一.NIS SERVER CONFIG
1.[root@michael ~]# rpm -qa | grep ^yp
yp-tools-2.8-7
ypserv-2.13-14
ypbind-1.17.2-8
2. [root@michael ~]# chkconfig --list | grep time
time: off
time-udp: off
daytime-udp: off
daytime: off
[root@michael ~]# chkconfig time on
[root@michael ~]# chkconfig time-udp on
[root@michael ~]# chkconfig --list | grep time
time: on
time-udp: on
daytime-udp: off
daytime: off
[root@michael ~]# service xinetd restart
Stopping xinetd: [ OK ]
Starting xinetd: [ OK ]
注意:运行YPSERV要time ,time-udp for start and start xinetd .
Tiem and tiem-udp is by(受) xinetd management(管理) 。
3.建立NIS域名。
[root@michael ~]# vi /etc/rc.d/rc.local
#!/bin/sh
#
# This script will be executed *after* all the other init scripts.
# You can put your own initialization stuff in here if you don't
# want to do the full Sys V style init stuff.
nisdomainname nisfung
touch /var/lock/subsys/local~
"/etc/rc.d/rc.local" 8L, 242C written
[root@michael ~]# vi /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=michael.fung.com
GATEWAY=192.168.1.1
NISDOMAIN=nisfung
~
"/etc/sysconfig/network" 4L, 79C written
4. [root@michael ~]# vi /etc/ypserv.conf
#
# ypserv.conf In this file you can set certain options for the NIS server,
# and you can deny or restrict access to certain maps based
# on the originating host.
#
# See ypserv.conf(5) for a description of the syntax.
#
# Some options for ypserv. This things are all not needed, if
# you have a Linux net.
# Should we do DNS lookups for hosts not found in the hosts table ?
# This option is ignored in the moment.
dns: no
# How many map file handles should be cached ?
files: 30
# Should we register ypserv with SLP ?
slp: no
# After how many seconds we should re-register ypserv with SLP ?
slp_timeout: 3600
# xfr requests are only allowed from ports < 1024
xfr_check_port: yes
#
# ypserv.conf In this file you can set certain options for the NIS server,
# and you can deny or restrict access to certain maps based
# on the originating host.
#
# See ypserv.conf(5) for a description of the syntax.
#
# Some options for ypserv. This things are all not needed, if
# you have a Linux net.
# Should we do DNS lookups for hosts not found in the hosts table ?
# This option is ignored in the moment.
dns: no
# How many map file handles should be cached ?
files: 30
# Should we register ypserv with SLP ?
slp: no
# After how many seconds we should re-register ypserv with SLP ?
slp_timeout: 3600
# xfr requests are only allowed from ports < 1024
xfr_check_port: yes
# The following, when uncommented, will give you shadow like passwords.
# Note that it will not work if you have slave NIS servers in your
# network that do not run the same server as you.
# Host : Domain : Map : Security
#
# * : * : passwd.byname : port
# * : * : passwd.byuid : port
# Not everybody should see the shadow passwords, not secure, since
# under MSDOG everbody is root and can access ports < 1024 !!!
* : * : shadow.byname : port
* : * : passwd.adjunct.byname : port
# If you comment out the next rule, ypserv and rpc.ypxfrd will
# look for YP_SECURE and YP_AUTHDES in the maps. This will make
# the security check a little bit slower, but you only have to
# change the keys on the master server, not the configuration files
# on each NIS server.
# If you have maps with YP_SECURE or YP_AUTHDES, you should create
# a rule for them above, that's much faster.
* : * : * : none(允许)
5.安全配置文件
[root@michael ~]# vi /var/yp/securenets
host 127.0.0.1
255.255.255.0 192.168.1.0
255.255.255.0 192.168.5.0
6.[root@michael ~]# service portmap restart
Stopping portmap: [ OK ]
Starting portmap: [ OK ]
[root@michael ~]# service ypserv restart
Stopping YP server services: [FAILED]
Setting NIS domain name nisfung: [ OK ]
Starting YP server services: [ OK ]
[root@michael ~]# service yppasswdd restart
Stopping YP passwd service: [FAILED]
Starting YP passwd service: [ OK ]
[root@michael ~]# chkconfig --list | grep yp
ypbind 0:off 1:off 2:off 3:off 4:off 5:off 6:off
yppasswdd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
ypxfrd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
ypserv 0:off 1:off 2:off 3:off 4:off 5:off 6:off
[root@michael ~]# chkconfig --level 35 ypserv on
[root@michael ~]# chkconfig --level 35 yppasswdd on
[root@michael ~]# chkconfig --list | grep yp
ypbind 0:off 1:off 2:off 3:off 4:off 5:off 6:off
yppasswdd 0:off 1:off 2:off 3:on 4:off 5:on 6:off
ypxfrd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
ypserv 0:off 1:off 2:off 3:on 4:off 5:on 6:off
注意:NIS service running by portmap service support(支持).
7.构建NIS DATABASE
[root@michael ~]# /usr/lib/yp/ypinit –m
At this point, we have to construct a list of the hosts which will run NIS
servers. michael.fung.com is in the list of NIS server hosts. Please continue to add
the names for the other hosts, one per line. When you are done with the
list, type a <control D>.
next host to add: michael.fung.com
next host to add: (ctrl+D)
The current list of NIS servers looks like this:
michael.fung.com
Is this correct? [y/n: y] y
We need a few minutes to build the databases...
Building /var/yp/nisfung/ypservers...
Running /var/yp/Makefile...
gmake[1]: Entering directory `/var/yp/nisfung'
Updating passwd.byname...
Updating passwd.byuid...
Updating group.byname...
Updating group.bygid...
Updating hosts.byname...
Updating hosts.byaddr...
Updating rpc.byname...
Updating rpc.bynumber...
Updating services.byname...
Updating services.byservicename...
Updating netid.byname...
Updating protocols.bynumber...
Updating protocols.byname...
Updating mail.aliases...
gmake[1]: Leaving directory `/var/yp/nisfung'
michael.fung.com has been set up as a NIS master server.
Now you can run ypinit -s michael.fung.com on all slave serve~
[root@michael ~]# ls /var/yp/nisfung (database file)
group.bygid mail.aliases protocols.byname services.byname
group.byname netid.byname protocols.bynumber services.byservicename
hosts.byaddr passwd.byname rpc.byname ypservers
hosts.byname passwd.byuid rpc.bynumber
二.NIS CLIENT CONFIG.
1. [root@gang ~]# rpm -qa | grep ^yp (client running software)
yp-tools-2.8-7
ypbind-1.17.2-8
2.config hosts file.
[root@gang ~]# vi /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 gang.feng.com gang localhost.localdomain localhost
192.168.5.1 michael.fung.com
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
"/etc/hosts" 4L, 207C written
[root@gang ~]#
3.create nis domain name.
[root@gang ~]# vi /etc/rc.d/rc.local
#!/bin/sh
#
# This script will be executed *after* all the other init scripts.
# You can put your own initialization stuff in here if you don't
# want to do the full Sys V style init stuff.
touch /var/lock/subsys/local
nisdomainname nisfung
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
"/etc/rc.d/rc.local" 8L, 242C written
[root@gang ~]# vi /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=gang.feng.com
GATEWAY=192.168.3.254
NISDOMAIN=nisfung
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
"/etc/sysconfig/network" 4L, 78C written
[root@gang ~]#
4.config yp.conf client file.
[root@gang ~]# vi /etc/yp.conf
# /etc/yp.conf - ypbind configuration file
# Valid entries are
#
# domain NISDOMAIN server HOSTNAME
# Use server HOSTNAME for the domain NISDOMAIN.
nisfung NISDOMAIN michael HOSTNME
#
# domain NISDOMAIN broadcast
# Use broadcast on the local net for domain NISDOMAIN
#
# domain NISDOMAIN slp
# Query local SLP server for ypserver supporting NISDOMAIN
#
# ypserver HOSTNAME
# Use server HOSTNAME for the local domain. The
# IP-address of server must be listed in /etc/hosts.
#
# broadcast
# If no server for the default domain is specified or
# none of them is rechable, try a broadcast call to
# find a server.
#
~
"/etc/yp.conf" 22L, 615C written
5.config nsswitch.conf file.
[root@gang ~]# vi /etc/nsswitch.conf
#
# /etc/nsswitch.conf
#
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
#
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
#
# Legal entries are:
#
# nis or yp Use NIS (NIS version 2), also called YP
# dns Use DNS (Domain Name Service)
# files Use the local files
# db Use the local database (.db) files
# compat Use NIS on compat mode
# hesiod Use Hesiod for user lookups
# ldap Use LDAP (only if nss_ldap is installed)
# nisplus or nis+ Use NIS+ (NIS version 3), unsupported
# [NOTFOUND=return] Stop searching if not found so far
#
# To use db, put the "db" in front of "files" for entries you want to be
# looked up first in the databases
#
# Example:
#passwd: db files ldap nis
#shadow: db files ldap nis
#group: db files ldap nis
passwd: files
shadow: files
# Example:
#passwd: db files ldap nis
#shadow: db files ldap nis
#group: db files ldap nis
passwd: nis files
shadow: nis files
group: nis files
#hosts: db files ldap nis dns
hosts: files dns
# Example - obey only what ldap tells us...
#services: ldap [NOTFOUND=return] files
#networks: ldap [NOTFOUND=return] files
#protocols: ldap [NOTFOUND=return] files
#rpc: ldap [NOTFOUND=return] files
#ethers: ldap [NOTFOUND=return] files
bootparams: files
ethers: files
netmasks: files
networks: files
"/etc/nsswitch.conf" 58L, 1639C written
6.start service
[root@gang ~]# service portmap restart
Stopping portmap: [ OK ]
Starting portmap: [ OK ]
[root@gang ~]# service ypbind restart
Shutting down NIS services: [ OK ]
Binding to the NIS domain: [ OK ]
Listening for an NIS domain server.
[root@gang ~]# chkconfig --list | grep yp
ypbind 0:off 1:off 2:off 3:off 4:off 5:off 6:off
[root@gang ~]# chkconfig --level 35 ypbind on
[root@gang ~]# chkconfig --list | grep yp
ypbind 0:off 1:off 2:off 3:on 4:off 5:on 6:off
[root@gang ~]#
7.test client and server the connect(连通)
[root@gang ~]# yptest
Test 1: domainname
Configured domainname is "nisfung"
Test 2: ypbind
Used NIS server: michael.fung.com
Test 3: yp_match
WARNING: No such key in map (Map passwd.byname, key nobody)
Test 4: yp_first
WARNING: No such key in map (Map passwd.byname)
Test 5: yp_next
-- skipped --
Test 6: yp_master
michael.fung.com
Test 7: yp_order
0
Test 8: yp_maplist
passwd.byuid
services.byservicename
services.byname
hosts.byname
mail.aliases
group.byname
passwd.byname
rpc.byname
hosts.byaddr
group.bygid
protocols.byname
netid.byname
rpc.bynumber
protocols.bynumber
ypservers
Test 9: yp_all
2 tests failed
[root@gang ~]# ypwhich (test server hostname)
michael.fung.com
[root@gang ~]# ypwhich –x (test server database and mapping <映射> file name)
Use "ethers" for map "ethers.byname"
Use "aliases" for map "mail.aliases"
Use "services" for map "services.byname"
Use "protocols" for map "protocols.bynumber"
Use "hosts" for map "hosts.byname"
Use "networks" for map "networks.byaddr"
Use "group" for map "group.byname"
Use "passwd" for map "passwd.byname"
[root@gang ~]# ypcat hosts (ls server 指定 the database content<内容>)
127.0.0.1 localhost.localdomain localhost
127.0.0.1 localhost.localdomain localhost
192.168.5.1 michael.fung.com michael
192.168.5.1 michael.fung.com michael
8.NIS server user login client
Login : abc
Password: 111111
Last login: Fri Jul 31 03:50:07 2009
Could not chdir to home directory /home/abc: No such file or directory
-bash-3.00$
三.NIS SERVER AND NFS RELEVANT CONFIG
1. [root@michael ~]# vi /etc/exports
/home 192.168.5.0/24(rw) ~
~
~
~
~"/etc/exports" 1L, 34C written
<server config “/etc/exports” file 中添加 “/home” 共享目录设置>
2.start NIS server in NFS server script
root@michael ~]# service nfs restart
Shutting down NFS mountd: [ OK ]
Shutting down NFS daemon: [ OK ]
Shutting down NFS quotas: [ OK ]
Shutting down NFS services: [ OK ]
Starting NFS services: [ OK ]
Starting NFS quotas: [ OK ]
Starting NFS daemon: [ OK ]
Starting NFS mountd: [ OK ]
3.client in mount NIS server in the shared directory.
[root@gang ~]# vi /etc/fstab <config client boot auto mount>
# This file is edited by fstab-sync - see 'man fstab-sync' for details
LABEL=/ / ext3 defaults 1 1
LABEL=/boot /boot ext3 defaults 1 2
none /dev/pts devpts gid=5,mode=620 0 0
none /dev/shm tmpfs defaults 0 0
michael:/home/ /home nfs defaults 0 0
none /proc proc defaults 0 0
none /sys sysfs defaults 0 0
LABEL=SWAP-sda3 swap swap defaults 0 0
/dev/hdc /media/cdrom auto pamconsole,exec,noauto,managed 0 0
/dev/fd0 /media/floppy auto pamconsole,exec,noauto,managed 0 0
"/etc/fstab" 11L, 861C written
[root@gang ~]# cd /home
[root@gang home]# ls
[root@gang home]# ll
total 0.
[root@gang ~]# mount /home
[root@gang ~]# cd /home
'[root@gang home]# ls
abc abc1 fung
4.server user in clinet relogin NIS server.
Login : abc
Password:
Last login: Fri Jul 31 03:52:01 2009 from 192.168.5.199
[abc@gang ~]$
[abc@gang ~]$
“And first login NIS server have the different(不同).
四.问题处理:
KEY:( 重点): IN config NIS server when(时)
1. If config when(前) add user .config over can in client use(用) server user login NIS server.
2. If config over NIS server ,add login NIS server user. Can not login NIS server.TO(要) running :
[root@michael ~]# /usr/lib/yp/ypinit –m (重新加载NIS database)
