NIS Server 帐号集中管理

NIS帐号实现集中管理:
软件包的安装:
portmap    NIS是与NFS一样依赖于RPC的服务,通常这个软件包系统默认都会安装。
yp-tools   提供NIS相关指令查寻功能,通常默认会安装。
ypbind     提供NIS Client 设定档,通常默认会安装。
ypserv     提供NIS Server 设定档。

NIS Server 设定:
1, 确定portmap 已经启动,并设置为开机启动。
[root@station1 ~]# netstat -antulp | grep portmap
tcp         0      0 0.0.0.0:111        0.0.0.0:*         LISTEN    2851/portmap        
udp        0      0 0.0.0.0:111        0.0.0.0:*                       2851/portmap        
[root@station1 ~]# chkconfig --list | grep portmap
portmap         0:关闭  1:关闭  2:关闭  3:启用  4:启用  5:启用  6:关闭
[root@station1 ~]#

2,启用time-tcp与time-udp
[root@station1 ~]# chkconfig time-dgram on
[root@station1 ~]# chkconfig time-stream on
[root@station1 ~]# chkconfig --list | grep time
        daytime-dgram:  关闭
        daytime-stream: 关闭
        time-dgram:     启用
        time-stream:    启用
[root@station1 ~]# /etc/init.d/xinetd restart
停止 xinetd:                                              [确定]
启动 xinetd:                                              [确定]
[root@station1 ~]# netstat -antulp | grep xin
tcp         0      0 0.0.0.0:37        0.0.0.0:*          LISTEN      4677/xinetd         
udp        0      0 0.0.0.0:37       0.0.0.0:*                           4677/xinetd         
[root@station1 ~]#

小结:用以下方式就可以查看以上两个服务是否正常工作起来了。
[root@station1 ~]# netstat -tulp | grep xinetd
tcp         0      0 *:time           *:*                 LISTEN        4677/xinetd         
udp        0      0 *:time           *:*                                   4677/xinetd         
[root@station1 ~]# netstat -tulp | grep portmap
tcp         0      0 *:sunrpc      *:*                LISTEN      2851/portmap        
udp        0      0 *:sunrpc      *:*                                2851/portmap        
[root@station1 ~]#

3,建立 NIS域(nisdomainname)
[root@station1 ~]# nisdomainname lwhy
[root@station1 ~]# echo "/bin/nisdomainname lwhy" >> /etc/rc.d/rc.local
[root@station1 ~]# echo "NISDOMAIN=lwhy" >> /etc/sysconfig/network
[root@station1 ~]# cat /etc/sysconfig/network
NETWORKING=yes
NETWORKING_IPV6=yes
HOSTNAME=station1.example.com
NISDOMAIN=lwhy
4,编辑主配置文档:
[root@station1 ~]# vim /etc/ypserv.conf
[root@station1 ~]# cat /etc/ypserv.conf | grep -v ^# | grep -v "^$"
dns: no
files: 30  #预先读入缓存的数据库文件数量.
slp: no    
slp_timeout: 3600
trusted_master: #指定主NIS
xfr_check_port: yes # master与slave沟通端口为小于1024的ports.
*                          : *       : shadow.byname         : port
*                          : *       : passwd.adjunct.byname : port
#以上保持默认即可, 注: *表示所有.
#以下分别设置:主机名/IP : 网域  :  数据库类别   :  访问控制 port 指 <1024port
127.0.0.0/255.255.255.0       : *         : *                : port
192.168.1.0/255.255.255.0   : *         : *                 : port
*                                       : *         : *               : deny
[root@station1 ~]#

5,启动ypserv
[root@station1 ~]# /etc/init.d/ypserv start
启动 YP 服务器的服务:                                     [确定]
[root@station1 ~]# /etc/init.d/yppasswdd start
启动 YP 口令服务:                                         [确定]
[root@station1 ~]# chkconfig ypserv on
[root@station1 ~]# chkconfig yppasswdd on
[root@station1 ~]# rpcinfo -u localhost ypserv
程序 100004 版本 1 就绪并等待
程序 100004 版本 2 就绪并等待
[root@station1 ~]#

6,制作数据库
[root@station1 ~]# /usr/lib/yp/ypinit -m

At this point, we have to construct a list of the hosts which will run NIS
servers.  station1.example.com is in the list of NIS server hosts.  Please continue to add
the names for the other hosts, one per line.  When you are done with the
list, type a <control D>.
        next host to add:  station1.example.com
        next host to add:  
The current list of NIS servers looks like this:

station1.example.com

Is this correct?  [y/n: y]  y
We need a few minutes to build the databases...
Building /var/yp/lwhy/ypservers...
Running /var/yp/Makefile...
gmake[1]: Entering directory `/var/yp/lwhy'
Updating passwd.byname...
Updating passwd.byuid...
Updating group.byname...
Updating group.bygid...
Updating hosts.byname...
Updating hosts.byaddr...
Updating rpc.byname...
Updating rpc.bynumber...
Updating services.byname...
Updating services.byservicename...
Updating netid.byname...
Updating protocols.bynumber...
Updating protocols.byname...
Updating mail.aliases...
gmake[1]: Leaving directory `/var/yp/lwhy'

station1.example.com has been set up as a NIS master server.

Now you can run ypinit -s station1.example.com on all slave server.
[root@station1 ~]#
[root@station1 ~]# ll /var/yp/
总计 56
drwxr-xr-x 2 root root  4096 2009-04-15 binding
drwxr-xr-x 2 root root  4096 05-19 15:27 lwhy
-rw-r--r-- 1 root root 16669 2008-08-11 Makefile
-rw-r--r-- 1 root root   185 2006-07-13 nicknames
-rw-r--r-- 1 root root    21 05-19 15:26 ypservers
[root@station1 ~]# /etc/init.d/ypserv restart
停止 YP 服务器的服务:                                     [确定]
启动 YP 服务器的服务:                                     [确定]
[root@station1 ~]# /etc/init.d/yppasswdd restart
停止 YP 口令服务:                                         [确定]
启动 YP 口令服务:                                         [确定]
[root@station1 ~]#
注:NIS Server上每更动数据库内容时都要重新制作一次,并重启服务使之生效.
NIS Server设定基本完成.

NIS Client 设定:
软件包的安装:
yp-tools  
ypbind
portmap
1,启用portmap(关于portmap的服务是server与client 两端都应该启用的.)
[root@mail ~]# /etc/init.d/portmap start
Starting portmap:                                          [  OK  ]
[root@mail ~]# chkconfig portmap on
[root@mail ~]#

2,在/etc/hosts里添加一条NIS Server对应的记录.
[root@mail ~]# vim /etc/hosts
[root@mail ~]# cat /etc/hosts
127.0.0.1               localhost.localdomain localhost
::1             localhost6.localdomain6 localhost6
192.168.1.254   station1.example.com station1
[root@mail ~]#

3,指定NIS Server 的domain name
[root@mail ~]# /bin/nisdomainname lwhy
[root@mail ~]# echo "/bin/nisdomainname lwhy" >> /etc/rc.d/rc.local
[root@mail ~]# echo "NISDOMAIN=lwhy" >> /etc/sysconfig/network
[root@mail ~]#

4,建立 NIS 查寻的主机名称 (分别指定NIS域与NIS Server主机名)
[root@mail ~]# echo "domain lwhy" >> /etc/yp.conf
[root@mail ~]# echo "ypserver station1.example.com" >> /etc/yp.conf
[root@mail ~]#

5,修改密码验证的方式:设定以 NIS Server 的数据库来验证.
[root@mail ~]# echo "+::::::" >> /etc/passwd
[root@mail ~]#

6,修改系统查询配置文档/etc/nsswitch.conf:设定密码查寻的顺序.
[root@mail ~]# cat /etc/nsswitch.conf | grep -v ^# | grep -v ^$
passwd:     files nis nisplus
shadow:     files nis nisplus
group:      files nis nisplus
hosts:      files nis dns
[root@mail ~]#
 
7,启动客户端服务ypbind
[root@mail ~]# /etc/init.d/ypbind start
Turning on allow_ypbind SELinux boolean
Binding to the NIS domain:                                 [  OK  ]
Listening for an NIS domain server.
[root@mail ~]# chkconfig ypbind on
[root@mail ~]# rpcinfo -p localhost
   program vers proto   port
    100000    2   tcp    111  portmapper
    100000    2   udp    111  portmapper
    100007    2   udp    902  ypbind
    100007    1   udp    902  ypbind
    100007    2   tcp    905  ypbind
    100007    1   tcp    905  ypbind
[root@mail ~]#

NIC Client 端检验 NIS Server工具:yptest, ypwhich, ypcat
[root@mail ~]# yptest
Test 1: domainname
Configured domainname is "lwhy"

Test 2: ypbind
Used NIS server: station1.example.com

Test 3: yp_match
WARNING: No such key in map (Map passwd.byname, key nobody)

Test 4: yp_first
user2 user2:!!:504:504::/home/user2:/bin/bash

Test 5: yp_next
ftpuser1 ftpuser1:!!:501:501::/home/virtual:/sbin/nologin
test test:$1$Je0mP4FM$HbjedupHhS7sOP64ChUx4/:502:502::/home/test:/bin/bash
user1 user1:!!:503:503::/home/user1:/bin/bash
admin admin:!!:505:505::/home/admin:/bin/bash
virtual virtual:!!:500:500::/home/virtual:/bin/bash
usertest usertest:$1$3viKI2C2$g731Q2.FaTeuc3Oh8Edwp/:506:506::/home/usertest:/bin/bash

Test 6: yp_master
station1.example.com

Test 7: yp_order
1274257060

Test 8: yp_maplist
rpc.byname
ypservers
protocols.bynumber
passwd.byname
group.bygid
netid.byname
hosts.byaddr
rpc.bynumber
services.byservicename
protocols.byname
hosts.byname
group.byname
passwd.byuid
services.byname
mail.aliases

Test 9: yp_all
ftpuser1 ftpuser1:!!:501:501::/home/virtual:/sbin/nologin
test test:$1$Je0mP4FM$HbjedupHhS7sOP64ChUx4/:502:502::/home/test:/bin/bash
virtual virtual:!!:500:500::/home/virtual:/bin/bash
usertest usertest:$1$3viKI2C2$g731Q2.FaTeuc3Oh8Edwp/:506:506::/home/usertest:/bin/bash
[root@mail ~]#
[root@mail ~]# ypwhich
station1.example.com
[root@mail ~]# ypwhich -x
Use "ethers"    for map "ethers.byname"
Use "aliases"   for map "mail.aliases"
Use "services"  for map "services.byname"
Use "protocols" for map "protocols.bynumber"
Use "hosts"     for map "hosts.byname"
Use "networks"  for map "networks.byaddr"
Use "group"     for map "group.byname"
Use "passwd"    for map "passwd.byname"
[root@mail ~]# ypcat -x
Use "ethers"    for map "ethers.byname"
Use "aliases"   for map "mail.aliases"
Use "services"  for map "services.byname"
Use "protocols" for map "protocols.bynumber"
Use "hosts"     for map "hosts.byname"
Use "networks"  for map "networks.byaddr"
Use "group"     for map "group.byname"
Use "passwd"    for map "passwd.byname"
[root@mail ~]#
附:
NIS Client 可以用authconfig-tui这个工具很方便的加入NIS域.
修改使用者密码: yppasswd, ypchfn, ypchsh.
查看用户信息:ypcat passwd, getent passwd.

用户测试:
[root@mail ~]# su - test
su: warning: cannot change directory to /home/test: No such file or directory
id: cannot find name for user ID 502
-bash-3.2$
注:test 用户是NIS server上的帐户,由于客户NIS Client 端并不存在test这个帐户,当然就得不到属于这个帐户的环境变量.
解决:在NIS server上使用NFS分享用户目录/home ,在NIS server端利用自动挂载的功能来自动获得用户信息.
NIS server设定:
[root@station1 ~]# service nfs start
Starting NFS services:                                     [  OK  ]
Starting NFS quotas:                                       [  OK  ]
Starting NFS daemon:                                       [  OK  ]
Starting NFS mountd:                                       [  OK  ]
[root@station1 ~]# exportfs -v
/home/guests    192.168.1.0/255.255.255.0(rw,async,wdelay,root_squash,no_subtree_check,anonuid=65534,anongid=65534)
[root@station1 ~]# showmount -e localhost
Export list for localhost:
/home/guests 192.168.1.0/255.255.255.0
[root@station1 ~]# chkconfig nfs on
[root@station1 ~]#

NIS Client设定:
[root@mail ~]# vim /etc/auto.master
[root@mail ~]# grep /home < /etc/auto.master
/home/guests   /etc/auto.nfs --timeout=100
[root@mail ~]# vim /etc/auto.nfs
[root@mail ~]# grep station1 < /etc/auto.nfs
*              station1.example.com:/home/guests/&
[root@mail ~]# mkdir /home/guests
[root@mail ~]# chkconfig autofs on
[root@mail ~]# /etc/init.d/autofs restart
Stopping automount:                                        [  OK  ]
Starting automount:                                        [  OK  ]
[root@mail ~]#

新建一个用户测试:
[root@station1 ~]# useradd -d /home/guests/nistest nistest
[root@station1 ~]# passwd nistest
Changing password for user nistest.
New UNIX password:
BAD PASSWORD: it is too short
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
[root@station1 ~]# /usr/lib/yp/ypinit -m
[root@station1 ~]# /etc/init.d/ypserv restart
停止 YP 服务器的服务:                                     [确定]
启动 YP 服务器的服务:                                     [确定]
[root@station1 ~]# /etc/init.d/yppasswdd restart
停止 YP 口令服务:                                         [确定]
启动 YP 口令服务:                                         [确定]
[root@station1 ~]#

NIS Client 用户测试:
[root@mail ~]# su - nistest
id: cannot find name for user ID 500
id: cannot find name for group ID 500
id: cannot find name for user ID 500
[I have no name!@mail ~]$

 解决:
NIS Server 编辑主配置文件/etc/ypserv.conf:
[root@station1 ~]# vim /etc/ypserv.conf
192.168.1.0/255.255.255.0  : *       : *     : none
[root@station1 ~]# /etc/init.d/ypserv restart
停止 YP 服务器的服务:                                     [确定]
启动 YP 服务器的服务:                                     [确定]

NIS Client再次测试:
[root@mail ~]# su - nistest
do_ypcall: clnt_call: RPC: Unable to receive; errno = Connection refused
[nistest@mail ~]$ passwd
Changing password for user nistest.
passwd: Authentication token manipulation error
[nistest@mail ~]$ /usr/bin/yppasswd
Changing NIS account information for nistest on station1.example.com.
Please enter old password:
Changing NIS password for nistest on station1.example.com.
Please enter new password:
Please retype new password:

The NIS password has been changed on station1.example.com.

[nistest@mail ~]$ 

完结~! 

你可能感兴趣的:(server,管理,休闲,NIS,帐号)