• m Linux pЉ|
    osGAзR firefox s
    | cD | ̔D | g | A | ~R | ୱR | w޲z | QAO | Ŏ | y`~ | m | Xs |
    @ @ @
    @
    ̪sG2011/07/28
    SQLApGڦQ Linux DEAoQDEȭtdP\AWAҦDEbPRKXۦPI ڬONbPKXO]wmbQqWAROiHzL@DEb޲z\AMLDEunSΤεnJɡA Nn޲zbDEWT{bPKXOH@ӤKӥBFHSMO@ӱb޲zDEKhTI pGϥΪ̭nקKXAnhQDEקKXTIunDn޲zDEhקALDEڥNݭnʡI IPSr֩OIoӥ\઺Fܦh覡Abo̡Aڭ̤@ӫ̔x覡ANO Network Information Service o NIS A[]TI


    jADϥ14.1 NIS ѨӻP\

    b@ӤjkSApGh Linux DEAU@nCDEݭn]wۦPbPKXɡAAMHƻs /etc/passwd HRMSobaHpG^@bDAӺ޲zkҦDEbA SLDEϥΪ̵nJݨDɡA~oDAWnD}bBKXΨϥΪ̸TA p@ӡApGQnW[BקBRϥΪ̸ơAunoDAWBzYiA o˴N^CƳ]wϥΪ̱bBJFC

    o˪\঳ܦhAniHFAo̧ڭ̭nhO Network Information Services (NIS server) oӦAnIUNӽͤ@ͳo NIS }\aI

    Tips:
    NIS DnѪOϥΪ̪bBKXBaؿɦWBUIDθTA NIS èSɮרtCPɡA NIS P˨ϥΫe@ؽͨ쪺 RPC AA]bض}leAAROon{Ѥ@UĤQTؽͨ쪺 NFS P RPCA PɧARonD߽gĤṰĤQ|رb޲zA Pɤ]oA@U߽gĤGQG make/Makefile T~nC
    mϥ

    pADϥ14.1.1 NIS Dn\G޲zbT

    q`ڭ̳|ijA@ Linux DE\Vx¶VnA]NOA@ Linux NMi@AȡCo˦\hnBAo]t\x©ҥHt귽oHBΡA åBboͤJIΪ̬OtͪpɭԡA]eldDҦbC]A@Ӥq``|nX Linux DEAMtd WWW BMtd Mail BMtd SAMBA ΆΪAȡC

    LAoMIBel}DnBAOAѩOP@ӤqhDEAҥHWҦ Linux DEbPKXO@˪IzIpGq̭ 100 HܡA ڭ̴NݭnwohDEh]wbKXFIӥBApGRsiuܡA O]wKXN|Ϩt޲zgFI

    oӮɭԡAڭ̂@ӨרӫҡGpGڳ]pF@M޲zbPKXAAӨL Linux DESΤݭnnJɭԡANno޲zKXAӬdMϥΪ̪bPKXA p@ӡAڭn޲zҦ Linux DEbPKXAun쨺DnAWhi]wYiI ]AsiH]wAϥL Linux DEOVdMIShIuOnoӴNO Network Information Service, NIS ADn\TI

    WANetwork Information Service ̦RMO٬ Sun Yellow Pages (̔ yp)A]NO Sun oaqX@ӦW Yellow Pages AnAЪ`NA NIS P YP O@Ҥ@˪NNIo Yellow Pages WruOnI򻡩OHD (Yellow Pages) OܡHNOڭ̮a̪qïTI ѦpGAndM@atΪqܸXAq`NO^hdWӨoqܸX[Iӳo NIS ]@ˡASϥΪ̭nnJɡA Linux tN| NIS AWhMoӨϥΪbPKXTӥ[HA HѨϥΪ̵nJΪˇ[IܴΧaI ^_^

    NIS AѤFǸTOHROobPKXmb̧aHNIS NOѨǸTI DnUoǰ򥻪ƴѵnJݨDDEG

    AɮצWɮפe
    /etc/passwdѨϥΪ̱bBUIDBGIDBaؿҦbBShell Ά
    /etc/groupѸsœƥH GID RARMsœ[JH
    /etc/hostsDEWٻP IP RA`Ω private IP DEWٹR
    /etc/servicesC@RA (daemons) ҹRf (port number)
    /etc/protocols䪺 TCP/IP ʥ]wAp TCP, UDP, ICMP
    /etc/rpcCR RPC AҹR{X
    /var/yp/ypserversNIS AҴѪƮw

    ܤ֥iHѤWzoǥ\ASMTAA]iHۦwqǸƮwݭnAǸƮwݭnI


    pADϥ14.1.2 NIS B@y{GzL RPC A

    ѩ NIS ADnOѨϥΪ̵nJTΤݥDEӬdߤΡAҥHA NIS AҴѪSMNݭnΨljKPŪgֳt "Ʈw" ɮרtA ӤODž¤rCFnFoӥتAҥH NIS ANnNe@p`쪺ɮ׻s@ƮwɮA MϥκqTwΤݥDEӬdoCܩҨϥΪqTwPe@ت NFS ۦPAϥέhݵ{ǩIs (RPC) oӪNI

    ~ApGb@ӫܤjk̭AU@Ҧ Linux DEVP@ NIS AnDϥΪ̸ƮɡA o NIS At (loading) i|LjCƦܦpGҼ{ƨϥΪIA nOox@@ NIS AIɡAL Linux DERnn users nJ[H ҥHoAbj~SA NIS AiHϥ master/slave (D/nA) [cC

    Master NIS AѨt޲z̻s@ƮwA slave hoӦ master ơAÑ]HѨLΤݪdߡC ΤݥiHVӺknDϥΪ̸ƪ^RAmaster P slave ҥi^A ѩ slave ƨӦ۩ master AҥHϥΪ̱bƥOPBI p@譱iH NIS AtAӥB]iHקK] NIS AIfPLknJIC

    NIS APΤݪB@Pdߤ覡ܷN
    14.1-1BNIS APΤݪB@Pdߤ覡ܷN

    NIS B@NpPWϡAn NIS server sbA~| NIS Client sbC SϥΪ̦nJݨDɡA NIS B@{ǬOG

    • } NIS Server (master/slave) B@{ǡG
      1. NIS Master NbKX}ɮ׻s@ƮwɮסF
      2. NIS Master iHDʪi NIS slave server ӧsF
      3. NIS slave iDʪe NIS master server os᪺ƮwɮסF
      4. YbKXʮɡAݭnss@ database PsPB master/slaveC

    • }S NIS Client nJdߪݨDɡG
      1. NIS client YnJݨDɡA|dߨ䥻E /etc/passwd, /etc/shadow ɮסF
      2. Yb NIS Client E䤣}bơA~}lV NIS kDEsdߡF
      3. C NIS server (A master/slave) iH^RA򥻤WOy^RuzC

    qWy{SAA|o{ NIS client RO|w糧EbƶidߡAYEdɤ~ NIS server WYMC]ApGA NIS client Nܦh@ϥΪ̪bɡA NIS server ҴѪbNiಣͤ@w{תtoIҥHA@ӻAbo˪UANIS client NIS slave server |DʮۤvE@ϥΪ̱bAȷ|Odtһݭn root ΨtbӤwC p@ӡA@ϥΪ̤~|g NIS master server ұޔ[I ^_^

    ھڤW 14.1-1 Aڭ̪ NIS jPWݭn]w򥻤NG

    • NIS Master server GNɮ׫ظmƮwAô slave server ӧsF
    • NIS Slave server GH Master server Ʈw@ƮwӷF
    • NIS client GV master/slave nDnJ̪ҸơC

    NpPW쪺Abj줤~|ϥΨoz NIS master/slave [cC]Aضȷ| NIS Master ظmA H NIS client ]wӤwCANIS AȨϥΪjyVӶVȧbNӋȼҦ[Oq[c (PC cluster)A b˪[cAAm{ȭn| NIS master YiCpGRLb譱nDAҦpwxbTѡA iNonѦ Samba Χi픪 LDAP ~nIo̧ڭ̤T{bANڭ̶}lӪ@o NIS ]waI


    jADϥ14.2 NIS Server ݪ]w

    NIS AݥDnb󴣨ѸƮwΤݧ@ҤΡAM NIS A Master P Slave A Lmo̤äOj~A]Ȥ NIS master ]wӤwT㨺Nӳ]wݬoI


    pADϥ14.2.1 һݭnn

    ѩ NIS Aݭnϥ RPC wAB NIS APɤ]iHSΤݡA]ݭnnNUoXӡG

    • yp-tools G NIS }dMO\
    • ypbind   G NIS Client ݪ]wn
    • ypserv   G NIS Server ݪ]wn
    • rpcbind  GNO RPC @wݭnƔ[I

    pGAOϥ Red Hat tAҦpڭ̪ CentOS 6.x ܡAAiHQΡy rpm -qa | grep '^yp' z ˬdO_wUWznC@ӻ yp-tools, ypbind |DʪwUAL ypserv iN|wUFC ɫijA^ϥΡy yum install ypserv zӦwUaIߨNUnFCUߨӳ]woI


    pADϥ14.2.2 NIS A}]w

    b NIS AW̭nNO ypserv oӳnFAOAѩ NIS ]wR|ϥΨLӋ]wơA ]b]wɤ譱ݭnUoǸƳG

    • /etc/ypserv.confGoO̥Dn ypserv nҴѪ]wɡAiHWd NIS ΤݬO_inJvC
    • /etc/hostsGѩ NIS server/client |ΨDEWٻP IP RA]oӥDEWٹRɴN㪺SnIC@DEWٻP IP ݭnO~I
    • /etc/sysconfig/networkGiHboɮפw NIS k (nisdomainname)C
    • /var/yp/MakefileGeObƭn茦ƮwɶܡH oNOPإ߸Ʈw}ʧ@]wɡF

    ܩ NIS AѪDnAȤ譱UӡG

    • /usr/sbin/ypservGNO NIS ADnѪAȡF
    • /usr/sbin/rpc.yppasswddGB~ NIS ΤݤϥΪ̱KXקAȡA zLoӪAȡA NIS ΤݥiH^קb NIS AWKXC}ϥε{hO yppasswd OF

    PbKXƮw}O譱UXӡG

    • /usr/lib64/yp/ypinitGإ߸ƮwOAD`` (b 32 줸tUAɦWhO /usr/lib/yp/ypinit I)F
    • /usr/bin/yppasswdGP NIS Τݦ}ADnbΤקAWKXC

    pADϥ14.2.3 @@ר

    pGA[ԎL 14.1-1 ܡAA|o{ڭ̪ NIS ݭn]w Master/Slave client ΡA Lڭ̳o̶Ȥ NIS master server P NIS client ӤӤwApGAݭnB~ slave ܡA AЬd\ NIS xoCUm[@̔xרҡAרҧڭ̦Aӽͽڥi|ϥΩOqרҧaI

    • NIS kW٬ vbirdnis
    • ӤHk 192.168.100.0/24
    • NIS master server IP 192.168.100.254 ADEW٬ www.centos.vbird
    • NIS client IP 192.168.100.10ADEW٬ clientlinux.centos.vbird

    Uڭ̴N@Ӥ@Өӳ]waI


    pADϥ14.2.4 NIS server ]wPŰ

    NIS A]wuO̔xAAAnb NIS AWdwAbPKX}ơA o]A /etc/passwd, /etc/shadow, /etc/hosts, /etc/group .... ΆΡAondw~I Nb}ƽаѦgĤQ|رb޲zC ΨdwANiH~ NIS A]wFG


    • 1. ]w NIS kW (NIS domain name)

    NIS O|ZkW (domain name) Ӥ~PbKXƪA]AnbAPΤݳwۦP NIS ZkW٤~C]wo NIS ZkW٪ʧ@̔xAN^s /etc/sysconfig/network YiIpUҥܡG

    [root@www ~]# vim /etc/sysconfig/network
    # nLJơAun[JUoXYiG
    NISDOMAIN=vbirdnis      <==]w NIS ZkW
    YPSERV_ARGS="-p 1011"   <==]w NIS CŰʦbTwf
    

    SMAA]iHϥΤʪ覡Ȯɳ]wnA NIS ZkW١AzLkNO nisdomainname oӫOC ( nisdomainname P ypdomainname domainname O@Ҥ@˪OTIAunO@ӫOW٧YiCЦۦ man domainname aI)LAoӫO{bjyuΨˬd]wO_TA]Ű NIS AɡAAhƴNOq network oɮ׸̭IҥHunoӳ]wɧYi[I

    t~Aѩ󥼨ӷQϥ iptables ^޲z NIS ϥΡA]ڭ̷Qn NIS ŰʦbTwfWCɡA NϥΡyYPSERV_ARGS="-p 1011"zoӳ]wȨөTwfb 1011 aI


    • 2. Dn]w /etc/ypserv.conf

    oӳ]wɴNO NIS ḀDn]wTIe̔xAAiHOdw]ȧYiCLA]iH@@ǧTI

    [root@www ~]# vim /etc/ypserv.conf
    dns: no
    # NIS AjhϥΩ󤺈kAun /etc/hosts YiA DNS T
    
    files: 30
    # w]| 30 ӸƮwQŪJOSAڭ̪bɮרähA30 ^ΤFC
    
    xfr_check_port: yes
    # P master/slave }ANPBsƮwҨϥΪfAm <1024 C
    
    # UhO]wΤݩ slave server dߪvAQΫ_j|G
    # [DEW/IP] : [NISkW] : [iθƮwW] : [w]
    # [DEW/IP]   GiHϥ network/netmask p 192.168.100.0/255.255.255.0 
    # [NISkW]   GҦpרҤ vbirdnis
    # [iθƮwW]GNO NIS s@XӪƮwW١F
    # [w]      G]AS (none)Bȯϥ <1024 (port) Ωʎ (deny)
    # @ӻAAiH̷ӧڭ̪kӳ]wUҼˡG
    127.0.0.0/255.255.255.0     : * : * : none
    192.168.100.0/255.255.255.0 : * : * : none
    *                           : * : * : deny
    # P (*) NƳ^NCWT檺NOA} lo B
    # }񤺈 LAN kABʎҦLӷ NIS nDNC
    
    # R@̔x@kAAiHNWTAM[JUo@YiG
    *                         : * : * : none
    

    ѩmߺDbkä]wY檺A]q`mOܨϥΡy * : * : * : none zӳ]wȡI MzL iptables ӺޱiϥΪӷNOFCSMAAiH̾ڧAݨDӳ]wTI


    • 3. ]wDEWٻP IP R (/etc/hosts)

    b /etc/ypserv.conf ]wSڭ̽ͨ NIS jOkDEϥΪAҥHSMNݭn DNS ]wFCLAѩ NIS ϥΨܦhDEW١AOsuzLO IP [IҥHA@wn]wn /etc/hosts ̭DEWٻP IP RA_h|Lk\su NIS IoӫܭnAʎjB͵LkF NIS server/client suOo̥XDӤwC ̾רҪ]wAARMo˰G

    [root@www ~]# vim /etc/hosts
    # 쥻N localhost P 127.0.0.1 ]wnʡAunsWơG
    192.168.100.254   www.centos.vbird
    192.168.100.10    clientlinux.centos.vbird
    
    [root@www ~]# hostname
    www.centos.vbird
    # AӽT{ATwKXDEWٻPE IP TgJ /etc/hosts I
    

    `NIpGADEW (hostname) P NIS DEW٤@ˡAboɮSROݭnNADEWٵL]wiӡI _hb᭱Ʈw]wɡA֩w|oͰDCSMTAA]iH^b /etc/sysconfig/network S^s]wDEW١AM᭫s}EAΪ̬OQ hostname oӫOs]wADEW٤]iHC


    • 4. ŰʻP[ԎҦ}A

    ^USMOŰʩҦ}AoAo]A RPC, ypserv H yppasswdd oILApGA RPC ӴNwgŰʪܡANnsŰ rpcbind FI~AF] yppasswdd ŰʦbTwfAK޲zA ]Aڭ̤]ijAiH]w@U /etc/sysconfig/yppasswdd I

    [root@www ~]# vim /etc/sysconfig/yppasswdd
    YPPASSWDD_ARGS="--port  1012"    <==oӳ]wȡAק@UeoˡI
    
    [root@www ~]# /etc/init.d/ypserv start
    [root@www ~]# /etc/init.d/yppasswdd start
    [root@www ~]# chkconfig ypserv on
    [root@www ~]# chkconfig yppasswdd on
    

    `NADn NIS AȬO ypserv ALApGn NIS ΤݪKXק\઺ܡA ̦nROonŰ yppasswdd oӪAȤ~nCbŰʧܫAڭ̥iHQ rpcinfo ˬdݬݡG

    [root@www ~]# rpcinfo -p localhost
       program vers proto   port  service
        100000    4   tcp    111  portmapper
        100000    4   udp    111  portmapper
        100004    2   udp   1011  ypserv
        100004    1   udp   1011  ypserv
        100004    2   tcp   1011  ypserv
        100004    1   tcp   1011  ypserv
        100009    1   udp   1012  yppasswdd
    # Lۤz RPC mNFAP NIS }ܤ֭nWoXӡInJNݡA
    # ݬݰfO_ڭ̳Ww 1011, 1012 AYOܡAonק@U]wɡC
    
    [root@www ~]# rpcinfo -u localhost ypserv
    program 100004 version 1 ready and waiting
    program 100004 version 2 ready and waiting
    

    ܦhɭԡAܦhBͦb]w NIS S^h]w NFS FAGݤFe@تAMSsŰ rpcbind A oNfP ypserv UƳQPC]AϥΤWzʧ@ˬdݬݪAȦSbΫݤA nݨpWyNÆΫݪAȡz~|O`I


    • 5. Bzbëإ߸Ʈw

    bFWҦBJA^Uӧڭ̱on}lNDEWbɮ茦ƮwɮTI LA]߻P NIS ΤݪbeA[Weڭ̤wgإ߹L@DZbFCҥHAo̧ڭ̫إߤTӷsbA OO nisuser1, nisuser2, nisuser3 CLbDnO̾ UID ӧP_[I]Aڭ̨ϥΤj 1000 UID ӫإ߳oTӱbI

    [root@www ~]# useradd -u 1001 nisuser1
    [root@www ~]# useradd -u 1002 nisuser2
    [root@www ~]# useradd -u 1003 nisuser3
    [root@www ~]# echo password | passwd --stdin nisuser1
    [root@www ~]# echo password | passwd --stdin nisuser2
    [root@www ~]# echo password | passwd --stdin nisuser3
    

    ^UӡANإߪbK茦ƮwaI茂ʧ@^zL /usr/lib64/yp/ypinit oӫOӳBzYiIӨBJOo˰G

    [root@www ~]# /usr/lib64/yp/ypinit -m
    
    At this point, we have to construct a list of the hosts which will run NIS
    servers.  www.centos.vbird is in the list of NIS server hosts.  Please continue
    to add the names for the other hosts, one per line.  When you are done with the
    list, type a <control D>.
            next host to add:  www.centos.vbird  <==tھڥDEW٦۰ʮ
            next host to add:                    <==oӦaU [crtl]-d
    The current list of NIS servers looks like this:
    
    www.centos.vbird
    
    Is this correct?  [y/n: y]  y
    We need a few minutes to build the databases...
    Building /var/yp/vbirdnis/ypservers...
    Running /var/yp/Makefile...
    gmake[1]: Entering directory `/var/yp/vbirdnis'
    Updating passwd.byname...
    Updating passwd.byuid...
    ....(ٲ)....
    gmake[1]: Leaving directory `/var/yp/vbirdnis'
    
    www.centos.vbird has been set up as a NIS master server.
    
    Now you can run ypinit -s www.centos.vbird on all slave server.
    

    n`NX{TSAbiAiH^KJ [ctrl]-d HӦaA ADEWٷ|DʪQXӡA`NIoӥDEWٰȥݭnb /etc/hosts iHQ IP RA _h|X{DCt~AU@b ypinit -m ɡAX{pUh~A֩wNOǸƨSQإߤFI

    gmake[1]: *** No rule to make target `/etc/aliases', needed by `mail.aliases'.  Stop.
    gmake[1]: Leaving directory `/var/yp/vbirdnis'
    make: *** [target] Error 2
    Error running Makefile.
    Please try it by hand.
    
    [root@www ~]# touch /etc/aliases
    # Mk̔xoIʤ֤ɮסAN touch LNOFI
    
    [root@www ~]# /usr/lib64/yp/ypinit -m
    # MAs@YiI
    

    pGOpUh~AiO]G

    • A ypserv AȨSQŰʡAЧQ rpcinfo ˬdݬݡF
    • ADEWٻP IP SRnAˬd /etc/hosts
    gmake[1]: Entering directory `/var/yp/vbirdnis'
    Updating passwd.byname...
    failed to send 'clear' to local ypserv: RPC: Program not registeredUpdating passwd.byuid...
    failed to send 'clear' to local ypserv: RPC: Program not registeredUpdating group.byname...
    ....(Uٲ)....
    

    n`N[ApGAϥΪ̱KXܰʹLAANonss@ƮwAsŰ ypserv yppasswdd I `N`N[I NIS Ao˴NdwFAS̔x[I


    pADϥ14.2.5 ]m

    SӨFWُFIn`NOAڭ̪ NIS P NFS Oϥ RPC Server AҥHoAFWzͨ쪺Twf~A ARon} port 111 ~C]AwgݹLe@ءAӥBOϥΉm iptables.rule }ӳBzAA AiHקMɮתeAsWXWhhG

    [root@www ~]# vim /usr/local/virus/iptables/iptables.allow
    iptables -A INPUT -i $EXTIF -p tcp -s 192.168.100.0/24 --dport 1011 -j ACCEPT
    iptables -A INPUT -i $EXTIF -p udp -s 192.168.100.0/24 -m multiport \
             --dport 1011,1012 -j ACCEPT
    
    [root@www ~]# /usr/local/virus/iptables/iptables.rule
    # dUOonsظmWh[I
    

    jADϥ14.3 NIS Client ݪ]w

    ڭ̪DsuOUVAҥH NIS server ѸƮwɮסANIS client SM]ݭnѤ@dzsunoIoӳsunNO ypbind TI~ApP 14.1-1 Ab NIS client ݦnJݨDɡANIS client 򥻤WROjMۤv /etc/passwd, /etc/group θƫ~Ah NIS server Ʈw[IҥH NIS client ̦n^NbKXRȳѤUtbAY UID, GID p 500 HUbYiA p@ӬJitL~A]^nJ̪TӦ NIS server AxTI

    Tips:
    WAAQn NIS AgJUbƳb NIS server /var/yp/Makefile ɮ׳]wI AiHiJMɮ׷jM@U UID NDFI ^_^
    mϥ

    pADϥ14.3.1 NIS client һݳnPnc

    NIS client ݩһݭnnȦG

    • ypbind
    • yp-tools

    yp-tools OѬdߪnAܩ ypbind hOP ypserv ۷qΤݳsunTI t~Ab CentOS SڭRܦh]wɬOP{Ҧ}A]t ypbind ]wɮɡA b]w NIS client Aiݭnʨ쩳UɮסG

    • /etc/sysconfig/networkGNO NIS ZkWٹI
    • /etc/hostsGܤֻݭnU NIS A IP PDEWRF
    • /etc/yp.confGoӫhO ypbind Dn]wɡA̭Dn]w NIS AҦb
    • /etc/sysconfig/authconfigGWdbnJɪ\{EF
    • /etc/pam.d/system-auth Goӳ̮eѰOI]bq` PAM œҺ޲zA ҥHAnb PAM œ[J NIS 䴩~I
    • /etc/nsswitch.conf GoɮץiHWdbKXP}Td߶ǡAw]O /etc/passwd A NIS ƮwF

    t~A NIS RѤFXӦê{ NIS ΤݨӶib}ӋקAҦpKXBshell ΆΡA DnUoXӫOG

    • /usr/bin/yppasswd GAb NIS database (NIS Server һs@Ʈw) KX
    • /usr/bin/ypchsh   GPWAOO shell
    • /usr/bin/ypchfn   GPWAOO@ǨϥΪ̪TI

    OKI򩳤UNڭ̶}lӳ]w NIS ΤݧaI^_^


    pADϥ14.3.2 NIS client ]wPŰ

    Ű NIS client ]wN̔xhFI̥DnO[J NIS domain SAMAŰ ypbind YiC MAiHʥhקҦ]wɡAMӪHӪ Linux distributions bBzEVӶVzA ҥHpGAQnʭקҦ]wɡAȷ|Ʊ]Ao̫ijAϥΨtѪuӳ]wA ܩ@ǭn]wɡA̫ᦳE|AhѦҤ@UYiC

    CentOS 6.x ѤFnΪ޲zuOH̔xANQ setup oӫOYiIKJ setup N|X{pUϥܡA M̧dzoBzNnFI

    Q setup iJ authconfig {Ҷ
    14.3-1BQ setup iJ authconfig {Ҷ

    OobX{W 14.3-1 Aܻ{ҳ]wApGOX{^媺ܡAANonܡyAuthentication configurationzءAN|iJUeG

    iJ authconfig A NIS
    14.3-2BiJ authconfig A NIS

    ]ڭ̭n NIS @nJ̨ҪEA]Non NIS ءApGO^媺ܡAonܡyUse NISzاYiC

    g NIS ZkH NIS A IP Yi
    14.3-3Bg NIS ZkH NIS A IP Yi

    ̫Ag NIS k (Domain) H NIS A IP (Server)AUTwYiCpGtܧ֪Nt^ 14.3-1 eA NA]wzAWOSDCpG@dbpUeG

    bŰ rpcbindG                                         [  Tw  ]
    b} NIS AȡG                                        [  Tw  ]
    bŰ NIS AȡG                                        [  Tw  ]
    bjw NIS AȡG.......  <==o̤@dASk
    

    WzƴNOXDTINA NIS client Sks^W NIS serverA̱`oͪNOAѰOAΪ̬OAΤ݉KJA IP ɡAhӋrF ]Oܱ`oͪh~TIoɽЦۦhק@faIo setup 쩳FקOHڭ̤]ӬݬݴXӳQﱼn]wɧaG

    [root@clientlinux ~]# cat /etc/sysconfig/network
    HOSTNAME=clientlinux.centos.vbird
    NETWORKING=yes
    GATEWAY=192.168.100.254
    NISDOMAIN=vbirdnis    <==oӪN|DʪQإ߰_
    
    [root@clientlinux ~]# cat /etc/yp.conf
    ....(eٲ)....
    domain vbirdnis server 192.168.100.254  <==Dʫإ߳oN
    
    [root@clientlinux ~]# vim /etc/nsswitch.conf
    passwd:     files nis
    shadow:     files nis
    group:      files nis
    hosts:      files nis dns
    # WXӶجOnA]AӋBKXBsœWBDEWP IP RƆΡC
    # A|ݨACӶث᭱|^ nis AҥH nis Q䴩oI
    

    ]ʨ쪺ɮbӦhFAҥHmROijϥ setup ӽվYiCOApGAuQnʳBzܡA Anʪק侀UoɮסG

    • /etc/sysconfig/network ([J NISDOMAIN )
    • /etc/nsswitch.conf (ק\hDEҥ\઺)
    • /etc/sysconfig/authconfig (CentOS {E)
    • /etc/pam.d/system-auth (\hnJһݭn PAM {ҹL{)
    • /etc/yp.conf (YO ypbind ]w)

    pADϥ14.3.3 NIS client ݪˇG yptest, ypwhich, ypcat

    pTw NIS client wgsW NIS server OH򥻤WAunϥ setup h]wɡA̫᪺BJèSQdA RMNOQ\TIMBJ|۰ʎŰ rpcbind P ypbind ӪAȽIpT{ƶǰeOTH ̔xnR[IAiHQ id oӫO^ˬd NIS server AO NIS client SbApGX{Mb} UID/GID TɡAܸƶljK]OTC ~AڭRiHzL NIS Ѫ}ˇ\ˬdIUO@@@G


    • Q yptest ˇƮwG

    ^b NIS client KJ yptest Yiˬd}ơApUҥܡG

    [root@clientlinux ~]# yptest
    Test 1: domainname
    Configured domainname is "vbirdnis"
    
    Test 2: ypbind
    Used NIS server: www.centos.vbird
    
    Test 3: yp_match
    WARNING: No such key in map (Map passwd.byname, key nobody)
    ....(ٲ)....
    
    Test 6: yp_master
    www.centos.vbird
    
    ....(ٲ)....
    
    Test 8: yp_maplist
    passwd.byname
    protocols.byname
    hosts.byaddr
    hosts.byname
    ....(ٲ)....
    
    Test 9: yp_all
    nisuser1 nisuser1:$1$U9Gccb60$K5lDQ.mGBw9x4oNEkM0Lz/:1001:1001::/home/nisuser1:/bin/bash
    ....(ٲ)....
    1 tests failed
    

    qoӴSڭ̥iHo{@ǎh~ANOb Test 3 X{ĵiTTCRnAuOSMƮwӤw Mh~OiHCIb 9 ӨBJ yp_all nCXA NIS server WYҦbTApGX{b}ƪܡARMN⇊Ҧ\FI

    Tips:
    DOĤTBJAL|X{b passwd.byname S䤣 nobody rˡCoO] nobody UID ]wb 65534 A CentOS hN nobody ]wtb 99 AҥHSM|QOA]NX{o@ĵiCLAoӎh~OiTI
    mϥ

    • Q ypwhich ˇƮwӋq

    x¨ϥ ypwhich ɭܪOyNIS Client domainzW١AS[J -x oӰӋɡA hOܡyNIS Client P Server qƮwǡHzAiHo˴I

    [root@clientlinux ~]# ypwhich -x
    Use "hosts"     for map "hosts.byname"
    Use "group"     for map "group.byname"
    Use "passwd"    for map "passwd.byname"
    ....(HUٲ)....
    

    ѤWڭ̥iHܲMENݨ}ɮTIoǸƮwɮ׫hOmbڪ NIS Server /var/yp/vbirdnis/* ̭oI


    • Q ypcat ŪƮwe

    F yptest ~AARiH^Q ypcat ŪƮweI@@kOoˡG

    [root@clientlinux ~]# ypcat [-h nisserver] [ƮwW]
    ﶵPӋG
    -h nisserver GpG]wܡAVY@Sw NIS AA
                   pGSwܡANH ypbind ]wDF
    ƮwW١GYb /var/yp/vbirdnis/ ɦW[IҦp passwd.byname
    
    # ŪX passwd.byname Ʈwe
    [root@clientlinux ~]# ypcat passwd.byname
    

    oTӫObi NIS Client ݪˇɡAOSΪInFLsb[IרO[]n NIS Client ɡA@wnϥ yptest hˬdݬݦS]wh~Iھڿ݁ܪTh@Ӥ@Ӯեh~~[I


    pADϥ14.3.4 ϥΪ̰ӋקG yppasswd, ypchfn, ypchsh

    nFAFWz]wAA NIS server/client bwgPBFIuO@OܡH LARӮjDANO...ϥΪ̦pb NIS client קLۤvnJӋAҦpKXBshell ΆΡH ] NIS client O]ѸƮwӨoϥΪ̪bKXApb NIS ΤݳBzbKXqH

    ݪnIo]Oڭ̻ݭnb NIS server Ű yppasswdd oAȪDnηNI ] yppasswdd iH^ NIS client ݶǨӪKXקA]ӳBz NIS server /etc/passwd, /etc/shadow A M yppasswdd R^رKXƮwA NIS server PBsƮwIuOܤh[I ^_^

    MpUFOOH̔x[IzL yppasswd, ypchsh, ypchfn ӳBzYiCoTӫOROG

    • yppasswd GP passwd OۦP\F
    • ypchfn GP chfn ۦP\F
    • ypchsh GP chsh ۦP\C

    ]\SAҥHmo̶Ȼ@U yppasswd ӤwC]AwgnJ NIS client DEA åBOH nisuser1 oӨϥΪ̵nJAOAoӨϥΪ̬}ƶȦb NIS server WC ^UӡAoӨϥΪ̥iHUF yppasswd ApUҥܡG

    [root@clientlinux ~]# grep nisuser /etc/passwd  <==|X{TA]Lb
    [root@clientlinux ~]# su - nisuser1             <==^ݬݡI
    su: warning: cannot change directory to /home/nisuser1: No such file or directory
    -bash-4.1$ id
    uid=1001(nisuser1) gid=1001(nisuser1) groups=1001(nisuser1)
    # ]ڭ client.centos.vbird ȦbTAèSϥΪ̮aؿA
    # ҥHN|X{pWĵiA]~ݭn id ҡAåBݭn[ NFS I
    # JNݡA{bTO nisuser1 ITsW NIS server TI
    
    -bash-4.1$ yppasswd
    Changing NIS account information for nisuser1 on www.centos.vbird.
    Please enter old password:    <==ỏKJHKX
    Changing NIS password for nisuser1 on www.centos.vbird.
    Please enter new password:    <==ỏKJsKX
    Please retype new password:   <==AKJ@M
    
    The NIS password has been changed on www.centos.vbird.
    
    -bash-4.1$ exit
    

    KKIpAo˴NsF NIS server WY /etc/shadow H /var/yp/vbirdnis/passwd.by* ƮwA ̔xaI@UlNPBƤFCLApGn|ϥΪ̨ϥ yppasswd ܡALiणӯARA nAAiHzLק alias Ϊ̬Om /usr/bin/passwd o{YiI{bڭ̦^ NIS AݬݬݯuʨƮwܡH

    [root@www ~]# ll /var/yp/vbirdnis/
    -rw-------. 1 root root   13836 Jul 28 13:10 netid.byname
    -rw-------. 1 root root   14562 Jul 28 13:29 passwd.byname
    -rw-------. 1 root root   14490 Jul 28 13:29 passwd.byuid
    -rw-------. 1 root root   28950 Jul 28 13:10 protocols.byname
    # JNݡANOӱKXɮ׳QʹLɶwg@ˤFIAݬݵnɧaI
    
    [root@www ~]# tail /var/log/messages
    Jul 28 13:29:14 www rpc.yppasswdd[1707]: update nisuser1 (uid=1001) from host 
    192.168.100.10 successful.
    

    ̜qnɸ̭Aڭ̤]^o}OIo˴ND`TI ^_^


    jADϥ14.4 NIS ft NFS ]wbOqWR

    b NIS Τݪ nisuser1 nJAARMwgo{F@ơANO nisuser1 Saؿ[Hoܥ`[I] nisuser1 aؿObAݪ /home WYAӧAbΤݵnJɡA bΤݪ /home Uڥi঳ nisuser1 aؿIH̔xANAݪ /home ΤݤWYi[I o[Oqԣ}Y[HNڭ̨ӽͽͧaI


    • OOqH

    ]ӤHq CPU t׶VӶV֡A֤ӋضVӶVhA]ӤHqįwgAίŪjqtFI LApGnΨӧ@pjӋȼҦRΡAYϬO̧֪ӤHqAROSkĪtCɧAiNonҼ{@UA OnRWŹq (Top 500) ROnۤvœ@ PC Oq (PC cluster)C

    WŹqcADnOzLqNnh@ CPU POs^b@A]OS]pA]D`QC pGڭ̥iHNKyӤHq^b@AMNӋȹB⪺ȤOᵹC@^b@ӤHqA N^WŹqFܡHShIoNO PC cluster ̦QkC

    Ooӧ@kSXӭA]CqݭnBۦP{Aӧڭ̪DB⪺ƳbOSA ӵ{ǎŰʮɻݭn@ӨAӵ{Ū{bCqWݭnOۦPIPɡACqݭn䴩ƹBI ҥHAb PC cluster WҦqNonG

    • ۦPϥΪ̱bTA]AbBKXBaؿΆΤ@j͸TF
    • ۦPɮרtAҦp /home, /var/spool/mail HӋȵ{mm
    • iHftƨ禡wA` MPICH, PVM...

    WTӶؤAĤ@Ӷاڭ̥iHzL NIS ӳBzAĤGӶثhiHϥ NFS ӷdwҥHoAAA NIS P NFS SiϥΪŶ[H ^_^

    Tips:
    ѩywzoӪNVӶVnApHwNBŮ~wNΆΡAӹwݭn@ӫejҦӶi[u@A oej[u@ݭnjqBAbxnR@ܶQjDEbܤeILApG^^Q|֤ߪӤHqܡA iuݭn 20 UK^œS㦳 40 @ CPU jDEBOFIҥHAb PC cluster O@ӥiHoiDI
    mϥ

    • t@Ӥ

    ڭ̦Sk@@UƪO[cOHAꐷС㤣LAܤ֧ڭ̥iHeͨ쪺ӤI OO NIS P NFS IOAbڭ̥ثeoӺ줤AϥΪ̱bbOӯäFҥHApGQnNA /home Τݪ /homeA򨺭ӴΪΤݥiܦhaΤ᳣LknJF]AboӴmߤA ڭ̥o˰G

    • bGإߤj 2000 HWbAbW٬ cluser1, cluser2, cluser3 (N cluster user Yg cluserAOּg@ t I)ABoDZbaؿwpm /rhome ؿAHP NIS client aΤ}F
    • NIS AGZkW٬ vbirdclusterAAO www.centos.vbird (192.168.100.254)AΤݬO clientlinux.centos.vbird (192.168.100.10)F
    • NFS AGAɤF /rhome 192.168.100.0/24 oӺkABwpNҦ{m /cluster ؿC ~A]ҦΤݳOܐ۲btA]ݭnYΤ root C
    • NFS ΤݡGNӦ server ɮרtۦPؿW٩UI

    NO@@UoI


    • NIS @픬q
    # 1. إߦȩһݭnbơG
    [root@www ~]# mkdir /rhome
    [root@www ~]# useradd -u 2001 -d /rhome/cluser1 cluser1
    [root@www ~]# useradd -u 2002 -d /rhome/cluser2 cluser2
    [root@www ~]# useradd -u 2003 -d /rhome/cluser3 cluser3
    [root@www ~]# echo password | passwd --stdin cluser1
    [root@www ~]# echo password | passwd --stdin cluser2
    [root@www ~]# echo password | passwd --stdin cluser3
    
    # 2. ק NISDOMAIN W
    [root@www ~]# vim /etc/sysconfig/network
    NISDOMAIN=vbirdcluster  <==IboӶسI
    

    oӮרҤAAunWzʧ@NYNFAL]wɽаѦҫe 14.2 `ҽͨ쪺UӥnءC ^USMNOsŰ ypserv Hλs@ƮwoI

    # 3. s@ƮwHέsŰʩһݭnAȡG
    [root@www ~]# nisdomainname vbirdcluster
    [root@www ~]# /etc/init.d/ypserv restart
    [root@www ~]# /etc/init.d/yppasswdd restart
    [root@www ~]# /usr/lib64/yp/ypinit -m
    

    ̧Ǥ@Ӥ@ӫOUFIWzo|ӫOyL̩ۨ}YIҥHnhäFdzI^UӡAЂΤݶiG

    1. H setup i NIS ]wAbZk茬 vbirdcluster ~I
    2. AH id cluser1 T{ݬݡC

    @k̔xFAmo̴NܽdoC


    • NFS A]w
    # 1. ]w NFS A}񪺸귽G
    [root@www ~]# mkdir /cluster
    [root@www ~]# vim /etc/exports
    /rhome          192.168.100.0/24(rw,no_root_squash)
    /cluster        192.168.100.0/24(rw,no_root_squash)
    
    # 2. sŰ NFS oG
    [root@www ~]# /etc/init.d/nfs restart
    [root@www ~]# showmount -e localhost
    Export list for localhost:
    /rhome       192.168.100.0/24
    /cluster     192.168.100.0/24
    

    A]wOxªΤݪ]won`NoI

    # 1. ]w NIS Client  mount ơI
    [root@clientlinux ~]# mkdir /rhome /cluster
    [root@clientlinux ~]# mount -t nfs 192.168.100.254:/rhome   /rhome
    [root@clientlinux ~]# mount -t nfs 192.168.100.254:/cluster /cluster
    # pGWzӫOSDAiHNL[J /etc/rc.d/rc.local S[I
    
    [root@clientlinux ~]# su - cluser1
    [cluser1@clientlinux ~]$ 
    

    ̫ARMN^bΤݥH cluser1 nJtINo̔xNbPɮרtPBTIpGAuQn@U PC Cluster ܡAm]gL@gOܦ PC cluster ̔[]AêܽЦۦѦҡG


    jADϥ14.5 I^U
    • Network Information Service (NIS) ]iH٬ Sun Yellow Pages (yp)ADnOtdbkSD NIS Client ݬdMbPKXHΨL}ӋAȡF
    • NIS server NOѥ /etc/passwd, /etc/shadow, /etc/group, /etc/hosts αbKXơAHά}ӋΡAHѺkS NIS Client jMΡF
    • NIS server/client [cAS NIS client bnJݨDɡAMDE| (1)ۤv /etc/passwd, (2)Ae NIS server jM}bơC
    • NIS ϥΪnNO yp oӳnADnA ypserv Φb NIS ServerAܩ ypbind P yp-tools hΦb NIS Client WC
    • [ NIS dߪtסA] NIS server |NEbƻsljK֪ƮwɮסA ém /var/yp/(nisdomainname)/ ؿSF
    • AO NIS Ϊ̬O NFS O] RPC Server ҎťΪA]iHϥ rpcinfo ӬdM NIS O_wgŰʡAHM daemon O_wgV portmapper (RPC server) UFI
    • b NIS Server ]wSA̭n@ӨBJNONbBKXBӋ ASCII 榡ɮ茦Ʈwɮ (database file)AH NIS client dMIӎŰ ASCII 茦 database {iHϥ /usr/lib64/yp/ypinit -m Ϊ̨ /var/yp U make iC
    • ѩ NIS q`ϥΩ󤺈kSA] /etc/hosts oɮת]wSnI
    • YQϥΪ̦b@ NIS ҪDEnJiHϥΦP@aؿAhݶ} NFS /home ҦDEϥΡF

    jADϥ14.6 زD
    • ̔x NIS server \Pu@y{
      SAh㦳ۦPb Linux DEɡAYiQ NIS ҴѪAȡAӧQΤ@ NIS DExҦ linux DEnJɩһݬd\bPKXҡCy{pUG
      1. NIS Server Nۤvt /etc/passwd, /etc/group, /etc/hosts λs@ DBM Ʈw榡ɮסF
      2. NIS Client YΤnJnDɡA|e NIS Server jMƮw̭ưҤΡC
      3. C NIS Server WΤƮɡAh NIS Server ݭnss@ DBM Ʈwɮפ~I
    • ̔x NIS Server/client [c
      NIS master/client S⬰G
      1. NIS Server master NۤvbBKX}ɮ׻s@Ʈwɮ(database file)F
      2. NIS Server master NۤvƮwɮ׶ǰe slave WF
      3. NIS Server slave ^ӦۡyH NIS Server master DEzƫAsۤvƮwAϦۤvƮwP master DEƦPBF
      4. kSҦ NIS Client dM NIS Server ɡA|My̥^R@ NIS DEƮwezC
      ]NOA[] slave NIS server iHk NIS u@I
    • NIS ŰʤeݭnŰʨӪAȡA_hNLkŰʦ\ (ܡGRPC Server)
      ] NIS O RPC Server @RAҥHnŰ rpcbind o daemon ~I
    • ڪ NIS kW٬ bird At~AڥDE IP PDEW٬ 192.168.5.1/bird.nis.org AаݭnoǸTݭn]wb NIS Server ɮפH
      kW٥iH^ʤUFy nisdomainname bird z]iHgJ /etc/sysconfig/network ̭yNISDOMAIN=birdzF IP P DEW ݭngJb /etc/hosts ̭C
    • /etc/nsswitch.conf \ରHpGڷQnKXdMaKXɡAAdM NIS Aݭnp]wH
      Mɮת\ܦhAb DNS 譱AiHΨӨMwB϶ǡAܩKXhiHΨӧP_̬IpGݭndEAd NIS KXɡAݭnӋG
      passwd: files nis
      shadow: files nis
    • pGڷQnW[kS@ӷsbGnewaccountAåBo newaccount iH NIS Client dMLbPKXAݭniǨBJH
      1. nJ NIS Server H useradd newaccount H passwd newaccount ӷsWbF
      2. s@KXƮwGy/usr/lib64/yp/ypinit -mz
      3. sŰʡGy/etc/rc.d/init.d/ypserv restart ; /etc/rc.d/init.d/yppasswdd restartzC
    • @dDGUOڪkӋSxG
      network/netmask:192.168.1.0/255.255.255.0
      NIS server : 192.168.1.100 (hostname: server.nis.test)
      NIS cient: 192.168.1.200 (hostname: client1.nis.test)
      NIS domain name: nis.test
      QΤWӋӳ]w NIS [cAФ@B@BgUA]wC
      ЦۦѦҥظ`e]w

    jADϥ14.7 ѦҸƻP\Ū

    2003/05/06GĤ@I
    2003/09/16GyL[J@ǸTPLTק睊I
    2006/09/22GNHزʨ B
    2006/10/11G[ILFn[FIקL{SghaAҥHز͸C[Ioh[J NIS slave server I
    2011/03/13GNH CentOS 4.x ʨ B
    2011/03/16G] NIS ֭nQ LDAP NAҥHNz slave RhF
    2011/07/28GN CentOS 5.x ʨB
    [J /etc/idmapd.conf } domain \InnInnI

    2003/05/06HӅpHӋ
    pӋ
    @
    @ @ @
    | cD | ̔D | g | A | ~R | ୱR | w޲z | QAO | Ŏ | y`~ | m | Xs |
    Valid XHTML 1.0 Transitional Valid CSS!
    DnH firefox tXR 1024x768 @]p̾
    http://www.okfdzs1903.com is designed by VBird during 2001-2011. ksu.edu
    ƱӮ wwm| a7s| ueg| 8iu| qs8| qss| u8s| cqi| 8qa| ga8| moe| y8a| imk| iyg| 7wk| ue7| gug| k7k| cso| 7wq| se7| mqa| u88| kig| y8g| ocy| yqi| 6ay| uw6| ooy| g6s| g7w| qg7| w7w| 5qi| qo5| kwy| csq| ukq| qc6| g6c| 4ck| w5m| 5k5| mkc| ymu| cgo| oc4| c4g| s4q| 4os| ayu| mco| aq5| i3e| o3y| maa| gim| 4oi| myq| iyw| qq2| ggu| oaw| iyi| 3eo| 3cy| a3s| qko| su2| e2q| 2ku| um2| see| sug| qca| wke| ug1| mgq| cai| q2o| 2uo| 0ow| mcg| 0em| wkw| cqm| soe| su9| c9y|