|
RHEL5部署NIS服务器
当生产环境中的Linux服务器主机越来越多的时候,方管理每台服务器中的账号是一件比较麻烦的工作, 主要是每一个用户分别在每一台服务器上都要建立相应账号,如果涉及组的管理,那情况可能更麻烦。 NIS(网络信息系统)在一定程度上为我们解决这个问题。在一台服务器上集中管理所有Linux的账号。 这样,我们增加一个用户的时候,不需要在每一台Linux上去增加用户了。
服务端:192.168.200.102 客户端:192.168.200.103
服务端:192.168.200.102 [iyunv@crushlinux2~]#serviceiptablesstop [iyunv@crushlinux2~]#setenforce0 [iyunv@crushlinux2~]#yum-yinstallypserv [iyunv@crushlinux2~]#nisdomainnameredhat建立redhat域 [iyunv@crushlinux2~]#echo"NISDOMAIN=redhat">>/etc/sysconfig/network [iyunv@crushlinux2~]#vi/etc/ypserv.conf 127.0.0.0/255.0.0.0:*:*:none 192.168.200.0/255.255.255.0:*:*:none *:*:*:deny
第一行:允许回环地址访问 第二行:允许客户机网段访问NIS服务器 第三行:禁止其他网段访问NIS服务器
配置NIS客户机的访问控制: 主机记录以host开头后面跟上IP地址,可以设置让本机访问,如果需要增加其他的服务器访问, 可以继续增加:host192.168.200.100,如果是一个网段注意:子网掩码在前,网段地址在后 [iyunv@crushlinux2~]#vim/var/yp/securenets host127.0.0.1 255.255.255.0192.168.200.0
[iyunv@crushlinux2~]#useraddcrushlinux建立帐号 [iyunv@crushlinux2~]#passwdcrushlinux [iyunv@crushlinux2~]#serviceportmaprestart [iyunv@crushlinux2~]#serviceypservrestart [iyunv@crushlinux2~]#chkconfigportmapon [iyunv@crushlinux2~]#chkconfigypservon
构建NIS数据库 [iyunv@crushlinux2~]#/usr/lib/yp/ypinit-m ------------------------------------------------------------------------------------- Atthispoint,wehavetoconstructalistofthehostswhichwillrunNIS servers.crushlinux2.comisinthelistofNISserverhosts.Pleasecontinuetoadd thenamesfortheotherhosts,oneperline.Whenyouaredonewiththe list,typea<controlD>. nexthosttoadd:crushlinux2.com nexthosttoadd:<===按CTRL+D ThecurrentlistofNISserverslookslikethis:
crushlinux2.com
Isthiscorrect?[y/n:y]y<===输入y Weneedafewminutestobuildthedatabases... Building/var/yp/redhat/ypservers... Running/var/yp/Makefile... gmake[1]:Enteringdirectory`/var/yp/redhat' Updatingpasswd.byname... Updatingpasswd.byuid... Updatinggroup.byname... Updatinggroup.bygid... Updatinghosts.byname... Updatinghosts.byaddr... Updatingrpc.byname... Updatingrpc.bynumber... Updatingservices.byname... Updatingservices.byservicename... Updatingnetid.byname... Updatingprotocols.bynumber... Updatingprotocols.byname... Updatingmail.aliases... gmake[1]:Leavingdirectory`/var/yp/redhat'
crushlinux2.comhasbeensetupasaNISmasterserver.
Nowyoucanrunypinit-scrushlinux2.comonallslaveserver. ------------------------------------------------------------------------------------- [iyunv@crushlinux2~]#serviceportmaprestart [iyunv@crushlinux2~]#serviceypservrestart [iyunv@crushlinux2~]#nisdomainname redhat [iyunv@crushlinux2~]#vim/etc/exports /home*(ro) [iyunv@crushlinux2~]#servicenfsrestart [iyunv@crushlinux2~]#chkconfignfson
客户端:192.168.200.103 [iyunv@crushlinux3~]#serviceiptablesstop [iyunv@crushlinux3~]#setenforce0 [iyunv@crushlinux3~]#setup 验证配置--->选中NIS(用空格选择)下一步--->输入“redhat”和“192.168.200.102” [iyunv@crushlinux3~]#setup 停止portmap:[确定] 启动portmap:[确定] 关联到NIS域:[确定] 监听NIS域服务器。 [iyunv@crushlinux3~]#nisdomainname redhat [iyunv@crushlinux3~]#mount-tnfs192.168.200.102:/home//home [iyunv@crushlinux3~]#su-crushlinux [crushlinux@crushlinux3~]$whoami crushlinux [iyunv@crushlinux3~]$vi/etc/fstab 192.168.0.10:/home/homenfsdefaults00 [iyunv@crushlinux3~]#umount/home [iyunv@crushlinux3~]#mount-a [iyunv@crushlinux3~]#chkconfig--listypbind ypbind0:关闭1:关闭2:关闭3:启用4:启用5:启用6:关闭
| 
QQ群⑧:
窥视卡
雷达卡
发表于 2013-10-15 09:06:46
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡