On 10/06/2009 11:33 AM, Gary Verhulp wrote:
Thanks for the response.
I have the NIS config on the client setup correctly I believe.
This client was moved from my current NIS domain and works fine.

It's not that the client does not bind to the new FreeIPA NIS domain,
but rather there is no passwd hash  in the output of ypcat -k passwd so
it has no way to auth.

ga...@fell:/var/log$ ypcat -k passwd
ttest ttest:*:1102:1002:Tim  Test:/home/ttest:/bin/bash

have you enabled the IPA nis plug in? By default, this plug-in is disabled. To enable it, do following on ipa server
1. kinit admin
2. ipa-compat-manage enable -y <plain text password file>
3. ipa-nis-manage enable -y <plain text password file>
4. service dirsrv restart
 where the password file contains plain text password of "admin"
 and dirsrv is the backend DB for ipa
Yi
br,
Gary


yi zhang wrote:
On 10/06/2009 10:36 AM, garyv wrote:
Hi,

I've installed freeIPA  (ipa-server-1.2.2-1.fc11.i586)and have the
base functionality working and I'm quite pleased.

The problem I'm experiencing is with getting slapi-nis to function
properly.

Reading other posts in the list I was able to get FreeIPA to serve
NIS maps, and clients to bind to the NIS dom, but no passwords/auth
work for users.

Any tips on setup/troubleshooting this?
I haven't do any ipa-nis configuration for a while, here is my old
notes, they might still work

     * NIS client host set up in general

This is what RHEL linux should follow.

    1. Append the following line in the */etc/sysconfig/network* file:
           * NISDOMAIN=mynisdomain
    2. Append the following line in */etc/yp.conf* :
           * domain mynisdomain server 192.168.0.1 replace ip to the
             IPA server IP
    3. Make sure the following lines contain 'nis' as an option in the
       file */etc/nsswitch.conf*
           * passwd: files nis
           * shadow: files nis
           * group: files nis
           * hosts: files nis dns
           * networks: files nis
           * protocols: files nis
           * publickey: nisplus
           * automount: files nis
           * netgroup: files nis
           * aliases: files nisplus
    4. restart ypbind and portmap
           * */etc/rc.d/init.d/ypbind restart*
           * */etc/rc.d/init.d/portmap restart*


Thanks

Gary

on the Client:
r...@fell:~$ ypcat -k passwd
ttest ttest:*:1102:1002:Tim  Test:/home/ttest:/bin/bash

r...@fell:~$ ypwhich  -m
passwd.byuid fcds.edited
passwd.byname fcds.edited
netid.byname fcds.edited
group.upg fcds.nes.edited
group.byname fcds.edited
group.bygid fcds.edited

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to