NIS即网络信息系统(network information service),是对主机帐号等系统信息提供集中管理的网络服务。NIS服务器的应用结构分为NIS服务器和NIS客户机两种角色,NIS服务器集中维护用户的帐户信息供客户机查询,类似与microsoft的域环境中的DC,但是实现的功能远没有DC那么强大,毕竟企业内部的Linux服务器数量不会 很多!
NIS服务器软件的名称为ypserv,该软件包没有被系统默认安装,需要手动进 行安装。
NIS服务器端配置:
[root@localhost ~]# !mou (挂载光盘并安装软件包)
mount /dev/cdrom /mnt
mount: block device /dev/cdrom is write-protected, mounting read-only
[root@localhost ~]# rpm -ivh /mnt/Server/ypserv-2.19-3.i386.rpm
warning: /mnt/Server/ypserv-2.19-3.i386.rpm: Header V3 DSA signature: NOKEY, key ID 37017186
Preparing... ########################################### [100%]
1:ypserv ########################################### [100%]
[root@localhost ~]# rpm -ivh /mnt/Server/xinetd-2.3.14-10.el5.i386.rpm
warning: /mnt/Server/xinetd-2.3.14-10.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID 37017186
Preparing... ########################################### [100%]
1:xinetd ########################################### [100%]
[root@localhost ~]# vi /etc/xinetd.d/time-stream
# This is the configuration for the tcp/stream time service.
service time
{
# This is for quick on or off of the service
disable = no
# The next attributes are mandatory for all services
id = time-stream
type = INTERNAL
wait = no
socket_type = stream
# protocol = socket type is usually enough
# External services must fill out the following
# user =
# group =
# server =
# server_args =
# External services not listed in /etc/services must fill out the next one
# port =
-- INSERT --
[root@localhost ~]# vi /etc/xinetd.d/time-dgram
# This is the configuration for the udp/dgram time service.
service time
{
# This is for quick on or off of the service
disable = no
# The next attributes are mandatory for all services
id = time-dgram
type = INTERNAL
wait = yes
socket_type = dgram
# protocol = socket type is usually enough
# External services must fill out the following
# user =
# group =
# server =
# server_args =
# External services not listed in /etc/services must fill out the next one
# port =
-- INSERT --
[root@localhost ~]# service xinetd restart
Stopping xinetd: [ OK ]
Starting xinetd: [ OK ]
[root@localhost ~]# nisdomainname yang
[root@localhost ~]# vi /etc/rc.d/rc.local
#!/bin/sh
#
# This script will be executed *after* all the other init scripts.
# You can put your own initialization stuff in here if you don't
# want to do the full Sys V style init stuff.
touch /var/lock/subsys/local
/bin/nisdomainname yang
[root@localhost ~]# vi /etc/sysconfig/network
NETWORKING=yes
NETWORKING_IPV6=yes
HOSTNAME=Linserv
NISDOMAIN=yang
[root@localhost ~]# vi /etc/ypserv.conf
# * : * : * : none
127.0.0.0/255.255.255.0 : * : * : none
192.168.0.0/255.255.255.0 :* : * : none
* : * : * : deny
[root@localhost ~]# vi /var/yp/securenets
host 127.0.0.1
host 192.168.0.254
[root@localhost ~]# service portmap status
portmap (pid 1590) is running...
[root@localhost ~]# service ypserv start
Starting YP server services: [ OK ]
[root@localhost ~]# service yppasswdd start
Starting YP passwd service: [ OK ]
[root@localhost ~]# chkconfig --level 35 ypserv on
[root@localhost ~]# chkconfig --level 35 yppasswdd on
[root@localhost ~]# useradd a
[root@localhost ~]# passwd a
Changing password for user a.
New UNIX password:
BAD PASSWORD: it is WAY too short
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
[root@localhost ~]# useradd b
[root@localhost ~]# passwd b
Changing password for user b.
New UNIX password:
BAD PASSWORD: it is WAY too short
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
[root@localhost ~]# /usr/lib/yp/ypinit -m
At this point, we have to construct a list of the hosts which will run NIS
servers. Linserv is in the list of NIS server hosts. Please continue to add
the names for the other hosts, one per line. When you are done with the
list, type a <control D>.
next host to add: Linserv
next host to add:(此处按crtl+d)
Linserv
Is this correct? [y/n: y] y( 此处输入y)
We need a few minutes to build the databases...
Building /var/yp/yang/ypservers...
gethostbyname(): Resource temporarily unavailable
Running /var/yp/Makefile...
gmake[1]: Entering directory `/var/yp/yang'
Updating passwd.byname...
Updating passwd.byuid...
Updating group.byname...
Updating group.bygid...
Updating hosts.byname...
Updating hosts.byaddr...
Updating rpc.byname...
Updating rpc.bynumber...
Updating services.byname...
Updating services.byservicename...
Updating netid.byname...
Updating protocols.bynumber...
Updating protocols.byname...
Updating mail.aliases...
gmake[1]: Leaving directory `/var/yp/yang'
Linserv has been set up as a NIS master server.
Now you can run ypinit -s Linserv on all slave server.
[root@localhost ~]# ls /var/yp/yang/
group.bygid mail.aliases protocols.byname services.byname
group.byname netid.byname protocols.bynumber services.byservicename
hosts.byaddr passwd.byname rpc.byname ypservers
hosts.byname passwd.byuid rpc.bynumber
NIS客户端的配置:
login as: root
root@192.168.0.254's password:
Last login: Fri Nov 14 05:10:10 2008 from 192.168.0.2
[root@localhost ~]# rpm -qa |grep ^yp
yp-tools-2.9-0.1
ypbind-1.19-7.el5
[root@localhost ~]# nisdomainname yang
[root@localhost ~]# vi /etc/rc.d/rc.local
#!/bin/sh
#
# This script will be executed *after* all the other init scripts.
# You can put your own initialization stuff in here if you don't
# want to do the full Sys V style init stuff.
touch /var/lock/subsys/local
/bin/nisdomainname yang
[root@localhost ~]# vi /etc/sysconfig/network
NETWORKING=yes
NETWORKING_IPV6=yes
HOSTNAME=localhost.localdomain
NISDOMAIN=yang
[root@localhost ~]# vi /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 localhost.localdomain localhost
::1 localhost6.localdomain6 localhost6
192.168.0.20 linserv
[root@localhost ~]# ping Linserv
PING linserv (192.168.0.20) 56(84) bytes of data.
64 bytes from linserv (192.168.0.20): icmp_seq=1 ttl=64 time=198 ms
64 bytes from linserv (192.168.0.20): icmp_seq=2 ttl=64 time=9.58 ms
64 bytes from linserv (192.168.0.20): icmp_seq=3 ttl=64 time=9.52 ms
--- linserv ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 6832ms
rtt min/avg/max/mdev = 9.526/72.462/198.274/88.962 ms
[root@localhost ~]# vi /etc/yp.conf
# /etc/yp.conf - ypbind configuration file
# Valid entries are
#
# domain NISDOMAIN server HOSTNAME
# Use server HOSTNAME for the domain NISDOMAIN.
#
# domain NISDOMAIN broadcast
# Use broadcast on the local net for domain NISDOMAIN
#
# domain NISDOMAIN slp
# Query local SLP server for ypserver supporting NISDOMAIN
#
# ypserver HOSTNAME
# Use server HOSTNAME for the local domain. The
# IP-address of server must be listed in /etc/hosts.
#
# broadcast
# If no server for the default domain is specified or
# none of them is rechable, try a broadcast call to
# find a server.
#
domain yang server Linserv
~
-- INSERT --
[root@localhost ~]# vi /etc/nsswitch.conf
passwd: files nis
shadow: files nis
group: files nis
#hosts: db files nisplus nis dns
hosts: files nis dns
[root@localhost ~]# service portmap status
portmap (pid 1717) is running...
[root@localhost ~]# service ypbind start
Turning on allow_ypbind SELinux boolean
Binding to the NIS domain: [ OK ]
Listening for an NIS domain server..
[root@localhost ~]# chkconfig --level 35 ypbind on
[root@localhost ~]# su a
bash-3.1$ exit
exit
回到服务器端配置NFS
[root@Linserv ~]# vi /etc/exports
/home 192.168.0.0/24(rw,async)
[root@Linserv ~]# service nfs start
Starting NFS services: [ OK ]
Starting NFS quotas: [ OK ]
Starting NFS daemon: [ OK ]
Starting NFS mountd: [ OK ]
回到客户端挂载/home目录
[root@localhost ~]# vi /etc/fstab
LABEL=/ / ext3 defaults 1 1
LABEL=/boot /boot ext3 defaults 1 2
devpts /dev/pts devpts gid=5,mode=620 0 0
tmpfs /dev/shm tmpfs defaults 0 0
proc /proc proc defaults 0 0
sysfs /sys sysfs defaults 0 0
LABEL=SWAP-hda2 swap swap defaults 0 0
Linserv:/home /home nfs defaults 0 0
[root@localhost ~]# mount /home
[root@localhost ~]# su a
[a@localhost root]$ exit
exit
[root@localhost ~]# su b
[b@localhost root]$ exit
exit
[root@localhost ~]#