Monday, June 4, 2007

NIS Network Infomation Service

NIS ﹝Network Information Service ﹞,當伺服器主機太多,管理帳號密碼太過麻煩時,我們找來了兩台不要的 PC,做 NIS ﹝Master/Slaver﹞ Server 主機帳號及密碼的集中驗證,Network Information Service 最早應該是稱為 Sun Yellow Pages ( 簡稱 yp ) ,也就是 Sun 這家公司出的一個名為 Yellow Pages 的伺服器軟體。

Description :

NIS Master Server FreeBSD 5.1 R ﹝Pentium / 100 RAM 32M ﹞IP:10.10.10.1
NIS Slaver Server FreeBSD 4.8 R ﹝Pentium / 100 RAM 64M ﹞IP:10.10.10.2

Setp 1.

NIS Master Server 設定:

1. 修改檔案:

#vi /etc/rc.conf 加入:

hostname="mnis.ntut.idv.tw"
portmap_enable="YES"
nisdomainname="ntut-nisserver" # (自定 nisdonaimname)
nis_server_enable="YES" # (開啟 NIS Server)
nis_yppasswdd_enable="YES"
nis_yppasswdd_flags="-t /etc/master.passwd"

2. 複製檔案並修改 Makefile 檔:

#cp /var/yp/Makefile.dist /var/yp/Makefile
修改 Makefile 加入這一行 MASTER_PASSWD=/etc/master.passwd 並將 NOPUSH = "True" 那一行註解掉。

3. 執行 #ypinit -m ntut-nisserver

=============出現以下畫面================

Creating an YP server will require that you answer a few questions.
Questions will all be asked at the beginning of the procedure.

Do you want this procedure to quit on non-fatal errors? [y/n: n]

Ok, please remember to go back and redo manually whatever fails.
If you don't, something might not work.

Can we destroy the existing /var/yp/Synology-ind and its contents? [y/n: n] 選 y

At this point, we have to construct a list of this domains YP servers.
alexwang.com is already known as master server.
Please continue to add any slave servers, one per line. When you are
done with the list, type a .
master server : mnis.ntut.idv.tw < === 輸入 Master Server 的 domain
next host to add: snis.ntut.idv.tw < === 輸入 Slaver Server 的 domain
next host to add: ^D <=====如果還有其他的 slave server 則再加入,否則按 Ctrl+D
The current list of NIS servers looks like this:
mnis.ntut.idv.tw
coltrane
Is this correct? [y/n: y] y

[..output from map generation..]

NIS Map update completed.
ellington has been setup as an YP master server without any errors.

Setp 2.

NIS Slave Servr 設定:

1. 修改檔案 rc.conf 檔 #vi /etc/rc.conf 加入:

hostname="snis.ntut.idv.tw"
portmap_enable="YES"
nisdomainname="ntut-nisserver"
nis_client_enable="YES"
nis_server_enable="YES"
nis_ypxfrd_enable="YES"

#vipw 將非系統本身的使用者移除,並在檔案最後加入下列一行:
+:::::::::

#vi /etc/group 將非系統本身的群組移除,並在檔案最後加入下列一行:
+:*::

2. 執行 ypinit -s #ypinit -s mnis ntut-nisserver

Server Type: SLAVE Domain: test-domain Master: ellington

Creating an YP server will require that you answer a few questions.
Questions will all be asked at the beginning of the procedure.

Do you want this procedure to quit on non-fatal errors? [y/n: n] n

Ok, please remember to go back and redo manually whatever fails.
If you don't, something might not work.
There will be no further questions. The remainder of the procedure
should take a few minutes, to copy the databases from ellington.
Transferring netgroup...
ypxfr: Exiting: Map successfully transferred
Transferring netgroup.byuser...
ypxfr: Exiting: Map successfully transferred
Transferring netgroup.byhost...
ypxfr: Exiting: Map successfully transferred
Transferring master.passwd.byuid...
ypxfr: Exiting: Map successfully transferred
Transferring passwd.byuid...
ypxfr: Exiting: Map successfully transferred
Transferring passwd.byname...
ypxfr: Exiting: Map successfully transferred
Transferring group.bygid...
ypxfr: Exiting: Map successfully transferred
Transferring group.byname...
ypxfr: Exiting: Map successfully transferred
Transferring services.byname...
ypxfr: Exiting: Map successfully transferred
Transferring rpc.bynumber...
ypxfr: Exiting: Map successfully transferred
Transferring rpc.byname...
ypxfr: Exiting: Map successfully transferred
Transferring protocols.byname...
ypxfr: Exiting: Map successfully transferred
Transferring master.passwd.byname...
ypxfr: Exiting: Map successfully transferred
Transferring networks.byname...
ypxfr: Exiting: Map successfully transferred
Transferring networks.byaddr...
ypxfr: Exiting: Map successfully transferred
Transferring netid.byname...
ypxfr: Exiting: Map successfully transferred
Transferring hosts.byaddr...
ypxfr: Exiting: Map successfully transferred
Transferring protocols.bynumber...
ypxfr: Exiting: Map successfully transferred
Transferring ypservers...
ypxfr: Exiting: Map successfully transferred
Transferring hosts.byname...
ypxfr: Exiting: Map successfully transferred

coltrane has been setup as an YP slave server without any errors.
Don't forget to update map ypservers on ellington.

3. 將定時更改 Master 的帳號密碼加到 crontab 裡 #crontab -e

20 * * * * root /usr/libexec/ypxfr passwd.byname
21 * * * * root /usr/libexec/ypxfr passwd.byuid

完成,重開 NIS Master/Slaver Server 就 OK .......

Setp 3.

Client 端 Server 設定:

#vi /etc/rc.conf 加入:

nisdomainname="ntut-nisserver"
nis_client_enable="YES"


#vipw 將非系統本身的使用者移除,並在檔案最後加入下列一行:
+:::::::::

#vi /etc/group 將非系統本身的群組移除,並在檔案最後加入下列一行:
+:*::

To Add .

新增完使用者後,您將發現在 mnis.ntut.idv.tw 上,該帳號並沒有生效,我們必須在 NIS Master Server (mnis.ntut.idv.tw) 上,使用下列指令來讓帳號在 client 生效:
#cd /var/yp/ntut-nisserver
#make -f ../Makefile master.passwd passwd group
而 NIS Slaver Server 的帳號,則必須 crontab 跑過後,Slaver Server (snis.ntut.idv.tw) 的帳號才會同步生效。
Posted by at