NIS enterprise Application case-Unified Linux and Windows Authentication (ii)

Source: Internet
Author: User


Configuration Linux NIS Slave


Note that starting the NIS domain name, the NIS domain name is the same as the ad domain name, except that there is no later. com, my AD domain name is tasnrh.com, so my NIS domain name is TASNRH. It is worth emphasizing that if the NIS domain name and the ad domain name are inconsistent, the primary NIS server will not be recognized by the Server from NIS. Naturally, data synchronization is not possible.

Setting up NIS domain names

#

Modify the network configuration file

#vi/etc/sysconfig/network Add a row Nisdomain=tasnrh

Add IP to host name corresponding to the Hosts file, I do not have DNS in Linux, so manually add the Hosts file

#vi/etc/hosts Add 192.168.1.50 HPDC-001192.168.1.52 HVBDC-00110.0.1.15 HVNIS-001 10.0.1.16 HVNIS-00210.0.1.100 NetApp-00110.0.1.101 NetApp-00210.0.1.10 HPRD-00110.0.1.11 HPRD-00210.0.1.12 HPRD-00310.0.1.13 HPRD-00410.0.1.14 HPRD-005

See if the installation package for NIS service demands is already installed

Ensure all required software is installed complete # Rpm-qa | grep ' ^yp ' # Rpm–qa | grep rpcbind

If the required software for NIS is not installed, manual installation is required, insert the CD into the server, create a local Yum source, install the demands component

#mount/dev/cdrom/mnt #将光盘挂载到/mnt directory #vi/etc/yum.repos.d/yum.repo #配置本地yum源配置文件, add the following [server]name=serverbaseurl= File:///mntenabled=1gpgcheck=0#yum–y Install Ypserv #本地yum源安装ypserv组件

Set up direct start domain name on boot

#vi/etc/rc.local #开机自动设置域名在最后添加一行/bin/nisdomainname Tasnrh

ypserv.conffile isNISa key configuration file for the server that specifiesNISClient logon rights. If the network is not strict, select Use "* : *: *: None"The staff was very friendly and helpful." Inputvi/etc/ypserv.confcommand, openypserv.conffile, clickI, go to edit mode, and follow the notes to make configuration file changes

#vi/etc/ypserv.conf #主要配置文件添加一行 *: *: *: None

Setting NIS master server configuration information

#vi/etc/yp.conf Add domain Tasnrh server HPDC-001

Start all related services

#/etc/init.d/rpcbind Restart #重启rpcbind服务 # chkconfig rpcbind on #开机启动rpcbind #/etc/init.d/ypserv Restart #重启ypserv服务 # Chkconfig Ypserv on #开机启动ypserv # service YPXFRD restart# restart ypxfed# chkconfig ypxfrd on #开机启动 # service YPPASSWDD Restart #重启 YPPASSWDD service #chkeonfig Yppasswdd on #开机启动

Create a network group that is trusted by the NIS domain by modifying the/etc/netgroup file . Enter the Vi/etc/netgroup command, open the/etc/netgroup file, click I, enter edit mode, and press

Note Making configuration file modifications

#vi/etc/netgroup

I don't make any edits here. By default, the file is empty to support all networks. ClickEsc, and enter : Wq. You have saved the modified /etc/netgroup file and exited the file edit.

to this, completed NIS The service configuration of the domain environment, the access rights of clients in the domain environment, the client host information and the trusted group information are entered into NIS the relevant configuration file for the server.

Turn off the firewall or set the rules

#service iptables Stop #停止iptables防火墙

Turn off SELinux

#vi/etc/selinux/configselinux=disabled to Disabled

OK, temporarily, based on the information above, the second is configured from Server for NIS.


Master-Slave NIS for database synchronization


Configuration NIS Master Password Sync Encryption protocol

Open AD Domain Services, find NIS domain, click NIS domain name right, now "properties"

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/44/34/wKiom1PfoXSyqxRHAAC5DQkaCn0312.jpg "title=" 1.png " alt= "Wkiom1pfoxsyqxrhaac5dqkacn0312.jpg"/>


as shown, select MD5 encryption protocol for the account password

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/44/34/wKiom1PfnNfS3m_CAACpkyq5jD0427.jpg "title=" 1.png " alt= "Wkiom1pfnnfs3m_caacpkyq5jd0427.jpg"/>

Configuration NIS Map

, select the Start NIS Data Migration Wizard "

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/44/35/wKioL1Pfom7DDyiMAAC6tM_UaN0894.jpg "title=" 1.png " alt= "Wkiol1pfom7ddyimaac6tm_uan0894.jpg"/>


Click Next

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/44/34/wKiom1PfnRejC5BOAAFBs1_GU60758.jpg "title=" 1.png " alt= "Wkiom1pfnrejc5boaafbs1_gu60758.jpg"/>

input Domain name for NIS:tasnrh, click Next

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/44/34/wKiom1PfnW2DMXDyAAFFla55IKQ810.jpg "title=" 1.png " alt= "Wkiom1pfnw2dmxdyaaffla55ikq810.jpg"/>

No, just the next step.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/44/35/wKioL1Pfnq_RntxiAAEk3eMLFOg587.jpg "title=" 1.png " alt= "Wkiol1pfnq_rntxiaaek3emlfog587.jpg"/>

Select Add to left Hosts file to the right

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/44/34/wKiom1PfnbTQTVfgAAGfZCkNS1s756.jpg "title=" 1.png " alt= "Wkiom1pfnbtqtvfgaagfzckns1s756.jpg"/>

input file path forNIS map: C:\Windows\system32\drivers\etc, click Next

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/44/35/wKioL1PfnuvRWflVAAFAXqmc3zU649.jpg "title=" 1.png " alt= "Wkiol1pfnuvrwflvaafaxqmc3zu649.jpg"/>

Click Next

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/44/34/wKiom1PfnfuC3QJTAAG_DFb4Uko735.jpg "title=" 1.png " alt= "Wkiom1pfnfuc3qjtaag_dfb4uko735.jpg"/>

Next

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/44/35/wKioL1PfnzKzU6yEAAFNL4WHv24678.jpg "title=" 1.png " alt= "Wkiol1pfnzkzu6yeaafnl4whv24678.jpg"/>

Click Next

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/44/34/wKiom1Pfnjuw9nrZAAEH10OGYCA391.jpg "title=" 1.png " alt= "Wkiom1pfnjuw9nrzaaeh10ogyca391.jpg"/>

Click Finish to close the wizard.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/44/35/wKioL1Pfn3nwPmVrAAEShtuJg-0997.jpg "title=" 1.png " alt= "Wkiol1pfn3nwpmvraaeshtujg-0997.jpg"/>


with the NIS Master Synchronizing Databases


After the configuration of the NIS server side is complete, the updated configuration information needs to be made into a database file. The completion of database authoring represents the end of configuration on server side of NIS.

Next we have to start transferring the account file from the master NIS server to the database file!

#/usr/lib64/yp/ypinit -s hpdc-001# writes the master NIS server information from the NIS server database and runs the command temporarily loses service to the original subnet # service ypsrv  restart  #重启ypserv服务 # vi /usr/lib64/yp/ypxfr_1perhour will make the following changes to the configuration file information: maps_to_get= " Passwd.bynamepasswd.byuid shadow hosts.byaddr hosts.byname group.bygidgroup.byname "                                                                                                         $YPBINDIR/ypxfr  $map changed into $ypbindir/ypxfr$map -h hpdc-001 #vi  /etc/crontab  #编This file */1 * * * * /usr/lib64/yp/ypxfr_1perhour 

OK, it's syncing.

Test it.

#yptest

Shows that the account password with the Linux attribute in the ad is successful. The configuration is here from NIS.

This article is from "I take fleeting chaos" blog, please be sure to keep this source http://tasnrh.blog.51cto.com/4141731/1535738

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.