freeBSD NIS-server - LINUX NIS-client auth/login probs

Fri Aug 1 16:59:24 PDT 2003

On Fri, Aug 01, 2003 at 02:22:48PM +0200, Thomas Zauner wrote:
> hi,
> 
> i set up a NIS server on freebsd(5.1) excactly like in the handbook and
> then  started the NIS client on linux (RH-9).
> 
> 
> (i just have 1 test user for now)
> 
> 
> 1)
> 
> here's the output from ypcat passwd:
> the client binds the server ok:
> 
> [root at linux]# ypcat passwd
> testo:*:1003:1003:User &:/home/testo/:/usr/local/bin/bash
> 
> (the home dir does exist on the client -- via NFS)
> 
> also in the RH user-manager i can see the user testo but i CANT LOGIN
> i think its an auth problem.
> 
You need a shadow NIS map for Linux.

> on the freeBSD side i use md5 as default encrypt. but thats ok with
> linux
> i think.(on the freebsd side in /etc/login.conf defined)
> 
Yes.

> 2)
> 
> there is a option in /var/yp/Makefile on the FREEBSD side
> "UNSECURE=true"
> but its commented out.
[...]
> DO I need this ?
> 
No.

> 3)
> also i am not shure what config to use in nsswitch.conf on linux
> because i dunno what NIS(1/2/+) freebsd is using so is this ok?
> 
> -----SNIP (/etc/nsswitch.conf)------
> passwd:     compat
> group:      compat
> shadow:     nis files # i think there is no compat for shadow
> 
There is (the compat for shadow).

> passwd_compat: nis
> group_compat: nis
> 
These are the defaults, IIRC.

> and then add the "+::::::" stuff to /etc/shadow passwd and groups
> 
Yes, if you need to override some fields, which is typical.

> passwd: nis files
> shadow: nis files
> group: nis files
> -------------------------------
> 
> and NOT use the +:::   stuff in the passwd,group.shadow files ?
> 
Yes, that's another option (if you don't need to override anything).

> or sth with nis+  in nsswitch.conf ?
> 
No.

> 5) 
> what about the diffrent styles of the "shadowed" password file of
> LINUX(/etc/shadow) and FREEBSD (/etc/master.passwd)
> the freebsd master.passwd has more fields then the linux equivalent
> 
I use the attached patch for /var/yp/Makefile to generate the shadow
map.

> 6)
> BTW my umask is 0077 do others/group need read-access to and of the
> files
> in /var/yp/* ??? 
>  
I don't think they need it.

> ok thats all i can think of right now
> PLS if someone can help "SAVE MY WEEKEND" and help me. LOL
> 
You're welcome!


Cheers,
-- 
Ruslan Ermilov		Sysadmin and DBA,
ru at sunbay.com		Sunbay Software Ltd,
ru at FreeBSD.org		FreeBSD committer
-------------- next part --------------

--- Makefile.dist	Fri Mar  7 21:15:21 2003
+++ Makefile	Wed Jun 11 20:14:35 2003
@@ -188,6 +190,7 @@
 aliases:   mail.aliases
 
 master.passwd:	master.passwd.byname master.passwd.byuid
+master.passwd:	shadow.byname
 
 #
 # This is a special target used only when doing in-place updates with
@@ -559,6 +562,22 @@
 	$(CAT) $(MASTER) | \
 	$(AWK) -F: '{ if ($$1 != "" && $$1 !~ "^#.*" && $$1 != "+") \
 		print $$3"\t"$$0 }' $^ \
+		| $(DBLOAD) ${S} -f -i $(MASTER) -o $(YPMAPDIR)/$@ - $(TMP); \
+		$(RMV) $(TMP) $@
+	@$(DBLOAD) -c
+	@if [ ! $(NOPUSH) ]; then $(YPPUSH) -d $(DOMAIN) $@; fi
+	@if [ ! $(NOPUSH) ]; then echo "Pushed $@ map." ; fi
+.endif
+
+
+shadow.byname: $(MASTER)
+	@echo "Updating $@..."
+.if ${MASTER} == "/dev/null"
+	@echo "Master.passwd source file not found -- skipping"
+.else
+	$(CAT) $(MASTER) | \
+	$(AWK) -F: '{ if ($$1 != "" && $$1 !~ "^#.*" && $$1 != "+") \
+		print $$1"\t"$$1":"$$2":::::::" }' $^ \
 		| $(DBLOAD) ${S} -f -i $(MASTER) -o $(YPMAPDIR)/$@ - $(TMP); \
 		$(RMV) $(TMP) $@
 	@$(DBLOAD) -c
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-net/attachments/20030802/bc83da28/attachment.bin
