2006隨手札記

Nis Server Packages Server: ypserv-2.19-3 yp-tools-2.9-0.1 Client: yp-tools-2.9-0.1 ypbind-1.19-8.el5 Nis Server: Server1(192.168.0.254) Nis Client: Server118(192.168.0.118) 1. Nis Server (1)安裝套件 ypserv, yp-tools (2)設定Nis domain #vi /etc/sysconfig/netowrk NETWORKING_IPV6=no #設定NisDoamin NISDOMAIN=noexample HOSTNAME=server1.example.com NETWORKING=yes (3)vi /etc/ypserv.conf ----略---- # If you comment out the next rule, ypserv and rpc.ypxfrd will # look for YP_SECURE and YP_AUTHDES in the maps. This will make # the security check a little bit slower, but you only have to # change the keys on the master server, not the configuration files # on each NIS server. # If you have maps with YP_SECURE or YP_AUTHDES, you should create # a rule for them above, that's much faster. # * : * : * : none #加入允許的網段 192.168.0.0/255.255.255.0 : * : * : none (4)啟動Nis Server #service ypserv start #service yppasswdd start (5)建立資料庫 ％若server有新增User必須重新執行一次ypinit -m, 將新增User寫入Nis Server的資料庫 [root@server1 ~]# /usr/lib/yp/ypinit -m At this point, we have to construct a list of the hosts which will run NIS servers. server1.example.com is in the list of NIS server hosts. Please continue to add the names for the other hosts, one per line. When you are done with the list, type a . next host to add: server1.example.com next host to add: The current list of NIS servers looks like this: server1.example.com Is this correct? [y/n: y] We need a few minutes to build the databases... Building /var/yp/noexample/ypservers... Running /var/yp/Makefile... gmake[1]: Entering directory `/var/yp/noexample' Updating passwd.byname... Updating passwd.byuid... Updating group.byname... Updating group.bygid... Updating hosts.byname... Updating hosts.byaddr... Updating rpc.byname... Updating rpc.bynumber... Updating services.byname... Updating services.byservicename... Updating netid.byname... Updating protocols.bynumber... Updating protocols.byname... Updating mail.aliases... gmake[1]: Leaving directory `/var/yp/noexample' server1.example.com has been set up as a NIS master server. Now you can run ypinit -s server1.example.com on all slave server. (6)測試是否有成功 [root@server1 ~]# nisdomainname noexample [root@server1 ~]# rpcinfo -p program vers proto port 100000 2 tcp 111 portmapper 100000 2 udp 111 portmapper ---略--- 100004 2 udp 851 ypserv 100004 1 udp 851 ypserv 100004 2 tcp 854 ypserv 100004 1 tcp 854 ypserv 100009 1 udp 877 yppasswdd %服務己經帶起來囉 %因是使用portmap(111) port, 必須要打開, 並且udp 851, tcp 854, udp 877 ports, 讓clients可以進來 %由於portmap每次動態產生的port都不一樣, 重新啟動ypserv , yppasswdd服務時， 須重新設定相對應ports %才不會被防火牆擋住 2009/8/27: 小山大神提供可以固定YPServ YPPasswdd 的Ports, 感恩啦 #vi /etc/sysconfig/network 增加 YPSERV_ARGS="--port 839" --略-- YPSERV_ARGS="--port 839" #vi /etc/sysconfig/yppasswdd 增加 YPPASSWDD_ARGS="--port 836" ---略--- YPPASSWDD_ARGS="--port 836" %YPServer: 839 , YPPasswdd: 836 就固定下來, iptables只要open 836, 839 %不會因防火牆對不到YPServer的Port, 而連不上線囉 2. Nis Client (1)安裝套件 ypbind, yp-tools (2)#authconfig-tui, 啟動nis認證 Domain: noexample Server: 192.168.0.254 [root@server118 yp]# authconfig-tui Stopping portmap: [ OK ] Starting portmap: [ OK ] Shutting down NIS services: [ OK ] Turning off allow_ypbind SELinux boolean Turning on allow_ypbind SELinux boolean Binding to the NIS domain: [ OK ] Listening for an NIS domain server.. %當然可以手動修改/etc/yp.conf ---略--- # broadcast # If no server for the default domain is specified or # none of them is rechable, try a broadcast call to # find a server. # domain noexample server 192.168.0.254 %再重新啟動服務: #service ypbind restart %因為有SElinux的相關設定, 建議用authconfig-tui %就不用去啟動SElinux的相關設定, 直接服務自動帶起來會比較安全 (3)測試 [root@server118 yp]# ypwhich server1.example.com [root@server118 yp]# rpcinfo -p program vers proto port 100000 2 tcp 111 portmapper 100000 2 udp 111 portmapper 100007 2 udp 671 ypbind 100007 1 udp 671 ypbind 100007 2 tcp 674 ypbind 100007 1 tcp 674 ypbind [root@server118 yp]# getent passwd ---略--- nismicky:$1$x.EEBYgT$ALmBgWlw40Ub/HxAtYo5d0:501:501::/home/nismicky:/bin/bash student:$1$WgkKx7h1$9oMmjb1tomkO8GPXKC6PB1:500:500::/home/student:/bin/bash %對照: 本機帳號 #more /etc/passwd ---略--- student:x:500:500::/home/student:/bin/bash may:x:501:501::/home/may:/bin/bash %己經成功登入Nis Server (4) Client若要變更密碼 [root@server118 yp]# su - nismicky su: warning: cannot change directory to /home/nismicky: No such file or directory -bash-3.2$ yppasswd Changing NIS account information for nismicky on server1.example.com. Please enter old password: Changing NIS password for nismicky on server1.example.com. Please enter new password: Please retype new password: The NIS password has been changed on server1.example.com. -bash-3.2$