NIS学习笔记

简介: 平台:rhel5.4_x86 软件包:ypserv,ypbind,yp-tools 服务器:172.16.3.244 辅助:172.16.3.248 客户端:172.16.3.245 防火墙关闭 [root@rhel172_16_3_244 ~]# yum search yp |grep ^yp ypbind.i386 : 把 NIS 客户绑定到 NIS 域的 NIS 守护进程。

平台:rhel5.4_x86
软件包:ypserv,ypbind,yp-tools
服务器:172.16.3.244
辅助:172.16.3.248
客户端:172.16.3.245
防火墙关闭

[root@rhel172_16_3_244 ~]# yum search yp |grep ^yp
ypbind.i386 : 把 NIS 客户绑定到 NIS 域的 NIS 守护进程。
yp-tools.i386 : NIS (或 YP) 客户程序。
ypserv.i386 : NIS (网络信息服务)服务器。
创建一个测试用户:
[root@rhel172_16_3_244 ~]# useradd talen -m
[root@rhel172_16_3_244 ~]# passwd talen
Changing password for user talen.
New UNIX password:
BAD PASSWORD: it is too short
Retype new UNIX password:
passwd: all authentication tokens updated successfully.

安装软件包:
做为服务器
[root@rhel172_16_3_244 ~]# yum install  ypserv yp-tools -y
做为客户端
[root@rhel172_16_3_244 ~]# yum install yp-tools ypbind -y

设置NIS域名
[root@rhel172_16_3_244 ~]# vim /etc/sysconfig/network
NISDOMAIN=nis
重起服务器后生效。临时生效可以使用domainname命令
[root@rhel172_16_3_244 ~]# domainname nis
[root@rhel172_16_3_244 ~]# domainname
nis
与NIS有关的服务
ypbind             0:关闭    1:关闭    2:关闭    3:关闭    4:关闭    5:关闭    6:关闭
yppasswdd    0:关闭    1:关闭    2:关闭    3:关闭    4:关闭    5:关闭    6:关闭    客户端开启修改域密码权限
ypserv             0:关闭    1:关闭    2:关闭    3:关闭    4:关闭    5:关闭    6:关闭    NIS必须开启的服务
ypxfrd             0:关闭    1:关闭    2:关闭    3:关闭    4:关闭    5:关闭    6:关闭    主辅域服务器同步数据
[root@rhel172_16_3_244 ~]# service portmap start
Starting portmap:                                          [  OK  ]
[root@rhel172_16_3_244 ~]# netstat -natp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name    
tcp        0      0 0.0.0.0:111                 0.0.0.0:*                   LISTEN      5808/portmap
[root@rhel172_16_3_244 ~]# chkconfig ypserv on
[root@rhel172_16_3_244 ~]# service ypserv start
启动 YP 服务器的服务:                                     [确定]
如果有辅助服务器,开启ypxfrd服务
[root@rhel172_16_3_244 ~]# service ypxfrd start
启动 YP 映射图服务器:                                     [确定]

产生NIS数据库文件/var/yp/Makefile
[root@rhel172_16_3_244 ~]# vim /var/yp/Makefile
其中比较重要的是all:NIS要配置的数据
# If you don't want some of these maps built, feel free to comment
# them out from this list.

all:  passwd group hosts rpc services netid protocols mail \
        # netgrp shadow publickey networks ethers bootparams printcap \
        # amd.home auto.master auto.home auto.local passwd.adjunct \
        # timezone locale netmasks
       
初始化NIS数据库
[root@rhel172_16_3_244 ~]# /usr/lib/yp/ypinit --help
usage:
  ypinit -m
  ypinit -s master

where -m is used to build the data bases on a master NIS server,
and -s is used for a slave data base. master must be an existing
reachable NIS server.
由于本机是主服务器,加上-m选项
[root@rhel172_16_3_244 ~]# /usr/lib/yp/ypinit -m

At this point, we have to construct a list of the hosts which will run NIS
servers.  rhel172_16_3_244 is in the list of NIS server hosts.  Please continue to add
the names for the other hosts, one per line.  When you are done with the
list, type a .
    next host to add:  rhel172_16_3_244    这里只有本机
    next host to add:                      输入CTRL+D
The current list of NIS servers looks like this:

rhel172_16_3_244

Is this correct?  [y/n: y]                      回车
We need a few minutes to build the databases...
Building /var/yp/nis/ypservers...
gethostbyname(): Success
Running /var/yp/Makefile...
gmake[1]: Entering directory `/var/yp/nis'
Updating passwd.byname...
Updating passwd.byuid...
Updating group.byname...
Updating group.bygid...
Updating hosts.byname...
Updating hosts.byaddr...
Updating rpc.byname...
Updating rpc.bynumber...
Updating services.byname...
Updating services.byservicename...
Updating netid.byname...
Updating protocols.bynumber...
Updating protocols.byname...
Updating mail.aliases...
gmake[1]: Leaving directory `/var/yp/nis'

rhel172_16_3_244 has been set up as a NIS master server.

Now you can run ypinit -s rhel172_16_3_244 on all slave server.


此时在/var/yp目录下生成了域nis的数据文件。
[root@rhel172_16_3_244 ~]# ls -l /var/yp/*
-rw-r--r-- 1 root root 16669 2008-08-11 /var/yp/Makefile
-rw-r--r-- 1 root root   185 2006-07-13 /var/yp/nicknames
-rw-r--r-- 1 root root    17 08-26 14:26 /var/yp/ypservers

/var/yp/binding:
总计 0

/var/yp/nis:
总计 2196
-rw------- 1 root root   12418 08-26 14:27 group.bygid
-rw------- 1 root root   12419 08-26 14:27 group.byname
-rw------- 1 root root   12535 08-26 14:27 hosts.byaddr
-rw------- 1 root root   12549 08-26 14:27 hosts.byname
-rw------- 1 root root   13174 08-26 14:27 mail.aliases
-rw------- 1 root root   13092 08-26 14:27 netid.byname
-rw------- 1 root root   12484 08-26 14:27 passwd.byname
-rw------- 1 root root   12483 08-26 14:27 passwd.byuid
-rw------- 1 root root   29211 08-26 14:27 protocols.byname
-rw------- 1 root root   14573 08-26 14:27 protocols.bynumber
-rw------- 1 root root   16384 08-26 14:27 rpc.byname
-rw------- 1 root root   14236 08-26 14:27 rpc.bynumber
-rw------- 1 root root  766110 08-26 14:27 services.byname
-rw------- 1 root root 1470490 08-26 14:27 services.byservicename
-rw------- 1 root root   12376 08-26 14:27 ypservers
[root@rhel172_16_3_244 ~]# netstat -nap |grep ypserv
tcp        0      0 0.0.0.0:830                 0.0.0.0:*                   LISTEN      6161/ypserv        
udp        0      0 0.0.0.0:827                 0.0.0.0:*                               6161/ypserv


配置客户端
[root@rhel172_16_3_245 ~]# yum install ypbind yp-tools -y

[root@rhel172_16_3_245 ~]# chkconfig ypbind on
[root@rhel172_16_3_245 ~]# service ypbind start
Error: NIS domain name is not set.                         [FAILED]
[root@rhel172_16_3_245 ~]# vim /etc/sysconfig/network
NISDOMAIN=nis
[root@rhel172_16_3_245 ~]# domainname nis
[root@rhel172_16_3_245 ~]# domainname
nis
[root@rhel172_16_3_245 ~]# service ypbind start
Binding to the NIS domain:                                 [  OK  ]
Listening for an NIS domain server.rpcinfo: can't contact portmapper: RPC: Remote system error - Connection refused
[root@rhel172_16_3_245 ~]# service portmap status
portmap is stopped
[root@rhel172_16_3_245 ~]# service portmap start
Starting portmap:                                          [  OK  ]
[root@rhel172_16_3_245 ~]# netstat -natp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name    
tcp        0      0 0.0.0.0:111                 0.0.0.0:*                   LISTEN      5808/portmap

[root@rhel172_16_3_245 ~]# telnet 172.16.3.244 111    远程portmap端口是通的。
Trying 172.16.3.244...
Connected to 172.16.3.244 (172.16.3.244).
Escape character is '^]'.
[root@rhel172_16_3_245 ~]# rpcinfo -p 本机rpc注册OK
   程序 版本 协议   端口
    100000    2   tcp    111  portmapper
    100000    2   udp    111  portmapper
    100004    2   udp    827  ypserv
    100004    1   udp    827  ypserv
    100004    2   tcp    830  ypserv
    100004    1   tcp    830  ypserv
[root@rhel172_16_3_245 ~]# rpcinfo -p 172.16.3.244    远程服务器OK
   program vers proto   port
    100000    2   tcp    111  portmapper
    100000    2   udp    111  portmapper
    100004    2   udp    827  ypserv
    100004    1   udp    827  ypserv
    100004    2   tcp    830  ypserv
    100004    1   tcp    830  ypserv

[root@rhel172_16_3_245 ~]# echo 'domain nis server 172.16.3.244' >> /etc/yp.conf
[root@rhel172_16_3_245 ~]# echo 'domain nis server 172.16.3.248' >> /etc/yp.conf
[root@rhel172_16_3_245 ~]# service ypbind start
Binding to the NIS domain:                                 [  OK  ]
Listening for an NIS domain server.
也可以使用文本模式的配置工具
[root@rhel172_16_3_245 ~]# authconfig-tui
Stopping portmap:                                          [  OK  ]
Starting portmap:                                          [  OK  ]
Shutting down NIS services:                                [  OK  ]
Binding to the NIS domain:                                 [  OK  ]
Listening for an NIS domain server.

[root@rhel172_16_3_245 ~]# yptest -u talen
Test 1: domainname
Configured domainname is "nis"

Test 2: ypbind
Used NIS server: rhel172_16_3_244

Test 3: yp_match
talen:$1$hMJnBx70$3vBLoe3b6YpFiY1LH.ESz.:501:501::/home/talen:/bin/bash

Test 4: yp_first
sky sky:$1$lnUnTVK1$LxsUjGrGZvNJhGUWimpyZ/:500:500:skymobi:/home/sky:/bin/bash

Test 5: yp_next
talen talen:$1$hMJnBx70$3vBLoe3b6YpFiY1LH.ESz.:501:501::/home/talen:/bin/bash

Test 6: yp_master
rhel172_16_3_244

Test 7: yp_order
1314343321

Test 8: yp_maplist
protocols.byname
rpc.bynumber
hosts.byaddr
services.byname
group.bygid
group.byname
passwd.byname
rpc.byname
netid.byname
services.byservicename
hosts.byname
protocols.bynumber
ypservers
passwd.byuid
mail.aliases

Test 9: yp_all
sky sky:$1$lnUnTVK1$LxsUjGrGZvNJhGUWimpyZ/:500:500:skymobi:/home/sky:/bin/bash
talen talen:$1$hMJnBx70$3vBLoe3b6YpFiY1LH.ESz.:501:501::/home/talen:/bin/bash
All tests passed

[root@rhel172_16_3_245 ~]# ypwhich     查询在哪个域注册
rhel172_16_3_244
[root@rhel172_16_3_245 ~]# ypwhich -m    查询NIS对应数据
protocols.byname rhel172_16_3_244
rpc.bynumber rhel172_16_3_244
hosts.byaddr rhel172_16_3_244
services.byname rhel172_16_3_244
group.bygid rhel172_16_3_244
group.byname rhel172_16_3_244
passwd.byname rhel172_16_3_244
rpc.byname rhel172_16_3_244
netid.byname rhel172_16_3_244
services.byservicename rhel172_16_3_244
hosts.byname rhel172_16_3_244
protocols.bynumber rhel172_16_3_244
ypservers rhel172_16_3_244
passwd.byuid rhel172_16_3_244
mail.aliases rhel172_16_3_244
[root@rhel172_16_3_245 ~]# ypwhich -x    查询别名
Use "ethers"    for map "ethers.byname"
Use "aliases"    for map "mail.aliases"
Use "services"    for map "services.byname"
Use "protocols"    for map "protocols.bynumber"
Use "hosts"    for map "hosts.byname"
Use "networks"    for map "networks.byaddr"
Use "group"    for map "group.byname"
Use "passwd"    for map "passwd.byname"
查询数据库的内容:
[root@rhel172_16_3_245 ~]# ypcat passwd
sky:$1$lnUnTVK1$LxsUjGrGZvNJhGUWimpyZ/:500:500:skymobi:/home/sky:/bin/bash
talen:$1$hMJnBx70$3vBLoe3b6YpFiY1LH.ESz.:501:501::/home/talen:/bin/bash
ypcat如果查询量大的话会造成网络拥挤,可以使用ypmatch来对比数据
[root@rhel172_16_3_245 ~]# ypmatch talen passwd
talen:$1$hMJnBx70$3vBLoe3b6YpFiY1LH.ESz.:501:501::/home/talen:/bin/bash

更新数据库
如果服务器更改了数据,如新添加一个用户,NIS并没有更新,会造成客户端无法找到此用户
[root@rhel172_16_3_244 ~]# make -C /var/yp/
make: Entering directory `/var/yp'
gmake[1]: Entering directory `/var/yp/nis'
Updating netid.byname...
gmake[1]: Leaving directory `/var/yp/nis'
make: Leaving directory `/var/yp'


添加辅助NIS
为防止只有一台NIS服务器带来的单点故障问题,可以使用多台辅助NIS容错,同时还有负载均衡的作用
[root@rhel172_16_3_248 ~]# yum install ypserv yp-tools -y
[root@rhel172_16_3_248 ~]# vi /etc/sysconfig/network
# vim /etc/sysconfig/network
NISDOMAIN=nis
[root@rhel172_16_3_248 ~]# domainname nis
[root@rhel172_16_3_248 ~]# service portmap start
Starting portmap:                                          [  OK  ]
[root@rhel172_16_3_248 ~]# service ypserv start
Starting YP server services:                               [  OK  ]
[root@rhel172_16_3_248 ~]# /usr/lib/yp/ypinit -s 172.16.3.244
[root@rhel172_16_3_248 ~]# rpcinfo -p
   program vers proto   port
    100000    2   tcp    111  portmapper
    100000    2   udp    111  portmapper
    100004    2   udp    870  ypserv
    100004    1   udp    870  ypserv
    100004    2   tcp    873  ypserv
    100004    1   tcp    873  ypserv
[root@rhel172_16_3_248 ~]# rpcinfo -p 172.16.3.244
   program vers proto   port
    100000    2   tcp    111  portmapper
    100000    2   udp    111  portmapper
    100004    2   udp    827  ypserv
    100004    1   udp    827  ypserv
    100004    2   tcp    830  ypserv
    100004    1   tcp    830  ypserv
[root@rhel172_16_3_248 ~]# /usr/lib/yp/ypinit -s rhel172_16_3_244
We will need a few minutes to copy the data from rhel172_16_3_244.
Transferring protocols.byname...
Trying ypxfrd ... success

Transferring rpc.bynumber...
Trying ypxfrd ... success

Transferring hosts.byaddr...
Trying ypxfrd ... success

Transferring services.byname...
Trying ypxfrd ... success

Transferring group.bygid...
Trying ypxfrd ... success

Transferring group.byname...
Trying ypxfrd ... success

Transferring passwd.byname...
Trying ypxfrd ... success

Transferring rpc.byname...
Trying ypxfrd ... success

Transferring netid.byname...
Trying ypxfrd ... success

Transferring services.byservicename...
Trying ypxfrd ... success

Transferring hosts.byname...
Trying ypxfrd ... success

Transferring protocols.bynumber...
Trying ypxfrd ... success

Transferring ypservers...
Trying ypxfrd ... success

Transferring passwd.byuid...
Trying ypxfrd ... success

Transferring mail.aliases...
Trying ypxfrd ... success


rhel172_16_3_248's NIS data base has been set up.
If there were warnings, please figure out what went wrong, and fix it.

At this point, make sure that /etc/passwd and /etc/group have
been edited so that when the NIS is activated, the data bases you
have just created will be used, instead of the /etc ASCII files.
然后再回到主服务器
1,修改NOPUSH
[root@rhel172_16_3_244 ~]# sed -i 's/NOPUSH=true/NOPUSH=false/' /var/yp/Makefile    注意,一些注释内容也会更改
2,增加辅助NIS清单
[root@rhel172_16_3_244 ~]# echo 'rhel172_16_3_248' >>/var/yp/ypservers
[root@rhel172_16_3_244 ~]# make -C /var/yp/




[root@rhel172_16_3_248 ~]# service ypxfrd start
Starting YP map server:                                    [  OK  ]

目录
相关文章
|
数据库 数据安全/隐私保护
|
开发工具 Shell 网络协议
NIS 服务器搭建(账号服务器)
#!/bin/bash #nis software list #yp-tools search nis #ypbind nis client #ypserv nis server #rpcbind yum -y install yp-tools ypbind ypserv rpcbind; #/etc/ypserv.
1278 0
|
网络协议 关系型数据库 Linux