您可以将本节中的配置文件样例用作模板以创建自己的配置文件,也可以将 sysconfig 工具与 naming_services 分组结合使用来根据您对提示做出的响应生成配置文件。有关使用 sysconfig 创建系统配置文件的更多信息,请参见使用 SCI 工具创建系统配置文件和 sysconfig(1M) 手册页。
此配置文件示例可执行以下配置:
启用 my.domain.com 的 NIS
使用广播来搜索 NIS 服务器(该服务器必须处于同一子网中)
启用名称服务高速缓存服务(该服务是必需的)
<?xml version="1.0"?>
<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
<!--
Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
-->
<service_bundle type='profile' name='default'>
<service name='network/nis/domain' type='service' version='1'>
<property_group name='config' type='application'>
<propval name='domainname' type='hostname' value='my.domain.com'/>
</property_group>
<instance name='default' enabled='true' />
</service>
<service name='network/nis/client' type='service' version='1'>
<property_group name='config' type='application'>
<propval name='use_broadcast' type='boolean' value='true'/>
</property_group>
<instance name='default' enabled='true' />
</service>
<service name='system/name-service/switch' type='service' version='1'>
<property_group name='config' type='application'>
<propval name='default' type='astring' value='files nis'/>
<propval name='printer' type='astring' value='user files nis'/>
<propval name='netgroup' type='astring' value='nis'/>
</property_group>
<instance name='default' enabled='true' />
</service>
<service name='system/name-service/cache' type='service' version='1'>
<instance name='default' enabled='true' />
</service>
</service_bundle>
示例 11-10 配置 NIS 和禁用 DNS
此配置文件示例可执行以下配置:
使用 NIS 服务器(该服务器必须处于同一子网中)的自动广播来配置名称服务 NIS
配置 NIS 域 my.domain.com
启用名称服务高速缓存服务(该服务是必需的)
禁用 DNS 名称服务
<?xml version='1.0'?>
<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
<service_bundle type="profile" name="sysconfig">
<!-- service name-service/switch below for NIS only - (see nsswitch.conf(4)) -->
<service version="1" type="service" name="system/name-service/switch">
<property_group type="application" name="config">
<propval type="astring" name="default" value="files nis"/>
<propval type="astring" name="printer" value="user files nis"/>
<propval type="astring" name="netgroup" value="nis"/>
</property_group>
<instance enabled="true" name="default"/>
</service>
<!-- service name-service/cache must be present along with name-service/switch -->
<service version="1" type="service" name="system/name-service/cache">
<instance enabled="true" name="default"/>
</service>
<!-- if no DNS, must be explicitly disabled to avoid error msgs -->
<service version="1" type="service" name="network/dns/client">
<instance enabled="false" name="default"/>
</service>
<service version="1" type="service" name="network/nis/domain">
<property_group type="application" name="config">
<propval type="hostname" name="domainname" value="my.domain.com"/>
</property_group>
<instance enabled="true" name="default"/>
</service>
<!-- configure the NIS client service to broadcast the subnet for a NIS server -->
<service version="1" type="service" name="network/nis/client">
<property_group type="application" name="config">
<propval type="boolean" name="use_broadcast" value="true"/>
</property_group>
<instance enabled="true" name="default"/>
</service>
</service_bundle>
示例 11-11 配置 NIS
以下配置文件将名称服务 NIS 的服务器 IP 地址配置为 10.0.0.10,将域配置为 mydomain.com。显式指定服务器 IP 地址时,NIS 服务器不需要处于同一子网中。
<?xml version='1.0'?>
<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
<service_bundle type="profile" name="sysconfig">
<!-- name-service/switch below for NIS only - (see nsswitch.conf(4)) -->
<service version="1" type="service" name="system/name-service/switch">
<property_group type="application" name="config">
<propval type="astring" name="default" value="files nis"/>
<propval type="astring" name="printer" value="user files nis"/>
<propval type="astring" name="netgroup" value="nis"/>
</property_group>
<instance enabled="true" name="default"/>
</service>
<!-- name-service/cache must be present along with name-service/switch -->
<service version="1" type="service" name="system/name-service/cache">
<instance enabled="true" name="default"/>
</service>
<!-- if no DNS, must be explicitly disabled to avoid error msgs -->
<service version="1" type="service" name="network/dns/client">
<instance enabled="false" name="default"/>
</service>
<service version="1" type="service" name="network/nis/domain">
<property_group type="application" name="config">
<propval type="hostname" name="domainname" value="mydomain.com"/>
<!-- Note: use property with net_address_list and value_node as below -->
<property type="net_address" name="ypservers">
<net_address_list>
<value_node value="10.0.0.10"/>
</net_address_list>
</property>
</property_group>
<!-- configure default instance separate from property_group -->
<instance enabled="true" name="default"/>
</service>
<!-- enable the NIS client service -->
<service version="1" type="service" name="network/nis/client">
<instance enabled="true" name="default"/>
</service>
</service_bundle>
示例 11-12 启用指定域的 NIS 和 DNS
本示例可配置 DNS 和 NIS 名称服务:
指定多个 DNS 名称服务器
指定 DNS 域搜索列表
指定 NIS 域
指定广播以搜索 NIS 服务器
<?xml version="1.0"?>
<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
<!--
Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
-->
<service_bundle type='profile' name='default'>
<service name='network/dns/client' type='service' version='1'>
<property_group name='config' type='application'>
<propval name='domain' type='astring' value='us.oracle.com'/>
<property name='nameserver' type='net_address'>
<net_address_list>
<value_node value='130.35.249.52' />
<value_node value='130.35.249.41' />
<value_node value='130.35.202.15' />
</net_address_list>
</property>
<property name='search' type='astring'>
<astring_list>
<value_node value='us.oracle.com oracle.com oraclecorp.com' />
</astring_list>
</property>
</property_group>
<instance name='default' enabled='true' />
</service>
<service name='network/nis/domain' type='service' version='1'>
<property_group name='config' type='application'>
<propval name='domainname' type='hostname' value='mydomain.com'/>
</property_group>
<instance name='default' enabled='true' />
</service>
<service name='network/nis/client' type='service' version='1'>
<property_group name='config' type='application'>
<propval name='use_broadcast' type='boolean' value='true'/>
</property_group>
<instance name='default' enabled='true' />
</service>
<service name='system/name-service/switch' type='service' version='1'>
<property_group name='config' type='application'>
<propval name='default' type='astring' value='files nis'/>
<propval name='host' type='astring' value='files dns'/>
<propval name='printer' type='astring' value='user files nis'/>
<propval name='netgroup' type='astring' value='nis'/>
</property_group>
<instance name='default' enabled='true' />
</service>
<service name='system/name-service/cache' type='service' version='1'>
<instance name='default' enabled='true' />
</service>
</service_bundle>
以下配置文件示例可配置以下参数:
名称服务 DNS
服务器 IP 地址 1.1.1.1 和 2.2.2.2
域 dom.ain.com
<?xml version='1.0'?>
<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
<service_bundle type="profile" name="sysconfig">
<!-- name-service/switch below for DNS only - (see nsswitch.conf(4)) -->
<service version="1" type="service" name="system/name-service/switch">
<property_group type="application" name="config">
<propval type="astring" name="default" value="files"/>
<propval type="astring" name="host" value="files dns"/>
<propval type="astring" name="printer" value="user files"/>
</property_group>
<instance enabled="true" name="default"/>
</service>
<!-- name-service/cache must be present along with name-service/switch -->
<service version="1" type="service" name="system/name-service/cache">
<instance enabled="true" name="default"/>
</service>
<service version="1" type="service" name="network/dns/client">
<property_group type="application" name="config">
<!-- Note: use property with net_address_list and value_node as below -->
<property type="net_address" name="nameserver">
<net_address_list>
<value_node value="1.1.1.1"/>
<value_node value="2.2.2.2"/>
</net_address_list>
</property>
<!-- Note: use property with astring_list and value_node,
concatenating search names, as below -->
<property type="astring" name="search">
<astring_list>
<value_node value="dom.ain.com ain.com"/>
</astring_list>
</property>
</property_group>
<instance enabled="true" name="default"/>
</service>
</service_bundle>
此配置文件示例可配置以下参数:
名称服务 LDAP,服务器 IP 地址为 10.0.0.10
服务 system/nis/domain 中指定的域 my.domain.com
LDAP 搜索基(必需),dc=my,dc=domain,dc=com
<?xml version='1.0'?>
<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
<service_bundle type="profile" name="sysconfig">
<service version="1" type="service" name="system/name-service/switch">
<property_group type="application" name="config">
<propval type="astring" name="default" value="files ldap"/>
<propval type="astring" name="printer" value="user files ldap"/>
<propval type="astring" name="netgroup" value="ldap"/>
</property_group>
<instance enabled="true" name="default"/>
</service>
<service version="1" type="service" name="system/name-service/cache">
<instance enabled="true" name="default"/>
</service>
<service version="1" type="service" name="network/dns/client">
<instance enabled="false" name="default"/>
</service>
<service version="1" type="service" name="network/ldap/client">
<property_group type="application" name="config">
<propval type="astring" name="profile" value="default"/>
<property type="host" name="server_list">
<host_list>
<value_node value="10.0.0.10"/>
</host_list>
</property>
<propval type="astring" name="search_base" value="dc=my,dc=domain,dc=com"/>
</property_group>
<instance enabled="true" name="default"/>
</service>
<service version="1" type="service" name="network/nis/domain">
<property_group type="application" name="config">
<propval type="hostname" name="domainname" value="my.domain.com"/>
</property_group>
<instance enabled="true" name="default"/>
</service>
</service_bundle>
示例 11-15 配置 LDAP 及安全 LDAP 服务器
此配置文件示例可配置以下参数:
名称服务 LDAP,服务器 IP 地址为 10.0.0.10
服务 system/nis/domain 中指定的域 my.domain.com
LDAP 搜索基(必需),dc=my,dc=domain,dc=com
LDAP 代理绑定标识名 cn=proxyagent,ou=profile,dc=my,dc=domain,dc=com
LDAP 代理绑定口令,作为一种安全措施进行了加密。可以使用以下方法之一查找加密的值:
通过 sysconfig create-profile 获取 bind_passwd 属性值。
通过 LDAP 服务器上 SMF 配置获取值。
<?xml version='1.0'?>
<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
<service_bundle type="profile" name="sysconfig">
<service version="1" type="service" name="system/name-service/switch">
<property_group type="application" name="config">
<propval type="astring" name="default" value="files ldap"/>
<propval type="astring" name="printer" value="user files ldap"/>
<propval type="astring" name="netgroup" value="ldap"/>
</property_group>
<instance enabled="true" name="default"/>
</service>
<service version="1" type="service" name="system/name-service/cache">
<instance enabled="true" name="default"/>
</service>
<service version="1" type="service" name="network/dns/client">
<instance enabled="false" name="default"/>
</service>
<service version="1" type="service" name="network/ldap/client">
<property_group type="application" name="config">
<propval type="astring" name="profile" value="default"/>
<property type="host" name="server_list">
<host_list>
<value_node value="10.0.0.10"/>
</host_list>
</property>
<propval type="astring" name="search_base" value="dc=my,dc=domain,dc=com"/>
</property_group>
<property_group type="application" name="cred">
<propval type="astring" name="bind_dn" value="cn=proxyagent,ou=profile,dc=my,dc=domain,dc=com"/>
<!-- note that the password below is encrypted -->
<propval type="astring" name="bind_passwd" value="{NS1}c2ab873ae7c5ceefa4b9"/>
</property_group>
<instance enabled="true" name="default"/>
</service>
<service version="1" type="service" name="network/nis/domain">
<property_group type="application" name="config">
<propval type="hostname" name="domainname" value="my.domain.com"/>
</property_group>
<instance enabled="true" name="default"/>
</service>
</service_bundle>
DNS 名称服务可以与 LDAP 名称服务结合使用。DNS 的典型用途是解析节点名称(包括 LDAP 服务器名称),LDAP 的典型用途是解析所有其他名称。服务 system/name-service/switch 用于指定 DNS 以进行节点名称搜索,指定 LDAP 以解析其他名称,如本示例中的第一个 service 元素所示。
<?xml version='1.0'?>
<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
<service_bundle type="profile" name="sysconfig">
<service version="1" type="service" name="system/name-service/switch">
<property_group type="application" name="config">
<propval type="astring" name="default" value="files ldap"/>
<propval type="astring" name="host" value="files dns"/>
<propval type="astring" name="printer" value="user files ldap"/>
</property_group>
<instance enabled="true" name="default"/>
</service>
<service version="1" type="service" name="system/name-service/cache">
<instance enabled="true" name="default"/>
</service>
<service version="1" type="service" name="network/dns/client">
<property_group type="application" name="config">
<property type="net_address" name="nameserver">
<net_address_list>
<value_node value="10.0.0.10"/>
</net_address_list>
</property>
<propval type="astring" name="domain" value="my.domain.com"/>
<property type="astring" name="search">
<astring_list>
<value_node value="my.domain.com"/>
</astring_list>
</property>
</property_group>
<instance enabled="true" name="default"/>
</service>
<service version="1" type="service" name="network/ldap/client">
<property_group type="application" name="config">
<propval type="astring" name="profile" value="default"/>
<property type="host" name="server_list">
<host_list>
<!-- here, DNS is expected to resolve the LDAP server by name -->
<value_node value="ldapserver.my.domain.com"/>
</host_list>
</property>
<propval type="astring" name="search_base" value="dc=my,dc=domain,dc=com"/>
</property_group>
<instance enabled="true" name="default"/>
</service>
<service version="1" type="service" name="network/nis/domain">
<property_group type="application" name="config">
<propval type="hostname" name="domainname" value="my.domain.com"/>
</property_group>
<instance enabled="true" name="default"/>
</service>
</service_bundle>
可以按照类似的方式将 NIS 与 DNS 结合使用。
<?xml version='1.0'?>
<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
<service_bundle type="profile" name="sysconfig">
<service version="1" type="service" name="system/name-service/switch">
<property_group type="application" name="config">
<propval type="astring" name="default" value="files nis"/>
<propval type="astring" name="host" value="files dns"/>
<propval type="astring" name="printer" value="user files nis"/>
</property_group>
<instance enabled="true" name="default"/>
</service>
<service version="1" type="service" name="system/name-service/cache">
<instance enabled="true" name="default"/>
</service>
<service version="1" type="service" name="network/dns/client">
<property_group type="application" name="config">
<property type="net_address" name="nameserver">
<net_address_list>
<value_node value="10.0.0.10"/>
</net_address_list>
</property>
<propval type="astring" name="domain" value="my.domain.com"/>
<property type="astring" name="search">
<astring_list>
<value_node value="my.domain.com"/>
</astring_list>
</property>
</property_group>
<instance enabled="true" name="default"/>
</service>
<service version="1" type="service" name="network/nis/domain">
<property_group type="application" name="config">
<propval type="hostname" name="domainname" value="my.domain.com"/>
</property_group>
<instance enabled="true" name="default"/>
</service>
<service version="1" type="service" name="network/nis/client">
<property_group type="application" name="config">
<propval type="boolean" name="use_broadcast" value="true"/>
</property_group>
<instance enabled="true" name="default"/>
</service>
</service_bundle>