Linux pе -- Network Information Service, NIS A

̪sG2003/09/16

SQLApGڦQ Linux DAoQDȭtdP\AƹWAҦDbPKXۦPIڬONbPKXO]wmbQqWA٬OiHzL@Db޲z\AMLDunΤεnJɡANn޲zbDWT{bPKXOH@ӤKӥBFHMO@ӱb޲zDKhաIpGϥΪ̭nקKXAnhQDקKXաIunDn޲zDhקALDڥNݭnʡIIPSr֩OIoӥ\઺Fܦh觋Abo̡Aڭ̤Ф@ӫ²檺觋ANO Network Information Service o NIS A[]աI

@
zG
@@GO NIS P NIS Dn\
@@GNIS B@y{
@@GNIS P RPC Y
@@GNIS Server master P slave [c
MwG
Server ݳ]wG
@@GNIS Server c
@@GNIS Server ]wy{
Client ݳ]wG
@@GNIS Client c
@@GNIS Client ]wy{
@@GNIS Client NIS ]wGyptest, ypwhich, ypcat
@@GקϥΪ̱KX ( ݭn root )G yppasswd, ypchfn, ypchsh
Di]wG
@@GNIS P NFS X]w
@@G𪺳W
I^U
ѦҸ귽
Dm

Network Information Services, NIS server

O NIS P NIS Dn\G

Sun Yellow Pages

nJb/KX/aؿGNO /etc/passwd oɮ
sոTGNO /etc/group oɮ
DWٻPIPGNO /etc/hosts oɮסC

NIS B@y{

NIS Server NۤvtΤ /etc/passwd, /etc/group, /etc/hosts s@ DBM Ʈw榡ɮסF
NIS Client YΤnJnDɡA|e NIS Server jMƮw̭ưҤΡC
C NIS Server WΤƮɡAh NIS Server ݭnss@ DBM Ʈwɮפ~I

NIS Server ݡF
NIS Client ݡC

NIS P RPC Y

NFS

RPC (Remote Procedure Call)

NIS Server master P slave [c

NIS Server master NۤvbBKXɮ׻s@Ʈwɮ(database file)F
NIS Server master NۤvƮwɮ׶ǰe slave WF
NIS Server slave ӦۡyH NIS Server master DzƫAsۤvƮwAϦۤvƮwP master DƦPBF
Ҧ NIS Client dM NIS Server ɡA|My̥^@ NIS DƮwezC

yp-tools G NIS dMO\
ypbind G NIS Client ݪ]wM
ypserv G NIS Server ݪ]wM
portmap GNO RPC @wݭnưڡI

rpm -qa | grep yp

Server ݳ]wG

שӨF]waFA NIS ]wP NFS ]wIppۦPBANOL]wy²IzաI[]LaI

NIS Server c

/etc/ypserv.conf GNODn]wɤF
/usr/sbin/ypserv GDnA(daemon)
/usr/sbin/rpc.yppasswddGRPC AoI
/usr/sbin/rpc.ypxfrd GP˪A RPC AoI
/usr/lib/yp/ypinit Gإ NIS Ʈw{

/usr/bin/yppasswd GAb NIS database (NIS Server һs@Ʈw) KX
/usr/bin/ypchsh GPWAOO shell
/usr/bin/ypchfn GPWAOO@ǨϥΪ̪TI

NIS Server ]wy{

쬰 192.168.10.0/24
NIS Server IP 192.168.10.30ADW٬ server.cluster
NIS Wٳ]w cluster

Ұ portmap ó]w}ɱҰʡG

[root@test root]# /etc/rc.d/init.d/portmap start
[root@test root]# netstat -tl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 *:sunrpc *:* LISTEN
# pGݨ sunrpc ܡANܱҰʦ\FI
[root@test root]# chkconfig --level 35 portmap on
# Wo@b]w portmap b run-level 3, 5 ɭԴN}ɱҰʡI

Ұ time P time-udp G

[root@test root]# vi /etc/xinetd.d/time
# 쩳Uo@G
disable = yes
# NL令
disable = no
# xs}
[root@test root]# vi /etc/xinetd.d/time-udp
# P˪N disable = yes 令 disable = no YiI
@
[root@test root]# /etc/rc.d/init.d/xinetd restart
[root@test root]# netstat -utl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 *:time                  *:*                     LISTEN
tcp        0      0 *:sunrpc                *:*                     LISTEN
udp        0      0 *:time                  *:*
udp        0      0 *:sunrpc                *:*

إ NIS W ( nisdomainname )

b NIS tηALW (domain name) OP DNS SYAѩoӻWٷ|`QϥΨA]ڭ̻ݭnNLإ߰_ӡIإ߰_Ӫk²A@ӫOAíק@ɮקYiI

1. إ NIS W (ڳo̬O]w cluster )G
[root@test root]# nisdomainname cluster
[root@test root]# vi /etc/rc.d/rc.local
# NUo@[Joɮת̫@椺G
/bin/nisdomainname cluster
@
2. ]wnѼơG
[root@test root]# vi /etc/sysconfig/network
# [JUo@G
NISDOMAIN=cluster

]w ypserv ]wɡG ypserv.conf

<]w>:<]wت>

[root@test root]# vi /etc/ypserv.conf
files: 30
# oOyhָƮwɮ(database file)|QŪi֨Oz
# NA@ӻA 30 OwgܨƭȤFAݭnʥLF
@
trusted_master: your.master.servers.name
xfr_check_port: yes
# WoӳȻP Master + Slave [c]wȡA@ӻA
# u@Dn NIS Server tΤOΤoӳ]wȪI
# pGA NIS O slave [cAݭnw@ master Ʈwe
# PBɭԪDANO trusted_master ]weoI
# pGS master/slave [cɡANݭn trusted_master oӳ]wFI
# ܩ xfr_check_port hOw master P slave O_nH < 1024
# HU port Ӷi淾qTIq`w]NO yes AݭnʥLI
@
# <DW/IP>:<W>:<ƮwO>:<w>
# oӬOoɮ׸̭̭nFIDnb]wwʪ譱A
# iH]whAӬO_qLWhOy@@ˬdz觋I
# ҥHo̪]wӬOG}n}񪺺AMI
# ͤ@ͦUӬءG
# 1. DW/IPGo̥iHo˳]wG192.168.1.0/255.255.255.0
# 2. WGq`]w * YiI
# 3. ƮwOGiHϥ * ӪܩҦƮwI
# 4. wGDnTذѼơG
#@@@@@@none GLצpNOiHLiJF
#@@@@@@port GȤ\ < 1024 HU port iJF
#@@@@@@deny GLצpNOHanJDI
# ѩڬO\ 127.0.0.0/255.0.0.0 H 192.168.10.0/255.255.255.0 iJA
# LIҥHڥiHo˳]wG
127.0.0.0/255.255.255.0   : * : * : none
192.168.10.0/255.255.255.0: * : * : none
*                         : * : * : deny
# O] /etc/shadow ̭ɮ`nHݨaIӤSѩ Linux
# tηAu root iHҥ < 1024 HU port A]Aw]wA
iHo˰G
127.0.0.0/255.255.255.0   : * : * : port
192.168.10.0/255.255.255.0: * : * : port
*                         : * : * : deny
# T]NFI
# LצpApGzQnz NIS Server B@ֳtAåBwʤW
# SӦhҶq(ɡI)Aϥ none O@ӤDNI

إߺHsաG

<host>,<user>,<domain>
D,ϥΪ̱b,W

[root@test root]# touch /etc/netgroup

Ұ ypserv o daemon AåB]w}ɱҰʡG

1. ҰoI
[root@test root]# /etc/rc.d/init.d/ypserv start
[root@test root]# /etc/rc.d/init.d/yppasswdd start
@
2. [@UO_uʧ@H
[root@test root]# rpcinfo -u localhost ypserv
program 100004 version 1 ready and waiting
program 100004 version 2 ready and waiting
[root @test root]# rpcinfo -u localhost yppasswdd
program 100009 version 1 ready and waiting
# o rpcinfo NOb[P RPC Server program ثepI
# ]iHΥL[A ypserv I
@
3. ]w}ɱҰʡG
# AiHϥ ntsysv Ao̧ڭ̨ϥ chkconfig oI
[root@test root]# chkconfig --level 35 ypserv on
[root@test root]# chkconfig --level 35 yppasswdd on

s@ƮwBísҰ ypserv P yppasswd G

Ʈws@A@wnsҰ ypserv P yppasswdd ~

1. s@ƮwG
[root@test root]# /usr/lib/yp/ypinit -m
At this point, we have to construct a list of the hosts which will run NIS
servers. server.cluster is in the list of NIS server hosts. Please continue to add
the names for the other hosts, one per line. When you are done with the
list, type a <control D>.
next host to add: server.cluster
next host to add: <==bo̫U[ctrl + d]X
The current list of NIS servers looks like this:

server.cluster

Is this correct? [y/n: y] y
We need a few minutes to build the databases...
Building /var/yp/cluster/ypservers...
Running /var/yp/Makefile...
gmake[1]: Entering directory `/var/yp/cluster'
Updating passwd.byname...
Updating passwd.byuid...
Updating group.byname...
Updating group.bygid...
Updating hosts.byname...
Updating hosts.byaddr...
Updating rpc.byname...
Updating rpc.bynumber...
Updating services.byname...
Updating services.byservicename...
Updating netid.byname...
Updating protocols.bynumber...
Updating protocols.byname...
Updating mail.aliases...
gmake[1]: Leaving directory `/var/yp/cluster'
server.cluster has been set up as a NIS master server.
Now you can run ypinit -s server.cluster on all slave server.

# oӰʧ@OCקϥΪ̸ƫ@wnʧ@IANOss@ƮwA
# MåBݭnsҰ ypserv P yppasswdd I
@
2. sҰʪAȡG
[root@test root]# /etc/rc.d/init.d/ypserv restart
[root@test root]# /etc/rc.d/init.d/yppasswdd restart

http://www.linux-nis.org/nis-howto/HOWTO/index.html

Client ݳ]w

Gb NIS clients DOnJ̪TAȰO UID j 500 HWϥΪ̳I]p 500 HU UID Ow]tΨϥΪA]Ow]} NIS ӬdMA۵M]N|QgJ NIS Ʈwɮ׷FI

NIS Client c

ypbind
yp-tools

/etc/yp.conf G]w NIS Server DWٻPW
/etc/hosts Gܤֻݭn]w NIS server D IP DWٳI
/etc/passwd GwݭndMOF
/etc/nsswitch.conf GwnϥΤ daemon dMbPKXC

jPWNOpաIڭ̭n]wT]NOpPWɮoInI]waI

NIS Client ]wy{

Ұ portmap ó]w}ɱҰʡG

[root@client root]# /etc/rc.d/init.d/portmap start
[root@client root]# netstat -tl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 *:sunrpc *:* LISTEN
pGݨ sunrpc ܡANܱҰʦ\FI
[root@test root]# chkconfig --level 35 portmap on
Wo@b]w portmap b run-level 3, 5 ɭԴN}ɱҰʡI

]w NIS Server IP DW١G

[root@client root]# vi /etc/hosts
# nUo@I
192.168.10.30 server.cluster

]w NIS domain P NIS DG

1. إ NIS domain nameG
[root@client root]# nisdomainname cluster
[root@client root]# vi /etc/rc.d/rc.local
# [JUo@G
/bin/nisdomainname cluster
[root@client root]# vi /etc/sysconfig/network
# [JUo@G
NISDOMAIN=cluster
@
2. إ NIS dMDW
[root@client root]# vi /etc/yp.conf
# [JoG
domain cluster
ypserver server.cluster
# ٬OnOoA cluster OA NIS domain Aܩ server.cluster
# hO NIS Server DW١Aڳo̬OϥΤp IP AҥHW٥iHHK
# ڳwӿܪI

קKXҪ觋G

1. KXɪקG
[root@client root]# vi /etc/passwd
# ٰOooɮ׶ܡHoɮ`@CAӨC쳣Hy:zj}A
# TаѦҰ¦ǲ߽g̭b޲z`Cѩڭ̭nN
# ]wH NIS Server ƮwҡA]A
# boɮת̫᭱[Jo@G
+::::::
# `NIb + s[ӡy : zAåBSťզrI
@
2. dMKX{ǡG
# ]ڭ̦ܦh觋ӬdMKXAݭnק /etc/nsswitch.conf oɮפ~
[root@client root]# vi /etc/nsswitch.conf
# ѼơAç令UoˡG
passwd:     files nis nisplus
shadow:     files nis nisplus
group:      files nis nisplus
hosts:      files nis dns
# oɮצb]w@ǸTdM{ǡI files OɮסA
# ܩ nis hOzL NIS ӶidMAܩ nisplus hO NIS+ oOs
# NIS աILAxWAثeoӵoipewgȰFI
# 1. passwd: NOϥΪ̬TdMAO /etc/passwd, nis P nisplus
# 2. shadow: NOϥΪ̱KXdMA /etc/shadow, nis nisplus
# 3. group: NOϥΪ̪sոTdMA /etc/group, nis nisplus
# 4. hosts: NODWٻPIPdMA/etc/hosts, nis /etc/resolv.conf

Ұ ypbind P]w}ҰʡG

1. ʱҰ ypbind aG
[root@client root]# /etc/rc.d/init.d/ypbind start
[root@client root]# rpcinfo -p localhost
   program vers proto   port
    100000    2   tcp    111 portmapper
    100000    2   udp    111 portmapper
    100007    2   udp    735 ypbind
    100007    1   udp    735 ypbind
    100007    2   tcp    738 ypbind
    100007    1   tcp    738 ypbind
# ܤ֭nWXӸT~O諸ILAݭnOoOA port number
# OtHҰʪAҥH port number C|Ӥ@˰ڡI
# Oong` rpcinfo hˬd@U RPC Server AȤ~I
@
2. ]w}ɱҰʡG
[root@client root]# chkconfig --level 35 ypbind on

NIC Client NIS ]wGyptest, ypwhich, ypcat

yptest GDnb yp ]weBƮweҦ NIS ƴաF
ypwhichGDnb NIS Client P Server qƮw (database) 쩳OXɮסF
ypcat GDnbo NIS Server WϥΪ̱KXTI

[root@client root]# yptest
Test 1: domainname
Configured domainname is "cluster"

Test 2: ypbind
Used NIS server: server.cluster
....
....
Test 8: yp_maplist
rpc.bynumber
rpc.byname
hosts.byaddr
hosts.byname
group.byname
passwd.byname
ypservers
passwd.byuid

Test 9: yp_all
test test:dkoUW2XHV30sEV5gLM4NapyuhBcpVs.:500:500::/home/test:/bin/bash

[root@client root]# ypwhich
server.cluster
[root@clent root]# ypwhich -x
Use "ethers"    for map "ethers.byname"
Use "aliases"   for map "mail.aliases"
Use "services" for map "services.byname"
Use "protocols" for map "protocols.bynumber"
Use "hosts"     for map "hosts.byname"
Use "networks" for map "networks.byaddr"
Use "group"     for map "group.byname"
Use "passwd"    for map "passwd.byname"

NIS Client domain

NIS Client P Server qƮwǡH

[root@client root]# ypcat -x
Use "ethers"    for map "ethers.byname"
Use "aliases"   for map "mail.aliases"
Use "services" for map "services.byname"
Use "protocols" for map "protocols.bynumber"
Use "hosts"     for map "hosts.byname"
Use "networks" for map "networks.byaddr"
Use "group"     for map "group.byname"
Use "passwd"    for map "passwd.byname"
# Dn\NOyCXƮwzoIP ypwhich -x ۦP\I
# ҥHڭ̦ ethers, aliases......passwd ƮwWٻPɦWI
@
[root@client root]# ypcat [ƮwW٩Υ\]
# oӫOiHΨӨo NIS Server WUӸƮweI
# |ҨӻAڭ̷QnD passwd ( KX ) ҦϥΪ̤eANݭnG
[root@client root]# ypcat passwd ( ypcat passwd.byname )
test:dkoUW2XHV30sEV5gLM4NapyuhBcpVs.:500:500::/home/test:/bin/bash
# pGOQnD hosts e (NIS Server DW /etc/hosts e)G
[root@client root]# ypcat hosts
127.0.0.1       localhost       localhost.localdomain
192.168.10.30   server.cluster
# ϥNO[WƮwAANiHo NIS server DWƮweաI

קϥΪ̱KX ( ݭn root )G yppasswd, ypchfn, ypchsh

گणb NIS Client ݭקUӱbKXO

yppasswd GP passwd OۦP\F
ypchfn GP chfn ۦP\F
ypchsh GP chsh ۦP\C

nJ NIS Server ḒhAi useradd Ϊ̬O passwd קbPKXʡF
ϥ /usr/lib/yp/ypinit -m ss@ƮwɮסI

Di]w

NIS P NFS X]wG

test o User Ob server WإߪAҥH /home/test oӥؿF
b NIS Client WSu test oӱbA]LO NIS server WoAҥH۵M]NS /home/test oӥؿb NIS client WC

|䤣ۤvaؿ

nJC NIS Client Ҿ֦aؿOۦP

b NIS Server W} /home oӥؿXӡF
b NIS Client WA mount NIS D /home ۤv /home ̭hI
p@ӡA׵nJ@ NIS Server client AϥΪ̳OiJ NIS Server /home ̭aؿoI

1. ]w NIS Server D NFS }ؿG
[root@test root]# vi /etc/exports
/home 192.168.10.0/24(rw,async,no_root_squash)
@
[root@test root]# exportfs -rv
exporting 192.168.10.0/24:/home
@
[root@test root]# /etc/rc.d/init.d/nfs start
Starting NFS services:                                     [ OK ]
Starting NFS quotas:                                       [ OK ]
Starting NFS daemon:                                       [ OK ]
Starting NFS mountd:                                       [ OK ]
@
[root@test root]# chkconfig --level 35 nfs on
@
2. ]w NIS Client mount ơI
# H root nJ NIS Client DWG
[root@client root]# mount -t nfs 192.168.10.30:/home /home
# pGSDFANNWo@[J /etc/rc.d/rc.local aI

LAܥiOAثew˧tηA NIS èSk SSH QnJIooA key pair DA·СAγ\iHǥ NIS+ (nisplus) ӧJAoӰDAWثe۷hQצbQ׳oӱpAѩ NIS plus P NIS \thAbQA NIS WS[]@ NIS+A]ثeɦV󤣭n ssh oصnJkAϥF NIS bḀDn\Ob R shell oӤMIŪ shell I

𪺳W

/sbin/iptables -A -s 192.168.10.0/24 --dport 111 -j ACCEPT
/sbin/iptables -A --dport 111 -j DROP

[root @test root]# vi /etc/hosts.allow
portmap: 192.168.10.0/255.255.255.0

[root @test root]# vi /etc/hosts.deny
portmap: ALL

I^U

Network Information Service ( NIS ) ]iH٬ Sun Yellow Pages (yp) DnOtdb NIS Client ݬdMbPKXHΨLѼƪAȡAuOb Linux W٬ NIS Ӧb Sun Unix W٬ Yellow Pages Ӥw
ܦh linux DɡAiH@x Linux D NIS Server DAtdӺbPKXƮwɮ׻s@FܩL Linux Dh]w NIS client ݡAΤninJ欰ɡA NIS client |e NIS server jMƮw̭OeAHΤnJҸTC
׬O NIS Ϊ̬O NFS Oǥ RPC Server ұҥΪA]AiHϥ rpcinfo ӬdM NIS O_wgҰʡAHθ daemon O_wgV portmapper ( RPC server ) UFI
NIS ϥΪMNO yp oӮMADnⳡA ypserv Φb NIS ServerAܩ ypbind P yp-tools hΦb NIS Client WC
NIS server NOѥ /etc/passwd, /etc/shadow, /etc/group, /etc/hosts bKXơAHάѼƵAHѺ NIS Client jMΡF
b NIS Server ]wA̭n@ӨBJNONbBKXBѼƵ ASCII 榡ɮনƮwɮ( database file )AH NIS client dMIӱҰ ASCII ন database {iHϥ /usr/lib/yp/ypinit -m Ϊ̨ /var/yp U make iC
NIS client ݪ]wA̭n /etc/passwd ̭]wAݭn NIS Server ƥ[b /etc/passwd ᭱F
NIS client ݪ]wAt@ӭn]wɬ /etc/nsswitch.conf AY]wF۷hƬdM{ǡC

ѦҸ귽

Study Area NIS A[]Ghttp://www.study-area.org/linux/servers/linux_nfs.htm
NIS xGhttp://www.linux-nis.org/
NIS HOW-TOGhttp://www.linux-nis.org/nis-howto/HOWTO/index.html

²满 NIS server \Pu@y{
²满 NIS Server/client [c
NIS ҰʤeݭnҰʨӪAȡA_hNLkҰʦ\ ( ܡGRPC Server )
ڪ NIS W٬ bird At~AڥD IP PDW٬ 192.168.5.1/bird.nis.org AаݭnoǸTݭn]wb NIS Server ɮפH
/etc/nsswitch.conf \ରHpGڷQnKXdMaKXɡAAdM NIS Aݭnp]wH
NIS Server NKXɮװƮwH NIS client ӬdMAаݨϥΤʧ@AiHNKXɮন NIS Ʈw榡ɮסH
pGڷQnW[@ӷsbGnewaccountAåBo newaccount iH NIS Client dMLbPKXAݭniǨBJH
@dDGUOڪѼƯSxG

network/netmask:192.168.1.0/255.255.255.0

NIS server : 192.168.1.100 (hostname: server.nis.test )

NIS cient: 192.168.1.200 (hostname: client1.nis.test )

NIS domain name: nis.test

QΤWѼƨӳ]w NIS [cAФ@B@BgUA]wC

ӤWDGpGڪӤjFAҥH@ NIS slave DAoD IP 192.168.1.50 AаݳoDӦp]wH

eѦҥθѵ

² Network Information Service, NIS Server []

2003/05/06GĤ@I
2003/09/16GyL[J@ǸTPLTק睊I