Date: Sat, 2 Aug 2003 02:59:12 +0300 From: Ruslan Ermilov <ru@freebsd.org> To: Thomas Zauner <ThomasZauner@gmx.de> Cc: freebsd-net@freebsd.org Subject: Re: freeBSD NIS-server - LINUX NIS-client auth/login probs Message-ID: <20030801235912.GA11304@sunbay.com> In-Reply-To: <1059740569.6846.1.camel@Tom1> References: <1059740569.6846.1.camel@Tom1>
next in thread | previous in thread | raw e-mail | index | archive | help
--K8nIJk4ghYZn606h
Content-Type: multipart/mixed; boundary="17pEHd4RhPHOinZp"
Content-Disposition: inline
--17pEHd4RhPHOinZp
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Fri, Aug 01, 2003 at 02:22:48PM +0200, Thomas Zauner wrote:
> hi,
>=20
> i set up a NIS server on freebsd(5.1) excactly like in the handbook and
> then started the NIS client on linux (RH-9).
>=20
>=20
> (i just have 1 test user for now)
>=20
>=20
> 1)
>=20
> here's the output from ypcat passwd:
> the client binds the server ok:
>=20
> [root@linux]# ypcat passwd
> testo:*:1003:1003:User &:/home/testo/:/usr/local/bin/bash
>=20
> (the home dir does exist on the client -- via NFS)
>=20
> also in the RH user-manager i can see the user testo but i CANT LOGIN
> i think its an auth problem.
>=20
You need a shadow NIS map for Linux.
> on the freeBSD side i use md5 as default encrypt. but thats ok with
> linux
> i think.(on the freebsd side in /etc/login.conf defined)
>=20
Yes.
> 2)
>=20
> there is a option in /var/yp/Makefile on the FREEBSD side
> "UNSECURE=3Dtrue"
> but its commented out.
[...]
> DO I need this ?
>=20
No.
> 3)
> also i am not shure what config to use in nsswitch.conf on linux
> because i dunno what NIS(1/2/+) freebsd is using so is this ok?
>=20
> -----SNIP (/etc/nsswitch.conf)------
> passwd: compat
> group: compat
> shadow: nis files # i think there is no compat for shadow
>=20
There is (the compat for shadow).
> passwd_compat: nis
> group_compat: nis
>=20
These are the defaults, IIRC.
> and then add the "+::::::" stuff to /etc/shadow passwd and groups
>=20
Yes, if you need to override some fields, which is typical.
> passwd: nis files
> shadow: nis files
> group: nis files
> -------------------------------
>=20
> and NOT use the +::: stuff in the passwd,group.shadow files ?
>=20
Yes, that's another option (if you don't need to override anything).
> or sth with nis+ in nsswitch.conf ?
>=20
No.
> 5)=20
> what about the diffrent styles of the "shadowed" password file of
> LINUX(/etc/shadow) and FREEBSD (/etc/master.passwd)
> the freebsd master.passwd has more fields then the linux equivalent
>=20
I use the attached patch for /var/yp/Makefile to generate the shadow
map.
> 6)
> BTW my umask is 0077 do others/group need read-access to and of the
> files
> in /var/yp/* ???=20
> =20
I don't think they need it.
> ok thats all i can think of right now
> PLS if someone can help "SAVE MY WEEKEND" and help me. LOL
>=20
You're welcome!
Cheers,
--=20
Ruslan Ermilov Sysadmin and DBA,
ru@sunbay.com Sunbay Software Ltd,
ru@FreeBSD.org FreeBSD committer
--17pEHd4RhPHOinZp
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename=p
Content-Transfer-Encoding: quoted-printable
--- Makefile.dist Fri Mar 7 21:15:21 2003
+++ Makefile Wed Jun 11 20:14:35 2003
@@ -188,6 +190,7 @@
aliases: mail.aliases
=20
master.passwd: master.passwd.byname master.passwd.byuid
+master.passwd: shadow.byname
=20
#
# This is a special target used only when doing in-place updates with
@@ -559,6 +562,22 @@
$(CAT) $(MASTER) | \
$(AWK) -F: '{ if ($$1 !=3D "" && $$1 !~ "^#.*" && $$1 !=3D "+") \
print $$3"\t"$$0 }' $^ \
+ | $(DBLOAD) ${S} -f -i $(MASTER) -o $(YPMAPDIR)/$@ - $(TMP); \
+ $(RMV) $(TMP) $@
+ @$(DBLOAD) -c
+ @if [ ! $(NOPUSH) ]; then $(YPPUSH) -d $(DOMAIN) $@; fi
+ @if [ ! $(NOPUSH) ]; then echo "Pushed $@ map." ; fi
+.endif
+
+
+shadow.byname: $(MASTER)
+ @echo "Updating $@..."
+.if ${MASTER} =3D=3D "/dev/null"
+ @echo "Master.passwd source file not found -- skipping"
+.else
+ $(CAT) $(MASTER) | \
+ $(AWK) -F: '{ if ($$1 !=3D "" && $$1 !~ "^#.*" && $$1 !=3D "+") \
+ print $$1"\t"$$1":"$$2":::::::" }' $^ \
| $(DBLOAD) ${S} -f -i $(MASTER) -o $(YPMAPDIR)/$@ - $(TMP); \
$(RMV) $(TMP) $@
@$(DBLOAD) -c
--17pEHd4RhPHOinZp--
--K8nIJk4ghYZn606h
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (FreeBSD)
iD8DBQE/Kv7QUkv4P6juNwoRAl1AAJ9jeOVKIt4hIFpwJpuNmHkbIOhWjgCfUNSz
nmNkrhWGlx/L7tVH2PWUwxQ=
=U+ub
-----END PGP SIGNATURE-----
--K8nIJk4ghYZn606h--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030801235912.GA11304>