Date: Sat, 13 Dec 1997 20:02:05 -0800 (PST) From: Tom <tom@sdf.com> To: Toby Swanson <toby@milkyway.org> Cc: freebsd-questions@freebsd.org Subject: Re: NIS login problem Message-ID: <Pine.BSF.3.95q.971213195541.26297A-100000@misery.sdf.com> In-Reply-To: <Pine.BSF.3.91.971213190055.1606A-100000@antares.milkyway.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 13 Dec 1997, Toby Swanson wrote: > I have set up an NIS master server and a client, both running 2.1.7. 2.1.7 is old. ypserv has been much improved in 2.2 > Ypserv is running on the master, ypbind on both (server bound to itself), > yppasswdd on both. Running ypwhich on both shows both bound to the You shouldn't run yppasswdd on clients. It should only run on the master NIS server. > master. Running ypcat passwd.byname on both shows the passwd file. The > client is mapping user names on the master to uids on the server. Changes > to the group file on the master affect the client. Fingering a user on > the client retrieves correct info from the server. Running yppasswd on > the client changes the master.passwd file on the server. Everything seems > to work except logging in. The des and kerberos libraries have been You don't need kerberos, unless you use kerberos on your network. > installed. /var/yp/ypupdate.log says nothing other that the maps have > been updated. If I run ypserv in debug mode I see the query for a user > name and a succesful answer (I think). It seems the client is not > authenticating or decrypting the password properly. I installed a 2.1.7 > client in a Solaris 2.5.1 domain and everything went smoothly. The only > error I see on either system is when su'ing to root I get the message > "su: kerberos: not in root's ACL." If anyone has any ideas about what > may be wrong or what else to check I would appreciate your feedback. Do you have "+:::::::::" in master.passwd on the client? Are you using FreeBSD-style NIS with master.passwd.byname and master.passwd.byname maps too? If you so, you should make sure you are building them, and that the client can ypcat them, because they contain the password. Note that FreeBSD-style is the default unless you modified the nis makefile. Perhaps you modified the client to be insecure to work with your prior Solaris system, but your FreeBSD master is running in secure mode. > Thanks in advance. > > Toby > > home: toby@milkyway.org > work: tjswanson@tva.gov > > Tom
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.95q.971213195541.26297A-100000>