Gary Verhulp wrote:
I have not done those steps. I did not see any of those in the doc anywhere!?I do not seem to have "ipa-nis-manage" command on this machine.
Don't panic, ipa-nis-manage is part of the next IPA release, V2.
Seems like I'm missing a basic step somewhere.
I think you have things basically working. It looks like the problem is the password storage scheme being used, SSHA vs CRYPT.
I know I'm serving NIS with this server as I'm able to bind a client and:[r...@fcds tmp]# rpcinfo -p program vers proto port service100000 4 tcp 111 portmapper 100000 3 tcp 111 portmapper 100000 2 tcp 111 portmapper 100000 4 udp 111 portmapper 100000 3 udp 111 portmapper 100000 2 udp 111 portmapper 100024 1 udp 44690 status 100024 1 tcp 45670 status 100004 2 tcp 671 ypserv 100004 2 udp 671 ypserv ___________________ _____________________ From: yi zhang [yzh...@redhat.com] Sent: Tuesday, October 06, 2009 11:47 AM To: Gary Verhulp Cc: Freeipafirstname.lastname@example.org Subject: Re: [Freeipa-users] slapi-nis installation help On 10/06/2009 11:33 AM, Gary Verhulp wrote:Thanks for the response. I have the NIS config on the client setup correctly I believe. This client was moved from my current NIS domain and works fine. It's not that the client does not bind to the new FreeIPA NIS domain, but rather there is no passwd hash in the output of ypcat -k passwd so it has no way to auth. ga...@fell:/var/log$ ypcat -k passwd ttest ttest:*:1102:1002:Tim Test:/home/ttest:/bin/bashhave you enabled the IPA nis plug in? By default, this plug-in is disabled. To enable it, do following on ipa server 1. kinit admin 2. ipa-compat-manage enable -y <plain text password file> 3. ipa-nis-manage enable -y <plain text password file> 4. service dirsrv restart where the password file contains plain text password of "admin" and dirsrv is the backend DB for ipa Yibr, Gary yi zhang wrote:On 10/06/2009 10:36 AM, garyv wrote:Hi, I've installed freeIPA (ipa-server-1.2.2-1.fc11.i586)and have the base functionality working and I'm quite pleased. The problem I'm experiencing is with getting slapi-nis to function properly. Reading other posts in the list I was able to get FreeIPA to serve NIS maps, and clients to bind to the NIS dom, but no passwords/auth work for users. Any tips on setup/troubleshooting this?I haven't do any ipa-nis configuration for a while, here is my old notes, they might still work * NIS client host set up in general This is what RHEL linux should follow. 1. Append the following line in the */etc/sysconfig/network* file: * NISDOMAIN=mynisdomain 2. Append the following line in */etc/yp.conf* : * domain mynisdomain server 192.168.0.1 replace ip to the IPA server IP 3. Make sure the following lines contain 'nis' as an option in the file */etc/nsswitch.conf* * passwd: files nis * shadow: files nis * group: files nis * hosts: files nis dns * networks: files nis * protocols: files nis * publickey: nisplus * automount: files nis * netgroup: files nis * aliases: files nisplus 4. restart ypbind and portmap * */etc/rc.d/init.d/ypbind restart* * */etc/rc.d/init.d/portmap restart*Thanks Gary on the Client: r...@fell:~$ ypcat -k passwd ttest ttest:*:1102:1002:Tim Test:/home/ttest:/bin/bash r...@fell:~$ ypwhich -m passwd.byuid fcds.edited passwd.byname fcds.edited netid.byname fcds.edited group.upg fcds.nes.edited group.byname fcds.edited group.bygid fcds.edited _______________________________________________ Freeipa-users mailing list Freeipaemail@example.com https://www.redhat.com/mailman/listinfo/freeipa-users_______________________________________________ Freeipa-users mailing list Freeipafirstname.lastname@example.org https://www.redhat.com/mailman/listinfo/freeipa-usersScanned by Check Point Total Security Gateway. _______________________________________________ Freeipa-users mailing list Freeipaemail@example.com https://www.redhat.com/mailman/listinfo/freeipa-users
Description: S/MIME Cryptographic Signature
_______________________________________________ Freeipa-users mailing list Freeipafirstname.lastname@example.org https://www.redhat.com/mailman/listinfo/freeipa-users