NIS配置与实现

4.1 将NIS Server设置为客户端

1) 安装NIS客户端工具 [root@srv2 ~]# yum install ypbind rpcbind -y 2) 设定NIS域名 [root@srv2 ~]# ypdomainname 1000cc.net [root@srv2 ~]# echo "NISDOMAIN=1000cc.net" >> /etc/sysconfig/network 3) 设定FQDN解析 4) 更新客户端验证方式 [root@srv2 ~]# authconfig --enablenis \ --nisdomain=1000cc.net --nisserver=srv1.1000cc.net \ --enablemkhomedir --update [root@srv2 ~]# systemctl enable --now rpcbind ypbind 5) SELinux设定 [root@srv2 ~]# vim mkhomedir.te module mkhomedir 1.0; require { type unconfined_t; type oddjob_mkhomedir_exec_t; class file entrypoint; } #============= unconfined_t ============== allow unconfined_t oddjob_mkhomedir_exec_t:file entrypoint; [root@srv2 ~]# checkmodule -m -M -o mkhomedir.mod mkhomedir.te checkmodule: loading policy configuration from mkhomedir.te checkmodule: policy configuration loaded checkmodule: writing binary representation (version 17) to mkhomedir.mod [root@srv2 ~]# semodule_package --outfile mkhomedir.pp --module mkhomedir.mod [root@srv2 ~]# semodule -i mkhomedir.pp

4.2 配置辅NIS Server

1) 安装NIS服务 [root@srv2 ~]# yum install ypserv rpcbind -y 2) 定义允许访问NIS SERVER的IP网络段 [root@srv2 ~]# vim /var/yp/securenets # 语法格式:[子网掩码] [网络段ID] 255.0.0.0 127.0.0.0 255.255.255.0 192.168.10.0 3) 定义FQDN解析(DNS/hosts) 4) 启动NIS Server [root@srv2 ~]# systemctl enable --now rpcbind ypserv ypxfrd yppasswdd 5) 更新NIS数据库 [root@srv2 ~]# /usr/lib64/yp/ypinit -s srv1.1000cc.net We will need a few minutes to copy the data from srv1.1000cc.net. [19/158] Transferring netid.byname... Trying ypxfrd ... success Transferring group.bygid... Trying ypxfrd ... success Transferring group.byname... Trying ypxfrd ... success Transferring passwd.byuid... Trying ypxfrd ... success Transferring passwd.byname... Trying ypxfrd ... success Transferring mail.aliases... Trying ypxfrd ... success Transferring protocols.byname... Trying ypxfrd ... success Transferring protocols.bynumber... Trying ypxfrd ... success Transferring services.byservicename... Trying ypxfrd ... success Transferring services.byname... Trying ypxfrd ... success Transferring rpc.bynumber... Trying ypxfrd ... success Transferring rpc.byname... Trying ypxfrd ... success Transferring hosts.byaddr... Trying ypxfrd ... success Transferring hosts.byname... Trying ypxfrd ... success Transferring ypservers... Trying ypxfrd ... success srv2.1000cc.net's NIS data base has been set up. If there were warnings, please figure out what went wrong, and fix it. At this point, make sure that /etc/passwd and /etc/group have been edited so that when the NIS is activated, the data bases you have just created will be used, instead of the /etc ASCII files. 6) 防火墙设定 [root@srv2 ~]# vim /etc/sysconfig/network # 于最后追加如下信息 YPSERV_ARGS="-p 944" YPXFRD_ARGS="-p 945" [root@srv2 ~]# vim /etc/sysconfig/yppasswdd # 于17行，加入端口如下信息 YPPASSWDD_ARGS="--port 946" [root@srv1 ~]# systemctl restart rpcbind ypserv ypxfrd yppasswdd [root@srv1 ~]# firewall-cmd --add-service=rpc-bind --permanent [root@srv1 ~]# firewall-cmd --add-port=944/tcp --permanent [root@srv1 ~]# firewall-cmd --add-port=944/udp --permanent [root@srv1 ~]# firewall-cmd --add-port=945/tcp --permanent [root@srv1 ~]# firewall-cmd --add-port=945/udp --permanent [root@srv1 ~]# firewall-cmd --add-port=946/udp --permanent [root@srv1 ~]# firewall-cmd --reload

4.3 将主NIS Server配置为客户端

1) 安装NIS客户端工具 [root@srv1 ~]# yum install ypbind rpcbind -y 2) 设定FQDN解析 3) 更新客户端验证方式 [root@srv1 ~]# authconfig --enablenis \ --nisdomain=1000cc.net --nisserver=srv1.1000cc.net \ --enablemkhomedir --update [root@srv1 ~]# systemctl enable --now rpcbind ypbind 4) SELinux设定 [root@srv1 ~]# vim mkhomedir.te module mkhomedir 1.0; require { type unconfined_t; type oddjob_mkhomedir_exec_t; class file entrypoint; } #============= unconfined_t ============== allow unconfined_t oddjob_mkhomedir_exec_t:file entrypoint; [root@srv1 ~]# checkmodule -m -M -o mkhomedir.mod mkhomedir.te checkmodule: loading policy configuration from mkhomedir.te checkmodule: policy configuration loaded checkmodule: writing binary representation (version 17) to mkhomedir.mod [root@srv1 ~]# semodule_package --outfile mkhomedir.pp --module mkhomedir.mod [root@srv1 ~]# semodule -i mkhomedir.pp

4.4 在Master节点上将辅NIS关联

[root@srv1 ~]# vim /var/yp/Makefile # 修改23行，并改为如下值 NOPUSH=false # 更新nis数据库 [root@srv1 ~]# /usr/lib64/yp/ypinit -m At this point, we have to construct a list of the hosts which will run NIS servers. srv1.1000cc.net is in the list of NIS server hosts. Please continue to add the names for the other hosts, one per line. When you are done with the list, type a <control D>. next host to add: srv1.1000cc.net next host to add: srv2.1000cc.net # 增加辅NIS的FQDN/IP next host to add: [Ctrl]+[D] The current list of NIS servers looks like this: srv1.1000cc.net srv2.1000cc.net Is this correct? [y/n: y] y We need a few minutes to build the databases... Building /var/yp/1000cc.net/ypservers... Running /var/yp/Makefile... gmake[1]: Entering directory `/var/yp/1000cc.net' Updating passwd.byname... Updating passwd.byuid... Updating group.byname... Updating group.bygid... Updating hosts.byname... Updating hosts.byaddr... Updating rpc.byname... Updating rpc.bynumber... Updating services.byname... Updating services.byservicename... Updating netid.byname... Updating protocols.bynumber... Updating protocols.byname... Updating mail.aliases... gmake[1]: Leaving directory `/var/yp/1000cc.net' srv1.1000cc.net has been set up as a NIS master server. Now you can run ypinit -s srv1.1000cc.net on all slave server.

4.5 配置NIS客户端

1) 追加辅NIS服务器信息 [root@client ~]# vim /etc/yp.conf domain 1000cc.net server srv1.1000cc.net domain 1000cc.net server srv2.1000cc.net 2) 重启客户端服务 [root@client ~]# systemctl restart ypbind