Debian中配置NIS:用户账号管理
<p align="justify"> 1、添加指定gid的组</p><div class="cnblogs_Highlighter">
<pre class="brush:csharp;gutter:true;">groupadd -g 1001 upload
# 添加了一个指定gid为1001的upload用户</pre>
</div>
<p>2、添加指定uid的用户,并加入到指定组</p>
<div class="cnblogs_Highlighter">
<pre class="brush:csharp;gutter:true;"># 添加了一个uid为1001的用户,并加入到upload的组中
useradd -u 1001 -g upload testuser
# 修改用户组
usermod -g 1011 testuser</pre>
</div>
<p align="justify">3、建立一个新用户账户testuser,并设置UID为1001,主目录为/usr/testuser,属于users组:</p>
<div class="cnblogs_Highlighter">
<pre class="brush:csharp;gutter:true;">useradd -u 1001 -d /usr/testuser -g users -m testuser</pre>
</div>
<p><strong>【注】:加-m 如果主目录不存在则自动创建</strong></p>
<p>4、移动用户家目录(/var/lib/munge表示目标目录,<code>-m</code> 表示移动主目录,<code>munge</code> 为用户名)</p>
<div class="cnblogs_Highlighter">
<pre class="brush:csharp;gutter:true;">usermod -d /var/lib/munge -m munge</pre>
</div>
<h1 align="justify"><span style="font-size: 18pt">一、服务端(Server端192.168.109.137)</span></h1>
1、安装软件包
<div class="cnblogs_Highlighter">
<pre class="brush:cpp;gutter:true;">apt-get update
apt install -y nis</pre>
</div>
安装过程中设置域名<br><img src="https://img2022.cnblogs.com/blog/2173981/202208/2173981-20220828154822990-1224320385.png" alt="" loading="lazy"><br>vim /etc/defaultdomain<span style="font-family: 宋体">查看设置域名</span><br> <img src="https://img2022.cnblogs.com/blog/2173981/202208/2173981-20220828154835596-1177059881.png" alt="" loading="lazy"><br>2<span style="font-family: 宋体">、设置</span><span style="font-family: "Times New Roman"">nis</span><span style="font-family: 宋体">主服务器</span><br>
<div class="cnblogs_Highlighter">
<pre class="brush:cpp;gutter:true;">vim /etc/default/nis</pre>
</div>
<span style="font-family: 宋体">将</span>NISSERVER=false<span style="font-family: 宋体">改为</span><span style="font-family: "Times New Roman"">NISSERVER=master</span>
<p align="justify"><img src="https://img2022.cnblogs.com/blog/2173981/202208/2173981-20220828154901346-1625226302.png" alt="" loading="lazy"></p>
3<span style="font-family: 宋体">、设置可以允许访问我们的 </span><span style="font-family: "Times New Roman"">NIS </span><span style="font-family: 宋体">服务器的</span><span style="font-family: "Times New Roman"">IP</span><span style="font-family: 宋体">范围</span><br>
<div class="cnblogs_Highlighter">
<pre class="brush:cpp;gutter:true;">vim /etc/ypserv.securenets</pre>
</div>
先注释掉下图中显示的行:<br><img src="https://img2022.cnblogs.com/blog/2173981/202208/2173981-20220828154913601-2043966039.png" alt="" loading="lazy"><br><span style="font-family: 宋体">将允许的</span> IP <span style="font-family: 宋体">范围添加到该文件的末尾,如下图所示。之后,我们可以保存并关闭我们的文件。</span><br><img src="https://img2022.cnblogs.com/blog/2173981/202208/2173981-20220828154927744-777515908.png" alt="" loading="lazy"><br>4<span style="font-family: 宋体">、为</span><span style="font-family: "Times New Roman"">NIS</span><span style="font-family: 宋体">添加自己的</span><span style="font-family: "Times New Roman"">IP</span><span style="font-family: 宋体">地址</span>
<div class="cnblogs_Highlighter">
<pre class="brush:cpp;gutter:true;">vim /etc/hosts</pre>
</div>
<img src="https://img2022.cnblogs.com/blog/2173981/202208/2173981-20220828154935646-102270930.png" alt="" loading="lazy"><br>修改vim /etc/yp.conf加入下面的设置<br><img src="https://img2022.cnblogs.com/blog/2173981/202208/2173981-20220829105340612-379607561.png" alt="" loading="lazy"><br>5<span style="font-family: 宋体">、重新启动 </span><span style="font-family: "Times New Roman"">NIS </span><span style="font-family: 宋体">服务器</span>
<div class="cnblogs_Highlighter">
<pre class="brush:cpp;gutter:true;">systemctl restart rpcbind ypserv yppasswdd ypxfrd
systemctl enable rpcbind ypserv yppasswdd ypxfrd
systemctl restart nis</pre>
</div>
6<span style="font-family: 宋体">、创建一个测试用户、并更新</span><span style="font-family: "Times New Roman"">NIS</span><span style="font-family: 宋体">数据库</span>
<div class="cnblogs_Highlighter">
<pre class="brush:cpp;gutter:true;">adduser nistest
/usr/lib/yp/ypinit -m</pre>
</div>
<span style="font-family: 宋体">按</span>Ctrl + D<span style="font-family: 宋体">,再按</span><span style="font-family: "Times New Roman"">y</span><span style="font-family: 宋体">确认</span>
<div class="cnblogs_Highlighter">
<pre class="brush:cpp;gutter:true;">//每次更新账户信息后都需要更新数据库
//cd /var/yp
//make
//make -C /var/yp/</pre>
</div>
现在执行下面的命令,并可以看到用户口令表
<div class="cnblogs_Highlighter">
<pre class="brush:cpp;gutter:true;">getent passwd</pre>
</div>
<h1 align="justify"><span style="font-size: 18pt">二、Client(客户端192.168.109.142)</span></h1>
<p align="justify">1<span style="font-family: 宋体">、安装软件包</span></p>
<div class="cnblogs_Highlighter">
<pre class="brush:cpp;gutter:true;">apt-get update
apt install -y nis</pre>
</div>
<span style="font-family: 宋体">查看</span>vim /etc/defaultdomain<span style="font-family: 宋体">里的域名</span><br><img src="https://img2022.cnblogs.com/blog/2173981/202208/2173981-20220828155138033-46218921.png" alt="" loading="lazy"><br>2<span style="font-family: 宋体">、修改配置文件</span><span style="font-family: "Times New Roman"">vim /etc/default/nis </span><span style="font-family: 宋体">确保有如下设置,配置为 </span><span style="font-family: "Times New Roman"">NIS </span><span style="font-family: 宋体">客户端</span><br><img src="https://img2022.cnblogs.com/blog/2173981/202208/2173981-20220828155146217-898118573.png" alt="" loading="lazy"><br>3<span style="font-family: 宋体">、修改</span><span style="font-family: "Times New Roman"">vim /etc/yp.conf</span><span style="font-family: 宋体">加入下面的设置</span><br><img src="https://img2022.cnblogs.com/blog/2173981/202208/2173981-20220828155155311-1782233861.png" alt="" loading="lazy"><br>4<span style="font-family: 宋体">、在</span><span style="font-family: "Times New Roman"">passwd</span><span style="font-family: 宋体">、</span><span style="font-family: "Times New Roman"">shadow</span><span style="font-family: 宋体">、</span><span style="font-family: "Times New Roman"">group</span><span style="font-family: 宋体">以及</span><span style="font-family: "Times New Roman"">hosts</span><span style="font-family: 宋体">行的</span><span style="font-family: "Times New Roman"">files</span><span style="font-family: 宋体">后面都添加上</span><span style="font-family: "Times New Roman"">nis</span><span style="font-family: 宋体">。</span>
<div class="cnblogs_Highlighter">
<pre class="brush:cpp;gutter:true;">vim /etc/nsswitch.conf</pre>
</div>
<img src="https://img2022.cnblogs.com/blog/2173981/202208/2173981-20220828155204209-1636589150.png" alt="" loading="lazy"><br>5<span style="font-family: 宋体">、</span>启动服务并设置开机启动
<div class="cnblogs_Highlighter">
<pre class="brush:cpp;gutter:true;">systemctl restart rpcbind nscd ypbind
systemctl restart rpcbind ypbind
systemctl enable rpcbind ypbind</pre>
</div>
6<span style="font-family: 宋体">、</span><span style="font-family: "Times New Roman"">yptest</span><span style="font-family: 宋体">测试</span><br><img src="https://img2022.cnblogs.com/blog/2173981/202208/2173981-20220828155231739-581151315.png" alt="" loading="lazy"><br>
<div class="cnblogs_Highlighter">
<pre class="brush:cpp;gutter:true;">ypcat passwd
</pre>
</div>
<p><img src="https://img2022.cnblogs.com/blog/2173981/202208/2173981-20220828155241869-1174233221.png" alt="" loading="lazy"></p>
登录(登录之前要挂载用户目录)<br><img src="https://img2022.cnblogs.com/blog/2173981/202208/2173981-20220828155249107-879169084.png" alt="" loading="lazy"><br>大功告成。
<h1><span style="font-size: 18pt">三、autofs+nfs自动挂载</span></h1>
1、安装软件包
<div class="cnblogs_Highlighter">
<pre class="brush:cpp;gutter:true;">apt-get install autofs</pre>
</div>
2、编辑autofs配置文件<br>vim /etc/auto.master 添加以下内容<br>格式为 <br>挂载点 配置文件<span style="font-family: 宋体, "Songti SC""><br></span>
<div class="cnblogs_Highlighter">
<pre class="brush:cpp;gutter:true;">/home /etc/auto.nis
</pre>
</div>
<img src="https://img2022.cnblogs.com/blog/2173981/202208/2173981-20220829100726397-1956191701.png" alt="" loading="lazy"><br>3、新建立配置文件
<div class="cnblogs_Highlighter">
<pre class="brush:cpp;gutter:true;">vim/etc/auto.nis
</pre>
</div>
格式为<br>服务端用户名 服务端IP:挂载用户的目录
<div class="cnblogs_Highlighter">
<pre class="brush:cpp;gutter:true;">* 192.168.102.137:/home/&
</pre>
</div>
注:*匹配所有用户名,&匹配用户路径,使用&字符通常与通配符*一起使用<br>4、保存退出后重启autofs,并设置开机启动
<div class="cnblogs_Highlighter">
<pre class="brush:cpp;gutter:true;">systemctl restart autofs
systemctl enable autofs </pre>
</div>
<h1 align="justify"><span style="font-size: 18pt"><strong>四、其它</strong></span></h1>
<span style="font-family: 宋体">检查</span> Debian 10 <span style="font-family: 宋体">上“</span><span style="font-family: "Times New Roman"">rpcbind</span><span style="font-family: 宋体">”服务的状态:</span>
<div class="cnblogs_Highlighter">
<pre class="brush:cpp;gutter:true;">systemctl status rpcbind </pre>
</div>
<span style="font-family: 宋体">检查</span> Debian 10 <span style="font-family: 宋体">上“</span><span style="font-family: "Times New Roman"">ypserv</span><span style="font-family: 宋体">”服务的状态</span>
<div class="cnblogs_Highlighter">
<pre class="brush:cpp;gutter:true;">systemctl status ypservz</pre>
</div>
<h2><span style="font-size: 18px">1、客户端autofs自动挂载(推荐)/(服务端是NFS)</span></h2>
<span style="font-size: 16px"><strong>方式1:用户自登陆挂载</strong></span><br>编辑autofs配置文件 vim /etc/auto.master <br> <img src="https://img2022.cnblogs.com/blog/2173981/202208/2173981-20220829104702774-1108876778.png" alt="" loading="lazy"><br>编辑 vim /etc/auto.misc<br><img src="https://img2022.cnblogs.com/blog/2173981/202209/2173981-20220901092440405-1967913089.png" alt="" loading="lazy"><br> 注:*匹配所有用户名,&匹配用户路径,使用&字符通常与通配符*一起使用。<br><span style="font-size: 16px"><strong><strong> </strong>方式2:自动挂载192.168.109.137:/home 到本机/home</strong></span><br>(1)编辑autofs配置文件 vim /etc/auto.master <br><img src="https://img2022.cnblogs.com/blog/2173981/202209/2173981-20220901090702788-332213040.png" alt="" loading="lazy"><br> 在主映射文件/etc/auto.master中使用/-,然后具体的挂载路径全部在子映射文件/etc/auto.nfs。(<span class="token operator">--timeout<span class="token operator">=<span class="token number">10 也可以在后面加上多长时间不使用自动卸载</span></span></span>)<br><span style="font-size: 16px"><strong>【其它】:</strong></span>或者在/etc/auto.master.d 下面创建一个主映射文件。这个文件的作用是确定挂载点的基础目录同时确定用于创建自动挂载的映射文件。首先主映射文件以.autofs作为扩展名
<div class="cnblogs_Highlighter">
<pre class="brush:csharp;gutter:true;">vim nfs.autofs</pre>
</div>
<img src="https://img2023.cnblogs.com/blog/2173981/202303/2173981-20230314155239998-928459263.png" alt="" loading="lazy"><br>(2)创建/etc/auto.nfs文件
<div class="cnblogs_Highlighter">
<pre class="brush:cpp;gutter:true;">cp /etc/auto.misc /etc/auto.nfs
vim /etc/auto.nfs
/home -fstype=nfs,rw 192.167.253.5:/home</pre>
</div>
<p><img src="https://img2022.cnblogs.com/blog/2173981/202209/2173981-20220901092600283-1447393513.png" alt="" loading="lazy"><br> 或<br><img src="https://img2022.cnblogs.com/blog/2173981/202209/2173981-20220901092732285-1908278769.png" alt="" loading="lazy"><br> (3)设置已经挂载的文件系统在30s内没有被使用,将其自动卸载。</p>
<div class="cnblogs_Highlighter">
<pre class="brush:cpp;gutter:true;">vim /etc/autofs.conf</pre>
</div>
<img src="https://img2022.cnblogs.com/blog/2173981/202209/2173981-20220901091819657-342132727.png" alt="" loading="lazy"><br> (4)重启autofs使其生效
<div class="cnblogs_Highlighter">
<pre class="brush:cpp;gutter:true;">systemctl restart autofs </pre>
</div>
<h1><span style="font-size: 18pt">五、nis主从配置(基于以上完成的优化)</span></h1>
nis master:192.168.102.133 主机名:uos003<br>nis slave: 192.168.102.134 主机名:uos004<br>nis client: 192.168.102.135 主机名:uos005<br>
<h2><span style="font-size: 18px">1、master服务器端的设置</span></h2>
(1)为了让master与slave之间可以传输数据,需要对master做一点小小的改动。进入到/var/yp目录下,修改Makefile文件,把NOPUSH的值修改为false即可<br>vim /var/yp/Makefile<br><img src="https://img2022.cnblogs.com/blog/2173981/202210/2173981-20221001114504358-672301149.png" alt="" loading="lazy"><br>(2)后告诉master需要把数据推送给哪些slave节点。【创建/var/yp/ypservers文件】,并向其中添加slave节点名称,进程如下操作:<br>vim /var/yp/ypservers<br><img src="https://img2022.cnblogs.com/blog/2173981/202210/2173981-20221001114532501-1723077608.png" alt="" loading="lazy"><br> (3)传输数据时会用到ypxfrd服务,该服务运行时需要访问/var/yp/securenets文件,用于安全性检查,即验证可以在哪些服务器之间进行数据同步。<br>执行如下操作【创建文件】并添加内容:<br>vim /var/yp/securenets (255.255.255.0 192.168.102.0)<br><img src="https://img2022.cnblogs.com/blog/2173981/202210/2173981-20221001114553352-1306081017.png" alt="" loading="lazy"><br>(4)设置了slave服务,那么master节点最好也开启ypbind服务,确保在执行make后,更新的数据可以主动发送给slave节点上。<br>这里只提及需要修改/etc/yp.conf,/etc/nsswitch.conf等文件<br>(5)开启服务,并设置开机自启动
<div class="cnblogs_Highlighter">
<pre class="brush:cpp;gutter:true;">systemctl restart ypbind ypxfrd
systemctl enable ypbind ypxfrd </pre>
</div>
(6)更新数据库:
<div class="cnblogs_Highlighter">
<pre class="brush:cpp;gutter:true;">cd /var/yp
make //make -C /var/yp
</pre>
</div>
当执行了ypinit -m之后,所有的主机上面的账号相关档案会被转成数据库档案, 这些数据库会被放置到/var/yp/"nisdomainname"当中,<br><img src="https://img2022.cnblogs.com/blog/2173981/202210/2173981-20221001114925534-1448075792.png" alt="" loading="lazy"><br>【注意】:/var/yp/目录下会产生一个你自己设定的nisdomainname目录,一定要保证master,slave,client中的nisdomainname设置的一致
<h2><span style="font-size: 18px">2、slave节点配置</span></h2>
(1)配置主要配置文件vim /etc/default/nis<br>将NISSERVER=false改为NISSERVER=master<br><img src="https://img2022.cnblogs.com/blog/2173981/202210/2173981-20221001115004918-1275626566.png" alt="" loading="lazy"><br>(2)对于slave节点,既作为服务端,又作为客户端,所以不仅需要配置/etc/ypserv.conf文件,还需要配置客户端需要配置的文件,例如/etc/yp.conf等文件。ypbind是客户端服务,/etc/yp.conf是ypbind的配置文件。<br>yp.conf的配置如下:<br>vim /etc/yp.conf<br><img src="https://img2022.cnblogs.com/blog/2173981/202210/2173981-20221001115029296-1825483119.png" alt="" loading="lazy"><br>(3)设置可以允许访问我们的NIS服务器的IP范围<br>vim /etc/ypserv.securenets 注释掉#0.0.0.0 0.0.0.0<br><img src="https://img2022.cnblogs.com/blog/2173981/202210/2173981-20221001115055245-1171887449.png" alt="" loading="lazy"><br>(4)启动服务,并设置开机自启动(启动前确认rpcbind服务启动了已经)
<div class="cnblogs_Highlighter">
<pre class="brush:cpp;gutter:true;">systemctl restart ypserv ypxfrd ypbind
systemctl enable ypserv ypxfrd ypbind
</pre>
</div>
(5)slave节点不需要自己创建数据库,而是应该同步master节点的数据库。<br>初此同步时,需要执行以下命令:
<div class="cnblogs_Highlighter">
<pre class="brush:cpp;gutter:true;">/usr/lib/yp/ypinit -s uos003
</pre>
</div>
<img src="https://img2022.cnblogs.com/blog/2173981/202210/2173981-20221001115154594-1392600628.png" alt="" loading="lazy"><br>查看数据库被放置到了/var/yp/"nisdomainname"当中<br><img src="https://img2022.cnblogs.com/blog/2173981/202210/2173981-20221001115205365-250707404.png" alt="" loading="lazy"><br>
<h2><span style="font-size: 18px">3、客户端的设置</span></h2>
<div class="cnblogs_Highlighter">
<pre class="brush:cpp;gutter:true;">vim /etc/yp.conf</pre>
</div>
<img src="https://img2022.cnblogs.com/blog/2173981/202210/2173981-20221001115239252-1837222312.png" alt="" loading="lazy"><br>重启服务
<div class="cnblogs_Highlighter">
<pre class="brush:cpp;gutter:true;">systemctl restart rpcbind ypbind
</pre>
</div>
<h2><span style="font-size: 18px">4、测试</span></h2>
(1)停掉nis master
<div class="cnblogs_Highlighter">
<pre class="brush:cpp;gutter:true;">systemctl stop ypserv</pre>
</div>
<img src="https://img2022.cnblogs.com/blog/2173981/202210/2173981-20221001115329163-551238928.png" alt="" loading="lazy"><br>(2)在客户端查看用户
<div class="cnblogs_Highlighter">
<pre class="brush:cpp;gutter:true;">ypcat passwd
</pre>
</div>
<img src="https://img2022.cnblogs.com/blog/2173981/202210/2173981-20221001115410984-1444358390.png" alt="" loading="lazy"><br>依然可以查到,说明nis主从服务搭建成功<br>
<h2><span style="font-size: 18px">5、排错</span></h2>
(1)master服务器端执行make时报错<br><img src="https://img2022.cnblogs.com/blog/2173981/202210/2173981-20221001115453036-822883889.png" alt="" loading="lazy"><br>主要原因是执行make时调用yppush工具需要用到ypbind服务,而master节点没有开启ypbind服务。如果不使用高可用,即不设置slave服务,那么master节点可以不启用ypbind,毕竟所有的账号信息都在master节点上。但是,如果设置了slave服务,那么master节点最好也开启ypbind服务,确保在执行make后,更新的数据可以主动发送给slave节点上。<br>(2)客户端查看用户ypcat passwd出错<br>YPBINDPROC_DOMAIN: Domain not bound<br>No such map passwd.byname. Reason: Can't bind to server which serves this domain<br><img src="https://img2022.cnblogs.com/blog/2173981/202210/2173981-20221001115513725-385941246.png" alt="" loading="lazy"><br> i、说明没有在vim /etc/yp.conf里添加slave节点<br> ii、或者没有重启ypbind服务
<div class="cnblogs_Highlighter">
<pre class="brush:cpp;gutter:true;">systemctl restart ypbind
</pre>
</div>
<p> </p>
<p> </p>
<p> </p>
<p> </p>
<p> </p>
<p> </p>
<p> </p>
<p> </p>
<p> </p>
<p align="justify"> </p>
<p align="justify"> </p><br><br>
来源:https://www.cnblogs.com/babyclass/p/16395730.html
頁:
[1]