RHEL 5.3 NIS 服务搭建
#1.about NIS
NIS NIS (Network Information Service)网络信息服务,类似于windows AD.简单说就是客户端登陆验证全部都交给NIS服务器来处理。
在 NIS 环境中, 有三种类型的主机:
1.主服务器(master)
2.从服务器(slave)
3.客户机    (client)

#2工作原理

1.server开启后会用portmapper 分配端口给ypserv进程 和 yppasswd进程
2.client登陆验证时client的ypbind进程会去连接server的portmapper
3.server在指定一个port给client
4.client的ypbind用刚刚被指定的port号和ypserv来连线并作验证
5.client修改passwd时,client的yppasswd和server的yppasswd来沟通

#3.服务所需软件包
[root@ns ~]# rpm -qa  yp*
yp-tools-2.9-0.1       
ypbind-1.19-11.el5
ypserv-2.19-5.el5

#portmap不是NIS服务器的包,但NIS和必须依赖他
[root@ns ~]# rpm -qa  portmap
portmap-4.0-65.2.2.1

#################################################################################################
#4.配置NIS服务器

#添加NIS域名
[root@ns ~]# nisdomainname jshlx-nis
[root@ns ~]# echo "NISDOMAIN=jshlx-nis" >> /etc/sysconfig/network

[root@ns ~]# /etc/init.d/ypserv start 
Starting YP server services:                               [  OK  ]
[root@ns ~]# /etc/init.d/yppasswdd start
Starting YP passwd service:                                [  OK  ]

#修改为开机自启动服务
[root@ns ~]# chkconfig ypserv on
[root@ns ~]# chkconfig yppasswdd on

#添加一个普通账号,用于测试,如果有这步就不用了。
[root@ns ~]# useradd simp
[root@ns ~]# passwd simp

[root@ns ~]# /usr/lib/yp/ypinit -m

At this point, we have to construct a list of the hosts which will run NIS
servers.  ns.simp.com is in the list of NIS server hosts.  Please continue to add
the names for the other hosts, one per line.  When you are done with the
list, type a <control D>.
        next host to add:  ns.simp.com
        next host to add: 
The current list of NIS servers looks like this:

ns.simp.com

Is this correct?  [y/n: y]  y
We need a few minutes to build the databases...
Building /var/yp/jshlx-nis/ypservers...
Running /var/yp/Makefile...
gmake[1]: Entering directory `/var/yp/jshlx-nis'
Updating passwd.byname...
Updating passwd.byuid...
Updating group.byname...
Updating group.bygid...
Updating hosts.byname...
Updating hosts.byaddr...
Updating rpc.byname...
Updating rpc.bynumber...
Updating services.byname...
Updating services.byservicename...
Updating netid.byname...
Updating protocols.bynumber...
Updating protocols.byname...
Updating mail.aliases...
gmake[1]: Leaving directory `/var/yp/jshlx-nis'

ns.simp.com has been set up as a NIS master server.

Now you can run ypinit -s ns.simp.com on all slave server.

#将NIS服务器主配置文件的最后一段的#号去了,意为允许所有的主机加入所有的域,安全问题我们稍后解答。
[root@ns ~]# tail -n 2 /etc/ypserv.conf
*                        : *       : *                : none

[root@ns ~]# vi /var/yp/Makefile
找到all: 这一行修改如下:设置共享的范围。
117 all:  passwd group \

#############################################################################################
client 配置

authconfig-tui - (c) 1999-2005 Red Hat, Inc.                                              
            +----------------| Authentication Configuration +-----------------+           
            |                                                                 |           
            |  User Information        Authentication                         |           
            |  [ ] Cache Information   [*] Use MD5 Passwords                  |           
            |  [ ] Use Hesiod          [*] Use Shadow Passwords               |           
            |  [ ] Use LDAP            [ ] Use LDAP Authentication            |           
            |  [*] Use NIS             [ ] Use Kerberos                       |           
            |  [ ] Use Winbind         [ ] Use SMB Authentication             |           
            |                          [ ] Use Winbind Authentication         |           
            |                          [ ] Local authorization is sufficient  |           
            |                                                                 |           
            |            +--------+                      +------+             |           
            |            | Cancel |                      | Next |             |           
            |            +--------+                      +------+             |           
            |                                                                 |           
            |                                                                 |           
            +-----------------------------------------------------------------+           
<Tab>/<Alt-Tab> between elements   |   <Space> selects   |  <F12> next screen        
authconfig-tui - (c) 1999-2005 Red Hat, Inc.                                              
                   +-----------------| NIS Settings +-----------------+                   
                   |                                                  |                   
                   | Domain: jshlx-nis_______________________________ |                   
                   | Server: 192.168.5.3_____________________________ |                   
                   |                                                  |                   
                   |         +------+                 +----+          |                   
                   |         | Back |                 | Ok |          |                   
                   |         +------+                 +----+          |                   
                   |                                                  |                   
                   |                                                  |                   
                   +--------------------------------------------------+                   
<Tab>/<Alt-Tab> between elements   |   <Space> selects   |  <F12> next screen  
Stopping portmap:                                          [  OK  ]
Starting portmap:                                          [  OK  ]
Shutting down NIS services:                                [  OK  ]
Binding to the NIS domain:                                 [  OK  ]
Listening for an NIS domain server..

####################################################################################################
#这时候注销用之前新建的普通账号登录就会出现以下信息。
Last login: Fri Oct  9 17:43:30 2009
No directory /home/simp!                
Logging in with home = "/".
-bash-3.2$

#上面已经登录成功,但是却提示没有家目录,只需要在server端开共享即可
[root@ns ~]# echo "/home 192.168.5.0/24(rw,sync)" &gt;&gt; /etc/exports        
[root@ns ~]# exportfs  -r
[root@ns ~]# showmount -e localhost
Export list for localhost:
/home    192.168.5.0/24

[root@ns ~]# /etc/init.d/nfs start
[root@ns ~]# chkconfig nfs on

#客户端挂载服务器端的/home到本地的/home
[root@ns ~]# mount.nfs 192.168.5.3:/home /home/

#客户端重新登录后,就不在有找不到家目录的提示了
Last login: Fri Oct  9 17:53:34 2009 from 192.168.0.19
[simp@ns ~]$

####################################################################################################
进阶设置
[root@ns ~]# mkdir /nis_home
[root@ns ~]# chmod 1777 /nis_home/
[root@ns ~]# useradd -Db /nis_home/
[root@ns ~]# useradd nis1
[root@ns ~]# passwd nis1
Changing password for user nis1.
New UNIX password:
BAD PASSWORD: it is too simplistic/systematic
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
[root@ns ~]# useradd nis2
[root@ns ~]# passwd nis2
Changing password for user nis2.
New UNIX password:
BAD PASSWORD: it is too simplistic/systematic
Retype new UNIX password:
passwd: all authentication tokens updated successfully.

[root@ns ~]# echo "/nis_home/   192.168.5.0/24(rw,sync)" &gt;&gt; /etc/exports
[root@ns ~]# exportfs -r                                            
[root@ns ~]# showmount -e localhost                                  Export list for localhost:
/nis_home 192.168.5.0/24

[/root]#echo "/nis_home       /etc/auto.home    --timeout=600" &gt;&gt; /etc/auto.master
[/root]#echo "*               -rw,soft,intr           192.168.5.3:/nis_home/&" &gt;&gt; /etc/auto.home

[/etc]#/etc/init.d/autofs restart
[/etc]#su - nis1
[nis1@ns ~]$
[/etc]#mount
/dev/sda1 on / type ext3 (rw)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)
tmpfs on /dev/shm type tmpfs (rw)
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw)
none on /proc/fs/vmblock/mountPoint type vmblock (rw)
nfsd on /proc/fs/nfsd type nfsd (rw)
192.168.5.3:/nis_home/nis1 on /nis_home/nis1 type nfs (rw,soft,initr,addr=192.168.5.3)

[root@ns ~]# rpcinfo -p  $hostname
   program vers proto   port
    100000    2   tcp    111  portmapper
    100000    2   udp    111  portmapper
    100024    1   udp    675  status
    100024    1   tcp    678  status
    100004    2   udp    616  ypserv
    100004    1   udp    616  ypserv
    100004    2   tcp    619  ypserv
    100004    1   tcp    619  ypserv
    100009    1   udp    630  yppasswdd
    100011    1   udp    695  rquotad
    100011    2   udp    695  rquotad
    100011    1   tcp    698  rquotad
    100011    2   tcp    698  rquotad
    100003    2   udp   2049  nfs
    100003    3   udp   2049  nfs
    100003    4   udp   2049  nfs
    100021    1   udp  43122  nlockmgr
    100021    3   udp  43122  nlockmgr
    100021    4   udp  43122  nlockmgr
    100003    2   tcp   2049  nfs
    100003    3   tcp   2049  nfs
    100003    4   tcp   2049  nfs
    100021    1   tcp  52450  nlockmgr
    100021    3   tcp  52450  nlockmgr
    100021    4   tcp  52450  nlockmgr
    100005    1   udp    709  mountd
    100005    1   tcp    712  mountd
    100005    2   udp    709  mountd
    100005    2   tcp    712  mountd
    100005    3   udp    709  mountd
    100005    3   tcp    712  mountd