kenapa kita butuh NIS ?
apabila kita melakukan manajemen host (baca:linux computer) yang
sangat banyak, pasti akan sangat sulit bagi seorang sys admin untuk
melakukan penambahan user satu per satu misal ke 100 host pc. dengan NIS
akan membuat manajemen user dilakukan hanya pada NIS server sehingga
manajemen user dilakukan secara terpusat. tapi kita harus menyadari
bahwa NIS memiliki sebuah kelemahan karena data NIS yang di kirim client
tidak dienkripsi, dan semua user NIS dapat mengakses password yang ada
di NIS server ( meski secara lokal NIS server sudah memberikan enkripsi
pada file2 tersebut). LDAP dan radius sudah menambahkan fasilitas
security nya dengan enkripsi terjadi antar hubungan klien dan server…
lain kali akan kita pelajari. berikut adalah sample configuration
jelas pertama kita harus menginstall package NIS, dengan centos anda dengan mudah mengistall nya dengan
:
[root@dir ~]#
[root@dir ~]#
yum -y install ypserv
ypdomainname server.world
# set NIS domain name
[root@dir ~]#
vi /etc/sysconfig/network
NETWORKING=yes
NETWORKING_IPV6=no
HOSTNAME=dir.server.world
NETWORKING_IPV6=no
HOSTNAME=dir.server.world
# add at the the last line
NISDOMAIN=server.world
[root@dir ~]#
vi /var/yp/Makefile
# MERGE_PASSWD=true|false
MERGE_PASSWD=
# line 42: change
MERGE_PASSWD=
false
# MERGE_GROUP=true|false
MERGE_GROUP=
# line 46: change
MERGE_GROUP=
false
# line 117: add
all: passwd
shadow
group hosts rpc services netid protocols
[root@dir ~]#
vi /var/yp/securenets
255.255.255.0 10.0.0.0
[root@dir ~]#
vi /etc/hosts
# add own IP address
10.0.0.100 dir.server.world dir
/etc/rc.d/init.d/portmap start
Starting portmap:
[ OK ]
[root@dir ~]#
/etc/rc.d/init.d/ypserv start
Starting YP server services:
[ OK ]
[root@dir ~]#
/etc/rc.d/init.d/yppasswdd start
Starting YP passwd service:
[ OK ]
[root@dir ~]#
chkconfig portmap on
[root@dir ~]#
chkconfig ypserv on
[root@dir ~]#
chkconfig yppasswdd on
[root@dir ~]#
/usr/lib64/yp/ypinit -m
# update NIS database
At this point, we have to construct a list of the hosts which will run NIS
servers. dir.server.world is in the list of NIS server hosts. Please continue to add
the names for the other hosts, one per line. When you are done with the
list, type a <control D>.
The current list of NIS servers looks like this:
servers. dir.server.world is in the list of NIS server hosts. Please continue to add
the names for the other hosts, one per line. When you are done with the
list, type a <control D>.
next host to add: dir.server.world
next host to add:
# push Ctrl + D key
The current list of NIS servers looks like this:
dir.server.world
Is this correct? [y/n: y]
y
# answer yes
We need a few minutes to build the databases... Building /var/yp/server.world/ypservers... Running /var/yp/Makefile... gmake[1]: Entering directory `/var/yp/server.world' Updating passwd.byname... Updating passwd.byuid... Updating shadow.byname... Updating group.byname... Updating group.bygid... Updating hosts.byname... Updating hosts.byaddr... Updating rpc.byname... Updating rpc.bynumber... Updating services.byname... Updating services.byservicename... Updating netid.byname... Updating protocols.bynumber... Updating protocols.byname... Updating mail.aliases... gmake[1]: Leaving directory `/var/yp/server.world' dir.server.world has been set up as a NIS master server. Now you can run ypinit -s dir.server.world on all slave server.
# It's neccessary to update NIS database with following way if new user is added again
[root@dir ~]#
cd /var/yp
[root@dir yp]#
sumber : http://www.server-world.info/en/note?os=CentOS_5&p=nis&f=1
0 komentar:
Posting Komentar