var/yp/ypservers.
23 NOPUSH=true
--不使用推,默认不推。master主动拷贝资料给slave服务器时是推的关系。
# MINGID is the lowest gid that will be included in the group maps.
32 MINUID=500
33 MINGID=500
--500及之后的用户导入到nis server资料库
55 # These are the source directories for the NIS files; normally
56 # that is /etc but you may want to move the source for the password
57 # and group files to (for example) /var/yp/ypfiles. The directory
58 # for passwd, group and shadow is defined by YPPWDDIR, the rest is
59 # taken from YPSRCDIR.
60 #
61 YPSRCDIR = /etc
62 YPPWDDIR = /etc
63 YPBINDIR = /usr/lib/yp
64 YPSBINDIR = /usr/sbin
65 YPDIR = /var/yp
66 YPMAPDIR = $(YPDIR)/$(DOMAIN)
117 all: passwd group hosts \
4.定义nis域名
[root@myhost yp]# vim /etc/sysconfig/network
--添加一行
NISDOMAIN=nisexample
[root@myhost yp]#init 6
--重启
5.设置NIS服务器类型
[root@nisexample yp]# /usr/lib/yp/ypinit
usage:
ypinit -m --master server
ypinit -s master --slave server
where -m is used to build the data bases on a master NIS server,
and -s is used for a slave data base. master must be an existing
reachable NIS server.
[root@nisexample ~]# /usr/lib/yp/ypinit -m
At this point, we have to construct a list of the hosts which will run NIS
servers. nisexample is in the list of NIS server hosts. Please continue to add
the names for the other hosts, one per line. When you are done with the
list, type a <control D>.
next host to add: nisexample
next host to add: --添加其他主机,如果没有ctr+d 跳过
The current list of NIS servers looks like this:
nisexample
Is this correct? [y/n: y] y
We need a few minutes to build the databases...
Building /var/yp/nisexample/ypservers...
gethostbyname(): Success
Running /var/yp/Makefile...
gmake[1]: Entering directory `/var/yp/nisexample'
Updating passwd.byname...
Updating passwd.byuid...
Updating group.byname...
Updating group.bygid...
Updating hosts.byname...
Updating hosts.byaddr...
gmake[1]: Leaving directory `/var/yp/nisexample'
nisexample has been set up as a NIS master server.
Now you can run ypinit -s nisexample on all slave server.
[root@nisexample ~]# cd /var/yp/nisexample/
[root@nisexample nisexample]# ll
total 112
-rw------- 1 root root 12450 Oct 5 13:16 group.bygid
-rw------- 1 root root 12456 Oct 5 13:15 group.byname
-rw------- 1 root root 12499 Oct 5 13:16 hosts.byaddr
-rw------- 1 root root 12520 Oct 5 13:16 hosts.byname
-rw------- 1 root root 12637 Oct 5 13:15 passwd.byname
-rw------- 1 root root 12631 Oct 5 13:15 passwd.byuid
-rw------- 1 root root 12358 Oct 5 13:15 ypservers
[root@nisexample nisexample]#
6.配置客户端
首先客户端要加入到nis域
6.1检查ypbind
[root@nis-client ~]# chkconfig --list|grep ypb
ypbind 0:off 1:off 2:off 3:off 4:off 5:off 6:off
[root@nis-client ~]# authconfig-tui
6.2把客户端机器加入域环境
#authconfig-tui
1) 选择
[*]use nis
38-2
2)domain nisexample
server 192.168.100.70
38-3
Stopping portmap: [ OK ]
Starting portmap: [ OK ]
Binding to the NIS domain: [ OK ]
Listening for an NIS domain server.
7.服务器上创建用户导入到资料库,实现在客户端能够登陆
[root@nis-server yp]# useradd tom
[root@nis-server yp]# passwd tom
[root@nis-server yp]# tail /etc/passwd
tom:x:503:503::/home/tom:/bin/bash
[root@nis-server yp]# pwd
/var/yp
[root@nis-server yp]#
[root@nis-server yp]# make ---–重新导出资料库
gmake[1]: Entering directory `/var/yp/nisexample'
Updating passwd.byname...
Updating passwd.byuid...
Updating group.byname...
Updating group.bygid...
gmake[1]: Leaving directory `/var/yp/nisexample'
[root@nis-server yp]#
[root@nis-server yp]#
用户可以通过身份验证登陆,但是会找不到家目录,登陆出现:-bash-3.2$
8.更改用户在客户端登陆的家目录问题
8.1在服务器端
挂载server的/home目录到本地 ,用户在本地登陆就可以找到自己的家目录了
编辑共享清单
[root@nis-server yp]# vim /etc/exports
/home 192.168.100.0/255.255.255.0(rw,sync) –----在该网段可读可写、保持同步
~
启动nfs服务
[root@nis-server yp]# service nfs start
Starting NFS services: [ OK ]
Starting NFS quotas: [ OK ]
Starting NFS daemon: [ OK ]
Starting NFS mountd: [ OK ]
[root@nis-server yp]# exportfs rv
导出共享清单
[root@nis-server yp]# exportfs -rv
exporting 192.168.100.0/255.255.255.0:/home
[root@nis-server yp]#
8.2客户端配置
客户端挂载服务器的/home
[root@nis-client ~]#
[root@nis-client ~]# mount 192.168.100.70:/home /home
[root@nis-client ~]# mount
192.168.100.70:/home on /home type nfs (rw,addr=192.168.100.70)
[root@nis-client ~]# ll /home
total 24
drwx------ 3 jim jim 4096 Oct 5 14:04 jim
drwx------ 3 tom tom 4096 Oct 5 13:45 tom
drwx------ 3 user user 4096 Sep 16 00:16 user
drwx------ 3 user1 user1 4096 Oct 5 11:38 user1
drwx------ 3 user2 user2 4096 Oct 5 11:38 user2
[root@nis-client ~]#
用户在客户端登陆正常:
[tom@nis-client ~]$
解决服务器负担
重新创建nis的家目录
[root@nis-server yp]# mkdir /nishome
[root@nis-server yp]# useradd -d /nishome/user9 user9
[root@nis-server yp]# useradd -d /nishome/user10 user10
[root@nis-server yp]# passwd user9
[root@nis-server yp]# passwd user10
[root@nis-server yp]# make
gmake[1]: Entering directory `/var/yp/nisexample'
Updating passwd.byname...
Updating passwd.byuid...
Updating group.byname...
Updating group.bygid...
gmake[1]: Leaving directory `/var/yp/nisexample'
[root@nis-server yp]#
[root@nis-server yp]# vim /etc/exports
/nishome 192.168.100.0/255.255.255.0(rw,sync)
[root@nis-server yp]# exportfs -rv
exporting 192.168.100.0/255.255.255.0:/nishome
[root@nis-server yp]#
[root@nis-server yp]# servcie nfs restart
[root@nis-client etc]# ll -d /nishome
drwxr-xr-x 2 root root 0 Oct 5 14:44 /nishome
[root@nis-client etc]# chmod o+wt /nishome/
[root@nis-client etc]# ll -d /nishome
drwxr-xrwt 2 root root 0 Oct 5 14:44 /nishome
[root@nis-client ~]# vim /etc/auto.m
auto.master auto.misc
[root@nis-client ~]# vim /etc/auto.master
/nishome /etc/auto.nis --timeout=60
--添加监控文件,超出时间60秒
[root@nis-client ~]# cd /etc/
[root@nis-client etc]# cp auto.misc auto.nis
[root@nis-client etc]# vim auto.nis
user9 -rw,soft,intr 192.168.100.70:/nishome/user9
user10 -rw,soft,intr 192.168.100.70:/nishome/user10
有人进入user9时,可读可写 允许报错 允许中断;把服务器的user9挂到本地user9
用户实现客户端的登录
客户机不需配置账号
只需在服务器上配置账号就可以了
[root@nis-client etc]# showmount -e 192.168.100.70
Export list for 192.168.100.70:
/home 192.168.100.0/255.255.255.0
[root@nis-client etc]# service autofs restart
Stopping automount: [ OK ]
Starting automount: [ OK ]
[root@nis-client etc]#
[root@nis-client etc]# mount 192.168.100.70:/nishome /nishome
[root@nis-client etc]#
[user9@nis-client ~]$
[root@nis-server yp]# passwd user11
Changing password for user user11.
New UNIX password:
BAD PASSWORD: it is WAY too short
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
[root@nis-server yp]#
[root@nis-server yp]#
[root@nis-server yp]# make
gmake[1]: Entering directory `/var/yp/nisexample'
Updating passwd.byname...
Updating passwd.byuid...
Updating group.byname...
Updating group.bygid...
gmake[1]: Leaving directory `/var/yp/nisexample'
[root@nis-server yp]#
[root@nis-client etc]# vim /etc/auto.nis
* -rw,soft,intr 192.168.100.70:/nishome/&
用户多了,可以用一句
*表示要进入客户端的用户
--*替换&
&表示将该*用户在服务器上的目录自动挂载过来、
[root@nis-client etc]# service autofs restart
Stopping automount: [ OK ]
Starting automount: [ OK ]
[root@nis-client etc]#
[root@nis-client etc]#
[user11@nis-client ~]$