网络信息服务(NIS)(Network Information Service)
NIS是集中控制几个系统管理数据库的网络用品。NIS简化了UNIX和LINUX桌面客户的管理工作,客户端利用它可以使用中心服务器的管理文件桌面系统的用户无需建立他们自己的/etc/passwd,他们只简单的使用维护在NIS服务器的文件即可。
安装NIS服务器
服务端
[root@server ~]# yum install ypserv yp-tools -y
客户端
[root@client ~]# yum install ypbind yp-tools -y
相关配置文件
- /etc/ypserv.conf:NIS主配置为文件,可以控制NIS客户端是否可以访问NIS服务器。
- /etc/hosts:记录主机和IP地址对应关系,如果没有DNS系统,则NIS服务器的hosts文件需要存放每一台NIS客户端的主机记录。
[root@server ~]# mkdir /home/nishome
[root@server ~]# useradd -d /home/nishome/nisuser1 nisuser1
[root@server ~]# useradd -d /home/nishome/nisuser2 -s /sbin/nologin nisuser2
[root@server ~]# echo '000000' | passwd --stdin nisuser1
更改用户 nisuser1 的密码 。
passwd:所有的身份验证令牌已经成功更新。
[root@server ~]# echo '000000' | passwd --stdin nisuser2
更改用户 nisuser2 的密码 。
passwd:所有的身份验证令牌已经成功更新。
设置NIS域名
[root@server ~]# nisdomainname #查看域名
nisdomainname: Local domain name not set
[root@server ~]# nisdomainname server #设置域名
[root@server ~]# nisdomainname
server
配置hosts
[root@server ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.220.138 server
192.168.220.139 client
配置/etc/ypserv.conf
[root@server ~]# vim /etc/ypserv.conf
# Host : Domain : Map : Security
192.168.220.0/255.255.255.0 : * : * :none
* : * : * :deny
[主机名/IP] : [NIS域名] : [可用数据库名称] : [安全限制]
安全限制:包括没有限制(none)、仅能使用小于1024的端口(port)、及拒绝(deny)
[root@server ~]# systemctl start ypserv
[root@server ~]# /usr/lib64/yp/ypinit -m
At this point, we have to construct a list of the hosts which will run NIS
servers. server is in the list of NIS server hosts. Please continue to add
the names for the other hosts, one per line. When you are done with the
list, type a <control D>.
next host to add: server
next host to add: #control+D
The current list of NIS servers looks like this:
server
Is this correct? [y/n: y] y
We need a few minutes to build the databases...
Building /var/yp/server/ypservers...
Running /var/yp/Makefile...
gmake[1]: 进入目录“/var/yp/server”
Updating passwd.byname...
Updating passwd.byuid...
Updating group.byname...
Updating group.bygid...
Updating hosts.byname...
Updating hosts.byaddr...
Updating rpc.byname...
Updating rpc.bynumber...
Updating services.byname...
Updating services.byservicename...
Updating netid.byname...
Updating protocols.bynumber...
Updating protocols.byname...
Updating mail.aliases...
gmake[1]: 离开目录“/var/yp/server”
server has been set up as a NIS master server.
Now you can run ypinit -s server on all slave server.
[root@server ~]# ls /var/yp/server/ #生成和nis域名同名目录
group.bygid mail.aliases protocols.byname services.byname
group.byname netid.byname protocols.bynumber services.byservicename
hosts.byaddr passwd.byname rpc.byname ypservers
hosts.byname passwd.byuid rpc.bynumber
[root@server ~]# systemctl restart ypserv
[root@server ~]# systemctl restart yppasswdd
配置客户端
[root@client ~]# setup
[root@client ~]# systemctl restart ypbind
这几步修改了如下文件
[root@client ~]# vim /etc/sysconfig/network
NISDOMAIN=server
[root@client ~]# vim /etc/yp.conf
domain server server 192.168.220.138
[root@client ~]# vim /etc/nsswitch.conf
33 passwd: files nis sss
34 shadow: files nis sss
35 group: files nis sss
36 #initgroups: files
37
38 #hosts: db files nisplus nis dns
39 hosts: files nis dns
... ...
客户端验证命令
[root@client ~]# yptest #测试相关数据
Test 1: domainname
Configured domainname is "server"
Test 2: ypbind
Used NIS server: server
Test 3: yp_match
WARNING: No such key in map (Map passwd.byname, key nobody)
Test 4: yp_first
nisuser1 nisuser1:$6$c9YPm4sv$wul3WVOOup6wflFR7eGRjSIaDVABrsPJFmmSjhGuWIobzaose1sDI/nKCMpSUGMIZhKHWaFwm5TDdwJamIPC/.:1001:1037::/home/nishome/nisuser1:/bin/bash
......
[root@client ~]# ypwhich -x 检查数据库数量
Use "ethers" for map "ethers.byname"
Use "aliases" for map "mail.aliases"
Use "services" for map "services.byname"
Use "protocols" for map "protocols.bynumber"
Use "hosts" for map "hosts.byname"
Use "networks" for map "networks.byaddr"
Use "group" for map "group.byname"
Use "passwd" for map "passwd.byname"
[root@client ~]# ypcat passwd.byname #读取数据库内容
nisuser1:$6$c9YPm4sv$wul3WVOOup6wflFR7eGRjSIaDVABrsPJFmmSjhGuWIobzaose1sDI/nKCMpSUGMIZhKHWaFwm5TDdwJamIPC/.:1001:1037::/home/nishome/nisuser1:/bin/bash
nisuser2:$6$.jChQW8A$g/On6wlo4Hj4fQ6qNDhaCR5SnDoBq3xecwXy2Wt6OU0.ePYAG22TywQrLf9UJCKthoC.IvvZLw484JdBTeJjB.:1002:1038::/home/nishome/nisuser2:/sbin/nologin
svn:!!:1000:1036::/home/svn:/bin/bash
自动挂载用户家目录
[root@server ~]# yum install nfs-utils -y
[root@server ~]# vim /etc/exports
/home/nishome 192.168.220.0/255.255.255.0(rw,sync)
[root@server ~]# systemctl restart nfs
[root@server ~]# showmount -e
Export list for server:
/home/nishome 192.168.220.0/255.255.255.0
[root@client ~]# yum install autofs -y
[root@client ~]# vim /etc/auto.master
/home/nishome /etc/auto.nishome
[root@client ~]# vim /etc/auto.nishome
* -rw 192.168.220.138:/home/nishome/&
[root@client ~]# systemctl restart autofs
[root@server ~]# ssh [email protected]
[email protected]'s password:
Last login: Sat Aug 17 13:46:38 2019 from server
[nisuser1@client ~]$ ls /etc/yum.repos.d/
CentOS-Base.repo CentOS-Debuginfo.repo CentOS-Media.repo CentOS-Vault.repo
CentOS-CR.repo CentOS-fasttrack.repo CentOS-Sources.repo