How to implement centralized user management in Linux (Advanced Configuration of NIS Server)

1. NIS server attribute settings

1. Modify the NIS Host Name

In Linux, you can run the hostname command to view and temporarily set the Host Name of the Linux system. The host name becomes invalid after the system is restarted. If you need to fix the Linux host name and set it to the same host name after each system startup, You need to modify the/etc/sysconfig/network file. In practice, the server is generally not restarted, so you should use both methods at the same time.

 

2. Modify the NIS system local host name parsing File

In Linux, use the "/etc/hosts" file to save the corresponding records of the local host name and IP address. It is equivalent to the hosts file function under % systemroot % system32driversetc in windos. Only the corresponding records of "localhost" Host Name and IP address "127.0.0.1" are set in the default content of the hosts file, this is the host name that must be configured for all Linux Hosts. localhost is resolved to the loopback address of the host lo network interface ), in Linux, any user can use the "Localhost" host name to access the lo network interface address of the host. It is generally used to test the connectivity of the local Nic. You can directly modify the default content, change the host name to nisserver, or add another record to "200.200.200.200 nisserver.

 

 

 

After setting, ping-c 1 nisserver to test whether the host name is successfully parsed.

 

After the modification, restart the NIS server. The modified host name takes effect.

 

Ii. NIS client attribute settings

Note: The NIS client uses the command line method to create and set detailed attributes.

1. Set the hosts file

Note: The NIS client host is set in the same way as the NIS server.

Add the host name resolution record of the NIS server to the NIS client's hosts so that the NIS client can access the server using the host name.

 

2. Create an NIS domain name

Create a domain name with the same name as the NIS server on the NIS client and add the domain name to the rc. in the local file, so that the configuration item "NISDOMAIN = xiaonuo.com" will take effect permanently after restart, and add it to the network file in the "/etc/sysconfig" directory, this allows the NIS server host to perform correct network settings.

 

3. Set the yp. conf configuration file.

The configuration file of the ypbind service program is yp. conf. You only need to set the NIS domain name and the NIS server host name in this configuration file.

The NIS domain name currently used is set as xiaonuo.com, and the Host Name of the NIS server used is nisserver.

 

4. Set the nsswitch. conf file

"/Etc/nsswitch. the conf file is used to set the Information Query Method in the system. by default, only local files are used in the conf file, and local files and DNS servers are used for host name interpretation.

The configuration items in the nsswitch. conf file do not represent files or commands in the system, but query related information. The specific meanings are as follows:

Passwd indicates the query of User Account Information

Shadow indicates the query of user password information

Group indicates the query of user group account information

Hosts indicates the query of host name information.

 

 

In the NIS client, you need to modify the nsswitch. conf file and set nis after files. That is, the local file is used first and the NIS server is used to obtain information.

 

5. Start the ypbind service program

The NIS client needs to run the ypbind service program to access information on the NIS server. Before starting the ypbind server, make sure that the portmap service has been started, because the ypbind service program depends on the portmap service.

Note: The preceding settings only take effect temporarily. You also need to use the chkconfig command to manually set the ypbind service to automatically start in runtime Level 3 and 5.

 

6. Use the NIS client to test the connection with the NIS server.

The yp-tools Package provides three command tools: yptest, ypwhich, and ypcat, which can be used to test the connection with the NIS server in the NIS client. All the test commands are queried by the ypbind service program in the NIS client.

1) yptest

Yptest is a basic test command for the NIS server. It automatically tests the domain name, host, database, and content of the NIS server and displays the test results.

 

2) ypwhich

The ypwhich command displays the Host Name of the NIS server used by the NIS client. When ypwhich uses the "-x" command option, the name of the database and ing file used by the NIS server is displayed.

 

3) ypcat

The ypcat-x command displays the same query information as the ypwhich-x command. When the database name is used as the parameter of the ypcat command, the ypcat command displays the content of the specified database. The administrator can query useful information in the NIS Server database from the result of the ypcat command.

 

7. NIS client User Logon

Test the connection to the NIS server on the NIS client host. Then, you can use the user account of the NIS server to log on to the NIS client. After successfully logging on to the system using the user account in the NIS server, the screen prompts that the user's home directory is not found, this is because the local file system of the NIS client does not create the user's home directory under the "/home" directory. How to roaming all users on the NIS Server/home to the NIS client requires NFS technology. How can NFS be used in combination with NIS, the next course will be explained.

 

8. change the password of the NIS client

After you log on to the NIS client, you can use the yppasswd command to modify the user password saved on the NIS server, provided that the yppasswdd service on the NIS server must be started. After you execute the yppasswd command, you will be prompted to enter the old user password, and then enter the new user password twice.

 

When the root user executes the yppasswd command to specify the user name as the command parameter, the password of the specified user can be modified, but the root user password must be entered first.