1.server端
#cp /etc/nsswhich.nis /etc/nsswhich.conf
#vi /etc/nsswhich.conf

將hosts這段加入dns,查詢domain name時會去跟dns要資料
hosts:      nis [NOTFOUND=return] files dns

這次nis只做帳號管理,放置帳號資料目錄設為xxx(自行命名)

#cp /etc/passwd 到 /var/xxx/
#cp /etc/shadow 到 /var/xxx
#cp /etc/group 到 /var/xxx

設置nis domain name,讓它開機讀取
#vi /etc/defaultdomain加入領域(內容自行命名,這裡設定nisgood)

還需手動設定一次,並設定為root可讀
#domainname  nisgood
#chmod 600 /etc/defaultdomain

#vi /var/yp/Makefile
修改檔案位置
  DIR=/var/xxx
#一般檔案位置(hosts,xxx,xx 這裡不做)
  PWDIR=/var/xxx
#帳號相關檔案的位置

建立nis伺服器
#ypinit -m

In order for NIS to operate sucessfully, we have to construct a list of the
NIS servers.  Please continue to add the names for YP servers in order of
preference, one per line.  When you are done with the list, type a <control D>
or a return on a line by itself.
        next host to add:  xxx 
        next host to add:  ^D
The current list of yp servers looks like this:

xxx

Is this correct?  [y/n: y]  y

有遇見錯誤不管他,依提示進行

#vi /var/yp/securenets
將允許client端存取的IP位置加入

啟動server與passwd,passwd用來讓使用者修改密碼
svcadm enable svc:/network/nis/server:default
svcadm enable svc:/network/nis/passwd:default

2.client端
檢查對方/本身rpc服務有沒有開

#rpcinfo -p [NIS IP位置]
rpcinfo: can't contact portmapper: RPC: Authentication error; why = Fail

如果遇到以上訊息,有可能rpc本身設定不開放遠端存取,或者firewall有擋掉(tcp_wrapper,ipf..)

所以讓rpcinfo設定讓遠端可存取(NIS伺服端)

查詢manpage提示
EXAMPLES
     Example 1: Allowing Remote Access

     The following sequence of commands allows remote  access  to
     rpcbind.
這兩行
     *server:
     # svccfg -s svc:/network/rpc/bind setprop config/local_only = false
     # svcadm refresh svc:/network/rpc/bind


# ypinit -c

In order for NIS to operate sucessfully, we have to construct a list of the
NIS servers.  Please continue to add the names for YP servers in order of
preference, one per line.  When you are done with the list, type a <control D>
or a return on a line by itself.
        next host to add: xxx.xxx.xxxx
host xxx.xxx.xxxx not found in /etc/hosts or /etc/inet/ipnodes. Not added to the list

Do you wish to abort [y/n: y]

啟動client端
#svcadm enable  svc:/network/nis/client:default

步驟差不多就這樣,有問題就想想過程中有沒有遺漏,debug..

文章標籤
全站熱搜
創作者介紹
創作者 darren2000 的頭像
darren2000

四個字 堅持到底

darren2000 發表在 痞客邦 留言(0) 人氣(1,193)