CentOS 7 NISでユーザ管理 – NISサーバの設定

NIS(Network Information Service)でユーザ一括管理を行なう方法の勉強。

ネットワーク・インフォメーション・サービス
https://ja.wikipedia.org/wiki/ネットワーク・インフォメーション・サービス

すでに主流はLDAPですが取り敢えず簡単そうでLinuxユーザの一括管理の勉強として設定してみました。

LDAPとNISの違い
http://hmbdyh.hatenablog.com/entry/20101010/1354789089

あと少し古いですがLinux,Windows間のユーザ認証の分かりやす記事です。
Active DirectoryとLinuxの認証を統合しよう
http://gihyo.jp/admin/serial/01/ad-linux/0001

まずはサーバ側の設定です。

1. NISサーバプログラムのインストール

ypservをインストールします。依存関係でrpcbindもインストールされます。

Shell

[root@host01 ~]# yum install ypserv Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: www.ftp.ne.jp * extras: www.ftp.ne.jp * updates: www.ftp.ne.jp Resolving Dependencies --> Running transaction check ---> Package ypserv.x86_64 0:2.31-8.el7 will be installed --> Processing Dependency: tokyocabinet for package: ypserv-2.31-8.el7.x86_64 --> Processing Dependency: portmap for package: ypserv-2.31-8.el7.x86_64 --> Processing Dependency: libtokyocabinet.so.9()(64bit) for package: ypserv-2.31-8.el7.x86_64 --> Running transaction check ---> Package rpcbind.x86_64 0:0.2.0-33.el7_2 will be installed --> Processing Dependency: libtirpc.so.1()(64bit) for package: rpcbind-0.2.0-33.el7_2.x86_64 ---> Package tokyocabinet.x86_64 0:1.4.48-3.el7 will be installed --> Running transaction check ---> Package libtirpc.x86_64 0:0.2.4-0.6.el7 will be installed --> Finished Dependency Resolution Dependencies Resolved ===================================================================================================== Package Arch Version Repository Size ===================================================================================================== Installing: ypserv x86_64 2.31-8.el7 base 155 k Installing for dependencies: libtirpc x86_64 0.2.4-0.6.el7 base 85 k rpcbind x86_64 0.2.0-33.el7_2 updates 57 k tokyocabinet x86_64 1.4.48-3.el7 base 459 k Transaction Summary ===================================================================================================== Install 1 Package (+3 Dependent packages) Total download size: 757 k Installed size: 1.9 M Is this ok [y/d/N]: y Downloading packages: (1/4): libtirpc-0.2.4-0.6.el7.x86_64.rpm | 85 kB 00:00:00 (2/4): rpcbind-0.2.0-33.el7_2.x86_64.rpm | 57 kB 00:00:00 (3/4): ypserv-2.31-8.el7.x86_64.rpm | 155 kB 00:00:00 (4/4): tokyocabinet-1.4.48-3.el7.x86_64.rpm | 459 kB 00:00:00 ----------------------------------------------------------------------------------------------------- Total 1.3 MB/s | 757 kB 00:00:00 Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : tokyocabinet-1.4.48-3.el7.x86_64 1/4 Installing : libtirpc-0.2.4-0.6.el7.x86_64 2/4 Installing : rpcbind-0.2.0-33.el7_2.x86_64 3/4 Installing : ypserv-2.31-8.el7.x86_64 4/4 Verifying : rpcbind-0.2.0-33.el7_2.x86_64 1/4 Verifying : libtirpc-0.2.4-0.6.el7.x86_64 2/4 Verifying : tokyocabinet-1.4.48-3.el7.x86_64 3/4 Verifying : ypserv-2.31-8.el7.x86_64 4/4 Installed: ypserv.x86_64 0:2.31-8.el7 Dependency Installed: libtirpc.x86_64 0:0.2.4-0.6.el7 rpcbind.x86_64 0:0.2.0-33.el7_2 tokyocabinet.x86_64 0:1.4.48-3.el7 Complete!

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66

[root@host01 ~]# yum install ypserv Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: www.ftp.ne.jp * extras: www.ftp.ne.jp * updates: www.ftp.ne.jp Resolving Dependencies --> Running transaction check ---> Package ypserv.x86_64 0:2.31-8.el7 will be installed --> Processing Dependency: tokyocabinet for package: ypserv-2.31-8.el7.x86_64 --> Processing Dependency: portmap for package: ypserv-2.31-8.el7.x86_64 --> Processing Dependency: libtokyocabinet.so.9()(64bit) for package: ypserv-2.31-8.el7.x86_64 --> Running transaction check ---> Package rpcbind.x86_64 0:0.2.0-33.el7_2 will be installed --> Processing Dependency: libtirpc.so.1()(64bit) for package: rpcbind-0.2.0-33.el7_2.x86_64 ---> Package tokyocabinet.x86_64 0:1.4.48-3.el7 will be installed --> Running transaction check ---> Package libtirpc.x86_64 0:0.2.4-0.6.el7 will be installed --> Finished Dependency Resolution   Dependencies Resolved   ===================================================================================================== Package                  Arch               Version                       Repository           Size ===================================================================================================== Installing: ypserv                   x86_64             2.31-8.el7                    base                155 k Installing for dependencies: libtirpc                 x86_64             0.2.4-0.6.el7                 base                 85 k rpcbind                  x86_64             0.2.0-33.el7_2                updates              57 k tokyocabinet             x86_64             1.4.48-3.el7                  base                459 k   Transaction Summary ===================================================================================================== Install  1 Package (+3 Dependent packages)   Total download size: 757 k Installed size: 1.9 M Is this ok [y/d/N]: y Downloading packages: (1/4): libtirpc-0.2.4-0.6.el7.x86_64.rpm                                      |  85 kB  00:00:00 (2/4): rpcbind-0.2.0-33.el7_2.x86_64.rpm                                      |  57 kB  00:00:00 (3/4): ypserv-2.31-8.el7.x86_64.rpm                                           | 155 kB  00:00:00 (4/4): tokyocabinet-1.4.48-3.el7.x86_64.rpm                                   | 459 kB  00:00:00 ----------------------------------------------------------------------------------------------------- Total                                                                1.3 MB/s | 757 kB  00:00:00 Running transaction check Running transaction test Transaction test succeeded Running transaction   Installing : tokyocabinet-1.4.48-3.el7.x86_64                                                  1/4   Installing : libtirpc-0.2.4-0.6.el7.x86_64                                                     2/4   Installing : rpcbind-0.2.0-33.el7_2.x86_64                                                     3/4   Installing : ypserv-2.31-8.el7.x86_64                                                          4/4   Verifying  : rpcbind-0.2.0-33.el7_2.x86_64                                                     1/4   Verifying  : libtirpc-0.2.4-0.6.el7.x86_64                                                     2/4   Verifying  : tokyocabinet-1.4.48-3.el7.x86_64                                                  3/4   Verifying  : ypserv-2.31-8.el7.x86_64                                                          4/4   Installed:   ypserv.x86_64 0:2.31-8.el7   Dependency Installed:   libtirpc.x86_64 0:0.2.4-0.6.el7 rpcbind.x86_64 0:0.2.0-33.el7_2 tokyocabinet.x86_64 0:1.4.48-3.el7   Complete!

2. NISドメインの設定
Shell

[root@host01 ~]# ypdomainname rootlinks.net [root@host01 ~]# ypdomainname rootlinks.net [root@host01 ~]# cat /proc/sys/kernel/domainname rootlinks.net

1 2 3 4 5

[root@host01 ~]# ypdomainname rootlinks.net [root@host01 ~]# ypdomainname rootlinks.net [root@host01 ~]# cat /proc/sys/kernel/domainname rootlinks.net

ただこのままではサーバを再起動した時にはNISドメインが未設定になります。

Shell

[root@host01 ~]# ypdomainname ypdomainname: Local domain name not set [root@host01 ~]# cat /proc/sys/kernel/domainname (none)

1 2 3 4

[root@host01 ~]# ypdomainname ypdomainname: Local domain name not set [root@host01 ~]# cat /proc/sys/kernel/domainname (none)

起動時にNISドメインを設定するには下記の設定を行います。

Shell

[root@host01 ~]# echo "NISDOMAIN=rootlinks.net" >> /etc/sysconfig/network [root@host01 ~]# cat /etc/sysconfig/network # Created by anaconda NISDOMAIN=rootlinks.net

1 2 3 4

[root@host01 ~]# echo "NISDOMAIN=rootlinks.net" >> /etc/sysconfig/network [root@host01 ~]# cat /etc/sysconfig/network # Created by anaconda NISDOMAIN=rootlinks.net

3. NISサーバーへのアクセス許可
Shell

[root@host01 ~]# cat /var/yp/securenets cat: /var/yp/securenets: No such file or directory [root@host01 ~]# vi /var/yp/securenets [root@host01 ~]# cat /var/yp/securenets 255.255.255.255 127.0.0.1 255.255.255.0 192.168.1.0

1 2 3 4 5 6

[root@host01 ~]# cat /var/yp/securenets cat: /var/yp/securenets: No such file or directory [root@host01 ~]# vi /var/yp/securenets [root@host01 ~]# cat /var/yp/securenets 255.255.255.255 127.0.0.1 255.255.255.0 192.168.1.0

4. NISサービスの自動起動
Shell

[root@host01 ~]# systemctl enable ypserv yppasswdd Created symlink from /etc/systemd/system/multi-user.target.wants/ypserv.service to /usr/lib/systemd/system/ypserv.service. Created symlink from /etc/systemd/system/multi-user.target.wants/yppasswdd.service to /usr/lib/systemd/system/yppasswdd.service.

1 2 3

[root@host01 ~]# systemctl enable ypserv yppasswdd Created symlink from /etc/systemd/system/multi-user.target.wants/ypserv.service to /usr/lib/systemd/system/ypserv.service. Created symlink from /etc/systemd/system/multi-user.target.wants/yppasswdd.service to /usr/lib/systemd/system/yppasswdd.service.

5. NISサービスの起動
Shell

[root@host01 ~]# systemctl start ypserv yppasswdd [root@host01 ~]# systemctl status ypserv yppasswdd * ypserv.service - NIS/YP (Network Information Service) Server Loaded: loaded (/usr/lib/systemd/system/ypserv.service; enabled; vendor preset: disabled) Active: active (running) since Tue 2016-03-15 14:36:41 JST; 9s ago Main PID: 11103 (ypserv) Status: "Processing requests..." CGroup: /system.slice/ypserv.service `-11103 /usr/sbin/ypserv -f Mar 15 14:36:41 host01.rootlinks.net systemd[1]: Starting NIS/YP (Network Information Service) ...... Mar 15 14:36:41 host01.rootlinks.net systemd[1]: Started NIS/YP (Network Information Service) Server. * yppasswdd.service - NIS/YP (Network Information Service) Users Passwords Change Server Loaded: loaded (/usr/lib/systemd/system/yppasswdd.service; enabled; vendor preset: disabled) Active: active (running) since Tue 2016-03-15 14:36:41 JST; 8s ago Process: 11104 ExecStartPre=/usr/libexec/yppasswdd-pre-setdomain (code=exited, status=0/SUCCESS) Main PID: 11107 (rpc.yppasswdd) Status: "Processing requests..." CGroup: /system.slice/yppasswdd.service `-11107 /usr/sbin/rpc.yppasswdd -f Mar 15 14:36:41 host01.rootlinks.net systemd[1]: Starting NIS/YP (Network Information Service) ...... Mar 15 14:36:41 host01.rootlinks.net systemd[1]: Started NIS/YP (Network Information Service) U...er. Hint: Some lines were ellipsized, use -l to show in full.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25

[root@host01 ~]# systemctl start ypserv yppasswdd [root@host01 ~]# systemctl status ypserv yppasswdd * ypserv.service - NIS/YP (Network Information Service) Server    Loaded: loaded (/usr/lib/systemd/system/ypserv.service; enabled; vendor preset: disabled)    Active: active (running) since Tue 2016-03-15 14:36:41 JST; 9s ago Main PID: 11103 (ypserv)    Status: "Processing requests..."    CGroup: /system.slice/ypserv.service            `-11103 /usr/sbin/ypserv -f   Mar 15 14:36:41 host01.rootlinks.net systemd[1]: Starting NIS/YP (Network Information Service) ...... Mar 15 14:36:41 host01.rootlinks.net systemd[1]: Started NIS/YP (Network Information Service) Server.   * yppasswdd.service - NIS/YP (Network Information Service) Users Passwords Change Server    Loaded: loaded (/usr/lib/systemd/system/yppasswdd.service; enabled; vendor preset: disabled)    Active: active (running) since Tue 2016-03-15 14:36:41 JST; 8s ago   Process: 11104 ExecStartPre=/usr/libexec/yppasswdd-pre-setdomain (code=exited, status=0/SUCCESS) Main PID: 11107 (rpc.yppasswdd)    Status: "Processing requests..."    CGroup: /system.slice/yppasswdd.service            `-11107 /usr/sbin/rpc.yppasswdd -f   Mar 15 14:36:41 host01.rootlinks.net systemd[1]: Starting NIS/YP (Network Information Service) ...... Mar 15 14:36:41 host01.rootlinks.net systemd[1]: Started NIS/YP (Network Information Service) U...er. Hint: Some lines were ellipsized, use -l to show in full.

6. NISデータベースの更新
Shell

[root@host01 ~]# /usr/lib64/yp/ypinit -m At this point, we have to construct a list of the hosts which will run NIS servers. host01.rootlinks.net is in the list of NIS server hosts. Please continue to add the names for the other hosts, one per line. When you are done with the list, type a <control D>. next host to add: host01.rootlinks.net next host to add: #Crtl+D The current list of NIS servers looks like this: host01.rootlinks.net Is this correct? [y/n: y] y We need a few minutes to build the databases... Building /var/yp/rootlinks.net/ypservers... Running /var/yp/Makefile... gmake[1]: Entering directory `/var/yp/rootlinks.net' Updating passwd.byname... Updating passwd.byuid... Updating group.byname... Updating group.bygid... Updating hosts.byname... Updating hosts.byaddr... Updating rpc.byname... Updating rpc.bynumber... Updating services.byname... Updating services.byservicename... Updating netid.byname... Updating protocols.bynumber... Updating protocols.byname... Updating mail.aliases... gmake[1]: Leaving directory `/var/yp/rootlinks.net' host01.rootlinks.net has been set up as a NIS master server. Now you can run ypinit -s host01.rootlinks.net on all slave server.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35

[root@host01 ~]# /usr/lib64/yp/ypinit -m At this point, we have to construct a list of the hosts which will run NIS servers.  host01.rootlinks.net is in the list of NIS server hosts.  Please continue to add the names for the other hosts, one per line.  When you are done with the list, type a <control D>.         next host to add:  host01.rootlinks.net         next host to add: #Crtl+D The current list of NIS servers looks like this:   host01.rootlinks.net   Is this correct?  [y/n: y]  y We need a few minutes to build the databases... Building /var/yp/rootlinks.net/ypservers... Running /var/yp/Makefile... gmake[1]: Entering directory `/var/yp/rootlinks.net' Updating passwd.byname... Updating passwd.byuid... Updating group.byname... Updating group.bygid... Updating hosts.byname... Updating hosts.byaddr... Updating rpc.byname... Updating rpc.bynumber... Updating services.byname... Updating services.byservicename... Updating netid.byname... Updating protocols.bynumber... Updating protocols.byname... Updating mail.aliases... gmake[1]: Leaving directory `/var/yp/rootlinks.net'   host01.rootlinks.net has been set up as a NIS master server.   Now you can run ypinit -s host01.rootlinks.net on all slave server.

Firewallが有効な場合はポートの接続許可を設定します。

1. ypservのポート指定

ypservが指定のポートで動作するように設定します。

Shell

[root@host01 ~]# echo "YPSERV_ARGS=\"-p 834\"" >> /etc/sysconfig/network [root@host01 ~]# cat /etc/sysconfig/network # Created by anaconda NISDOMAIN=rootlinks.net YPSERV_ARGS="-p 834"

1 2 3 4 5

[root@host01 ~]# echo "YPSERV_ARGS=\"-p 834\"" >> /etc/sysconfig/network [root@host01 ~]# cat /etc/sysconfig/network # Created by anaconda NISDOMAIN=rootlinks.net YPSERV_ARGS="-p 834"

2. Firewallの設定
Shell

[root@host01 ~]# firewall-cmd --permanent --add-service=rpc-bind success [root@host01 ~]# firewall-cmd --permanent --add-port=834/tcp success [root@host01 ~]# firewall-cmd --permanent --add-port=834/udp success [root@host01 ~]# firewall-cmd --reload [root@host01 ~]# firewall-cmd --list-all public (default, active) interfaces: eno16777736 sources: services: dhcpv6-client http rpc-bind ssh ports: 834/udp 834/tcp masquerade: no forward-ports: icmp-blocks: rich rules:

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17

[root@host01 ~]# firewall-cmd --permanent --add-service=rpc-bind success [root@host01 ~]# firewall-cmd --permanent --add-port=834/tcp success [root@host01 ~]# firewall-cmd --permanent --add-port=834/udp success [root@host01 ~]# firewall-cmd --reload [root@host01 ~]# firewall-cmd --list-all public (default, active)   interfaces: eno16777736   sources:   services: dhcpv6-client http rpc-bind ssh   ports: 834/udp 834/tcp   masquerade: no   forward-ports:   icmp-blocks:   rich rules:

3. NISサーバ起動
Shell

[root@host01 ~]# systemctl start ypserv yppasswdd [root@host01 ~]# netstat -atup4 --numeric-ports Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 10647/mysqld tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 10833/rpcbind tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 10412/httpd tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 10411/sshd tcp 0 0 0.0.0.0:834 0.0.0.0:* LISTEN 14324/ypserv udp 0 0 0.0.0.0:111 0.0.0.0:* 10833/rpcbind udp 0 0 0.0.0.0:834 0.0.0.0:* 14324/ypserv

1 2 3 4 5 6 7 8 9 10 11

[root@host01 ~]# systemctl start ypserv yppasswdd [root@host01 ~]# netstat -atup4 --numeric-ports Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name tcp        0      0 0.0.0.0:3306            0.0.0.0:*               LISTEN      10647/mysqld tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      10833/rpcbind tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      10412/httpd tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      10411/sshd tcp        0      0 0.0.0.0:834             0.0.0.0:*               LISTEN      14324/ypserv udp        0      0 0.0.0.0:111             0.0.0.0:*                           10833/rpcbind udp        0      0 0.0.0.0:834             0.0.0.0:*                           14324/ypserv