内容简介:1.安装启动2.设置NIS名称
1.安装
yum -y install ypserv
启动
[root@server ~]# systemctl enable ypserv Created symlink from /etc/systemd/system/multi-user.target.wants/ypserv.service to /usr/lib/systemd/system/ypserv.service. [root@server ~]# systemctl restart ypserv [root@server ~]# systemctl status ypserv ● ypserv.service - NIS/YP (Network Information Service) Server Loaded: loaded (/usr/lib/systemd/system/ypserv.service; enabled; vendor preset: disabled) Active: active (running) since Sat 2017-05-20 09:41:30 CST; 9s ago Main PID: 3298 (ypserv) Status: "Processing requests..." CGroup: /system.slice/ypserv.service └─3298 /usr/sbin/ypserv -f May 20 09:41:30 server systemd[1]: Starting NIS/YP (Network Information Service) Server... May 20 09:41:30 server ypserv[3298]: WARNING: no securenets file found! May 20 09:41:30 server systemd[1]: Started NIS/YP (Network Information Service) Server. [root@server ~]#
2.设置NIS名称
[root@server ~]# nisdomainname rhce [root@server ~]# nisdomainname rhce
3.构建数据库
创建一个用户 u1
构建数据库
[root@server ~]# /usr/lib64/yp/ create_printcap match_printcap pwupdate yphelper ypxfr ypxfr_1perhour makedbm mknetid revnetgroup ypinit ypxfr_1perday ypxfr_2perday [root@server ~]# /usr/lib64/yp/ypinit -m At this point, we have to construct a list of the hosts which will run NIS servers. server is in the list of NIS server hosts. Please continue to add the names for the other hosts, one per line. When you are done with the list, type a <control D>. next host to add: server next host to add:
到这里按 ctrl+d
[root@server ~]# /usr/lib64/yp/ypinit -m At this point, we have to construct a list of the hosts which will run NIS servers. server is in the list of NIS server hosts. Please continue to add the names for the other hosts, one per line. When you are done with the list, type a <control D>. next host to add: server next host to add: The current list of NIS servers looks like this: server Is this correct? [y/n: y] y We need a few minutes to build the databases... Building /var/yp/rhce/ypservers... Running /var/yp/Makefile... gmake[1]: Entering directory `/var/yp/rhce' Updating passwd.byname... Updating passwd.byuid... Updating group.byname... Updating group.bygid... Updating hosts.byname... Updating hosts.byaddr... Updating rpc.byname... Updating rpc.bynumber... Updating services.byname... Updating services.byservicename... Updating netid.byname... Updating protocols.bynumber... Updating protocols.byname... Updating mail.aliases... gmake[1]: Leaving directory `/var/yp/rhce' server has been set up as a NIS master server. Now you can run ypinit -s server on all slave server. [root@server ~]#
设置客户端
1.编辑配置文件
[root@client ~]# vim /etc/nsswitch.conf
增加如下内容
passwd: files nis sss shadow: files nis sss group: files nis sss hosts: files nis dns myhostname
2.安装 ypbind
[root@client ~]# yum -y install ypbind
3.配置
[root@client ~]# authconfig-tui
4.登陆
[root@client ~]# su - u1 Last login: Sat May 20 10:39:56 CST 2017 on pts/0 su: warning: cannot change directory to /home/u1: No such file or directory -bash-4.2$
配置 nfs
1.nfs 服务端配置
略。。。
2.客户端挂载
[root@client home]# mount -t nfs 172.10.100.129:/home /home [root@client home]# su - u1 Last login: Sat May 20 10:53:07 CST 2017 on pts/1 [u1@client ~]$ touch 1 [u1@client ~]$
openldap
安装
yum install openldap openldap-clients openldap-servers migrationtools
配置文件
cd /etc/openldap/slapd.d
拷贝配置文件到 home 目录
cp /usr/share/openldap-servers/slapd.ldif /home/
修改 dc=my-doamin 为你的域名
130 dn: olcDatabase=monitor,cn=config 131 objectClass: olcDatabaseConfig 132 olcDatabase: monitor 133 olcAccess: to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,c 134 n=auth" read by dn.base="cn=Manager,dc=abc,dc=com" read by * none 135 136 # 137 # Backend database definitions 138 # 139 140 dn: olcDatabase=hdb,cn=config 141 objectClass: olcDatabaseConfig 142 objectClass: olcHdbConfig 143 olcDatabase: hdb 144 olcSuffix: dc=abc,dc=com 145 olcRootDN: cn=Manager,dc=abc,dc=com 146 olcDbDirectory: /var/lib/ldap 147 olcDbIndex: objectClass eq,pres 148 olcDbIndex: ou,cn,mail,surname,givenname eq,pres,sub
设置一个秘密
[root@server home]# slappasswd New password: Re-enter new password: {SSHA}6ZV4bJxlj6a0CPsqAwaXdS+AjPmSZ9Do
把密码假如到配置文件
olcRootDN: cn=Manager,dc=abc,dc=com olcRootPW: {SSHA}6ZV4bJxlj6a0CPsqAwaXdS+AjPmSZ9Do #增加一行PW:后注意是 tab 键盘 不要留空格
增加内容
1.主要文件是在 sehema 目录下
[root@server schema]# ll -d /etc/openldap/schema/* |awk -F" " '{print $9}' /etc/openldap/schema/collective.ldif /etc/openldap/schema/collective.schema /etc/openldap/schema/corba.ldif /etc/openldap/schema/corba.schema /etc/openldap/schema/core.ldif /etc/openldap/schema/core.schema /etc/openldap/schema/cosine.ldif /etc/openldap/schema/cosine.schema /etc/openldap/schema/duaconf.ldif /etc/openldap/schema/duaconf.schema /etc/openldap/schema/dyngroup.ldif /etc/openldap/schema/dyngroup.schema /etc/openldap/schema/inetorgperson.ldif /etc/openldap/schema/inetorgperson.schema /etc/openldap/schema/java.ldif /etc/openldap/schema/java.schema /etc/openldap/schema/misc.ldif /etc/openldap/schema/misc.schema /etc/openldap/schema/nis.ldif /etc/openldap/schema/nis.schema /etc/openldap/schema/openldap.ldif /etc/openldap/schema/openldap.schema /etc/openldap/schema/pmi.ldif /etc/openldap/schema/pmi.schema /etc/openldap/schema/ppolicy.ldif /etc/openldap/schema/ppolicy.schema /etc/openldap/schema/samba.schema
插入到配置文件
include: file:///etc/openldap/schema/core.ldif include: file:///etc/openldap/schema/collective.ldif include: file:///etc/openldap/schema/collective.schema include: file:///etc/openldap/schema/corba.ldif include: file:///etc/openldap/schema/corba.schema include: file:///etc/openldap/schema/core.ldif include: file:///etc/openldap/schema/core.schema include: file:///etc/openldap/schema/cosine.ldif include: file:///etc/openldap/schema/cosine.schema include: file:///etc/openldap/schema/duaconf.ldif include: file:///etc/openldap/schema/duaconf.schema include: file:///etc/openldap/schema/dyngroup.ldif include: file:///etc/openldap/schema/dyngroup.schema include: file:///etc/openldap/schema/inetorgperson.ldif include: file:///etc/openldap/schema/inetorgperson.schema include: file:///etc/openldap/schema/java.ldif include: file:///etc/openldap/schema/java.schema include: file:///etc/openldap/schema/misc.ldif include: file:///etc/openldap/schema/misc.schema include: file:///etc/openldap/schema/nis.ldif include: file:///etc/openldap/schema/nis.schema include: file:///etc/openldap/schema/openldap.ldif include: file:///etc/openldap/schema/openldap.schema include: file:///etc/openldap/schema/pmi.ldif include: file:///etc/openldap/schema/pmi.schema include: file:///etc/openldap/schema/ppolicy.ldif include: file:///etc/openldap/schema/ppolicy.schema include: file:///etc/openldap/schema/samba.schema
在文末增加
dn: olcDatabase=config,cn=config objectClass: olcDatabaseConfig olcDatabase: config olcAccess: to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage by * none
删除原有的配置
[root@server ~]# rm -rf /etc/openldap/slapd.d/*
将 home 目录的slapd.ldif 加载进配置文件目录中
[root@server home]# slapadd -F /etc/openldap/slapd.d/ -n 0 -l /home/slapd.ldif 591fd54d str2entry: entry -1 has no dn slapadd: could not parse entry (line=724) _################### 99.70% eta none elapsed none spd 3.3 M/s Closing DB...
- -l:说明了包含要增加的条目的文本格式的LDIF输入文件
- -f:说明了slapd配置文件的格式。该配置文件说明了在何处创建索引,以及创建什么索引等等
- -n:说明修改那一个数据库的可选参数
测试文件是否正确
[root@server home]# slaptest -u -F /etc/openldap/slapd.d/ config file testing succeeded
若正确则提示:
config file testing succeeded
修改配置文件的所有者,否则无法读取这些配置:
chown -Rv ldap.ldap /etc/openldap/slapd.d
如下
[root@server slapd.d]# chown -Rv ldap.ldap /etc/openldap/slapd.d/ changed ownership of ‘/etc/openldap/slapd.d/cn=config.ldif’ from root:root to ldap:ldap changed ownership of ‘/etc/openldap/slapd.d/cn=config/cn=schema.ldif’ from root:root to ldap:ldap changed ownership of ‘/etc/openldap/slapd.d/cn=config/cn=schema/cn={0}core.ldif’ from root:root to ldap:ldap changed ownership of ‘/etc/openldap/slapd.d/cn=config/cn=schema/cn={1}collective.ldif’ from root:root to ldap:ldap changed ownership of ‘/etc/openldap/slapd.d/cn=config/cn=schema’ from root:root to ldap:ldap changed ownership of ‘/etc/openldap/slapd.d/cn=config’ from root:root to ldap:ldap ownership of ‘/etc/openldap/slapd.d/’ retained as ldap:ldap
确认下所有者和所属组
[root@server slapd.d]# ll total 4 drwxr-x--- 3 ldap ldap 45 May 20 13:34 cn=config -rw------- 1 ldap ldap 589 May 20 13:34 cn=config.ldif
创建数据库配置文件
[root@server slapd.d]# cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG [root@server slapd.d]# chown -Rv ldap.ldap /var/lib/ldap/DB_CONFIG changed ownership of ‘/var/lib/ldap/DB_CONFIG’ from root:root to ldap:ldap
启动服务
[root@server ~]# systemctl start slapd.service [root@server ~]# systemctl status slapd.service ● slapd.service - OpenLDAP Server Daemon Loaded: loaded (/usr/lib/systemd/system/slapd.service; disabled; vendor preset: disabled) Active: active (running) since Sat 2017-05-20 13:44:56 CST; 7s ago Docs: man:slapd man:slapd-config man:slapd-hdb man:slapd-mdb file:///usr/share/doc/openldap-servers/guide.html Process: 10099 ExecStart=/usr/sbin/slapd -u ldap -h ${SLAPD_URLS} $SLAPD_OPTIONS (code=exited, status=0/SUCCESS) Process: 10082 ExecStartPre=/usr/libexec/openldap/check-config.sh (code=exited, status=0/SUCCESS) Main PID: 10102 (slapd) CGroup: /system.slice/slapd.service └─10102 /usr/sbin/slapd -u ldap -h ldapi:/// ldap:/// May 20 13:44:54 server systemd[1]: Starting OpenLDAP Server Daemon... May 20 13:44:54 server runuser[10087]: pam_unix(runuser:session): session opened for user ldap by (uid=0) May 20 13:44:54 server slapcat[10093]: DIGEST-MD5 common mech free May 20 13:44:55 server slapd[10099]: @(#) $OpenLDAP: slapd 2.4.40 (Nov 6 2016 01:21:28) $ mockbuild@worker1.bsys.centos.org:/builddir/build/BUILD/openld...slapd May 20 13:44:56 server slapd[10102]: slapd starting May 20 13:44:56 server systemd[1]: Started OpenLDAP Server Daemon. Hint: Some lines were ellipsized, use -l to show in full. [root@server ~]# systemctl enable slapd.service Created symlink from /etc/systemd/system/multi-user.target.wants/slapd.service to /usr/lib/systemd/system/slapd.service.
创建多个用户
[root@server ~]# ./create_user.sh mkdir: created directory ‘/home/ldapuser’ Changing password for user lduser1. passwd: all authentication tokens updated successfully. Changing password for user lduser2. passwd: all authentication tokens updated successfully. Changing password for user lduser3. passwd: all authentication tokens updated successfully. Changing password for user lduser4. passwd: all authentication tokens updated successfully. Changing password for user lduser5. passwd: all authentication tokens updated successfully. Changing password for user lduser6. passwd: all authentication tokens updated successfully.
附脚本内容
[root@server ~]# cat create_user.sh #!/bin/bash USER_LIST=ldapuser.txt HOME_ldap=/home/ldapuser mkdir -pv $HOME_ldap for USERID in `awk '{print $1}' $USER_LIST`; do USERNAME="`grep "$USERID" $USER_LIST | awk '{print $2}'`" HOMEDIR=${HOME_ldap}/${USERNAME} useradd $USERNAME -u $USERID -d $HOMEDIR grep "$USERID" $USER_LIST | awk '{print $3}' | passwd --stdin $USERNAME done [root@server ~]# cat ldapuser.txt 5000 lduser1 123456 5001 lduser2 123456 5002 lduser3 123456 5003 lduser4 123456 5004 lduser5 123456 5005 lduser6 123456 [root@server ~]#
修改 /usr/share/migrationtools/migrate_common.ph
文件
vim /usr/share/migrationtools/migrate_common.ph # Default DNS domain $DEFAULT_MAIL_DOMAIN = "abc.com"; # Default base $DEFAULT_BASE = "dc=abc,dc=com";
创建基本的数据库模板文件
[root@server ~]# /usr/share/migrationtools/migrate_base.pl > /root/base.ldif
创建用户的数据库模板文件
/usr/share/migrationtools/migrate_passwd.pl /etc/passwd /root/user.ldif
编辑vim /root/user.ldif,只留下LDAP用户的相关信息,删掉其他用户信息。
user.ldif中所有的DN都是属于People这个OU,而People这个OU是在base.ldif中定义的。
user.ldif中所有的DN都是继承自以下4个类:
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
其中posixAccount和shadowAccount提供了uidNumber、gidNumber、homeDirectory、loginShell、userPassword这些属性
创建组数据库信息
/usr/share/migrationtools/migrate_group.pl /etc/group /root/group.ldif
编辑group.ldif,只留LDAP用户相关的组的信息,删掉其他用户信息。
user.ldif中所有的DN都是属于Group这个OU,而Group这个OU是在base.ldif中定义的。
使用 ldapadd 导入数据库
在ldappadd命令中常用的选项如下:
-x:进行简单认证。
-D:用来绑定服务器的dn。
-h:目录服务的地址。
-w:绑定dn的密码。
-f:使用LDIF文件进行条目添加的文件。
[root@server ~]# ldapadd -D "cn=Manager,dc=abc,dc=com" -W -x -f base.ldif Enter LDAP Password: ldap_bind: Invalid credentials (49) [root@server ~]# ldapadd -D "cn=Manager,dc=abc,dc=com" -W -x -f user.ldif Enter LDAP Password: ldap_bind: Invalid credentials (49) [root@server ~]# ldapadd -D "cn=Manager,dc=abc,dc=com" -W -x -f group.ldif Enter LDAP Password: ldap_bind: Invalid credentials (49)
配置 nfs
[root@server ~]# vim /etc/exports [root@server ~]# cat /etc/exports /home/remoteuser *(rw)
启动服务
[root@server ~]# systemctl start rpcbind.service [root@server ~]# systemctl start nfs-server.service
查看端口
[root@server ~]# ss -ant| grep 389 LISTEN 0 128 *:389 *:* LISTEN 0 128 :::389 :::* [root@server ~]# ss -ant| grep 2049 LISTEN 0 64 *:2049 *:* LISTEN 0 64 :::2049 :::*
设置为开机启动
[root@server ~]# systemctl enable rpcbind.service [root@server ~]# systemctl enable nfs-server.service
配置日志
配置日志
编辑rsyslog配置文件:
vi /etc/rsyslog.conf
加上一行:
local4.* /var/log/ldap.log
然后
touch /var/log/ldap.log
重启rsyslog:
systemctl restart rsyslog.service
如果slapd启动出问题,可查看/var/log/messages文件,比如:
systemctl status slapd.service -l tail -n20 -f /var/log/messages
服务器配置到此结束。
###客户端配置
配置LDAP客户端
1.安装LDAP认证相关软件包
yum -y install sssd-ldap nss-pam-ldapd
2.开启LDAP验sl证
终端执行命令authconfig-tui
以上所述就是小编给大家介绍的《Centos7使用nis和ladp》,希望对大家有所帮助,如果大家有任何疑问请给我留言,小编会及时回复大家的。在此也非常感谢大家对 码农网 的支持!
猜你喜欢:- RecyclerView使用指南(一)—— 基本使用
- 如何使用Meteorjs使用URL参数
- 使用 defer 还是不使用 defer?
- 使用 Typescript 加强 Vuex 使用体验
- [译] 何时使用 Rust?何时使用 Go?
- UDP协议的正确使用场合(谨慎使用)
本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们。