Date: Sat, 2 Aug 2003 02:59:12 +0300 From: Ruslan Ermilov <ru@freebsd.org> To: Thomas Zauner <ThomasZauner@gmx.de> Cc: freebsd-net@freebsd.org Subject: Re: freeBSD NIS-server - LINUX NIS-client auth/login probs Message-ID: <20030801235912.GA11304@sunbay.com> In-Reply-To: <1059740569.6846.1.camel@Tom1> References: <1059740569.6846.1.camel@Tom1>
next in thread | previous in thread | raw e-mail | index | archive | help
--K8nIJk4ghYZn606h Content-Type: multipart/mixed; boundary="17pEHd4RhPHOinZp" Content-Disposition: inline --17pEHd4RhPHOinZp Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Aug 01, 2003 at 02:22:48PM +0200, Thomas Zauner wrote: > hi, >=20 > i set up a NIS server on freebsd(5.1) excactly like in the handbook and > then started the NIS client on linux (RH-9). >=20 >=20 > (i just have 1 test user for now) >=20 >=20 > 1) >=20 > here's the output from ypcat passwd: > the client binds the server ok: >=20 > [root@linux]# ypcat passwd > testo:*:1003:1003:User &:/home/testo/:/usr/local/bin/bash >=20 > (the home dir does exist on the client -- via NFS) >=20 > also in the RH user-manager i can see the user testo but i CANT LOGIN > i think its an auth problem. >=20 You need a shadow NIS map for Linux. > on the freeBSD side i use md5 as default encrypt. but thats ok with > linux > i think.(on the freebsd side in /etc/login.conf defined) >=20 Yes. > 2) >=20 > there is a option in /var/yp/Makefile on the FREEBSD side > "UNSECURE=3Dtrue" > but its commented out. [...] > DO I need this ? >=20 No. > 3) > also i am not shure what config to use in nsswitch.conf on linux > because i dunno what NIS(1/2/+) freebsd is using so is this ok? >=20 > -----SNIP (/etc/nsswitch.conf)------ > passwd: compat > group: compat > shadow: nis files # i think there is no compat for shadow >=20 There is (the compat for shadow). > passwd_compat: nis > group_compat: nis >=20 These are the defaults, IIRC. > and then add the "+::::::" stuff to /etc/shadow passwd and groups >=20 Yes, if you need to override some fields, which is typical. > passwd: nis files > shadow: nis files > group: nis files > ------------------------------- >=20 > and NOT use the +::: stuff in the passwd,group.shadow files ? >=20 Yes, that's another option (if you don't need to override anything). > or sth with nis+ in nsswitch.conf ? >=20 No. > 5)=20 > what about the diffrent styles of the "shadowed" password file of > LINUX(/etc/shadow) and FREEBSD (/etc/master.passwd) > the freebsd master.passwd has more fields then the linux equivalent >=20 I use the attached patch for /var/yp/Makefile to generate the shadow map. > 6) > BTW my umask is 0077 do others/group need read-access to and of the > files > in /var/yp/* ???=20 > =20 I don't think they need it. > ok thats all i can think of right now > PLS if someone can help "SAVE MY WEEKEND" and help me. LOL >=20 You're welcome! Cheers, --=20 Ruslan Ermilov Sysadmin and DBA, ru@sunbay.com Sunbay Software Ltd, ru@FreeBSD.org FreeBSD committer --17pEHd4RhPHOinZp Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename=p Content-Transfer-Encoding: quoted-printable --- Makefile.dist Fri Mar 7 21:15:21 2003 +++ Makefile Wed Jun 11 20:14:35 2003 @@ -188,6 +190,7 @@ aliases: mail.aliases =20 master.passwd: master.passwd.byname master.passwd.byuid +master.passwd: shadow.byname =20 # # This is a special target used only when doing in-place updates with @@ -559,6 +562,22 @@ $(CAT) $(MASTER) | \ $(AWK) -F: '{ if ($$1 !=3D "" && $$1 !~ "^#.*" && $$1 !=3D "+") \ print $$3"\t"$$0 }' $^ \ + | $(DBLOAD) ${S} -f -i $(MASTER) -o $(YPMAPDIR)/$@ - $(TMP); \ + $(RMV) $(TMP) $@ + @$(DBLOAD) -c + @if [ ! $(NOPUSH) ]; then $(YPPUSH) -d $(DOMAIN) $@; fi + @if [ ! $(NOPUSH) ]; then echo "Pushed $@ map." ; fi +.endif + + +shadow.byname: $(MASTER) + @echo "Updating $@..." +.if ${MASTER} =3D=3D "/dev/null" + @echo "Master.passwd source file not found -- skipping" +.else + $(CAT) $(MASTER) | \ + $(AWK) -F: '{ if ($$1 !=3D "" && $$1 !~ "^#.*" && $$1 !=3D "+") \ + print $$1"\t"$$1":"$$2":::::::" }' $^ \ | $(DBLOAD) ${S} -f -i $(MASTER) -o $(YPMAPDIR)/$@ - $(TMP); \ $(RMV) $(TMP) $@ @$(DBLOAD) -c --17pEHd4RhPHOinZp-- --K8nIJk4ghYZn606h Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE/Kv7QUkv4P6juNwoRAl1AAJ9jeOVKIt4hIFpwJpuNmHkbIOhWjgCfUNSz nmNkrhWGlx/L7tVH2PWUwxQ= =U+ub -----END PGP SIGNATURE----- --K8nIJk4ghYZn606h--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030801235912.GA11304>