平台:rhel5.4_x86
软件包:ypserv,ypbind,yp-tools
服务器:172.16.3.244
辅助:172.16.3.248
客户端:172.16.3.245
防火墙关闭
[root@rhel172_16_3_244 ~]# yum search yp |grep ^yp
ypbind.i386 : 把 NIS 客户绑定到 NIS 域的 NIS 守护进程。
yp-tools.i386 : NIS (或 YP) 客户程序。
ypserv.i386 : NIS (网络信息服务)服务器。
创建一个测试用户:
[root@rhel172_16_3_244 ~]# useradd talen -m
[root@rhel172_16_3_244 ~]# passwd talen
Changing password for user talen.
New UNIX password:
BAD PASSWORD: it is too short
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
安装软件包:
做为服务器
[root@rhel172_16_3_244 ~]# yum install ypserv yp-tools -y
做为客户端
[root@rhel172_16_3_244 ~]# yum install yp-tools ypbind -y
设置NIS域名
[root@rhel172_16_3_244 ~]# vim /etc/sysconfig/network
NISDOMAIN=nis
重起服务器后生效。临时生效可以使用domainname命令
[root@rhel172_16_3_244 ~]# domainname nis
[root@rhel172_16_3_244 ~]# domainname
nis
与NIS有关的服务
ypbind 0:关闭 1:关闭 2:关闭 3:关闭 4:关闭 5:关闭 6:关闭
yppasswdd 0:关闭 1:关闭 2:关闭 3:关闭 4:关闭 5:关闭 6:关闭 客户端开启修改域密码权限
ypserv 0:关闭 1:关闭 2:关闭 3:关闭 4:关闭 5:关闭 6:关闭 NIS必须开启的服务
ypxfrd 0:关闭 1:关闭 2:关闭 3:关闭 4:关闭 5:关闭 6:关闭 主辅域服务器同步数据
[root@rhel172_16_3_244 ~]# service portmap start
Starting portmap: [ OK ]
[root@rhel172_16_3_244 ~]# netstat -natp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 5808/portmap
[root@rhel172_16_3_244 ~]# chkconfig ypserv on
[root@rhel172_16_3_244 ~]# service ypserv start
启动 YP 服务器的服务: [确定]
如果有辅助服务器,开启ypxfrd服务
[root@rhel172_16_3_244 ~]# service ypxfrd start
启动 YP 映射图服务器: [确定]
产生NIS数据库文件/var/yp/Makefile
[root@rhel172_16_3_244 ~]# vim /var/yp/Makefile
其中比较重要的是all:NIS要配置的数据
# If you don't want some of these maps built, feel free to comment
# them out from this list.
all: passwd group hosts rpc services netid protocols mail \
# netgrp shadow publickey networks ethers bootparams printcap \
# amd.home auto.master auto.home auto.local passwd.adjunct \
# timezone locale netmasks
初始化NIS数据库
[root@rhel172_16_3_244 ~]# /usr/lib/yp/ypinit --help
usage:
ypinit -m
ypinit -s master
where -m is used to build the data bases on a master NIS server,
and -s is used for a slave data base. master must be an existing
reachable NIS server.
由于本机是主服务器,加上-m选项
[root@rhel172_16_3_244 ~]# /usr/lib/yp/ypinit -m
At this point, we have to construct a list of the hosts which will run NIS
servers. rhel172_16_3_244 is in the list of NIS server hosts. Please continue to add
the names for the other hosts, one per line. When you are done with the
list, type a .
next host to add: rhel172_16_3_244 这里只有本机
next host to add: 输入CTRL+D
The current list of NIS servers looks like this:
rhel172_16_3_244
Is this correct? [y/n: y] 回车
We need a few minutes to build the databases...
Building /var/yp/nis/ypservers...
gethostbyname(): Success
Running /var/yp/Makefile...
gmake[1]: Entering directory `/var/yp/nis'
Updating passwd.byname...
Updating passwd.byuid...
Updating group.byname...
Updating group.bygid...
Updating hosts.byname...
Updating hosts.byaddr...
Updating rpc.byname...
Updating rpc.bynumber...
Updating services.byname...
Updating services.byservicename...
Updating netid.byname...
Updating protocols.bynumber...
Updating protocols.byname...
Updating mail.aliases...
gmake[1]: Leaving directory `/var/yp/nis'
rhel172_16_3_244 has been set up as a NIS master server.
Now you can run ypinit -s rhel172_16_3_244 on all slave server.
此时在/var/yp目录下生成了域nis的数据文件。
[root@rhel172_16_3_244 ~]# ls -l /var/yp/*
-rw-r--r-- 1 root root 16669 2008-08-11 /var/yp/Makefile
-rw-r--r-- 1 root root 185 2006-07-13 /var/yp/nicknames
-rw-r--r-- 1 root root 17 08-26 14:26 /var/yp/ypservers
/var/yp/binding:
总计 0
/var/yp/nis:
总计 2196
-rw------- 1 root root 12418 08-26 14:27 group.bygid
-rw------- 1 root root 12419 08-26 14:27 group.byname
-rw------- 1 root root 12535 08-26 14:27 hosts.byaddr
-rw------- 1 root root 12549 08-26 14:27 hosts.byname
-rw------- 1 root root 13174 08-26 14:27 mail.aliases
-rw------- 1 root root 13092 08-26 14:27 netid.byname
-rw------- 1 root root 12484 08-26 14:27 passwd.byname
-rw------- 1 root root 12483 08-26 14:27 passwd.byuid
-rw------- 1 root root 29211 08-26 14:27 protocols.byname
-rw------- 1 root root 14573 08-26 14:27 protocols.bynumber
-rw------- 1 root root 16384 08-26 14:27 rpc.byname
-rw------- 1 root root 14236 08-26 14:27 rpc.bynumber
-rw------- 1 root root 766110 08-26 14:27 services.byname
-rw------- 1 root root 1470490 08-26 14:27 services.byservicename
-rw------- 1 root root 12376 08-26 14:27 ypservers
[root@rhel172_16_3_244 ~]# netstat -nap |grep ypserv
tcp 0 0 0.0.0.0:830 0.0.0.0:* LISTEN 6161/ypserv
udp 0 0 0.0.0.0:827 0.0.0.0:* 6161/ypserv
配置客户端
[root@rhel172_16_3_245 ~]# yum install ypbind yp-tools -y
[root@rhel172_16_3_245 ~]# chkconfig ypbind on
[root@rhel172_16_3_245 ~]# service ypbind start
Error: NIS domain name is not set. [FAILED]
[root@rhel172_16_3_245 ~]# vim /etc/sysconfig/network
NISDOMAIN=nis
[root@rhel172_16_3_245 ~]# domainname nis
[root@rhel172_16_3_245 ~]# domainname
nis
[root@rhel172_16_3_245 ~]# service ypbind start
Binding to the NIS domain: [ OK ]
Listening for an NIS domain server.rpcinfo: can't contact portmapper: RPC: Remote system error - Connection refused
[root@rhel172_16_3_245 ~]# service portmap status
portmap is stopped
[root@rhel172_16_3_245 ~]# service portmap start
Starting portmap: [ OK ]
[root@rhel172_16_3_245 ~]# netstat -natp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 5808/portmap
[root@rhel172_16_3_245 ~]# telnet 172.16.3.244 111 远程portmap端口是通的。
Trying 172.16.3.244...
Connected to 172.16.3.244 (172.16.3.244).
Escape character is '^]'.
[root@rhel172_16_3_245 ~]# rpcinfo -p 本机rpc注册OK
程序 版本 协议 端口
100000 2 tcp 111 portmapper
100000 2 udp 111 portmapper
100004 2 udp 827 ypserv
100004 1 udp 827 ypserv
100004 2 tcp 830 ypserv
100004 1 tcp 830 ypserv
[root@rhel172_16_3_245 ~]# rpcinfo -p 172.16.3.244 远程服务器OK
program vers proto port
100000 2 tcp 111 portmapper
100000 2 udp 111 portmapper
100004 2 udp 827 ypserv
100004 1 udp 827 ypserv
100004 2 tcp 830 ypserv
100004 1 tcp 830 ypserv
[root@rhel172_16_3_245 ~]# echo 'domain nis server 172.16.3.244' >> /etc/yp.conf
[root@rhel172_16_3_245 ~]# echo 'domain nis server 172.16.3.248' >> /etc/yp.conf
[root@rhel172_16_3_245 ~]# service ypbind start
Binding to the NIS domain: [ OK ]
Listening for an NIS domain server.
也可以使用文本模式的配置工具
[root@rhel172_16_3_245 ~]# authconfig-tui
Stopping portmap: [ OK ]
Starting portmap: [ OK ]
Shutting down NIS services: [ OK ]
Binding to the NIS domain: [ OK ]
Listening for an NIS domain server.
[root@rhel172_16_3_245 ~]# yptest -u talen
Test 1: domainname
Configured domainname is "nis"
Test 2: ypbind
Used NIS server: rhel172_16_3_244
Test 3: yp_match
talen:$1$hMJnBx70$3vBLoe3b6YpFiY1LH.ESz.:501:501::/home/talen:/bin/bash
Test 4: yp_first
sky sky:$1$lnUnTVK1$LxsUjGrGZvNJhGUWimpyZ/:500:500:skymobi:/home/sky:/bin/bash
Test 5: yp_next
talen talen:$1$hMJnBx70$3vBLoe3b6YpFiY1LH.ESz.:501:501::/home/talen:/bin/bash
Test 6: yp_master
rhel172_16_3_244
Test 7: yp_order
1314343321
Test 8: yp_maplist
protocols.byname
rpc.bynumber
hosts.byaddr
services.byname
group.bygid
group.byname
passwd.byname
rpc.byname
netid.byname
services.byservicename
hosts.byname
protocols.bynumber
ypservers
passwd.byuid
mail.aliases
Test 9: yp_all
sky sky:$1$lnUnTVK1$LxsUjGrGZvNJhGUWimpyZ/:500:500:skymobi:/home/sky:/bin/bash
talen talen:$1$hMJnBx70$3vBLoe3b6YpFiY1LH.ESz.:501:501::/home/talen:/bin/bash
All tests passed
[root@rhel172_16_3_245 ~]# ypwhich 查询在哪个域注册
rhel172_16_3_244
[root@rhel172_16_3_245 ~]# ypwhich -m 查询NIS对应数据
protocols.byname rhel172_16_3_244
rpc.bynumber rhel172_16_3_244
hosts.byaddr rhel172_16_3_244
services.byname rhel172_16_3_244
group.bygid rhel172_16_3_244
group.byname rhel172_16_3_244
passwd.byname rhel172_16_3_244
rpc.byname rhel172_16_3_244
netid.byname rhel172_16_3_244
services.byservicename rhel172_16_3_244
hosts.byname rhel172_16_3_244
protocols.bynumber rhel172_16_3_244
ypservers rhel172_16_3_244
passwd.byuid rhel172_16_3_244
mail.aliases rhel172_16_3_244
[root@rhel172_16_3_245 ~]# ypwhich -x 查询别名
Use "ethers" for map "ethers.byname"
Use "aliases" for map "mail.aliases"
Use "services" for map "services.byname"
Use "protocols" for map "protocols.bynumber"
Use "hosts" for map "hosts.byname"
Use "networks" for map "networks.byaddr"
Use "group" for map "group.byname"
Use "passwd" for map "passwd.byname"
查询数据库的内容:
[root@rhel172_16_3_245 ~]# ypcat passwd
sky:$1$lnUnTVK1$LxsUjGrGZvNJhGUWimpyZ/:500:500:skymobi:/home/sky:/bin/bash
talen:$1$hMJnBx70$3vBLoe3b6YpFiY1LH.ESz.:501:501::/home/talen:/bin/bash
ypcat如果查询量大的话会造成网络拥挤,可以使用ypmatch来对比数据
[root@rhel172_16_3_245 ~]# ypmatch talen passwd
talen:$1$hMJnBx70$3vBLoe3b6YpFiY1LH.ESz.:501:501::/home/talen:/bin/bash
更新数据库
如果服务器更改了数据,如新添加一个用户,NIS并没有更新,会造成客户端无法找到此用户
[root@rhel172_16_3_244 ~]# make -C /var/yp/
make: Entering directory `/var/yp'
gmake[1]: Entering directory `/var/yp/nis'
Updating netid.byname...
gmake[1]: Leaving directory `/var/yp/nis'
make: Leaving directory `/var/yp'
添加辅助NIS
为防止只有一台NIS服务器带来的单点故障问题,可以使用多台辅助NIS容错,同时还有负载均衡的作用
[root@rhel172_16_3_248 ~]# yum install ypserv yp-tools -y
[root@rhel172_16_3_248 ~]# vi /etc/sysconfig/network
# vim /etc/sysconfig/network
NISDOMAIN=nis
[root@rhel172_16_3_248 ~]# domainname nis
[root@rhel172_16_3_248 ~]# service portmap start
Starting portmap: [ OK ]
[root@rhel172_16_3_248 ~]# service ypserv start
Starting YP server services: [ OK ]
[root@rhel172_16_3_248 ~]# /usr/lib/yp/ypinit -s 172.16.3.244
[root@rhel172_16_3_248 ~]# rpcinfo -p
program vers proto port
100000 2 tcp 111 portmapper
100000 2 udp 111 portmapper
100004 2 udp 870 ypserv
100004 1 udp 870 ypserv
100004 2 tcp 873 ypserv
100004 1 tcp 873 ypserv
[root@rhel172_16_3_248 ~]# rpcinfo -p 172.16.3.244
program vers proto port
100000 2 tcp 111 portmapper
100000 2 udp 111 portmapper
100004 2 udp 827 ypserv
100004 1 udp 827 ypserv
100004 2 tcp 830 ypserv
100004 1 tcp 830 ypserv
[root@rhel172_16_3_248 ~]# /usr/lib/yp/ypinit -s rhel172_16_3_244
We will need a few minutes to copy the data from rhel172_16_3_244.
Transferring protocols.byname...
Trying ypxfrd ... success
Transferring rpc.bynumber...
Trying ypxfrd ... success
Transferring hosts.byaddr...
Trying ypxfrd ... success
Transferring services.byname...
Trying ypxfrd ... success
Transferring group.bygid...
Trying ypxfrd ... success
Transferring group.byname...
Trying ypxfrd ... success
Transferring passwd.byname...
Trying ypxfrd ... success
Transferring rpc.byname...
Trying ypxfrd ... success
Transferring netid.byname...
Trying ypxfrd ... success
Transferring services.byservicename...
Trying ypxfrd ... success
Transferring hosts.byname...
Trying ypxfrd ... success
Transferring protocols.bynumber...
Trying ypxfrd ... success
Transferring ypservers...
Trying ypxfrd ... success
Transferring passwd.byuid...
Trying ypxfrd ... success
Transferring mail.aliases...
Trying ypxfrd ... success
rhel172_16_3_248's NIS data base has been set up.
If there were warnings, please figure out what went wrong, and fix it.
At this point, make sure that /etc/passwd and /etc/group have
been edited so that when the NIS is activated, the data bases you
have just created will be used, instead of the /etc ASCII files.
然后再回到主服务器
1,修改NOPUSH
[root@rhel172_16_3_244 ~]# sed -i 's/NOPUSH=true/NOPUSH=false/' /var/yp/Makefile 注意,一些注释内容也会更改
2,增加辅助NIS清单
[root@rhel172_16_3_244 ~]# echo 'rhel172_16_3_248' >>/var/yp/ypservers
[root@rhel172_16_3_244 ~]# make -C /var/yp/
[root@rhel172_16_3_248 ~]# service ypxfrd start
Starting YP map server: [ OK ]