Centos 6.5下NIS服務安裝配置

時間 2021-02-13

標籤 linux 數據庫 bash 服務器 session dom ide oop 測試欄目 CentOS 简体版

原文原文鏈接

類別：原創服務器
第一：說明，軟件說明，和安裝的目的
架設基於linux下的NIS服務器，統一全部的機器帳號。 linux

第二：本例操做環境
所使用的系統環境爲 Centos 6.5 64位操做系統
[root@jedy ~]# uname -a
Linux jedy 2.6.32-431.5.1.el6.x86_64 #1 SMP Wed Feb 12 00:41:43 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
[root@jedy ~]# hostname
jedy
[root@jedy ~]# more /etc/redhat-release
CentOS release 6.5 (Final)
[root@jedy ~]# 數據庫

第三：NIS 服務器配置
1.設置NIS域名
[root@jedy ~]# nisdomainname
[root@jedy ~]# nisdomainname test.com \\ 增長nis域這種設置立刻生效
[root@jedy ~]# nisdomainname
test.com
[root@jedy ~]# echo "nisdomainname test.com " >>/etc/rc.local \\這種設置可保障計算機重啓後NIS 域名不變
[root@jedy ~]# echo "NSIDOMAIN=test.com " >>/etc/sysconfig/network \\這種設置要在network服務啓動時生效
[root@jedy ~]#
[root@jedy ~]# more /etc/rc.local
#!/bin/sh
#
# This script will be executed *after* all the other init scripts.
# You can put your own initialization stuff in here if you don't
# want to do the full Sys V style init stuff. bash

touch /var/lock/subsys/local
nisdomainname test.com
[root@jedy ~]# more /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=localhost.localdomain
GATEWAY=*.*.*.*
NSIDOMAIN=test.com
[root@jedy ~]# service network restart \\從新啓動network服務
Shutting down interface eth0: Device state: 3 (disconnected)
[ OK ]
Shutting down loopback interface: [ OK ]
Bringing up loopback interface: [ OK ]
Bringing up interface eth0: Active connection state: activated
Active connection path: /org/freedesktop/NetworkManager/ActiveConnection/1
[ OK ]
[root@jedy ~]# 服務器

2.修改/etc/hosts，增長解析
[root@jedy ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
127.0.0.1 nis.test.com test.com \\ 增長這一行
[root@jedy ~]# ping nis.test.com
PING nis.test.com (127.0.0.1) 56(84) bytes of data.
64 bytes from localhost (127.0.0.1): icmp_seq=1 ttl=64 time=0.086 ms
64 bytes from localhost (127.0.0.1): icmp_seq=2 ttl=64 time=0.076 ms
^C
--- nis.test.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1383ms
rtt min/avg/max/mdev = 0.076/0.081/0.086/0.005 ms
[root@jedy ~]# session

3.安裝必須的軟件包
ypbind
yp-tools
ypserv
[root@jedy ~]#
[root@jedy ~]# yum install -y yp*
[root@jedy ~]# dom

4.修改主配置文件/etc/ypserv.conf
[root@jedy ~]#
[root@jedy ~]# tail /etc/ypserv.conf
# If you comment out the next rule, ypserv and rpc.ypxfrd will
# look for YP_SECURE and YP_AUTHDES in the maps. This will make
# the security check a little bit slower, but you only have to
# change the keys on the master server, not the configuration files
# on each NIS server.
# If you have maps with YP_SECURE or YP_AUTHDES, you should create
# a rule for them above, that's much faster.
# * : * : * : none
127.0.0.0/255.255.255.0 : * : * : none ide

[root@jedy ~]# oop

5.啓動相應的服務
[root@jedy ~]#
[root@jedy ~]# service rpcbind restart
Stopping rpcbind: [FAILED]
Starting rpcbind: [ OK ]
[root@jedy ~]# service ypserv restart
Stopping YP server services: [FAILED]
Starting YP server services: [ OK ]
[root@jedy yum.repos.d]# service yppasswdd restart
Stopping YP passwd service: [FAILED]
Starting YP passwd service: [ OK ]
[root@jedy yum.repos.d]# service ypbind restart
Shutting down NIS service: [ OK ]
Starting NIS service: [ OK ]
Binding NIS service: [ OK ]
[root@jedy yum.repos.d]# 測試

6.添加用來測試的用戶aa,bb,並更新NIS信息數據庫
[root@jedy ~]# useradd aa
[root@jedy ~]# useradd bb
[root@jedy ~]# su aa
[aa@localhost root]$ exit
exit
[root@jedy ~]# su bb
[bb@localhost root]$ exit
exit
[root@jedy ~]#
[root@jedy ~]# tail /etc/passwd
dbus:x:81:81:System message bus:/:/sbin/nologin
avahi-autoipd:x:170:170:Avahi IPv4LL Stack:/var/lib/avahi-autoipd:/sbin/nologin
rtkit:x:498:496:RealtimeKit:/proc:/sbin/nologin
pulse:x:497:495:PulseAudio System Daemon:/var/run/pulse:/sbin/nologin
haldaemon:x:68:68:HAL daemon:/:/sbin/nologin
gdm:x:42:42::/var/lib/gdm:/sbin/nologin
ntp:x:38:38::/etc/ntp:/sbin/nologin
rpc:x:32:32:Rpcbind Daemon:/var/cache/rpcbind:/sbin/nologin
aa:x:500:500::/home/aa:/bin/bash
bb:x:501:501::/home/bb:/bin/bash
[root@jedy ~]#
[root@jedy ~]# /usr/lib64/yp/ypinit -m ui

At this point, we have to construct a list of the hosts which will run NIS
servers. localhost is in the list of NIS server hosts. Please continue to add
the names for the other hosts, one per line. When you are done with the
list, type a <control D>.
next host to add: localhost
next host to add:
The current list of NIS servers looks like this:

localhost

Is this correct? [y/n: y] y
We need a few minutes to build the databases...
Building /var/yp/test.com/ypservers...
Running /var/yp/Makefile...
gmake[1]: Entering directory `/var/yp/test.com'
Updating passwd.byname...
Updating passwd.byuid...
Updating group.byname...
Updating group.bygid...
Updating hosts.byname...
Updating hosts.byaddr...
Updating rpc.byname...
Updating rpc.bynumber...
Updating services.byname...
Updating services.byservicename...
Updating netid.byname...
Updating protocols.bynumber...
Updating protocols.byname...
Updating mail.aliases...
gmake[1]: Leaving directory `/var/yp/test.com'

localhost has been set up as a NIS master server.

Now you can run ypinit -s localhost on all slave server.
[root@jedy ~]#
[root@jedy test.com]# ypcat -h localhost passwd.byname \\查看共享出來的用戶
bb:!!:501:501::/home/bb:/bin/bash
aa:!!:500:500::/home/aa:/bin/bash
[root@jedy test.com]#

第四：NIS 客戶端配置

1.[root@jedy ~]# vi /etc/nsswitch.conf
# 這個文件的內容有至關多，不過若是你只想要進行登入驗證，能夠這樣：
passwd: files nis
shadow: files nis
group: files nis
hosts: files nis dns

2.[root@jedy ~]# more /etc/sysconfig/authconfig
IPADOMAINJOINED=no
USEMKHOMEDIR=no
USEPAMACCESS=no
CACHECREDENTIALS=yes
USESSSDAUTH=no
USESHADOW=yes
USEWINBIND=no
USESSSD=no
PASSWDALGORITHM=sha512
FORCELEGACY=no
USEFPRINTD=no
USEHESIOD=no
FORCESMARTCARD=no
USELDAPAUTH=no
IPAV2NONTP=no
USELDAP=no
USECRACKLIB=yes
USEIPAV2=no
USEWINBINDAUTH=no
USESMARTCARD=no
USELOCAUTHORIZE=yes
USENIS=yes \\在這一行增長nis認證
USEKERBEROS=no
USESYSNETAUTH=no
USEDB=no
USEPASSWDQC=no
[root@jedy yum.repos.d]#

3.[root@jedy ~]# more /etc/pam.d/system-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth required pam_deny.so

account required pam_unix.so
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 500 quiet
account required pam_permit.so

password requisite pam_cracklib.so try_first_pass retry=3 type=
password sufficient pam_unix.so sha512 shadow nis nullok try_first_pass use_authtok \\在這一行增長nis 的pam認證
password required pam_deny.so

session optional pam_keyinit.so revoke
session required pam_limits.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so
[root@jedy yum.repos.d]#

4.[root@jedy ~]# more /etc/yp.conf
# /etc/yp.conf - ypbind configuration file
# Valid entries are
#
# domain NISDOMAIN server HOSTNAME
# Use server HOSTNAME for the domain NISDOMAIN.
#
# domain NISDOMAIN broadcast
# Use broadcast on the local net for domain NISDOMAIN
#
# domain NISDOMAIN slp
# Query local SLP server for ypserver supporting NISDOMAIN
#
# ypserver HOSTNAME
# Use server HOSTNAME for the local domain. The
# IP-address of server must be listed in /etc/hosts.
#
# broadcast
# If no server for the default domain is specified or
# none of them is rechable, try a broadcast call to
# find a server.
#
domain test.com server nis.test.com \\在這一行增長nis 的服務器和域名
[root@jedy ~]#

5.重啓相應的服務
[root@jedy ~]#
[root@jedy ~]# service rpcbind restart
Stopping rpcbind: [FAILED]
Starting rpcbind: [ OK ]
[root@jedy yum.repos.d]# service yppasswdd restart
Stopping YP passwd service: [FAILED]
Starting YP passwd service: [ OK ]
[root@jedy yum.repos.d]# service ypbind restart
Shutting down NIS service: [ OK ]
Starting NIS service: [ OK ]
Binding NIS service: [ OK ]
[root@jedy yum.repos.d]#

6.開機啓動相應的服務
[root@jedy yp]# chkconfig rpcbind on
[root@jedy yp]# chkconfig ypbind on
[root@jedy yp]# chkconfig yppasswdd on
[root@jedy yp]# chkconfig ypserv on

第五：測試測試鏈接和認證

[root@jedy ~]#
[root@jedy ~]# cat /etc/passwd
#aa:x:500:500::/home/aa:/bin/bash
bb:x:501:501::/home/bb:/bin/bash
[root@jedy ~]#
[root@jedy ~]# cd /var/yp/
[root@jedy yp]# make
gmake[1]: Entering directory `/var/yp/test.com'
Updating passwd.byname...
Updating passwd.byuid...
Updating group.byname...
Updating group.bygid...
Updating hosts.byname...
Updating hosts.byaddr...
Updating netid.byname...
gmake[1]: Leaving directory `/var/yp/test.com'
[root@jedy yp]# su aa
su: user aa does not exist
[root@jedy yp]# su bb
[bb@localhost yp]$ exit
exit
[root@jedy yp]# cat /etc/passwd
#aa:x:500:500::/home/aa:/bin/bash
#bb:x:501:501::/home/bb:/bin/bash
[root@jedy yp]# ypcat -h localhost passwd.byname
bb:!!:501:501::/home/bb:/bin/bash
[root@jedy yp]# su aa
su: user aa does not exist
[root@jedy yp]# su bb
[bb@localhost yp]$ exit
exit
[root@jedy yp]#

第六：補充
1.固定NIS端口
[root@jedy ~]# cat /etc/sysconfig/network
NISDOMAIN=test.com
HOSTNAME=localhost.localdomain
NETWORKING=yes
GATEWAY=*.*.*.*
NSIDOMAIN=test.com
YPSERV_ARGS="-p 800" \\ypserv 端口
YPXFRD_ARGS="-p 801" \\ypserv 同步端口
[root@jedy ~]#

至此全部配置完成