From owner-freebsd-questions@FreeBSD.ORG Fri Jan 23 04:00:31 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DA42B16A4D1 for ; Fri, 23 Jan 2004 04:00:30 -0800 (PST) Received: from mta07-svc.ntlworld.com (mta07-svc.ntlworld.com [62.253.162.47]) by mx1.FreeBSD.org (Postfix) with ESMTP id EA0EF43D39 for ; Fri, 23 Jan 2004 04:00:26 -0800 (PST) (envelope-from scott@fishballoon.org) Received: from llama.fishballoon.org ([81.104.195.124]) by mta07-svc.ntlworld.comESMTP <20040123120027.VUUL17928.mta07-svc.ntlworld.com@llama.fishballoon.org>; Fri, 23 Jan 2004 12:00:27 +0000 Received: from nat-215.apama.com ([195.153.206.215] helo=UKCAMW105) by llama.fishballoon.org with asmtp (TLSv1:RC4-MD5:128) (Exim 4.24; FreeBSD) id 1Ajzz3-000A9Z-MK; Fri, 23 Jan 2004 12:00:21 +0000 From: "Scott Mitchell" To: "'Joe Stuart'" , Date: Fri, 23 Jan 2004 11:59:50 -0000 MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook, Build 11.0.5510 In-reply-to: X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Thread-Index: AcPhNimq5Wrk6uDNRNCllUoKyZIvfwAb+wMA Message-Id: X-Spam-Level: 0.0 (/) X-Spam-Status: "llama.fishballoon.org", hasmessageblock similar future email. If you have any questions, see the administrator of that system for details.I'm running NIS with freebsd as the server and using redhat clients. > I> passwords to work. If you change the password from a redhat > box it just > changes the NIS password not the system password and changing> Unknown NIS user: username" . I have in rc.conf > >run NIS server > nis_server_flags="" # Flags to ypserv > nis_yppasswdd_flags=" -sf -t /etc/master.passwd" > > and I'm changing the password from the server with passwd -y. > > Thanks in advance [...] Content analysis details: (0.0 points, 5.0 required) pts rule name description -------------------------------------------------- Subject: RE: Nis X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Jan 2004 12:00:31 -0000 owner-freebsd-questions@freebsd.org wrote: > Hi, > I'm running NIS with freebsd as the server and using redhat clients. > I have authentication working fine but I cant seem to get changing the > passwords to work. If you change the password from a redhat > box it just > changes the NIS password not the system password and changing the > password while on the freebsd server complains and says "passwd > Unknown NIS user: username" . I have in rc.conf > > nisdomainname="nisdomain" # Domain Name > nis_server_enable="YES" # run NIS server > nis_server_flags="" # Flags to ypserv > nis_yppasswdd_enable="YES" # Run Passwd Server > nis_yppasswdd_flags=" -sf -t /etc/master.passwd" > > and I'm changing the password from the server with passwd -y. > > Thanks in advance If I'm understanding you correctly, you want to have all your local & NIS users in the same passwd file (/etc/master.passwd) - is that right? I suspect you can get the effect you want by editing /var/yp/Makefile so that the line: MASTER = $(YPDIR)/master.passwd says: MASTER = /etc/master.passwd although I've never tried doing it this way myself, so YMMV. That said, I'd recommend that rather than putting your NIS users in /etc/master.passwd, you use the default settings and keep them in /var/yp/master.passwd. If you want your NIS users to be able to log into the server, see passwd(5) for the magic that needs to be added to the local passwd and group files (or nsswitch.conf(5) of you're running 5.X). This way you're not exporting a bunch of FreeBSD- or server- specific users over NIS (root, games, xten, etc.) FYI, the NIS-related stuff in rc.conf on my master server is below. This machine is a NIS client of itself, so all the network users can also log onto the server. I also have a slave server, you won't need the ypxfrd line if you don't do this. Multiple servers are very useful though - so your users can still log in even if the master server is down for whatever reason. nisdomainname="whatever" nis_client_enable="YES" nis_client_flags="-S ${nisdomainname},`hostname`" nis_server_enable="YES" # Next 3 are only needed on NIS master server nis_yppasswdd_enable="YES" nis_yppasswdd_flags="-u" nis_ypxfrd_enable="YES" BTW, have you got shadow passwords working for your NIS users on their Linux clients? I had to make some changes to /var/yp/Makefile to generate the shadow.byname map in the particular format that Linux seemed to want it. Cheers, Scott