From owner-freebsd-questions Wed Jul 15 07:52:55 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id HAA26922 for freebsd-questions-outgoing; Wed, 15 Jul 1998 07:52:55 -0700 (PDT) (envelope-from owner-freebsd-questions@FreeBSD.ORG) Received: from greeves.mfn.org (greeves.mfn.org [204.238.179.3]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id HAA26894 for ; Wed, 15 Jul 1998 07:52:45 -0700 (PDT) (envelope-from sysadmin@mfn.org) Received: from noc.mfn.org (noc.mfn.org [204.238.179.35]) by greeves.mfn.org (8.8.7/8.8.7) with SMTP id JAA00354; Wed, 15 Jul 1998 09:52:23 -0500 (CDT) (envelope-from sysadmin@mfn.org) Received: by noc.mfn.org with Microsoft Mail id <01BDAFD6.44280EE0@noc.mfn.org>; Wed, 15 Jul 1998 09:52:23 +0100 Message-ID: <01BDAFD6.44280EE0@noc.mfn.org> From: "sysadmin@mfn.org" To: "sysadmin@mfn.org" , "'Guy Helmer'" Cc: "freebsd-questions@FreeBSD.ORG" Subject: RE: The NIS problem: a little more info... Date: Wed, 15 Jul 1998 09:52:22 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG DES was it! Thanks a Million!!! (I *knew* I had missed something simple - just takes a fresh eye to find it!) J.A. Terranson sysadmin@mfn.org On Wed, 15 Jul 1998, sysadmin@mfn.org wrote: > As you know, I have a machine which doesn't seem to grok > NIS. I put the ypserv into debug mode to watch the transactions, and > to my surprise, everything looks in order - except that this box won't > believe what it's told! > > (1) The box binds to my NIS server > (2) It does abunch of queries/loads: groups, passwd, etc... > (3) When I type in a login name not in it's local password file, > it requests the appropriate record from NIS, and is given the proper > response. > (4) When I type in the password, it complains the login is invalid, & > goes back to (3) > > I've done this from other machines as well, for comparison sake, and > there does not appear to be *any* difference in the traffic exchanged > between my NIS server and either of these two boxes. I've checked > the following to be sure they were *identical* (including permissions) > to a box which is NIS-OK... > /etc: netgroup, passwd, master.passwd, protocols, rpc, services, hosts, > host.conf, group, login.conf. > I'm totally out of ideas here... I helped someone solve a similar problem a couple of weeks ago, so maybe this info will help you as well. Check the symlinks for /usr/lib/libcrypt.a and /usr/lib/libcrypt.so.* on your system -- if they are not symlinks to libdescrypt.a and libdescrypt.so.*, then your system will not be able to encrypt passwords using the DES-style encryption which is traditionally used, and thus this may be a reason why the NIS user names cannot login. (If you did not install the "des" portion of the system when you installed everything, then /usr/lib/libcrypt.a will be a symlink to libscrypt.a and /usr/lib/libcrypt.so.* will be a symlink to libscrypt.so.*) Is your NIS server a FreeBSD system, and if so, does it have the symlinks like I described above? When you "ypcat" the passwd map, do the encrypted passwords look like traditional encrypted passwords or do they start with $1$ and seem extremely long? (Encrypted passwords that start with $1$ on FreeBSD are encrypted with the md5 hash, which any recent FreeBSD system should be able to handle; encrypted passwords that don't start with $1$ are encrypted with the DES routines, and only FreeBSD systems with the des libraries will be able to encrypted entered passwords in the same way for matching.) Hope this helps! Guy Helmer Guy Helmer, Graduate Student, Iowa State University Dept. of Computer Science Research Assistant, Ames Laboratory --- ghelmer@scl.ameslab.gov http://www.cs.iastate.edu/~ghelmer To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message