NIS概述:
NIS服务的应用结构分为NIS服务器和NIS客户机两种角色,NIS服务器集中维护用户的帐号信息(数据库)供NIS客户机进行查询,用户登录任何一台NIS客户机都会从NIS服务器进行登录认证,可实现用户帐号的集中管理。
1.NIS Master先将帐号密码相关文件制作成数据库文件;
2.若有帐号密码变动时,需要重新制作数据库文件并重新同步Master/Slave。
3.NIS client 若有登入需求时,会先查询其本机的 /etc/passwd, /etc/shadow 等档案;
4.若在 NIS Client 本机找不到相关的账号数据,才开始向整个 NIS 网域的主机广播查询;
5.每部 NIS server (不论 master/slave) 都可以响应,基本上是『先响应者优先』。
运行模式:
C/S模式
NIS进程 | 介绍 |
ypbind | 定义NIS服务端进程 |
ypserv | 服务进程,回答客户端查询服务 |
ypxfrd | 高速映射传送 |
rpc.yppasswdd | NIS口令更新进程 |
rpc.upupdated | 修改其他映射,如public.key |
NIS提供的命令
名称 | 功能 |
makedbm | 为NIS映射创建dbm文件 |
ypcat | 列出映射中的数据 |
ypinit | 生成并安装NIS数据库,初始化NIS客户端ypservers列表 |
ypmatch | 查找映射中的特定项 |
yppoll | 从server中获取映射顺序编号 |
yppush | 从NIS主服务器向NIS从服务器传数据 |
ypset | 设置特定服务器的绑定 |
ypwhich | 列出NIS服务器的名称以及昵称转换表 |
ypxfrd | 从主NIS 服务器向从输NIS服务器传输 |
安装部署
主机名 | IP | 所需软件 |
master | 192.168.30.130 | ypserv |
slave | 192.168.30.131 | ypbind、yp-tools |
在master上
[root@master ~]# yum install -y ypserv
在slave上
[root@slave ~]# yum install -y ypbind yp-tools
在master上,开始ypserv配置Z:
建立NIS测试用户 [root@master ~]# mkdir /home/NISHOME [root@master ~]# useradd -d /home/NISHOME/nis-user01 nis-user01 [root@master ~]# useradd -d /home/NISHOME/nis-user02 -s /sbin/nologin nis-user02 [root@master ~]# echo "nis-user01:123456" | chpasswd [root@master ~]# echo "nis-user02:123456" | chpasswd
配置NIS域名
[root@master ~]# vim /etc/sysconfig/network NETWORKING=yes HOSTNAME=master GATEWAY=192.168.30.2 NTPSERVERARGS=iburst NISDOMAIN=SiShen.cn #添加此行,重启生效,NIS域名不是NISDOMAINNAME [root@master ~]# nisdomainname SiShen.cn #临时生效 [root@master ~]# nisdomainname SiShen.cn
配置hosts文件
[root@master ~]# vim /etc/hosts #添加所有的NIS客户端,包括NIS Server自己 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.30.130 master sishen.cn 192.168.30.131 slave
配置ypserv.conf
[root@master ~]# vim /etc/ypserv.conf # Host : Domain : Map : Security # # * : * : passwd.byname : port # * : * : passwd.byuid : port 127.0.0.0/255.255.255.0 : * : * : none 192.168.30.0/255.255.255.0 : * : * : none * : * : * : deny # 其他不要动
建立NIS数据库
[root@master ~]# service ypserv restart Stopping YP server services: [ OK ] Starting YP server services: [ OK ] [root@master ~]# /etc/init.d/yppasswdd restart Stopping YP passwd service: [ OK ] Starting YP passwd service: [ OK ] [root@master ~]# /usr/lib64/yp/ypinit -m #由于要使用绝对路径,如果不知道ypinit这个命令绝对路径,可以使用find或者rpm -qpl查询 At this point, we have to construct a list of the hosts which will run NIS servers. master is in the list of NIS server hosts. Please continue to add the names for the other hosts, one per line. When you are done with the list, type a <control D>. next host to add: master next host to add: SiShen.cn #输入NISDOMAIN next host to add: #Ctrl+D 结束输入 The current list of NIS servers looks like this: master SiShen.cn Is this correct? [y/n: y] y # 输入Y,回车 We need a few minutes to build the databases... Building /var/yp/SiShen.cn/ypservers... Running /var/yp/Makefile... gmake[1]: Entering directory `/var/yp/SiShen.cn' Updating passwd.byname... Updating passwd.byuid... Updating group.byname... Updating group.bygid... Updating hosts.byname... Updating hosts.byaddr... Updating rpc.byname... Updating rpc.bynumber... Updating services.byname... Updating services.byservicename... Updating netid.byname... Updating protocols.bynumber... Updating protocols.byname... Updating mail.aliases... gmake[1]: Leaving directory `/var/yp/SiShen.cn' master has been set up as a NIS master server. Now you can run ypinit -s master on all slave server.
#注意每次手动更改数据库内容后,若需要更新用户名和密码,都需要手动执行/usr/lib64/ypinit -m这个命令
[root@master ~]# ll /var/yp/SiShen.cn/ypservers -rw------- 1 root root 12364 May 25 14:53 /var/yp/SiShen.cn/ypservers [root@master ~]# ll /var/yp/SiShen.cn/ total 2704 -rw------- 1 root root 12472 May 25 14:53 group.bygid -rw------- 1 root root 12493 May 25 14:53 group.byname -rw------- 1 root root 12648 May 25 14:53 hosts.byaddr -rw------- 1 root root 12878 May 25 14:53 hosts.byname -rw------- 1 root root 13170 May 25 14:53 mail.aliases -rw------- 1 root root 13382 May 25 14:53 netid.byname -rw------- 1 root root 13040 May 25 14:53 passwd.byname -rw------- 1 root root 13019 May 25 14:53 passwd.byuid -rw------- 1 root root 28950 May 25 14:53 protocols.byname -rw------- 1 root root 14659 May 25 14:53 protocols.bynumber -rw------- 1 root root 16380 May 25 14:53 rpc.byname -rw------- 1 root root 14232 May 25 14:53 rpc.bynumber -rw------- 1 root root 1134592 May 25 14:53 services.byname -rw------- 1 root root 1601575 May 25 14:53 services.byservicename -rw------- 1 root root 12364 May 25 14:53 ypservers
重启服务
[root@master ~]# /etc/init.d/ypserv restart Stopping YP server services: [ OK ] Starting YP server services: [ OK ] [root@master ~]# /etc/init.d/yppasswdd restart Stopping YP passwd service: [ OK ] Starting YP passwd service: [ OK ]
启动NIS服务
[root@master ~]# /etc/init.d/ypserv restart Stopping YP server services: [ OK ] Starting YP server services: [ OK ] [root@master ~]# /etc/init.d/yppasswdd restart #不执行这步,添加的新数据无法生效 Stopping YP passwd service: [FAILED] Starting YP passwd service: [ OK ]
配置客户端
[root@slave ~]# system-config-authentication #需要图形化界面支持
修改hosts文件
[root@slave ~]# vim /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.30.131 slave WebServer 192.168.30.130 sishen.cn
在master上测试登录
[root@master ~]# ssh nis-user01@192.168.30.131 The authenticity of host '192.168.30.131 (192.168.30.131)' can't be established. RSA key fingerprint is 6f:9c:9a:d0:c8:41:25:45:41:11:7f:e4:2b:73:ce:a1. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '192.168.30.131' (RSA) to the list of known hosts. nis-user01@192.168.30.131's password: Last login: Fri May 25 21:59:23 2018 from slave Could not chdir to home directory /home/NISHOME/nis-user01: No such file or directory -bash-4.1$
可以看出nis-user01没有挂载家目录
在slave上测试登录
[root@slave ~]# su - nis-user01 su: warning: cannot change directory to /home/NISHOME/nis-user01: No such file or directory -bash-4.1$
使用system-config-authentication这个命令后,有三个文件发生了变化
[root@slave ~]# cat /etc/sysconfig/network HOSTNAME=slave NETWORKING=yes GATEWAY=192.168.30.2 NISDOMAIN=SiShen.cn #此行为执行system-config-authentication之后自动添加的 [root@slave ~]# cat /etc/nsswitch.conf | grep nis # nisplus Use NIS+ (NIS version 3) # nis Use NIS (NIS version 2), also called YP #passwd: db files nisplus nis #shadow: db files nisplus nis #group: db files nisplus nis passwd: files nis #执行system-config-authentication之后修改了密码的验证凡是 shadow: files nis group: files nis [root@slave ~]# tail /etc/yp.conf # ypserver HOSTNAME # Use server HOSTNAME for the local domain. The # IP-address of server must be listed in /etc/hosts. # # broadcast # If no server for the default domain is specified or # none of them is rechable, try a broadcast call to # find a server. # domain SiShen.cn server 192.168.30.130 #执行system-config-authentication之后,自动添加的此行内容
#这样就可以知道,在没有桌面环境的情况下,通过修改这三个文件一样可以达到效果
服务端配置NFS服务
[root@master ~]# yum install -y nfs-utils [root@master ~]# vim /etc/exports /home/NISHOME 192.168.30.0/255.255.255.0(rw,sync) [root@master ~]# service nfs restart Shutting down NFS daemon: [ OK ] Shutting down NFS mountd: [ OK ] Shutting down NFS quotas: [ OK ] Shutting down RPC idmapd: [ OK ] Starting NFS services: [ OK ] Starting NFS quotas: [ OK ] Starting NFS mountd: [ OK ] Starting NFS daemon: [ OK ] Starting RPC idmapd: [ OK ] [root@master ~]# showmount -e Export list for master: /home/NISHOME 192.168.30.0/255.255.255.0 [root@master ~]# chkconfig nfs on
配置NIS客户端自动挂载
[root@slave ~]# yum install -y autofs [root@slave ~]# vim /etc/auto.master # # Sample auto.master file # This is an automounter map and it has the following format # key [ -mount-options-separated-by-comma ] location # For details of the format look at autofs(5). # /misc /etc/auto.misc /home/NISHOME /etc/auto.NISHOME #添加此行内容 [root@slave ~]# vim /etc/auto.NISHOME #新建该文件 * -rw 192.168.30.130:/home/NISHOME/& 重启服务 [root@slave ~]# service autofs restart Loading autofs4: [ OK ] Starting automount: [ OK ] [root@slave ~]# chkconfig autofs on
测试自动挂载
首先在master上执行
[root@master ~]# ssh nis-user01@192.168.30.131 nis-user01@192.168.30.131's password: Last login: Fri May 25 23:01:17 2018 from master [nis-user01@slave ~]$
在slave上登录测试
[root@slave ~]# su - nis-user01 [nis-user01@slave ~]$
创建测试文件
[root@master ~]# touch /home/NISHOME/nis-user01/nis-user01.txt [root@master ~]# echo nis-user010000001010101 > !$ echo nis-user010000001010101 > /home/NISHOME/nis-user01/nis-user01.txt [nis-user01@slave ~]$ hostname slave [nis-user01@slave ~]$ whoami nis-user01 [nis-user01@slave ~]$ ls nis-user01.txt [nis-user01@slave ~]$ cat nis-user01.txt nis-user010000001010101
在slave上查看获取到的nis用户
[root@slave ~]# getent passwd | grep nis nis-user02:$6$pyV.l/R923J/GZ/a$jRXirQknPkiMDzYBNu.3Q2aY9EK5o1fNkKZc6oHFYIybi6eG/.28DJdg3s0QH7Vr6GPSt69wnlZuNPXw5OzPb/:503:503::/home/NISHOME/nis-user02:/sbin/nologin nis-user01:$6$Qm.G9juWScrpGTSM$QNQifFrrDwoUim0hh.aZszSDO8CifUs8Z/UkvhxirlElRLvajqz26woMIGUSnPMgrN2reJfzB3pk1eqQtNkUs.:502:502::/home/NISHOME/nis-user01:/bin/bash
测试家目录
[nis-user01@slave ~]$ touch slave-nisuser01 [root@master ~]# ls /home/NISHOME/nis-user01/ nis-user01.txt slave-nisuser01 [root@slave ~]# ls /home/NISHOME/nis-user01/ ls: cannot open directory /home/NISHOME/nis-user01/: Permission denied
测试nis-user02登录,nis-user02无法登录
[root@slave ~]# su - nis-user02 This account is currently not available.
NIS用户密码修改方式
[root@master ~]# ssh nis-user01@192.168.30.131 nis-user01@192.168.30.131's password: Last login: Fri May 25 22:17:32 2018 from www.sishen.cn Could not chdir to home directory /home/NISHOME/nis-user01: No such file or directory -bash-4.1$ yppasswd Changing NIS account information for nis-user01 on master. Please enter old password: Changing NIS password for nis-user01 on master. Please enter new password: Please retype new password: The NIS password has been changed on master.
如果不适用autofs,可以在slave上
这样可虽然可以有目录,但是不支持家目录漫游,在其他地方登陆的时候就没有账号的数据文件了。