类别:原创 服务器
第一:说明,软件说明,和安装的目的架设基于linux下的NIS服务器,统一所有的机器账号。第二:本例操作环境
所使用的系统环境为 Centos 6.5 64位操作系统 [root@jedy ~]# uname -a Linux jedy 2.6.32-431.5.1.el6.x86_64 #1 SMP Wed Feb 12 00:41:43 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux [root@jedy ~]# hostname jedy [root@jedy ~]# more /etc/redhat-release CentOS release 6.5 (Final) [root@jedy ~]# 第三:NIS 服务器配置 1.设置NIS域名[root@jedy ~]# nisdomainname [root@jedy ~]# nisdomainname test.com \\ 增加nis域 这种设置马上生效 [root@jedy ~]# nisdomainname test.com [root@jedy ~]# echo "nisdomainname test.com " >>/etc/rc.local \\这种设置可保障计算机重启后NIS 域名不变 [root@jedy ~]# echo "NSIDOMAIN=test.com " >>/etc/sysconfig/network \\这种设置要在network服务启动时生效 [root@jedy ~]# [root@jedy ~]# more /etc/rc.local #!/bin/sh # # This script will be executed *after* all the other init scripts. # You can put your own initialization stuff in here if you don't # want to do the full Sys V style init stuff.touch /var/lock/subsys/local
nisdomainname test.com [root@jedy ~]# more /etc/sysconfig/network NETWORKING=yes HOSTNAME=localhost.localdomain GATEWAY=*.*.*.* NSIDOMAIN=test.com [root@jedy ~]# service network restart \\重新启动network服务 Shutting down interface eth0: Device state: 3 (disconnected) [ OK ] Shutting down loopback interface: [ OK ] Bringing up loopback interface: [ OK ] Bringing up interface eth0: Active connection state: activated Active connection path: /org/freedesktop/NetworkManager/ActiveConnection/1 [ OK ] [root@jedy ~]#2.修改/etc/hosts,增加解析
[root@jedy ~]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 127.0.0.1 nis.test.com test.com \\ 增加这一行 [root@jedy ~]# ping nis.test.com PING nis.test.com (127.0.0.1) 56(84) bytes of data. 64 bytes from localhost (127.0.0.1): icmp_seq=1 ttl=64 time=0.086 ms 64 bytes from localhost (127.0.0.1): icmp_seq=2 ttl=64 time=0.076 ms ^C --- nis.test.com ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1383ms rtt min/avg/max/mdev = 0.076/0.081/0.086/0.005 ms [root@jedy ~]#3.安装必须的软件包
ypbind yp-tools ypserv [root@jedy ~]# [root@jedy ~]# yum install -y yp* [root@jedy ~]#4.修改主配置文件/etc/ypserv.conf
[root@jedy ~]# [root@jedy ~]# tail /etc/ypserv.conf # If you comment out the next rule, ypserv and rpc.ypxfrd will # look for YP_SECURE and YP_AUTHDES in the maps. This will make # the security check a little bit slower, but you only have to # change the keys on the master server, not the configuration files # on each NIS server. # If you have maps with YP_SECURE or YP_AUTHDES, you should create # a rule for them above, that's much faster. # * : * : * : none 127.0.0.0/255.255.255.0 : * : * : none[root@jedy ~]#
5.启动相应的服务
[root@jedy ~]# [root@jedy ~]# service rpcbind restart Stopping rpcbind: [FAILED] Starting rpcbind: [ OK ] [root@jedy ~]# service ypserv restart Stopping YP server services: [FAILED] Starting YP server services: [ OK ] [root@jedy yum.repos.d]# service yppasswdd restart Stopping YP passwd service: [FAILED] Starting YP passwd service: [ OK ] [root@jedy yum.repos.d]# service ypbind restart Shutting down NIS service: [ OK ] Starting NIS service: [ OK ] Binding NIS service: [ OK ] [root@jedy yum.repos.d]#6.添加用来测试的用户aa,bb,并更新NIS信息数据库
[root@jedy ~]# useradd aa [root@jedy ~]# useradd bb [root@jedy ~]# su aa [aa@localhost root]$ exit exit [root@jedy ~]# su bb [bb@localhost root]$ exit exit [root@jedy ~]# [root@jedy ~]# tail /etc/passwd dbus:x:81:81:System message bus:/:/sbin/nologin avahi-autoipd:x:170:170:Avahi IPv4LL Stack:/var/lib/avahi-autoipd:/sbin/nologin rtkit:x:498:496:RealtimeKit:/proc:/sbin/nologin pulse:x:497:495:PulseAudio System Daemon:/var/run/pulse:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin gdm:x:42:42::/var/lib/gdm:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin rpc:x:32:32:Rpcbind Daemon:/var/cache/rpcbind:/sbin/nologin aa:x:500:500::/home/aa:/bin/bash bb:x:501:501::/home/bb:/bin/bash [root@jedy ~]# [root@jedy ~]# /usr/lib64/yp/ypinit -mAt this point, we have to construct a list of the hosts which will run NIS
servers. localhost is in the list of NIS server hosts. Please continue to add the names for the other hosts, one per line. When you are done with the list, type a <control D>. next host to add: localhost next host to add: The current list of NIS servers looks like this:localhost
Is this correct? [y/n: y] y
We need a few minutes to build the databases... Building /var/yp/test.com/ypservers... Running /var/yp/Makefile... gmake[1]: Entering directory `/var/yp/test.com' Updating passwd.byname... Updating passwd.byuid... Updating group.byname... Updating group.bygid... Updating hosts.byname... Updating hosts.byaddr... Updating rpc.byname... Updating rpc.bynumber... Updating services.byname... Updating services.byservicename... Updating netid.byname... Updating protocols.bynumber... Updating protocols.byname... Updating mail.aliases... gmake[1]: Leaving directory `/var/yp/test.com'localhost has been set up as a NIS master server.
Now you can run ypinit -s localhost on all slave server.
[root@jedy ~]# [root@jedy test.com]# ypcat -h localhost passwd.byname \\查看共享出来的用户 bb:!!:501:501::/home/bb:/bin/bash aa:!!:500:500::/home/aa:/bin/bash [root@jedy test.com]#第四:NIS 客户端配置
1.[root@jedy ~]# vi /etc/nsswitch.conf # 这个文件的内容有相当多,不过如果你只想要进行登入验证,可以这样:
passwd: files nis shadow: files nis group: files nis hosts: files nis dns2.[root@jedy ~]# more /etc/sysconfig/authconfig IPADOMAINJOINED=no
USEMKHOMEDIR=no USEPAMACCESS=no CACHECREDENTIALS=yes USESSSDAUTH=no USESHADOW=yes USEWINBIND=no USESSSD=no PASSWDALGORITHM=sha512 FORCELEGACY=no USEFPRINTD=no USEHESIOD=no FORCESMARTCARD=no USELDAPAUTH=no IPAV2NONTP=no USELDAP=no USECRACKLIB=yes USEIPAV2=no USEWINBINDAUTH=no USESMARTCARD=no USELOCAUTHORIZE=yes USENIS=yes \\在这一行增加nis认证 USEKERBEROS=no USESYSNETAUTH=no USEDB=no USEPASSWDQC=no [root@jedy yum.repos.d]#3.[root@jedy ~]# more /etc/pam.d/system-auth
#%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required pam_env.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 500 quiet auth required pam_deny.soaccount required pam_unix.so
account sufficient pam_localuser.so account sufficient pam_succeed_if.so uid < 500 quiet account required pam_permit.sopassword requisite pam_cracklib.so try_first_pass retry=3 type=
password sufficient pam_unix.so sha512 shadow nis nullok try_first_pass use_authtok \\在这一行增加nis 的pam认证 password required pam_deny.sosession optional pam_keyinit.so revoke
session required pam_limits.so session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so [root@jedy yum.repos.d]# 4.[root@jedy ~]# more /etc/yp.conf# /etc/yp.conf - ypbind configuration file # Valid entries are # # domain NISDOMAIN server HOSTNAME # Use server HOSTNAME for the domain NISDOMAIN. # # domain NISDOMAIN broadcast # Use broadcast on the local net for domain NISDOMAIN # # domain NISDOMAIN slp # Query local SLP server for ypserver supporting NISDOMAIN # # ypserver HOSTNAME # Use server HOSTNAME for the local domain. The # IP-address of server must be listed in /etc/hosts. # # broadcast # If no server for the default domain is specified or # none of them is rechable, try a broadcast call to # find a server. # domain test.com server nis.test.com \\在这一行增加nis 的服务器和域名 [root@jedy ~]#5.重启相应的服务
[root@jedy ~]# [root@jedy ~]# service rpcbind restart Stopping rpcbind: [FAILED] Starting rpcbind: [ OK ] [root@jedy yum.repos.d]# service yppasswdd restart Stopping YP passwd service: [FAILED] Starting YP passwd service: [ OK ] [root@jedy yum.repos.d]# service ypbind restart Shutting down NIS service: [ OK ] Starting NIS service: [ OK ] Binding NIS service: [ OK ] [root@jedy yum.repos.d]#6.开机启动相应的服务
[root@jedy yp]# chkconfig rpcbind on [root@jedy yp]# chkconfig ypbind on [root@jedy yp]# chkconfig yppasswdd on [root@jedy yp]# chkconfig ypserv on第五:测试测试连接和认证
[root@jedy ~]#
[root@jedy ~]# cat /etc/passwd #aa:x:500:500::/home/aa:/bin/bash bb:x:501:501::/home/bb:/bin/bash [root@jedy ~]# [root@jedy ~]# cd /var/yp/ [root@jedy yp]# make gmake[1]: Entering directory `/var/yp/test.com' Updating passwd.byname... Updating passwd.byuid... Updating group.byname... Updating group.bygid... Updating hosts.byname... Updating hosts.byaddr... Updating netid.byname... gmake[1]: Leaving directory `/var/yp/test.com' [root@jedy yp]# su aa su: user aa does not exist [root@jedy yp]# su bb [bb@localhost yp]$ exit exit [root@jedy yp]# cat /etc/passwd #aa:x:500:500::/home/aa:/bin/bash #bb:x:501:501::/home/bb:/bin/bash [root@jedy yp]# ypcat -h localhost passwd.byname bb:!!:501:501::/home/bb:/bin/bash [root@jedy yp]# su aa su: user aa does not exist [root@jedy yp]# su bb [bb@localhost yp]$ exit exit [root@jedy yp]#第六:补充
1.固定NIS端口[root@jedy ~]# cat /etc/sysconfig/network NISDOMAIN=test.com HOSTNAME=localhost.localdomain NETWORKING=yes GATEWAY=*.*.*.* NSIDOMAIN=test.com YPSERV_ARGS="-p 800" \\ypserv 端口 YPXFRD_ARGS="-p 801" \\ypserv 同步端口 [root@jedy ~]#至此 所有配置完成