NIS server relevant config file

一.NIS SERVER CONFIG

1.[root@michael ~]# rpm -qa | grep ^yp

yp-tools-2.8-7

ypserv-2.13-14

ypbind-1.17.2-8

2. [root@michael ~]# chkconfig --list | grep time

time: off

time-udp: off

daytime-udp: off

daytime: off

[root@michael ~]# chkconfig time on

[root@michael ~]# chkconfig time-udp on

[root@michael ~]# chkconfig --list | grep time

time: on

time-udp: on

daytime-udp: off

daytime: off

[root@michael ~]# service xinetd restart

Stopping xinetd: [ OK ]

Starting xinetd: [ OK ]

注意：运行YPSERV要time ,time-udp for start and start xinetd .

Tiem and tiem-udp is by（受） xinetd management(管理) 。

3.建立NIS域名。

[root@michael ~]# vi /etc/rc.d/rc.local

#!/bin/sh

#

# This script will be executed *after* all the other init scripts.

# You can put your own initialization stuff in here if you don't

# want to do the full Sys V style init stuff.

nisdomainname nisfung

touch /var/lock/subsys/local~

"/etc/rc.d/rc.local" 8L, 242C written

[root@michael ~]# vi /etc/sysconfig/network

NETWORKING=yes

HOSTNAME=michael.fung.com

GATEWAY=192.168.1.1

NISDOMAIN=nisfung

~

"/etc/sysconfig/network" 4L, 79C written

4. [root@michael ~]# vi /etc/ypserv.conf

#

# ypserv.conf In this file you can set certain options for the NIS server,

# and you can deny or restrict access to certain maps based

# on the originating host.

#

# See ypserv.conf(5) for a description of the syntax.

#

# Some options for ypserv. This things are all not needed, if

# you have a Linux net.

# Should we do DNS lookups for hosts not found in the hosts table ?

# This option is ignored in the moment.

dns: no

# How many map file handles should be cached ?

files: 30

# Should we register ypserv with SLP ?

slp: no

# After how many seconds we should re-register ypserv with SLP ?

slp_timeout: 3600

# xfr requests are only allowed from ports < 1024

xfr_check_port: yes

#

# ypserv.conf In this file you can set certain options for the NIS server,

# and you can deny or restrict access to certain maps based

# on the originating host.

#

# See ypserv.conf(5) for a description of the syntax.

#

# Some options for ypserv. This things are all not needed, if

# you have a Linux net.

# Should we do DNS lookups for hosts not found in the hosts table ?

# This option is ignored in the moment.

dns: no

# How many map file handles should be cached ?

files: 30

# Should we register ypserv with SLP ?

slp: no

# After how many seconds we should re-register ypserv with SLP ?

slp_timeout: 3600

# xfr requests are only allowed from ports &lt; 1024

xfr_check_port: yes

# The following, when uncommented, will give you shadow like passwords.

# Note that it will not work if you have slave NIS servers in your

# network that do not run the same server as you.

# Host : Domain : Map : Security

#

# * : * : passwd.byname : port

# * : * : passwd.byuid : port

# Not everybody should see the shadow passwords, not secure, since

# under MSDOG everbody is root and can access ports &lt; 1024 !!!

* : * : shadow.byname : port

* : * : passwd.adjunct.byname : port

# If you comment out the next rule, ypserv and rpc.ypxfrd will

# look for YP_SECURE and YP_AUTHDES in the maps. This will make

# the security check a little bit slower, but you only have to

# change the keys on the master server, not the configuration files

# on each NIS server.

# If you have maps with YP_SECURE or YP_AUTHDES, you should create

# a rule for them above, that's much faster.

* : * : * : none(允许)

5.安全配置文件

[root@michael ~]# vi /var/yp/securenets

host 127.0.0.1

255.255.255.0 192.168.1.0

255.255.255.0 192.168.5.0

6．[root@michael ~]# service portmap restart

Stopping portmap: [ OK ]

Starting portmap: [ OK ]

[root@michael ~]# service ypserv restart

Stopping YP server services: [FAILED]

Setting NIS domain name nisfung: [ OK ]

Starting YP server services: [ OK ]

[root@michael ~]# service yppasswdd restart

Stopping YP passwd service: [FAILED]

Starting YP passwd service: [ OK ]

[root@michael ~]# chkconfig --list | grep yp

ypbind 0:off 1:off 2:off 3:off 4:off 5:off 6:off

yppasswdd 0:off 1:off 2:off 3:off 4:off 5:off 6:off

ypxfrd 0:off 1:off 2:off 3:off 4:off 5:off 6:off

ypserv 0:off 1:off 2:off 3:off 4:off 5:off 6:off

[root@michael ~]# chkconfig --level 35 ypserv on

[root@michael ~]# chkconfig --level 35 yppasswdd on

[root@michael ~]# chkconfig --list | grep yp

ypbind 0:off 1:off 2:off 3:off 4:off 5:off 6:off

yppasswdd 0:off 1:off 2:off 3:on 4:off 5:on 6:off

ypxfrd 0:off 1:off 2:off 3:off 4:off 5:off 6:off

ypserv 0:off 1:off 2:off 3:on 4:off 5:on 6:off

注意：NIS service running by portmap service support(支持).

7.构建NIS DATABASE

[root@michael ~]# /usr/lib/yp/ypinit –m

At this point, we have to construct a list of the hosts which will run NIS

servers. michael.fung.com is in the list of NIS server hosts. Please continue to add

the names for the other hosts, one per line. When you are done with the

list, type a &lt;control D>.

next host to add: michael.fung.com

next host to add: （ctrl+D）

The current list of NIS servers looks like this:

michael.fung.com

Is this correct? [y/n: y] y

We need a few minutes to build the databases...

Building /var/yp/nisfung/ypservers...

Running /var/yp/Makefile...

gmake[1]: Entering directory `/var/yp/nisfung'

Updating passwd.byname...

Updating passwd.byuid...

Updating group.byname...

Updating group.bygid...

Updating hosts.byname...

Updating hosts.byaddr...

Updating rpc.byname...

Updating rpc.bynumber...

Updating services.byname...

Updating services.byservicename...

Updating netid.byname...

Updating protocols.bynumber...

Updating protocols.byname...

Updating mail.aliases...

gmake[1]: Leaving directory `/var/yp/nisfung'

michael.fung.com has been set up as a NIS master server.

Now you can run ypinit -s michael.fung.com on all slave serve~

[root@michael ~]# ls /var/yp/nisfung (database file)

group.bygid mail.aliases protocols.byname services.byname

group.byname netid.byname protocols.bynumber services.byservicename

hosts.byaddr passwd.byname rpc.byname ypservers

hosts.byname passwd.byuid rpc.bynumber

二．NIS CLIENT CONFIG.

1. [root@gang ~]# rpm -qa | grep ^yp (client running software)

yp-tools-2.8-7

ypbind-1.17.2-8

2.config hosts file.

[root@gang ~]# vi /etc/hosts

# Do not remove the following line, or various programs

# that require network functionality will fail.

127.0.0.1 gang.feng.com gang localhost.localdomain localhost

192.168.5.1 michael.fung.com

~

~

~

~

~

~

~

~

~

~

~

~

~

~

~

~

~

~

~

"/etc/hosts" 4L, 207C written

[root@gang ~]#

3.create nis domain name.

[root@gang ~]# vi /etc/rc.d/rc.local

#!/bin/sh

#

# This script will be executed *after* all the other init scripts.

# You can put your own initialization stuff in here if you don't

# want to do the full Sys V style init stuff.

touch /var/lock/subsys/local

nisdomainname nisfung

~

~

~

~

~

~

~

~

~

~

~

~

~

~

~

"/etc/rc.d/rc.local" 8L, 242C written

[root@gang ~]# vi /etc/sysconfig/network

NETWORKING=yes

HOSTNAME=gang.feng.com

GATEWAY=192.168.3.254

NISDOMAIN=nisfung

~

~

~

~

~

~

~

~

~

~

~

~

~

~

~

~

~

~

~

"/etc/sysconfig/network" 4L, 78C written

[root@gang ~]#

4.config yp.conf client file.

[root@gang ~]# vi /etc/yp.conf

# /etc/yp.conf - ypbind configuration file

# Valid entries are

#

# domain NISDOMAIN server HOSTNAME

# Use server HOSTNAME for the domain NISDOMAIN.

nisfung NISDOMAIN michael HOSTNME

#

# domain NISDOMAIN broadcast

# Use broadcast on the local net for domain NISDOMAIN

#

# domain NISDOMAIN slp

# Query local SLP server for ypserver supporting NISDOMAIN

#

# ypserver HOSTNAME

# Use server HOSTNAME for the local domain. The

# IP-address of server must be listed in /etc/hosts.

#

# broadcast

# If no server for the default domain is specified or

# none of them is rechable, try a broadcast call to

# find a server.

#

~

"/etc/yp.conf" 22L, 615C written

5.config nsswitch.conf file.

[root@gang ~]# vi /etc/nsswitch.conf

#

# /etc/nsswitch.conf

#

# An example Name Service Switch config file. This file should be

# sorted with the most-used services at the beginning.

#

# The entry '[NOTFOUND=return]' means that the search for an

# entry should stop if the search in the previous entry turned

# up nothing. Note that if the search failed due to some other reason

# (like no NIS server responding) then the search continues with the

# next entry.

#

# Legal entries are:

#

# nis or yp Use NIS (NIS version 2), also called YP

# dns Use DNS (Domain Name Service)

# files Use the local files

# db Use the local database (.db) files

# compat Use NIS on compat mode

# hesiod Use Hesiod for user lookups

# ldap Use LDAP (only if nss_ldap is installed)

# nisplus or nis+ Use NIS+ (NIS version 3), unsupported

# [NOTFOUND=return] Stop searching if not found so far

#

# To use db, put the "db" in front of "files" for entries you want to be

# looked up first in the databases

#

# Example:

#passwd: db files ldap nis

#shadow: db files ldap nis

#group: db files ldap nis

passwd: files

shadow: files

# Example:

#passwd: db files ldap nis

#shadow: db files ldap nis

#group: db files ldap nis

passwd: nis files

shadow: nis files

group: nis files

#hosts: db files ldap nis dns

hosts: files dns

# Example - obey only what ldap tells us...

#services: ldap [NOTFOUND=return] files

#networks: ldap [NOTFOUND=return] files

#protocols: ldap [NOTFOUND=return] files

#rpc: ldap [NOTFOUND=return] files

#ethers: ldap [NOTFOUND=return] files

bootparams: files

ethers: files

netmasks: files

networks: files

"/etc/nsswitch.conf" 58L, 1639C written

6.start service

[root@gang ~]# service portmap restart

Stopping portmap: [ OK ]

Starting portmap: [ OK ]

[root@gang ~]# service ypbind restart

Shutting down NIS services: [ OK ]

Binding to the NIS domain: [ OK ]

Listening for an NIS domain server.

[root@gang ~]# chkconfig --list | grep yp

ypbind 0:off 1:off 2:off 3:off 4:off 5:off 6:off

[root@gang ~]# chkconfig --level 35 ypbind on

[root@gang ~]# chkconfig --list | grep yp

ypbind 0:off 1:off 2:off 3:on 4:off 5:on 6:off

[root@gang ~]#

7.test client and server the connect(连通)

[root@gang ~]# yptest

Test 1: domainname

Configured domainname is "nisfung"

Test 2: ypbind

Used NIS server: michael.fung.com

Test 3: yp_match

WARNING: No such key in map (Map passwd.byname, key nobody)

Test 4: yp_first

WARNING: No such key in map (Map passwd.byname)

Test 5: yp_next

-- skipped --

Test 6: yp_master

michael.fung.com

Test 7: yp_order

0

Test 8: yp_maplist

passwd.byuid

services.byservicename

services.byname

hosts.byname

mail.aliases

group.byname

passwd.byname

rpc.byname

hosts.byaddr

group.bygid

protocols.byname

netid.byname

rpc.bynumber

protocols.bynumber

ypservers

Test 9: yp_all

2 tests failed

[root@gang ~]# ypwhich (test server hostname)

michael.fung.com

[root@gang ~]# ypwhich –x (test server database and mapping <映射> file name)

Use "ethers" for map "ethers.byname"

Use "aliases" for map "mail.aliases"

Use "services" for map "services.byname"

Use "protocols" for map "protocols.bynumber"

Use "hosts" for map "hosts.byname"

Use "networks" for map "networks.byaddr"

Use "group" for map "group.byname"

Use "passwd" for map "passwd.byname"

[root@gang ~]# ypcat hosts (ls server 指定 the database content<内容>)

127.0.0.1 localhost.localdomain localhost

127.0.0.1 localhost.localdomain localhost

192.168.5.1 michael.fung.com michael

192.168.5.1 michael.fung.com michael

8.NIS server user login client

Login : abc

Password: 111111

Last login: Fri Jul 31 03:50:07 2009

Could not chdir to home directory /home/abc: No such file or directory

-bash-3.00$

三．NIS SERVER AND NFS RELEVANT CONFIG

1. [root@michael ~]# vi /etc/exports

/home 192.168.5.0/24(rw) ~

~

~

~

~"/etc/exports" 1L, 34C written

<server config “/etc/exports” file 中添加 “/home” 共享目录设置>

2.start NIS server in NFS server script

root@michael ~]# service nfs restart

Shutting down NFS mountd: [ OK ]

Shutting down NFS daemon: [ OK ]

Shutting down NFS quotas: [ OK ]

Shutting down NFS services: [ OK ]

Starting NFS services: [ OK ]

Starting NFS quotas: [ OK ]

Starting NFS daemon: [ OK ]

Starting NFS mountd: [ OK ]

3.client in mount NIS server in the shared directory.

[root@gang ~]# vi /etc/fstab <config client boot auto mount>

# This file is edited by fstab-sync - see 'man fstab-sync' for details

LABEL=/ / ext3 defaults 1 1

LABEL=/boot /boot ext3 defaults 1 2

none /dev/pts devpts gid=5,mode=620 0 0

none /dev/shm tmpfs defaults 0 0

michael:/home/ /home nfs defaults 0 0

none /proc proc defaults 0 0

none /sys sysfs defaults 0 0

LABEL=SWAP-sda3 swap swap defaults 0 0

/dev/hdc /media/cdrom auto pamconsole,exec,noauto,managed 0 0

/dev/fd0 /media/floppy auto pamconsole,exec,noauto,managed 0 0

"/etc/fstab" 11L, 861C written

[root@gang ~]# cd /home

[root@gang home]# ls

[root@gang home]# ll

total 0.

[root@gang ~]# mount /home

[root@gang ~]# cd /home

'[root@gang home]# ls

abc abc1 fung

4.server user in clinet relogin NIS server.

Login : abc

Password:

Last login: Fri Jul 31 03:52:01 2009 from 192.168.5.199

[abc@gang ~]$

[abc@gang ~]$

 

“And first login NIS server have the different(不同).

 

四．问题处理：

KEY:( 重点): IN config NIS server when(时)

1. If config when(前) add user .config over can in client use(用) server user login NIS server.

2. If config over NIS server ,add login NIS server user. Can not login NIS server.TO(要) running :

[root@michael ~]# /usr/lib/yp/ypinit –m (重新加载NIS database)

本文出自 “michaelfung_专栏” 博客，转载请与作者联系！