NIS- 深入了解如何搭建NIS环境

[root@node0 nis]# systemctlstart rpcbind [root@node0 nis]#

设置开机启动

[python] view plain copy print?在CODE上查看代码片派生到我的代码片 [root@node0 nis]# systemctl enable ypserv Created symlink from/etc/systemd/system/multi-user.target.wants/ypserv.service to/usr/lib/systemd/system/ypserv.service. [root@node0 nis]# systemctl enable rpcbind Created symlink from/etc/systemd/system/sockets.target.wants/rpcbind.socket to/usr/lib/systemd/system/rpcbind.socket. [root@node0 nis]#

2.2.6 拉取数据库 获取源数据库

[python] view plain copy print?在CODE上查看代码片派生到我的代码片 [root@node1 nis]# /usr/lib64/yp/ypinit -s node0

The local host's domain name hasn't been set. Please set it.

因为nisdomain没有设置，解决方法：

[python] view plain copy print?在CODE上查看代码片派生到我的代码片 [root@node1 nis]# nisdomainname hikuss

继续测试：

[python] view plain copy print?在CODE上查看代码片派生到我的代码片 [root@node1 nis]# /usr/lib64/yp/ypinit -s node0

We will need a few minutes to copy the data fromnode0. Transferring netid.byname... Trying ypxfrd ... not running ….

node1's NIS data base has been set up.

If there were warnings, please figure out what wentwrong, and fix it.

At this point, make sure that /etc/passwd and/etc/group have been edited so that when the NIS is activated, thedata bases you have just created will be used, instead of the /etcASCII files. [root@node1 nis]#

原因是Master server端ypxfrd没有启动。解决方案如下：

[python] view plain copy print?在CODE上查看代码片派生到我的代码片 [root@node0 ~]# systemctl start ypxfrd 继续获取：

[python] view plain copy print?在CODE上查看代码片派生到我的代码片

[root@node1 nis]# /usr/lib64/yp/ypinit -s node0

We will need a few minutes to copy the data fromnode0. Transferring netid.byname... Trying ypxfrd ... success

Transferring mail.aliases... Trying ypxfrd ... success …

Transferring ypservers... Trying ypxfrd ... success

node1's NIS data base has been set up.

If there were warnings, please figure out what wentwrong, and fix it.

At this point, make sure that /etc/passwd and/etc/group have been edited so that when the NIS is activated, thedata bases you have just created will be used, instead of the /etcASCII files. [root@node1 nis]# 测试结果：

[python] view plain copy print?在CODE上查看代码片派生到我的代码片 [root@node1 ~]# ypcat -h localhost pawww.shanxiwang.netsswd.byname

nisuser1:$1$2e4n/ePv$xnfaSHSSUZhApRpjHn1Lw.:1001:1001::/home/nisuser1:/bin/bash nisuser2:$1$NBitWXE9$43ezdKoamgw0ze8PnIOtT/:1002:1002::/home/nisuser2:/bin/bash nisuser3:$1$GUtQO.zB$38oGHfzgWGYG84cKa7bkZ0:1003:1003::/home/nisuser3:/bin/bash nisuser4:$1$nc3FDwqx$aKhlazecXTmDSmGciCBkG1:1004:1004::/home/nisuser4:/bin/bash nisuser5:$1$krWvFybT$yUwL3dCDVz0qp5Sg7wifX1:1005:1005::/home/nisuser5:/bin/bash [root@node1 ~]#

2.2.7 设置数据同步时间

利用crontab设置数据同步时间，在/etc/crontab最后添加如下同步命令： [python] view plain copy print?在CODE上查看代码片派生到我的代码片 */5 * * * * /usr/lib64/yp/ypxfr -h node0 passwd.byname */5 * * * * /usr/lib64/yp/ypxfr -h node0 passwd.byuid

更改配置文件/usr/lib64/yp/ypxfr_1perday，/usr/lib64/yp/ypxfr_1perhour， /usr/lib64/yp/ypxfr_2perday：

[python] view plain copy print?在CODE上查看代码片派生到我的代码片 $YPBINDIR/ypxfr $map -h node0

2.3 Client端配置 安装软件：

[python] view plain copy print?在CODE上查看代码片派生到我的代码片 [root@node2deps-centos72_1511]# rpm -ivh

yp-tools-2.14-3.el7.x86_64.rpmypbind-1.37.1-7.el7.x86_64.rpm

/etc/sysconfig/network：加入 NIS 的域名

/etc/hosts：至少需要有各个 NIS 服务器的 IP 与主机名对应；

/etc/yp.conf：这个则是 ypbind 的主要配置文件，里面主要设定NIS 服务器所在 /etc/sysconfig/authconfig：规范账号登入时的允许认证机制；

/etc/pam.d/system-auth ：因为账号通常由 PAM 模块所管理， 所以必须要在 PAM 模块内加入 NIS 的支持才行！ /etc/nsswitch.conf ：设定账号密码与相关信息的查询顺序，默认是先找 /etc/passwd 再找 NIS 数据库；

2.3.1 设置NIS域名

设置 NIS 的域名，新增如下内容： 临时设置：

[python] view plain copy print?在CODE上查看代码片派生到我的代码片 [root@node0 nis]# nisdomainname hikuss 永久设置：

[root@node0 nis]# cat /etc/sysconfig/network

[python] view plain copy print?在CODE上查看代码片派生到我的代码片 # Created by anaconda NISDOMAIN=hikuss

YPSERV_ARGS=\

2.3.2 设置hosts

设定IP地址与主机名的对应关系/etc/hosts，新增如下内容

[python] view plain copy print?在CODE上查看代码片派生到我的代码片 [root@node0 nis]# cat /etc/hosts

192.168.192.90 node0 192.168.192.91 node1 192.168.192.92 node2

2.3.3 设施ypbind连接server-方法1 2.3.3.1 账户信息的读取顺序 配置账户信息的读取顺序

[python] view plain copy print?在CODE上查看代码片派生到我的代码片 [root@node2 nis]# vim /etc/nsswitch.conf …

passwd: files nis sss shadow: files nis sss group: files nis sss …

hosts: files nis dns …

[root@node2 nis]#

2.3.3.2 配置/etc/yp.conf

配置/etc/yp.conf，最后添加如下两行代码：

[python] view plain copy print?在CODE上查看代码片派生到我的代码片 domain hikuss server node0 domain hikuss server node1 ypserver node0 ypserver node1

2.3.3.3 设置账号登入认证机制 登入时的允许认证机制

[python] view plain copy print?在CODE上查看代码片派生到我的代码片 [root@node2 nis]# grep NIS/etc/sysconfig/authconfig USENIS=yes

2.3.3.4 设置PAM授权

修改文件/etc/pam.d/system-auth，增加nis

[python] view plain copy print?在CODE上查看代码片派生到我的代码片 …

password sufficient pam_unix.so md5shadow nis nullok try_first_passuse_authtok …

2.3.4 设施ypbind连接server-方法2

[python] view plain copy print?在CODE上查看代码片派生到我的代码片 [root@node1 nis]#setup

1. 第一步：选择authentication