NIS Service Construction in linux and case applications

System: Centos6.0

Introduction:

NIS (Network Information Services) was first Sun Yellow Pages (yp );

In a large domain, what if multiple Linux Hosts require the same account and password for each host? If you can have an account server to manage the accounts of all hosts in the domain, and other hosts need to log on to the server to find user information such as accounts and passwords, in this way, if you want to add, modify, or delete user data, you only need to process it on the server, which can reduce the process of repeatedly setting user accounts;

What information does the NIS server provide?

Server File Name	Archive content
/Etc/passwd	Provides user accounts, UID, GID, Home Directory, Shell, etc.
/Etc/group	Provide the group information and GID, and add the group members.
/Etc/hosts	The host name corresponds to the IP address, which is often used to correspond to the Host Name of the private IP Address
/Etc/services	Port number corresponding to each Service (daemons)
/Etc/protocols	Basic TCP/IP packet protocols, such as TCP, UDP, and ICMP
/Etc/rpc	The program number corresponding to each RPC server
/Var/yp/ypservers	Database provided by the server

The NIS server provides user login information to the client host for query. Therefore, of course, the information provided by the NIS server requires a "Database" File System with fast transmission and reading and writing, instead of a traditional text file system. To achieve this goal, the NIS server must make the files mentioned in the previous section into database files, and then use the network communication protocol for the client host to query. As for the communication protocol used, remote program Call (RPC) is used;

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131228/003AI647-0.jpg "title =" 34.jpg"/>

From the above process, you will find that the NIS client will first query the account information of the Local Machine. If the local machine cannot be found, you will find the information on the NIS server first. Therefore, if your NIS client has many accounts of common users, the accounts provided by the NIS server may be different to some extent! Therefore, in such an environment, the NIS client only retains the root account and system account required by the system.

Server Configuration:

Since the NIS server needs to use the RPC protocol and the NIS server can also be used as the user end, the software required by the NIS server has the following:

Yp-tools: Provides the NIS-related query command function ypbind: Provides the NIS Client Configuration Software ypserv: Provides the NIS Server Configuration Software rpcbind: is required by RPC

Ypserv is the most important thing on the NIS server. Because other network parameter settings are also used in NIS setting, you need to have the following information for setting files.

/Etc/ypserv. conf: This is the configuration file provided by the main ypserv software. It can regulate whether the NIS user can log on to the user.
/Etc/hosts: Because the NIS server/client will use the network host name and IP address, this host name file is quite important! Each host name and IP address must be recorded!
/Etc/sysconfig/network: You can specify the NIS domain name (nisdomainname) in this file ).
/Var/yp/Makefile: Didn't I say that the account information should be converted into a database file? This is the action profile related to database creation;

There are two main services provided by the NIS Server:

/Usr/sbin/ypserv: it is the primary service provided by the NIS server;
/Usr/sbin/rpc. yppasswdd: provides an additional NIS User Password modification service. Through this service, the NIS user can directly change the password on the NIS server. The related program is the yppasswd command;

The commands related to the database of the account and password are as follows:

/Usr/lib64/yp/ypinit: database creation command, which is very common (in a 32-bit system, the file name is/usr/lib/yp/ypinit );
/Usr/bin/yppasswd: it is related to the NIS user end. It mainly allows the user to change the password on the server.
Case:

• NIS domain name lansgg
  

• The IP address of the NIS server is 192.168.182.132, and the host name is www.server.lansgg.com.

• The IP address of the NIS client is 192.168.182.133, and the host name is www.client.lansgg.com.

Install the server:

[root@Server lansgg]# yum install yp-tools ypbind ypserv rpcbind -y

Set NIS domain name)

[Root @ Server lansgg] # vim/etc/sysconfig/networkNISDOMAIN = lansgg # Add, NIS domain name YPSERV_ARGS = "-p 1001" # Add, start port of ypserv Service

Set the main configuration file/etc/ypserv. conf

[Root @ Server lansgg] # vim/etc/ypserv. confdns: no # The NIS server is mostly used in the internal LAN, as long as there is/etc/hosts, no DNS is needed. Here we use hostsfiles: 30 # by default, 30 databases will be read into the memory, xfr_check_port: yes # It is related to the master/slave, and the port used to compare the synchronously updated database, placed in <1024 # below is to set the permission to query the client or slave server, separated by a colon into four parts: # [host name/IP]: [NIS domain name]: [available database name]: [security restrictions] # [host name/IP]: You can use network/netmask such as 192.168.100.0/255.255.255.0 # [NIS domain name]: for example, vbirdnis # [available database name] in this case: The name of the database created by S; # [security restrictions]: including no restrictions (none), only available <1024 (port), and deny # In general, you can follow our domain to set it to the following: 127.0.0.0/255.255.255.0: *: none192.168.182.0/255.255.255.0: *: none *:*:*: deny # asterisk (*) indicates that all data is accepted. The above three lines mean opening the lo Internal interface, # opening the internal LAN domain, and eliminating the NIS requirements from all other sources. # There is also a simple practice. You can first annotate the above three lines and then add the following line: *: none

Set hosts

[root@Server lansgg]# vim /etc/hosts192.168.182.132 www.server.lansgg.com192.168.182.133 www.client.lansgg.com

Set Related Services

[Root @ Server lansgg] # vim/etc/sysconfig/yppasswddYPPASSWDD_ARGS = "-- port 1002" # port of the yppasswdd service

Start Related Services

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131228/003AL0X-1.jpg "title =" 4.jpg"/>

Set a test account and create a database

[Root @ Server lansgg] # echo 123 | passwd -- stdin testuser1

[root@Server lansgg]# useradd testuser1[root@Server lansgg]# useradd testuser2[root@Server lansgg]# useradd testuser3[root@Server lansgg]# echo 123 |passwd --stdin testuser1[root@Server lansgg]# echo 123 |passwd --stdin testuser2[root@Server lansgg]# echo 123 |passwd --stdin testuser3[root@Server lansgg]# /usr/lib/yp/ypinit -m

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131228/003AJ225-2.jpg "title =" 5.jpg"/>

PS: If your user password has changed, you have to re-create the database and restart ypserv and yppasswdd;

NIS client settings

[root@centos ~]# yum install ypbind yp-tools -y

Yp-tools is the query software, and ypbind is the communication bridge between ypserv and CentOS. In addition, many of our configuration files are related to authentication, including the ypbind configuration files, when setting the NIS client, you may need to move the file to the bottom:

/Etc/sysconfig/network: The NIS domain name.
/Etc/hosts: at least the IP address of each NIS server must correspond to the host name;
/Etc/yp. conf: This is the main configuration file of ypbind, which mainly sets the NIS Server
/Etc/sysconfig/authconfig: standardizes the authentication mechanism allowed during Account Login;
/Etc/pam. d/system-auth: this is the easiest thing to forget! Because the account is usually managed by the PAM module, you must add NIS support to the PAM module.
/Etc/nsswitch. conf: This file can regulate the query order of account passwords and related information. By default, You can first find/etc/passwd and find the NIS database;

In addition, NIS provides several interesting programs for the NIS client to modify account parameters, such as passwords and shells. the following commands are used:

/Usr/bin/yppasswd: change the password of your database in NIS database (the database created by NIS Server)
/Usr/bin/ypchsh: Same as above, but changed shell
/Usr/bin/ypchfn: Same as above, but it is used to change some user messages.

It would be too troublesome to modify the above configuration files one by one. Here we use its graphical tool: execute setup

Of course, first configure hosts

[root@centos ~]# vim /etc/hosts192.168.182.132 www.server.lansgg.com

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131228/003AK5b-3.jpg "style =" float: none; "title =" 6.jpg"/>

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131228/003AJK2-4.jpg "style =" float: none; "title =" 7.jpg"/>

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131228/003AJQ7-5.jpg "style =" float: none; "title =" 8.jpg"/>

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131228/003AM338-6.jpg "style =" float: none; "title =" 9.jpg"/>

Let's take a look at the files modified after the execution.

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131228/003AJ536-7.jpg "style =" float: none; "title =" 6.jpg"/>

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131228/003AM263-8.jpg "style =" float: none; "title =" 7.jpg"/>

In general:

/Etc/sysconfig/network (added to the NISDOMAIN project)/etc/nsswitch. conf (modify the order of many host verification functions)/etc/sysconfig/authconfig (Host Authentication Mechanism)/etc/pam. d/system-auth (PAM Authentication process required for many logins)/etc/yp. conf (configuration file of ypbind)

Test the NIS client: yptest, ypwhich, ypcat

Use yptest to test the database

[Root @ centos ~] # Yptest # below is the output information Test 1: domainnameConfigured domainname is "lansgg" Test 2: ypbindUsed NIS server: www. server. lansgg. comTest 3: yp_matchWARNING: No such key in map (Map passwd. byname, key nobody) # The warning here can be ignored. Because the UID of the early nobody is set to 65534, but now the nobody is set to 99 of the system account, it will not be recorded, this warning also appears. Test 4: yp_firsttestuser1 testuser1: $6 $ hCf0HKoZ $ G/SwK1ecB8oDpwcQNDmMMulDP3FNef13WMwB. authorization: 501: 501:/home/testuser1:/bin/bashTest 5: yp_nextleo: $6 $ TCro9XvftUiuBuRK $ authorization. XKsbDy7Vm24KsPIKienMA/y6U. fG. bjp1: 500: 500: leo:/home/leo:/bin/bashtestuser3 testuser3: $6 $ JcJY9UZF $ b8KRXlgMhCKK6k. qinit. fcBoU7FETHAkLggMOC 3 oScq/n.7FHm5pVdFfaXj8UvUo5fBLFJKzR7DNNN071RmW.: 503: 503:/home/testuser3:/bin/bashtestuser2 testuser2: $6 $ jOAUXAIi $ DoDRVX1YVB0MMCfHGpvaE3mgLzmWUs6QP/fingerprint: 502: 502:/home/testuser2: /bin/bashTest 6: yp_masterwww.server.lansgg.comTest 7: yp_order1374645119Test 8: pushed Pc. bynamegroup. bygidpasswd. bynamegroup. bynameservices. bynameypserversprotocols. bynamerpc. bynumberprotocols. bynumberTest 9: yp_alltestuser1 testuser1: $6 $ hCf0HKoZ $ G/SwK1ecB8oDpwcQNDmMMulDP3FNef13WMwB. adAMFLNo1FAZQ0DRzhIyA2M5OThWzeB2OZyCIVcZm7XC5Qxp0: 501: 501:/home/testuser1:/bin/bashleo: $6 $ TCro9XvftUiuBuRK $ response. XKsbDy7Vm24KsPIKienMA/y6U. fG. bjp1: 500: 500: leo:/home/leo:/bin/bashtestuser3 testuser3: $6 $ JcJY9UZF $ b8KRXlgMhCKK6k. qinit. fcBoU7FETHAkLggMOC3oScq/n.7FHm5pVdFfaXj8UvUo5fBLFJKzR7DNNN071RmW.: 503: 503:/home/testuser3:/bin/bashtestuser2 testuser2: $6 $ jOAUXAIi $ DoDRVX1YVB0MMCfHGpvaE3mgLzmWUs6QP/fingerprint: 502: 502:/home/testuser2: /bin/bash # Here is the focus: yp_all must have all the account information listed on your NIS server. If there is any account information, it should be verified Success! 1 tests failed

Use ypwhich to check the database quantity

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131228/003AH3Z-9.jpg "title =" 6.jpg"/>

From the above we can clearly see the relevant files! These database files are stored under my NIS Server/var/yp/lansgg /.

Use ypcat to read database content

In addition to yptest, you can also directly use ypcat to read the content of the database. This is generally the case.

[Root @ www ~] # Ypcat [-h nisserver] [database name] Option and parameter:-h nisserver: If this parameter is set, it directs to a specific NIS server. If this parameter is not specified, set ypbind as the master database name, that is, the file name in/var/yp/vbirdnis! For example, passwd. byname # Read the content of the passwd. byname database [root @ www ~] # Ypcat passwd. bynametestuser1: $6 $ hCf0HKoZ $ G/SwK1ecB8oDpwcQNDmMMulDP3FNef13WMwB. failed: 501: 501:/home/testuser1:/bin/bashtestuser3: $6 $ JcJY9UZF $ b8KRXlgMhCKK6k. qinit. fcBoU7FETHAkLggMOC3oScq/n.7FHm5pVdFfaXj8UvUo5fBLFJKzR7DNNN071RmW.: 503: 503:/home/testuser3:/bin/bashtestuser2: $6 $ jOAUXAIi $ DoDRVX1YVB0MMCfHGpvaE3mgLzmWUs6QP/fingerprint: 502: 502:/home/testuser2:/bin/bash

USER parameter modification: yppasswd, ypchfn, ypchsh is not demonstrated here)
Yppasswd: Same function as passwd command;
Ypchfn: Same as chfn;
Ypchsh: Same as chsh.

Start the test below:
Su to testuser1 on the client; we didn't have this account locally;

[Root @ www ~] # Su-testuser1su: Warning: Unable to switch to/home/testuser1: No file or directory

You can find that the switch is successful, but the system prompts that there is no home directory;

Because the home Directory of testuser1 is at/home on the server, but when you log on to the client, it is impossible to have a home directory of testuser1 under/home on the client! What should we do? Simply mount the server/home to the client!

Case 2;

1. Create three users u1, u2, and u3. Their home directories are separated by/uhome and the home directories of local users)

2. NFS server: Shared/uhome to the domain 192.168.182.0/24, and all programs are expected to be placed in the/uuse directory. In addition, assume that all clients are clean systems, so you do not need to compress the User root identity.

[root@Server ~]# mkdir /uhome[root@Server ~]# useradd -u 1001 -d /uhome/u1 u1[root@Server ~]# useradd -u 1002 -d /uhome/u2 u2[root@Server ~]# useradd -u 1003 -d /uhome/u3 u3[root@Server ~]# echo 123 |passwd --stdin u1[root@Server ~]# echo 123 |passwd --stdin u2[root@Server ~]# echo 123 |passwd --stdin u3

Start the service

[root@Server ~]# /etc/init.d/ypserv restart[root@Server ~]# /etc/init.d/yppasswdd restart[root@Server ~]# /usr/lib/yp/ypinit -m

Nfs settings

[root@Server ~]# mkdir /uuse[root@Server ~]# vim /etc/exports/uhome  192.168.182.0/24(rw,no_root_squash)/uuse   192.168.182.0/24(rw,no_root_squash)

650) this. width = 650; "src =" http://img1.51cto.com/attachment/201309/232407994.jpg "title =" 6.jpg"/>

Client settings

[Root @ www ~] # Mkdir/uhome/uuse [root @ www ~] # Mount-t nfs 192.168.182.132:/uhome [root @ www ~] # Mount-t nfs 192.168.182.132:/uuse # The above is correct and can be written to fstab or rc. local

Now you go to su-u1 and find that there is no longer a prompt that there is no home directory;

The yp yellow page service has been completed;

This article is from the Coffee _ Blue Mountains blog, please be sure to keep this source http://lansgg.blog.51cto.com/5675165/1289648