类别:原创 服务器
第一:说明,软件说明,和安装的目的
架设基于linux下的NIS服务器,统一所有的机器账号。
第二:本例操作环境
所使用的系统环境为 Centos 6.5 64位操作系统
[root@jedy ~]# uname -a
Linux jedy 2.6.32-431.5.1.el6.x86_64 #1 SMP Wed Feb 12 00:41:43 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
[root@jedy ~]# hostname
jedy
[root@jedy ~]# more /etc/redhat-release
CentOS release 6.5 (Final)
[root@jedy ~]#
第三:NIS 服务器配置
1.设置NIS域名
[root@jedy ~]# nisdomainname
[root@jedy ~]# nisdomainname test.com \\ 增加nis域 这种设置马上生效
[root@jedy ~]# nisdomainname
test.com
[root@jedy ~]# echo "nisdomainname test.com " >>/etc/rc.local \\这种设置可保障计算机重启后NIS 域名不变
[root@jedy ~]# echo "NSIDOMAIN=test.com " >>/etc/sysconfig/network \\这种设置要在network服务启动时生效
[root@jedy ~]#
[root@jedy ~]# more /etc/rc.local
#!/bin/sh
#
# This script will be executed *after* all the other init scripts.
# You can put your own initialization stuff in here if you don‘t
# want to do the full Sys V style init stuff.
touch /var/lock/subsys/local
nisdomainname test.com
[root@jedy ~]# more /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=localhost.localdomain
GATEWAY=*.*.*.*
NSIDOMAIN=test.com
[root@jedy ~]# service network restart \\重新启动network服务
Shutting down interface eth0: Device state: 3 (disconnected)
[ OK ]
Shutting down loopback interface: [ OK ]
Bringing up loopback interface: [ OK ]
Bringing up interface eth0: Active connection state: activated
Active connection path: /org/freedesktop/NetworkManager/ActiveConnection/1
[ OK ]
[root@jedy ~]#
2.修改/etc/hosts,增加解析
[root@jedy ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
127.0.0.1 nis.test.com test.com \\ 增加这一行
[root@jedy ~]# ping nis.test.com
PING nis.test.com (127.0.0.1) 56(84) bytes of data.
64 bytes from localhost (127.0.0.1): icmp_seq=1 ttl=64 time=0.086 ms
64 bytes from localhost (127.0.0.1): icmp_seq=2 ttl=64 time=0.076 ms
^C
--- nis.test.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1383ms
rtt min/avg/max/mdev = 0.076/0.081/0.086/0.005 ms
[root@jedy ~]#
3.安装必须的软件包
ypbind
yp-tools
ypserv
[root@jedy ~]#
[root@jedy ~]# yum install -y yp*
[root@jedy ~]#
4.修改主配置文件/etc/ypserv.conf
[root@jedy ~]#
[root@jedy ~]# tail /etc/ypserv.conf
# If you comment out the next rule, ypserv and rpc.ypxfrd will
# look for YP_SECURE and YP_AUTHDES in the maps. This will make
# the security check a little bit slower, but you only have to
# change the keys on the master server, not the configuration files
# on each NIS server.
# If you have maps with YP_SECURE or YP_AUTHDES, you should create
# a rule for them above, that‘s much faster.
# * : * : * : none
127.0.0.0/255.255.255.0 : * : * : none
[root@jedy ~]#
5.启动相应的服务
[root@jedy ~]#
[root@jedy ~]# service rpcbind restart
Stopping rpcbind: [FAILED]
Starting rpcbind: [ OK ]
[root@jedy ~]# service ypserv restart
Stopping YP server services: [FAILED]
Starting YP server services: [ OK ]
[root@jedy yum.repos.d]# service yppasswdd restart
Stopping YP passwd service: [FAILED]
Starting YP passwd service: [ OK ]
[root@jedy yum.repos.d]# service ypbind restart
Shutting down NIS service: [ OK ]
Starting NIS service: [ OK ]
Binding NIS service: [ OK ]
[root@jedy yum.repos.d]#
6.添加用来测试的用户aa,bb,并更新NIS信息数据库
[root@jedy ~]# useradd aa
[root@jedy ~]# useradd bb
[root@jedy ~]# su aa
[aa@localhost root]$ exit
exit
[root@jedy ~]# su bb
[bb@localhost root]$ exit
exit
[root@jedy ~]#
[root@jedy ~]# tail /etc/passwd
dbus:x:81:81:System message bus:/:/sbin/nologin
avahi-autoipd:x:170:170:Avahi IPv4LL Stack:/var/lib/avahi-autoipd:/sbin/nologin
rtkit:x:498:496:RealtimeKit:/proc:/sbin/nologin
pulse:x:497:495:PulseAudio System Daemon:/var/run/pulse:/sbin/nologin
haldaemon:x:68:68:HAL daemon:/:/sbin/nologin
gdm:x:42:42::/var/lib/gdm:/sbin/nologin
ntp:x:38:38::/etc/ntp:/sbin/nologin
rpc:x:32:32:Rpcbind Daemon:/var/cache/rpcbind:/sbin/nologin
aa:x:500:500::/home/aa:/bin/bash
bb:x:501:501::/home/bb:/bin/bash
[root@jedy ~]#
[root@jedy ~]# /usr/lib64/yp/ypinit -m
At this point, we have to construct a list of the hosts which will run NIS
servers. localhost is in the list of NIS server hosts. Please continue to add
the names for the other hosts, one per line. When you are done with the
list, type a <control D>.
next host to add: localhost
next host to add:
The current list of NIS servers looks like this:
localhost
Is this correct? [y/n: y] y
We need a few minutes to build the databases...
Building /var/yp/test.com/ypservers...
Running /var/yp/Makefile...
gmake[1]: Entering directory `/var/yp/test.com‘
Updating passwd.byname...
Updating passwd.byuid...
Updating group.byname...
Updating group.bygid...
Updating hosts.byname...
Updating hosts.byaddr...
Updating rpc.byname...
Updating rpc.bynumber...
Updating services.byname...
Updating services.byservicename...
Updating netid.byname...
Updating protocols.bynumber...
Updating protocols.byname...
Updating mail.aliases...
gmake[1]: Leaving directory `/var/yp/test.com‘
localhost has been set up as a NIS master server.
Now you can run ypinit -s localhost on all slave server.
[root@jedy ~]#
[root@jedy test.com]# ypcat -h localhost passwd.byname \\查看共享出来的用户
bb:!!:501:501::/home/bb:/bin/bash
aa:!!:500:500::/home/aa:/bin/bash
[root@jedy test.com]#
第四:NIS 客户端配置
1.[root@jedy ~]# vi /etc/nsswitch.conf
# 这个文件的内容有相当多,不过如果你只想要进行登入验证,可以这样:
passwd: files nis
shadow: files nis
group: files nis
hosts: files nis dns
2.[root@jedy ~]# more /etc/sysconfig/authconfig
IPADOMAINJOINED=no
USEMKHOMEDIR=no
USEPAMACCESS=no
CACHECREDENTIALS=yes
USESSSDAUTH=no
USESHADOW=yes
USEWINBIND=no
USESSSD=no
PASSWDALGORITHM=sha512
FORCELEGACY=no
USEFPRINTD=no
USEHESIOD=no
FORCESMARTCARD=no
USELDAPAUTH=no
IPAV2NONTP=no
USELDAP=no
USECRACKLIB=yes
USEIPAV2=no
USEWINBINDAUTH=no
USESMARTCARD=no
USELOCAUTHORIZE=yes
USENIS=yes \\在这一行增加nis认证
USEKERBEROS=no
USESYSNETAUTH=no
USEDB=no
USEPASSWDQC=no
[root@jedy yum.repos.d]#
3.[root@jedy ~]# more /etc/pam.d/system-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth required pam_deny.so
account required pam_unix.so
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 500 quiet
account required pam_permit.so
password requisite pam_cracklib.so try_first_pass retry=3 type=
password sufficient pam_unix.so sha512 shadow nis nullok try_first_pass use_authtok \\在这一行增加nis 的pam认证
password required pam_deny.so
session optional pam_keyinit.so revoke
session required pam_limits.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so
[root@jedy yum.repos.d]#
4.[root@jedy ~]# more /etc/yp.conf
# /etc/yp.conf - ypbind configuration file
# Valid entries are
#
# domain NISDOMAIN server HOSTNAME
# Use server HOSTNAME for the domain NISDOMAIN.
#
# domain NISDOMAIN broadcast
# Use broadcast on the local net for domain NISDOMAIN
#
# domain NISDOMAIN slp
# Query local SLP server for ypserver supporting NISDOMAIN
#
# ypserver HOSTNAME
# Use server HOSTNAME for the local domain. The
# IP-address of server must be listed in /etc/hosts.
#
# broadcast
# If no server for the default domain is specified or
# none of them is rechable, try a broadcast call to
# find a server.
#
domain test.com server nis.test.com \\在这一行增加nis 的服务器和域名
[root@jedy ~]#
5.重启相应的服务
[root@jedy ~]#
[root@jedy ~]# service rpcbind restart
Stopping rpcbind: [FAILED]
Starting rpcbind: [ OK ]
[root@jedy yum.repos.d]# service yppasswdd restart
Stopping YP passwd service: [FAILED]
Starting YP passwd service: [ OK ]
[root@jedy yum.repos.d]# service ypbind restart
Shutting down NIS service: [ OK ]
Starting NIS service: [ OK ]
Binding NIS service: [ OK ]
[root@jedy yum.repos.d]#
6.开机启动相应的服务
[root@jedy yp]# chkconfig rpcbind on
[root@jedy yp]# chkconfig ypbind on
[root@jedy yp]# chkconfig yppasswdd on
[root@jedy yp]# chkconfig ypserv on
第五:测试测试连接和认证
[root@jedy ~]#
[root@jedy ~]# cat /etc/passwd
#aa:x:500:500::/home/aa:/bin/bash
bb:x:501:501::/home/bb:/bin/bash
[root@jedy ~]#
[root@jedy ~]# cd /var/yp/
[root@jedy yp]# make
gmake[1]: Entering directory `/var/yp/test.com‘
Updating passwd.byname...
Updating passwd.byuid...
Updating group.byname...
Updating group.bygid...
Updating hosts.byname...
Updating hosts.byaddr...
Updating netid.byname...
gmake[1]: Leaving directory `/var/yp/test.com‘
[root@jedy yp]# su aa
su: user aa does not exist
[root@jedy yp]# su bb
[bb@localhost yp]$ exit
exit
[root@jedy yp]# cat /etc/passwd
#aa:x:500:500::/home/aa:/bin/bash
#bb:x:501:501::/home/bb:/bin/bash
[root@jedy yp]# ypcat -h localhost passwd.byname
bb:!!:501:501::/home/bb:/bin/bash
[root@jedy yp]# su aa
su: user aa does not exist
[root@jedy yp]# su bb
[bb@localhost yp]$ exit
exit
[root@jedy yp]#
第六:补充
1.固定NIS端口
[root@jedy ~]# cat /etc/sysconfig/network
NISDOMAIN=test.com
HOSTNAME=localhost.localdomain
NETWORKING=yes
GATEWAY=*.*.*.*
NSIDOMAIN=test.com
YPSERV_ARGS="-p 800" \\ypserv 端口
YPXFRD_ARGS="-p 801" \\ypserv 同步端口
[root@jedy ~]#
至此 所有配置完成
Centos 6.5下NIS服务安装配置,布布扣,bubuko.com
原文:http://jedy82.blog.51cto.com/425872/1389051