标签:配置nis服务器 配置nis客户端 配置nis slave
Configure NIS Server in order to share users‘ accounts in your local networks.
This example is based on the environment below.
+----------------------+ | +----------------------+
| [ NIS Server ] |10.0.0.30 | 10.0.0.31| [ NIS Client ] |
| dlp.srv.world +----------+----------+ www.srv.world |
| | | |
+----------------------+ +----------------------+
[1] Configure NIS Server.
[root@dlp ~]# yum -y install ypserv rpcbind
# set NIS domain name
[root@dlp ~]# ypdomainname srv.world
[root@dlp ~]# echo "NISDOMAIN=srv.world" >> /etc/sysconfig/network
[root@dlp ~]# vi /var/yp/securenets
# add IP addresses you allow to access to NIS server
255.0.0.0 127.0.0.0
255.255.255.0 10.0.0.0
[root@dlp ~]# vi /etc/hosts
# add server and clients‘ IP address for NIS database
10.0.0.30 dlp.srv.world dlp
10.0.0.31 www.srv.world www
[root@dlp ~]# systemctl start rpcbind ypserv ypxfrd yppasswdd
[root@dlp ~]# systemctl enable rpcbind ypserv ypxfrd yppasswdd
# update NIS database
[root@dlp ~]# /usr/lib64/yp/ypinit -m
At this point, we have to construct a list of the hosts which will run NIS servers. dlp is in the list of NIS server hosts. Please continue to add the names for the other hosts, one per line. When you are done with the
list, type a <control D>.
next host to add: dlp.srv.world
next host to add:# Ctrl + D key
The current list of NIS servers looks like this:
dlp.srv.world
Is this correct? [y/n: y] y# y key and Enter
We need a few minutes to build the databases...
Building /var/yp/srv.world/ypservers...
Running /var/yp/Makefile...
gmake[1]: Entering directory `/var/yp/srv.world‘
Updating passwd.byname...
Updating passwd.byuid...
Updating shadow.byname...
Updating group.byname...
Updating group.bygid...
Updating hosts.byname...
Updating hosts.byaddr...
Updating rpc.byname...
Updating rpc.bynumber...
Updating services.byname...
Updating services.byservicename...
Updating netid.byname...
Updating protocols.bynumber...
Updating protocols.byname...
Updating mail.aliases...
gmake[1]: Leaving directory `/var/yp/srv.world‘
dlp.srv.world has been set up as a NIS master server.
Now you can run ypinit -s dlp on all slave server.
[2] If you added users in local server, apply them to NIS database, too.
[root@dlp ~]# cd /var/yp
[root@dlp yp]# make
[3] If Firewalld is running, it needs to allow NIS services or ports. Some services listen different ports when they restart, so fix ports for them and allow them by Firewalld.
[root@dlp ~]# vi /etc/sysconfig/network
# add to the end
YPSERV_ARGS="-p 944"
YPXFRD_ARGS="-p 945"
[root@dlp ~]# vi /etc/sysconfig/yppasswdd
# add like follows
YPPASSWDD_ARGS="--port 946"
[root@dlp ~]# systemctl restart rpcbind ypserv ypxfrd yppasswdd
[root@dlp ~]# firewall-cmd --add-service=rpc-bind --permanent
[root@dlp ~]# firewall-cmd --add-port=944/tcp --permanent
[root@dlp ~]# firewall-cmd --add-port=944/udp --permanent
[root@dlp ~]# firewall-cmd --add-port=945/tcp --permanent
[root@dlp ~]# firewall-cmd --add-port=945/udp --permanent
[root@dlp ~]# firewall-cmd --add-port=946/udp --permanent
[root@dlp ~]# firewall-cmd –reload
Configure NIS Client.
This example is based on the environment below.
+----------------------+ | +----------------------+
| [ NIS Server ] |10.0.0.30 | 10.0.0.31| [ NIS Client ] |
| dlp.srv.world +----------+----------+ www.srv.world |
| | | |
+----------------------+ +----------------------+
[1] Configure on NIS client.
[root@www ~]# yum -y install ypbind rpcbind
# set NIS domain
[root@www ~]# ypdomainname srv.world
[root@www ~]# echo "NISDOMAIN=srv.world" >> /etc/sysconfig/network
[root@www ~]# vi /etc/hosts
# add IP addresses for NIS server and clients
10.0.0.30 dlp.srv.world dlp
10.0.0.31 www.srv.world www
[root@www ~]# authconfig \
--enablenis \
--nisdomain=srv.world \
--nisserver=dlp.srv.world \
--enablemkhomedir \
--update
[root@www ~]# systemctl start rpcbind ypbind
[root@www ~]# systemctl enable rpcbind ypbind
[root@www ~]# exit
www login: redhat# NIS user
Password:# set password
Creating directory ‘/home/redhat‘.
[redhat@www ~]$ # just logined
# validation
[redhat@www ~]$ ypwhich
dlp.srv.world
# try to change NIS password
[redhat@www ~]$ yppasswd
Changing NIS account information for redhat on dlp.srv.world.
Please enter old password:# current one
Changing NIS password for redhat on dlp.srv.world.
Please enter new password:# new one
Please retype new password:
The NIS password has been changed on dlp.srv.world.
[2] If SELinux is enabled, it needs to add a rule to allow creating home directories automatically by mkhomedir.
[root@www ~]# vi mkhomedir.te
# create new
module mkhomedir 1.0;
require {
type unconfined_t;
type oddjob_mkhomedir_exec_t;
class file entrypoint;
}
#============= unconfined_t ==============
allow unconfined_t oddjob_mkhomedir_exec_t:file entrypoint;
[root@www ~]# checkmodule -m -M -o mkhomedir.mod mkhomedir.te
checkmodule: loading policy configuration from mkhomedir.te
checkmodule: policy configuration loaded
checkmodule: writing binary representation (version 17) to mkhomedir.mod
[root@www ~]# semodule_package --outfile mkhomedir.pp --module mkhomedir.mod
[root@www ~]# semodule -i mkhomedir.pp
Configure NIS Slave Server to continue NIS service if NIS master server would be down.
+----------------------+ | +----------------------+
| [ NIS Server ] |10.0.0.30 | 10.0.0.31| [ NIS Client ] |
| dlp.srv.world +----------+----------+ www.srv.world |
| | | | |
+----------------------+ | +----------------------+
+----------------------+ |
| [ NIS Slave ] |10.0.0.50 |
| slave.srv.world +----------+
| |
+----------------------+
[1] Configure NIS Slave Server as a NIS Client.
[2] Install and Configure Ypserv on NIS Slave Server.
[root@slave ~]# yum -y install ypserv rpcbind
# set NIS domain
[root@slave ~]# ypdomainname srv.world
[root@slave ~]# echo "NISDOMAIN=srv.world" >> /etc/sysconfig/network
[root@slave ~]# vi /var/yp/securenets
# create new (specify networks you allow to access)
255.0.0.0 127.0.0.0
255.255.255.0 10.0.0.0
[root@slave ~]# vi /etc/hosts
# add NIS servers and clients‘ IP
10.0.0.30 dlp.srv.world dlp
10.0.0.50 slave.srv.world slave
[root@slave ~]# systemctl start rpcbind ypserv ypxfrd yppasswdd
[root@slave ~]# systemctl enable rpcbind ypserv ypxfrd yppasswdd
# sync with NIS master server
[root@slave ~]# /usr/lib64/yp/ypinit -s dlp.srv.world
We will need a few minutes to copy the data from dlp.srv.world.
Transferring group.bygid...
Trying ypxfrd ... success
...
...
At this point, make sure that /etc/passwd and /etc/group have
been edited so that when the NIS is activated, the data bases you
have just created will be used, instead of the /etc ASCII files.
[3] NIS master server is also required to be a NIS client. Configure NIS master server as a NIS Client, refer to here.
[4] Configure on NIS master server for new NIS Slave.
[root@dlp ~]# vi /var/yp/Makefile
# line 23: change
NOPUSH=false
# update NIS database
[root@dlp ~]# /usr/lib64/yp/ypinit -m
At this point, we have to construct a list of the hosts which will run NIS
servers. dlp.srv.world is in the list of NIS server hosts. Please continue to add
the names for the other hosts, one per line. When you are done with the
list, type a <control D>.
next host to add: dlp.srv.world
# specify NIS slave
next host to add: slave.srv.world
next host to add: # Ctrl + D key
The current list of NIS servers looks like this:
dlp.srv.world
slave.srv.world
Is this correct? [y/n: y] y
We need a few minutes to build the databases...
Building /var/yp/srv.world/ypservers...
...
...
Now you can run ypinit -s dlp.srv.world on all slave server.
[5] Configure on NIS Client to bind NIS slave, too.
[root@www ~]# vi /etc/yp.conf
# add slave server‘s setting to the end
domain srv.world server dlp.srv.world
domain srv.world server slave.srv.world
[root@www ~]# systemctl restart ypbind
本文出自 “11830455” 博客,请务必保留此出处http://11840455.blog.51cto.com/11830455/1833081
Linux与云计算——第二阶段Linux服务器架设 第六章:目录Directory服务器架设—NIS
标签:配置nis服务器 配置nis客户端 配置nis slave
原文地址:http://11840455.blog.51cto.com/11830455/1833081
