Nis

Scott Mitchell scott at fishballoon.org
Fri Jan 23 04:00:31 PST 2004 

owner-freebsd-questions at freebsd.org wrote:
> Hi,
> I'm running NIS with freebsd as the server and using redhat clients. 
> I have authentication working fine but I cant seem to get changing the
> passwords to work. If you change the password from a redhat
> box it just
> changes the NIS password not the system password and changing the
> password while on the freebsd server complains and says "passwd
> Unknown NIS user: username" . I have in rc.conf
> 
> nisdomainname="nisdomain"           # Domain Name
> nis_server_enable="YES"         # run NIS server
> nis_server_flags=""             # Flags to ypserv
> nis_yppasswdd_enable="YES"      # Run Passwd Server
> nis_yppasswdd_flags=" -sf -t /etc/master.passwd"
> 
> and I'm changing the password from the server with passwd -y.
> 
> Thanks in advance

If I'm understanding you correctly, you want to have all your local & NIS
users in the same passwd file (/etc/master.passwd) - is that right?

I suspect you can get the effect you want by editing /var/yp/Makefile so
that the line:

	MASTER    = $(YPDIR)/master.passwd

says:

	MASTER    = /etc/master.passwd

although I've never tried doing it this way myself, so YMMV.

That said, I'd recommend that rather than putting your NIS users in
/etc/master.passwd, you use the default settings and keep them in
/var/yp/master.passwd.  If you want your NIS users to be able to log into
the server, see passwd(5) for the magic that needs to be added to the local
passwd and group files (or nsswitch.conf(5) of you're running 5.X).  This
way you're not exporting a bunch of FreeBSD- or server- specific users over
NIS (root, games, xten, etc.)

FYI, the NIS-related stuff in rc.conf on my master server is below.  This
machine is a NIS client of itself, so all the network users can also log
onto the server.  I also have a slave server, you won't need the ypxfrd line
if you don't do this.  Multiple servers are very useful though - so your
users can still log in even if the master server is down for whatever
reason.

nisdomainname="whatever"
nis_client_enable="YES"
nis_client_flags="-S ${nisdomainname},`hostname`"
nis_server_enable="YES"
# Next 3 are only needed on NIS master server
nis_yppasswdd_enable="YES"
nis_yppasswdd_flags="-u"
nis_ypxfrd_enable="YES"

BTW, have you got shadow passwords working for your NIS users on their Linux
clients?  I had to make some changes to /var/yp/Makefile to generate the
shadow.byname map in the particular format that Linux seemed to want it.

Cheers,

	Scott

More information about the freebsd-questions mailing list