- NIS Server
[root@linux64-server ~]# yum install ypserv -y
[root@linux64-server ~]# cat /etc/sysconfig/network
NETWORKING=yes
NETWORKING_IPV6=no
HOSTNAME=linux64-server
DHCP_HOSTNAME=linux64-server
NISDOMAIN=MY-NIS-NETWORK
[root@linux64-server ~]# cat /etc/yp.conf
# /etc/yp.conf - ypbind configuration file
# Valid entries are
#
# domain NISDOMAIN server HOSTNAME
# Use server HOSTNAME for the domain NISDOMAIN.
#
# domain NISDOMAIN broadcast
# Use broadcast on the local net for domain NISDOMAIN
#
# domain NISDOMAIN slp
# Query local SLP server for ypserver supporting NISDOMAIN
#
# ypserver HOSTNAME
# Use server HOSTNAME for the local domain. The
# IP-address of server must be listed in /etc/hosts.
#
# broadcast
# If no server for the default domain is specified or
# none of them is rechable, try a broadcast call to
# find a server.
#
domain MY-NIS-NETWORK server 10.3.20.100
[root@linux64-server ~]# cat /etc/ypserv.conf
#
# ypserv.conf In this file you can set certain options for the NIS server,
# and you can deny or restrict access to certain maps based
# on the originating host.
#
# See ypserv.conf(5) for a description of the syntax.
#
# Some options for ypserv. This things are all not needed, if
# you have a Linux net.
# Should we do DNS lookups for hosts not found in the hosts table ?
# This option is ignored in the moment.
dns: no
# How many map file handles should be cached ?
files: 30
# Should we register ypserv with SLP ?
#slp: no
# After how many seconds we should re-register ypserv with SLP ?
#slp_timeout: 3600
# xfr requests are only allowed from ports < 1024
xfr_check_port: yes
# The following, when uncommented, will give you shadow like passwords.
# Note that it will not work if you have slave NIS servers in your
# network that do not run the same server as you.
# Host : Domain : Map : Security
#
# * : * : passwd.byname : port
# * : * : passwd.byuid : port
# Not everybody should see the shadow passwords, not secure, since
# under MSDOG everbody is root and can access ports < 1024 !!!
* : * : shadow.byname : port
* : * : passwd.adjunct.byname : port
# If you comment out the next rule, ypserv and rpc.ypxfrd will
# look for YP_SECURE and YP_AUTHDES in the maps. This will make
# the security check a little bit slower, but you only have to
# change the keys on the master server, not the configuration files
# on each NIS server.
# If you have maps with YP_SECURE or YP_AUTHDES, you should create
# a rule for them above, that's much faster.
# * : * : * : none
[root@linux64-server ~]# domainname MY-NIS-NETWORK
[root@linux64-server ~]# ypdomainname MY-NIS-NETWORK
[root@linux64-server yp]# cat /var/yp/securenets
host 127.0.0.1
255.255.255.0 10.3.20.0
[root@linux64-server ~]# service portmap restart
Stopping portmap: [ OK ]
Starting portmap: [ OK ]
[root@linux64-server ~]# chkconfig portmap on
[root@linux64-server ~]# service ypserv restart
Stopping YP server services: [ OK ]
Starting YP server services: [ OK ]
[root@linux64-server ~]# chkconfig ypserv on
[root@linux64-server ~]# rpcinfo -u localhost ypserv
program 100004 version 1 ready and waiting
program 100004 version 2 ready and waiting
[root@linux64-server ~]# /usr/lib64/yp/ypinit -m
At this point, we have to construct a list of the hosts which will run NIS
servers. linux64-server is in the list of NIS server hosts. Please continue to add
the names for the other hosts, one per line. When you are done with the
list, type a
next host to add: linux64-server
next host to add:
The current list of NIS servers looks like this:
linux64-server
Is this correct? [y/n: y] y
We need a few minutes to build the databases...
Building /var/yp/MY-NIS-NETWORK/ypservers...
Running /var/yp/Makefile...
gmake[1]: Entering directory `/var/yp/MY-NIS-NETWORK'
Updating passwd.byname...
Updating passwd.byuid...
Updating group.byname...
Updating group.bygid...
Updating hosts.byname...
Updating hosts.byaddr...
Updating rpc.byname...
Updating rpc.bynumber...
Updating services.byname...
Updating services.byservicename...
Updating netid.byname...
Updating protocols.bynumber...
Updating protocols.byname...
Updating mail.aliases...
gmake[1]: Leaving directory `/var/yp/MY-NIS-NETWORK'
linux64-server has been set up as a NIS master server.
Now you can run ypinit -s linux64-server on all slave server.
[root@linux64-server ~]# service ypbind start
Binding to the NIS domain: [ OK ]
Listening for an NIS domain server.
[root@linux64-server ~]# chkconfig ypbind on on[root@linux64-server ~]# service yppasswdd start
Starting YP passwd service: [ OK ]
[root@linux64-server ~]# chkconfig yppasswdd on on[root@linux64-server ~]# service ypxfrd start
Starting YP map server: [ OK ]
[root@linux64-server ~]# chkconfig ypxfrd on
- NIS user
[root@linux64-server ~]# passwd nisuser
Changing password for user nisuser.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
[root@linux64-server ~]# cd /var/yp
[root@bigboy yp]# make
gmake[1]: Entering directory `/var/yp/MY-NIS-NETWORK'
Updating passwd.byname...
Updating passwd.byuid...
Updating netid.byname...
gmake[1]: Leaving directory `/var/yp/MY-NIS-NETWORK'
- NIS Client
[root@linux64-client1 ~]# cat /etc/sysconfig/network
NETWORKING=yes
NETWORKING_IPV6=no
HOSTNAME=linux64-client1
DHCP_HOSTNAME=linux64-client1
NISDOMAIN=MY-NIS-NETWORK
[root@linux64-client1 ~]# cat /etc/yp.conf
# /etc/yp.conf - ypbind configuration file
# Valid entries are
#
# domain NISDOMAIN server HOSTNAME
# Use server HOSTNAME for the domain NISDOMAIN.
#
# domain NISDOMAIN broadcast
# Use broadcast on the local net for domain NISDOMAIN
#
# domain NISDOMAIN slp
# Query local SLP server for ypserver supporting NISDOMAIN
#
# ypserver HOSTNAME
# Use server HOSTNAME for the local domain. The
# IP-address of server must be listed in /etc/hosts.
#
# broadcast
# If no server for the default domain is specified or
# none of them is rechable, try a broadcast call to
# find a server.
#
domain MY-NIS-NETWORK server 10.3.20.100
[root@linux64-client1 ~]# cat /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 localhost.localdomain localhost
::1 localhost6.localdomain6 localhost6
10.3.20.100 linux64-server
[root@linux64-client1 ~]# domainname MY-NIS-NETWORK
[root@linux64-client1 ~]# ypdomainname MY-NIS-NETWORK
[root@linux64-client1 ~]# cat /etc/nsswitch.conf
#
# /etc/nsswitch.conf
#
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
#
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
#
# Legal entries are:
#
# nisplus or nis+ Use NIS+ (NIS version 3)
# nis or yp Use NIS (NIS version 2), also called YP
# dns Use DNS (Domain Name Service)
# files Use the local files
# db Use the local database (.db) files
# compat Use NIS on compat mode
# hesiod Use Hesiod for user lookups
# [NOTFOUND=return] Stop searching if not found so far
#
# To use db, put the "db" in front of "files" for entries you want to be
# looked up first in the databases
#
# Example:
#passwd: db files nisplus nis
#shadow: db files nisplus nis
#group: db files nisplus nis
passwd: files nis
shadow: files nisgroup: files nis
#hosts: db files nisplus nis dns
hosts: files dns
# Example - obey only what nisplus tells us...
#services: nisplus [NOTFOUND=return] files
#networks: nisplus [NOTFOUND=return] files
#protocols: nisplus [NOTFOUND=return] files
#rpc: nisplus [NOTFOUND=return] files
#ethers: nisplus [NOTFOUND=return] files
#netmasks: nisplus [NOTFOUND=return] files
bootparams: nisplus [NOTFOUND=return] files
ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files
netgroup: nisplus
publickey: nisplus
automount: files nisplus
aliases: files nisplus
[root@linux64-client1 ~]# service portmap start
Starting portmap: [ OK ]
[root@linux64-client1 ~]# chkconfig portmap on
[root@linux64-client1 ~]# service ypbind start
Binding to the NIS domain: [ OK ]
Listening for an NIS domain server.
[root@linux64-client1 ~]# chkconfig ypbind on
[root@linux64-client1 ~]# rpcinfo -u localhost ypbind
program 100007 version 1 ready and waiting
program 100007 version 2 ready and waiting
[root@linux64-client1 ~]# ypcat passwd
nisuser:$1$/iEACA7I$S.nInc1zfDgZk9wh0NgvN/:502:100::/home/nisuser:/bin/bash
No comments:
Post a Comment