rhel5之NIS服務配置

一、環境介紹：

OS:rhel5

master:rhel5.com IP:192.168.1.110

slave:slave.rhel5.com IP:192.168.1.118

client:client.rhel5.com IP:192.168.1.113

所需軟件包：ypserv、yptools、ypbind

防火牆關閉

二、在master上配置NFS Server:

1.編輯/etc/exportfs，共享/home目錄：

[root@master ]#vi /etc/exportfs

/home *(ro,sync)

2.使配置生效：

[root@master ]#exportfs -a

3.啓動NFS Server:

[root@master ]#service nfs start

    Starting NFS services: [ OK ]
    Starting NFS quotas: [ OK ]
    Starting NFS daemon: [ OK ]
    Starting NFS mountd: [ OK ]
    [root@master ]#chkconfig nfs on

三、在client端配置NFS Server:

[root@client ]#service nfs start

    Starting NFS services: [ OK ]
    Starting NFS quotas: [ OK ]
    Starting NFS daemon: [ OK ]
    Starting NFS mountd: [ OK ]
    [root@client ]#chkconfig nfs on

創建一個新的/home用來掛載master上的/home

[root@client ]#mv /home /home.old

[root@client ]#mkdir /home

[root@client ]#mount -t nfs 192.168.1.110:/home /home

[root@client ]ls /home ＃檢查一下掛載是否成功

[root@client ]umount /home

接着使用autofs工具在系統啓動時自動掛載master上的/home.

首先編輯/etc/auto.master，加入下行:

/home /etc/auto.home --timeout 600

其次編輯/etc/auto.home，加入下行：

* -fstype=nfs,ro 192.168.1.110:/home

啓動autofs服務：

[root@client ]#chkconfig autofs on

[root@client ]#service autofs start

Starting automount:[ OK ]
四、配置NIS Server

1.安裝所需軟件包：

yum -y install ypserv ypbind yptools

2.編輯/etc/sysconfig/network加入下行：

NISDOMAIN=xzxj11

3.編輯/etc/yp.conf,加入下行：

ypserver 127.0.0.1

4.啓動所需服務：

[root@master ]# service portmap restart

[root@master ]# service ypserv restart

[root@master ]# service yppasswdd start

[root@master ]# chkconfig ypserv on

[root@master ]# chkconfig yppasswdd on

[root@master ]# chkconfig portmap on

介紹幾個相關進程：

portmap 當NIS運行時定義相關RPC進程

yppasswdd 讓用戶更改或配置密碼

ypserv 主NIS Server的守護進程

ypbind 客戶端NIS的守護進程

ypxfrd 加速傳輸NIS較大的maps

5.使用rpcinfo檢查對應的服務是否運行：

[root@rhel5 ~]# rpcinfo -p localhost

program vers proto port

100000 2 tcp 111 portmapper

100000 2 udp 111 portmapper

100024 1 udp 855 status

100024 1 tcp 858 status

100004 2 udp 642 ypserv

100004 1 udp 642 ypserv

100004 2 tcp 645 ypserv

100011 1 udp 980 rquotad

100011 2 udp 980 rquotad

100011 1 tcp 983 rquotad

100011 2 tcp 983 rquotad

100003 2 udp 2049 nfs

100003 3 udp 2049 nfs

100003 4 udp 2049 nfs

100003 2 tcp 2049 nfs

100003 3 tcp 2049 nfs

100003 4 tcp 2049 nfs

100021 1 udp 1026 nlockmgr

100021 3 udp 1026 nlockmgr

100021 4 udp 1026 nlockmgr

100021 1 tcp 3540 nlockmgr

100021 3 tcp 3540 nlockmgr

100021 4 tcp 3540 nlockmgr

100005 1 udp 1008 mountd

100005 1 tcp 1011 mountd

100005 2 udp 1008 mountd

100005 2 tcp 1011 mountd

100005 3 udp 1008 mountd

100005 3 tcp 1011 mountd

100009 1 udp 644 yppasswdd

100007 2 udp 806 ypbind

100007 1 udp 806 ypbind

100007 2 tcp 809 ypbind

100007 1 tcp 809 ypbind

五、初始化NIS domain:

1、初始化：

NIS-SCHOOL-NETWORK=xzxj11

[root@master ~]#/usr/lib/yp/ypinit –m

At this point, we have to construct a list of the hosts which will run NIS

servers. rhel5.com is in the list of NIS server hosts. Please continue to add

the names for the other hosts, one per line. When you are done with the

list, type a <control D>.

next host to add: rhel5.com

next host to add:

The current list of NIS servers looks like this:

rhel5.com

Is this correct? [y/n: y] y

We need a few minutes to build the databases...

Building /var/yp/xzxj11/ypservers...

Running /var/yp/Makefile...

gmake[1]: Entering directory `/var/yp/xzxj11'

gmake[1]: Warning: File `/etc/passwd' has modification time 1.7e+04 s in the future

Updating passwd.byname...

Updating passwd.byuid...

Updating group.byname...

Updating group.bygid...

Updating hosts.byname...

Updating hosts.byaddr...

Updating rpc.byname...

Updating rpc.bynumber...

Updating services.byname...

Updating services.byservicename...

Updating netid.byname...

Updating protocols.bynumber...

Updating protocols.byname...

Updating mail.aliases...

gmake[1]: warning: Clock skew detected. Your build may be incomplete.

gmake[1]: Leaving directory `/var/yp/xzxj11'

rhel5.com has been set up as a NIS master server.

Now you can run ypinit -s rhel5.com on all slave server.

如果出現以下錯誤信息：

failed to send 'clear' to local ypserv: RPC: Unable to receiveUpdating passwd.byuid...

則要刪除/var/yp/NIS-SCHOOL-NETWORK目錄，然後重新啓動portmap、yppasswdd、ypserv，然後再初始化NIS domain.

2、接着啓動ypbind和ypxfrd:

[root@rhel5 yp]# service ypbind start

Turning on allow_ypbind SELinux boolean

Binding to the NIS domain: [ OK ]

Listening for an NIS domain server..

[root@rhel5 yp]# service ypxfrd start

Starting YP map server: [ OK ]

[root@rhel5 yp]#

3、測試一下：

[root@rhel5 yp]# rpcinfo -p localhost

program vers proto port

100000 2 tcp 111 portmapper

100000 2 udp 111 portmapper

100024 1 udp 855 status

100024 1 tcp 858 status

100011 1 udp 980 rquotad

100011 2 udp 980 rquotad

100011 1 tcp 983 rquotad

100011 2 tcp 983 rquotad

100003 2 udp 2049 nfs

100003 3 udp 2049 nfs

100003 4 udp 2049 nfs

100003 2 tcp 2049 nfs

100003 3 tcp 2049 nfs

100003 4 tcp 2049 nfs

100021 1 udp 1026 nlockmgr

100021 3 udp 1026 nlockmgr

100021 4 udp 1026 nlockmgr

100021 1 tcp 3540 nlockmgr

100021 3 tcp 3540 nlockmgr

100021 4 tcp 3540 nlockmgr

100005 1 udp 1008 mountd

100005 1 tcp 1011 mountd

100005 2 udp 1008 mountd

100005 2 tcp 1011 mountd

100005 3 udp 1008 mountd

100005 3 tcp 1011 mountd

100004 2 udp 822 ypserv

100004 1 udp 822 ypserv

100004 2 tcp 825 ypserv

100004 1 tcp 825 ypserv

100009 1 udp 843 yppasswdd

100007 2 udp 611 ypbind

100007 1 udp 611 ypbind

100007 2 tcp 614 ypbind

100007 1 tcp 614 ypbind

600100069 1 udp 638 fypxfrd

600100069 1 tcp 640 fypxfrd

4.添加用戶：

[root@rhel5 yp]# useradd –g users nisuser

[root@rhel5 yp]#passwd nisuser

更改完nisuser用戶密碼後，進入/var/yp/目錄裏，運行make命令：

[root@rhel5 yp]# make

gmake[1]: Entering directory `/var/yp/xzxj11'

gmake[1]: `ypservers' is up to date.

gmake[1]: Leaving directory `/var/yp/xzxj11'

gmake[1]: Entering directory `/var/yp/xzxj11'

Updating passwd.byname...

Updating passwd.byuid...

Updating netid.byname...

gmake[1]: Leaving directory `/var/yp/xzxj11'

然後測試一下：

[root@rhel5 yp]# ypcat passwd

ftpuser4:$1$bhbbY31/$Ac55OeaS.zfratZWnqrnE/:503:50::/home/ftpuser4:/sbin/nologin

ftpuser2:$1$ToavK8/x$z/5QOeZixUSFoVKunxoPs0:501:50::/home/ftpuser2:/sbin/nologin

nisuser:$1$tuRAlu1R$cEFwt8.UrjUcYnqAb8GJs1:507:100::/home/nisuser:/bin/bash

ftpuser1:$1$JvtTK2NW$E0f5ULzTk32KswI/U5qUX/:500:50::/home/ftpuser1:/sbin/nologin

nisuser1:$1$me3VrKof$PHe4.99xN0pvrN7fVMcWA1:509:100::/home/nisuser1:/bin/bash

test:$1$cRX1lKau$KNdiNva7G.mvdqP0rXiRy.:504:50::/home/test:/sbin/nologin

candon123:$1$oIDTzk4X$l/.DnGYrZrs2xtcX89Wlc0:506:12::/home/candon123:/bin/bash

candon:$1$Brob1q/1$cFMlekBjs5Qdmp3JByi3z.:505:12::/home/candon:/bin/bash

ldapuser:$1$koB2A2FZ$wRYTsh1batCqNNYsnigP2/:508:100::/home/ldapuser:/bin/bash

ftpuser3:$1$84YJNMq9$evGaHJ0KU/XKv.DV5oYiX1:502:50::/home/ftpuser3:/sbin/nologin

[root@rhel5 yp]# ypmatch nisuser1 passwd

nisuser1:$1$me3VrKof$PHe4.99xN0pvrN7fVMcWA1:509:100::/home/nisuser1:/bin/bash

[root@rhel5 yp]# getent passwd nisuser1

nisuser1:x:509:100::/home/nisuser1:/bin/bash

六、客戶端配置：

1、運行authconfig或者authconfig-tui來啓用nis驗證;

2、修改/etc/yp.conf文件，加入下行：

Domain xzxj11 server 192.168.1.110

修改/etc/sysconfig/network文件，加入下行：

NISDOMAIN=xzxj11 ＃定義NIS域

修改/etc/nsswitch.conf，改爲以下形式：

passwd: files nis

shadow: files nis

group: files nis

3、啓動portmap和ypbind服務：

[root@client ~]# service portmap start

啓動portmap服務[確定]

[root@client ~]# service ypbind start

記得再/etc/hosts文件有對應的主機名和IP

Vi /etc/hosts

192.168.1.110 rhel5.com rhel5

192.168.1.113 client.rhel5.com client

4、測試：

[root@client~]# ypcat passwd