GNU/Linux NIS tweaks was: FreeBSD Decision

James Phillips anti_spam256 at yahoo.ca
Sat Jan 15 21:41:18 UTC 2011 


--- On Sat, 1/15/11, FRLinux <frlinux at gmail.com> wrote:


> Hello,
> 
> I'd be curious to hear about any particular tweaking you
> need applying
> on NFS FreeBSD servers. I have used them for the past 8
> years starting
> with 4.x at the time and now with a mix of 6.x 7x and 8.x
> and had not
> to tweak anything.
> 
<SNIP!>
> Cheers,
> Steph
> 

It may have to do with what you are doing. At the NFS protocol level, they are compatible as far as I can tell. However, in my testing (trying to set up a file server in a heterogeneous environment) I had problems configuring NIS without editing Makefiles.

GNU/Linux uses 'shadow' to store password and FreeBSD used master.passwd. The number of fields between the two differ as well.
>From my notes, the options are:
1. Modify makefile to generate a shadow file to keep Linux happy
2. use "UNSECURE=true" option in /var/yp/Makefile and disable shadow passwords in Linux. I decided to go with the second option because NFS uses host-based authentication: somebody with root access to a client machine can get both files anyway.

Because NFS passes ownership and group information by number, I decided I needed I need to use NIS to set send user and group information to keep the network sane. For example, "james" may be user 1001 on one machine and user 1002 on another. The problem is that the FreeBSD "special" groups are not compatible with the GNU/Linux "special" groups (less than 1000). 

I resolved this (after an hint from IRC) by editing /var/yp/Makefile to only send user groups in a certain "window" to the client machines.
>From my notes:
-both group.byname and group.bygid have the same filter to decide which groups to include:[
@$(AWK) -F: '{ if ($$1 !="" &&
   $$1 !~"^#.*" && $$1 !="+") \
]

Decodes as:
Use 'awk' with a field  separator of ':'
Include a line if:
-it is not blank
-if it is not a commented line, denoted by '#'
-if it is not a line importing groups from NIS, denoted by '+' in the first field.

filter can be modified to include only gid's within a certain range: [
@$(AWK) -F: '{ if ($$1 !="" &&
   $$1 !~"^#.*" && $$1 !="+" &&
   $$3 >= 1001 && $$3 <=2000) \
]
/notes

Regards,

James Phillips

I actually was able to log in from a test installation of Debian using that hack (files appeared on server as expected). It took some trial and error though.

PS: perhaps my difficulty is I don't really want to do "programming" until the fileserver is up, but BSD administrators are expected to do basic scripting.

More information about the freebsd-questions mailing list