Re: GNU/Linux NIS tweaks was: FreeBSD Decision
On Sat, Jan 15, 2011 at 9:41 PM, James Phillips anti_spam...@yahoo.ca wrote: It may have to do with what you are doing. At the NFS protocol level, they are compatible as far as I can tell. However, in my testing (trying to set up a file server in a heterogeneous environment) I had problems configuring NIS without editing Makefiles. Ah right, see I was given a choice between NIS and LDAP back in 2003 and started with OpenLDAP (after many years using/administering NIS). I have never looked back since. Cheers, Steph ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
GNU/Linux NIS tweaks was: FreeBSD Decision
--- On Sat, 1/15/11, FRLinux frli...@gmail.com wrote:
Hello,
I'd be curious to hear about any particular tweaking you
need applying
on NFS FreeBSD servers. I have used them for the past 8
years starting
with 4.x at the time and now with a mix of 6.x 7x and 8.x
and had not
to tweak anything.
SNIP!
Cheers,
Steph
It may have to do with what you are doing. At the NFS protocol level, they are
compatible as far as I can tell. However, in my testing (trying to set up a
file server in a heterogeneous environment) I had problems configuring NIS
without editing Makefiles.
GNU/Linux uses 'shadow' to store password and FreeBSD used master.passwd. The
number of fields between the two differ as well.
From my notes, the options are:
1. Modify makefile to generate a shadow file to keep Linux happy
2. use UNSECURE=true option in /var/yp/Makefile and disable shadow passwords
in Linux. I decided to go with the second option because NFS uses host-based
authentication: somebody with root access to a client machine can get both
files anyway.
Because NFS passes ownership and group information by number, I decided I
needed I need to use NIS to set send user and group information to keep the
network sane. For example, james may be user 1001 on one machine and user
1002 on another. The problem is that the FreeBSD special groups are not
compatible with the GNU/Linux special groups (less than 1000).
I resolved this (after an hint from IRC) by editing /var/yp/Makefile to only
send user groups in a certain window to the client machines.
From my notes:
-both group.byname and group.bygid have the same filter to decide which groups
to include:[
@$(AWK) -F: '{ if ($$1 !=
$$1 !~^#.* $$1 !=+) \
]
Decodes as:
Use 'awk' with a field separator of ':'
Include a line if:
-it is not blank
-if it is not a commented line, denoted by '#'
-if it is not a line importing groups from NIS, denoted by '+' in the first
field.
filter can be modified to include only gid's within a certain range: [
@$(AWK) -F: '{ if ($$1 !=
$$1 !~^#.* $$1 !=+
$$3 = 1001 $$3 =2000) \
]
/notes
Regards,
James Phillips
I actually was able to log in from a test installation of Debian using that
hack (files appeared on server as expected). It took some trial and error
though.
PS: perhaps my difficulty is I don't really want to do programming until the
fileserver is up, but BSD administrators are expected to do basic scripting.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
NIS table and the local passwd are out of sync
Hello I hope someone can give me some hints on how to fix a NIS problem. My FreeBSD 7.2 (amd64) system works as NIS Server and a 8.1-STABLE (amd64) machine as a NIS client. It was configured as described at http://www.freebsd.org/doc/handbook/network-nis.html. Syncing between server and client works but there is a difference between NIS and the local administrative database (passwd). ypcat and ypmatch show more users than getent. Example: ypmatch wwwfoo passwd wwwfoo:*:46683:46683:WebAccount:/var/webs/foo.com:/bin/date getent passwd | grep wwwfoo returns nothing This is an issue since my apache doesn't work if all these users are not seen with getent. Any idea why all my users are in the nis table but are not seen by the system? Nscd is not running so it shouldn't be a cache issue. NIS client master.passwd: nobody:*:65534:65534:Unprivileged user:/nonexistent:/usr/sbin/nologin +:*: nsswitch.conf: group: files nis group_compat: nis passwd: files nis passwd_compat: nis Regards, Thomas ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
NIS server doesn't receive its own passwd entries to nsswitch
Hi, I've just configured FreeBSD 8.2-RC1 to act as a NIS server and as a client to itself. What works: A Linux client can query NIS. As in ypcat passwd/group and getent passwd/group show the entries from the server. The server can query its on NIS provided groups (ypcat passwd/group). nisserver # ypcat passwd nisuser:*:1:1::: nisserver # ypcat group nisgroup:*:1: What doesn't work: The server doesn't recieve passwd entries to its nsswitch, but does receive group entries. I.e. getent passwd only shows local entries, but getent group shows local and NIS entries. To verify that this is not a problem with getent I also tried: nisserver # touch somefile nisserver # ls -l somefile -rw-r--r-- 1 root wheel 0 Dec 31 14:09 somefile nisserver # chgrp nisgroup somefile nisserver # ls -l somefile -rw-r--r-- 1 root nisgroup 0 Dec 31 14:09 somefile nisserver # chown nisuser somefile chown: nisuser: Invalid argument nisserver # ls -l somefile -rw-r--r-- 1 root nisgroup 0 Dec 31 14:09 somefile I am NOT missing the +: line in master.passwd (as per the handbook entry on NIS clients). I also tried changing passwd: compat to passwd: files nis in /etc/nsswitch.conf which didn't help at all. Regards Florian Wagner signature.asc Description: PGP signature
Setup for NIS master: make isn't seeing my sources
[I'm not subscribed to -questions, so please include me in responses. I've provided a valid Reply-To as a hint to your MUA.] For the last 14 years or so, my NIS server on the home network has been a SPARCstation 5/170 running Solaris 2.6; I'm finally getting around to decommissioning it. Accordingly, I'm configuring a new(-ish) machine running FreeBSD 8.1-PRERELEASE r210217 (as of Sunday last) as a new NIS master. (I had earlier configured it as a slave, so /var/yp/`domainname` was already populated.) The NIS domain is (for historical reasons) lmdhw.com. The default in /var/yp/Makefile is for YPSRCDIR to be set to /etc; as I prefer my NIS source files to be completely separate from the content of /etc on any machine I fcreated /var/yp/Makefile.local: albert# pwd /var/yp albert# cat Makefile.local # Local tweaks to NIS make process # $Id: Makefile.local,v 1.1 2010/07/23 18:51:37 root Exp $ # As long as we still have non-FreeSBD NIS clients on the local net... UNSECURE = True # Keep our NIS sources separate from any machine's /etc. # While we're doing that, might as well make provision in case we want to # work with more than one NIS domain at the same time. YPSRCDIR = $(YPDIR)/etc/$(DOMAIN) I then populated /var/yp/etc/lmdhw.com by unpacking a tarball of the sources from the SS5: albert# domainname lmdhw.com albert# ls -lTa etc/lmdhw.com/ total 38 drwxr-xr-x 3 root daemon 512 Jul 23 11:53:52 2010 . drwxr-xr-x 3 root wheel512 Jul 23 11:44:37 2010 .. drwxr-xr-x 2 root daemon 512 May 10 10:06:43 2010 RCS -rw-r--r-- 1 root kmem 50 Jan 12 20:09:53 1997 auto_home -rw-r--r-- 1 root kmem 94 Jan 12 20:10:08 1997 auto_master -rw-rw-r-- 1 root daemon 0 Sep 14 11:53:16 1997 bootparams -rw-rw-r-- 1 root daemon 0 Sep 14 11:53:16 1997 ethers -r--r--r-- 1 root daemon 428 Sep 2 18:19:02 2001 group -r--r--r-- 1 root daemon 273 Oct 25 15:33:32 2008 hosts -rw-rw-r-- 1 root daemon 0 Sep 14 11:53:16 1997 netgroup -r--r--r-- 1 root daemon 592 Aug 26 21:53:00 1999 netmasks -r--r--r-- 1 root sys 372 Mar 4 21:46:19 1997 networks -r--r--r-- 1 root daemon 855 Nov 30 21:51:03 2009 passwd -rw-r--r-- 1 root daemon 892 May 3 19:11:13 1998 passwd.install -r--r--r-- 1 root sys 980 Apr 4 18:14:32 1998 protocols -r-xr-xr-x 1 bin kmem 622 Mar 4 22:04:36 1997 publickey -rw-r--r-- 1 root sys 1481 Mar 4 21:46:29 1997 rpc -r--r--r-- 1 root daemon 2380 Jul 19 18:48:02 1998 services -r 1 root daemon 364 Oct 6 16:31:39 2006 shadow -rw-r--r-- 1 root daemon 416 May 3 19:11:28 1998 shadow.install -rw-r--r-- 1 root daemon21 Apr 4 23:32:06 1998 timezone albert# But when I run make, I see whines about /var/yp/etc/`/bin/domainname`/hosts being non-existent and having no sources: albert# make -d lm Examining target...non-existent...non-existent and no sources...out-of-date. if [ ! -d `/bin/domainname` ]; then mkdir `/bin/domainname`; fi; cd `/bin/domainname` ; echo NIS Map update started on `date` for domain `/bin/domainname` ; make -f ../Makefile all; echo NIS Map update completed. NIS Map update started on Fri Jul 23 13:37:30 PDT 2010 for domain lmdhw.com Examining /var/yp/ypservers...modified 11:53:28 Jul 23, 2010...up-to-date. Examining ypservers...modified 11:53:55 Jul 23, 2010...up-to-date. Examining servers...non-existent...modified before source (ypservers)...out-of-date. update time: 13:37:30 Jul 23, 2010 Examining /var/yp/etc/`/bin/domainname`/hosts...non-existent...non-existent and no sources...out-of-date. make: don't know how to make /var/yp/etc/`/bin/domainname`/hosts. Stop *** Error code 2 Stop in /var/yp. albert# I've run with additional debugging flags, but that seemed to merely add to the clutter without actually providing useful information, so I figured I'd skip subjecting y'all to that for now. So what silly thing am I overlooking here? Is something doing a chroot(2) behind the scenes? Thanks Peace, david -- David H. Wolfskill da...@catwhisker.org Depriving a girl or boy of an opportunity for education is evil. See http://www.catwhisker.org/~david/publickey.gpg for my public key. pgpzAkWz3EREZ.pgp Description: PGP signature
NIS passwd file is never updated with new users
Hi I've configured a NIS master server as descriped in the freebsd handbook (http://www.freebsd.org/doc/handbook/network-nis.html). I removed all super and system users from master.passwd in /var/yp, chmod 600 master.passwd and initialized my NIS master server without any errors. ypcat passwd showed me a correct list with users. But the NIS password db will not be updated if i add any new user. I tried: pw useradd test1234 cd /var/yp make myusers `myusers' is up to date. My new added test1234 user is not added to/var/yp/master.passwd or /var/yp/passwd but test1234 is in /etc/passwd and /etc/master.passwd. How can i updated my NIS master.passwd? System Information: It's 7.2-RELEASE-p6 (amd64) my rc.conf for NIS: nisdomainname=myusers nis_server_enable=YES nis_yppasswdd_enable=YES nis_ypxfrd_enable=YES rpcinfo -p program vers proto port service 104 tcp111 rpcbind 103 tcp111 rpcbind 102 tcp111 rpcbind 104 udp111 rpcbind 103 udp111 rpcbind 102 udp111 rpcbind 104 local111 rpcbind 103 local111 rpcbind 102 local111 rpcbind 1000241 udp696 status 1000241 tcp697 status 1000210 udp751 nlockmgr 1000210 tcp951 nlockmgr 1000211 udp751 nlockmgr 1000211 tcp951 nlockmgr 1000213 udp751 nlockmgr 1000213 tcp951 nlockmgr 1000214 udp751 nlockmgr 1000214 tcp951 nlockmgr 141 udp671 ypserv 142 udp671 ypserv 141 tcp812 ypserv 142 tcp812 ypserv 191 udp818 yppasswdd 191 tcp602 yppasswdd 600191 udp818 600191 tcp602 172 udp878 ypbind 172 tcp917 ypbind 6001000691 udp694 6001000691 tcp674 r...@host04:/var/yp# ll total 170 lrwxrwxrwx 1 root wheel 13 Feb 18 2009 Makefile - Makefile.dist -r--r--r-- 1 root wheel 19276 Mar 10 22:42 Makefile.dist drwxr-xr-x 2 root wheel512 Mar 11 10:55 binding -rw--- 1 root wheel 73770 Mar 11 11:45 master.passwd -rw--- 1 root wheel 69260 Mar 11 11:45 passwd -rw-r--r-- 1 root wheel233 Mar 11 10:53 securenets drwx-- 2 root wheel512 Mar 11 11:45 myusers -rw--- 1 root wheel130 Mar 11 11:28 ypservers Regards, Thomas ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: NIS oops
and thats the one error I made in setting it up likely... (I saw that note after rebooting in the handbook) I have been there, I have done that. Luckily my server is next door :) Olivier ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
NIS oops
I set up and tested NIS on our new master server then rebooted and it failed to come up... it is not possible for me to get physical access (or anyone else for that matter) until tommorow afternoon... is there any way to use an other machine on the net to kick start it (NFS mount attempts to it also hang) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: NIS oops
is there any way to use an other machine on the net to kick start it Unless you have an account on that master server that is not depending on NIS, I see no way. Bests, Olivier ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: NIS oops
Olivier Nicole wrote: is there any way to use an other machine on the net to kick start it Unless you have an account on that master server that is not depending on NIS, I see no way. Bests, Olivier and thats the one error I made in setting it up likely... (I saw that note after rebooting in the handbook) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
NIS users can't login with FTPD
Hello I've installed a nes machine ( 7.2 / 64 bits ) which runs like a charm EXCEPT for the FTP service for NIS users ... Local users ( which are present in /etc/passwd file ) have no problem BUT NIS users cannot log in when using telnet NIS users have no problem to log in ... Thank for any help the /etc/pam.d/ftpd looks like the following # # $FreeBSD: src/etc/pam.d/ftpd,v 1.19.8.1 2009/04/15 03:14:26 kensmith # # PAM configuration for the ftpd service # # auth authsufficient pam_opie.so no_warn no_fake_prompts authrequisite pam_opieaccess.so no_warn allow_local #auth sufficient pam_krb5.so no_warn #auth sufficient pam_ssh.so no_warn try_first_pass authrequiredpam_unix.so no_warn try_first_pass # account account requiredpam_nologin.so #accountrequiredpam_krb5.so account requiredpam_unix.so # session session requiredpam_permit.so mail# ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: NIS users can't login with FTPD
what's in /etc/nsswitch.conf ? Markiyan. Frank Bonnet wrote: Hello I've installed a nes machine ( 7.2 / 64 bits ) which runs like a charm EXCEPT for the FTP service for NIS users ... Local users ( which are present in /etc/passwd file ) have no problem BUT NIS users cannot log in when using telnet NIS users have no problem to log in ... Thank for any help the /etc/pam.d/ftpd looks like the following # # $FreeBSD: src/etc/pam.d/ftpd,v 1.19.8.1 2009/04/15 03:14:26 kensmith # # PAM configuration for the ftpd service # # auth authsufficientpam_opie.sono_warn no_fake_prompts authrequisitepam_opieaccess.sono_warn allow_local #authsufficientpam_krb5.sono_warn #auth sufficient pam_ssh.sono_warn try_first_pass authrequiredpam_unix.sono_warn try_first_pass # account accountrequiredpam_nologin.so #account requiredpam_krb5.so accountrequiredpam_unix.so # session sessionrequiredpam_permit.so mail# ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: How to block NIS logins via ssh?
enough time and resources, any password can be cracked. I really do not when enough time is somehow like lifetime of a star ;) (unless you choose bad passwords). understand why so many users insist on using passwords anyway. 2 reasons: - It's the default - Less hassle getting access from a new account. It's the first thing I disable as well. I have machines I don't even know my local password for. Key on a flash card so I can get access from any new machine with an USB port. -- Mel Problem with today's modular software: they start with the modules and never get to the software part. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: How to block NIS logins via ssh?
On Thursday 11 December 2008 12:40:10 Jerry wrote: On Thu, 11 Dec 2008 09:11:26 +0100 Mel fbsd.questi...@rachie.is-a-geek.net wrote: 6) Disable password based logins and use keys only. Personally, I have always used 'keys' instead of passwords. Given enough time and resources, any password can be cracked. I really do not understand why so many users insist on using passwords anyway. 2 reasons: - It's the default - Less hassle getting access from a new account. It's the first thing I disable as well. I have machines I don't even know my local password for. Key on a flash card so I can get access from any new machine with an USB port. -- Mel Problem with today's modular software: they start with the modules and never get to the software part. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: How to block NIS logins via ssh?
On Thursday 11 December 2008 08:10:09 Dan Mahoney, System Admin wrote: Given, there's several solutions to this: 1) The Kluge as above. 2) A pam module to check /etc/group (this is standard login behavior, and historically supported, and available on other platforms, adding a module, even to ports, is trivial. 3) A patch to openssh to do /etc/shells checking (I'll note that openSSH has the UseLogin option, which may also do this. 4) An option to pam_unix to check this. Differs from #2 in that it's a change to an existing module instead of one in ports. 5) Use AllowGroups/AllowUsers and/or their Deny equivalent in sshd_config. 6) Disable password based logins and use keys only. -- Mel Problem with today's modular software: they start with the modules and never get to the software part. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to block NIS logins via ssh?
On Thu, 11 Dec 2008 09:11:26 +0100 Mel [EMAIL PROTECTED] wrote: On Thursday 11 December 2008 08:10:09 Dan Mahoney, System Admin wrote: Given, there's several solutions to this: 1) The Kluge as above. 2) A pam module to check /etc/group (this is standard login behavior, and historically supported, and available on other platforms, adding a module, even to ports, is trivial. 3) A patch to openssh to do /etc/shells checking (I'll note that openSSH has the UseLogin option, which may also do this. 4) An option to pam_unix to check this. Differs from #2 in that it's a change to an existing module instead of one in ports. 5) Use AllowGroups/AllowUsers and/or their Deny equivalent in sshd_config. 6) Disable password based logins and use keys only. Personally, I have always used 'keys' instead of passwords. Given enough time and resources, any password can be cracked. I really do not understand why so many users insist on using passwords anyway. -- Jerry [EMAIL PROTECTED] A sadist is a masochist who follows the Golden Rule. signature.asc Description: PGP signature
How to block NIS logins via ssh?
Hello all, I'm noticing that when following the directions given here: http://www.freebsd.org/doc/en/books/handbook/network-nis.html For how to disable logins, the recommended action is to set the shell to /sbin/nologin. However, this is sloppy as it allows the user to log in, get the motd, do everything short of getting a shell. I've tried starring out the password in the +: entry, (and putting in a bad password, like x), and those don't seem to work. I am still able to connect via sshd and prove that the account works. What's happening here? -Dan -- Wrin quick, somebody tell me the moon phase please? Dan_Wood Wrin: Plummeting. -Undernet #reboot, 9/11/01 (day of the WTC bombing) Dan Mahoney Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC ICQ: 13735144 AIM: LarpGM Site: http://www.gushi.org --- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to block NIS logins via ssh?
On Wed, 10 Dec 2008, Dan Nelson wrote: In the last episode (Dec 10), Dan Mahoney, System Admin said: I'm noticing that when following the directions given here: http://www.freebsd.org/doc/en/books/handbook/network-nis.html For how to disable logins, the recommended action is to set the shell to /sbin/nologin. However, this is sloppy as it allows the user to log in, get the motd, do everything short of getting a shell. I've tried starring out the password in the +: entry, (and putting in a bad password, like x), and those don't seem to work. I am still able to connect via sshd and prove that the account works. By default, the passwd field is ignored in an NIS + or - line. It looks like if you rebuild libc with PW_OVERRIDE_PASSWD=1, you will get the behaviour you're looking for (see the compat_set_template function in src/lib/libc/gen/getpwent.c). Okay, let's look at it from an alternate tack then -- what else renders an account invalid? Is there a pam knob to check /etc/shells? Or an sshd option? I found these: http://osdir.com/ml/linux.admin.managers/2003-08/msg00016.html for a user who had a similar problem, but freebsd doesn't appear to have the requisite module. This could also be implemented as an option to pam_unix (which could check either /etc/shells or the NIS equivalent, since it already has the NIS hooks.) I'll make a separate post to -hackers requesting this. it's probably pretty trivial to port, but I'm leery to do so not-being a c-coder. -Dan -- Of course she's gonna be upset! You're dealing with a woman here Dan, what the hell's wrong with you? -S. Kennedy, 11/11/01 Dan Mahoney Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC ICQ: 13735144 AIM: LarpGM Site: http://www.gushi.org --- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to block NIS logins via ssh?
In the last episode (Dec 10), Dan Mahoney, System Admin said: On Wed, 10 Dec 2008, Dan Nelson wrote: In the last episode (Dec 10), Dan Mahoney, System Admin said: I'm noticing that when following the directions given here: http://www.freebsd.org/doc/en/books/handbook/network-nis.html For how to disable logins, the recommended action is to set the shell to /sbin/nologin. However, this is sloppy as it allows the user to log in, get the motd, do everything short of getting a shell. I've tried starring out the password in the +: entry, (and putting in a bad password, like x), and those don't seem to work. I am still able to connect via sshd and prove that the account works. By default, the passwd field is ignored in an NIS + or - line. It looks like if you rebuild libc with PW_OVERRIDE_PASSWD=1, you will get the behaviour you're looking for (see the compat_set_template function in src/lib/libc/gen/getpwent.c). Okay, let's look at it from an alternate tack then -- what else renders an account invalid? Is there a pam knob to check /etc/shells? Or an sshd option? There's a pam_exec module which launches a program of your choice. You could look up the user's shell from there using whatever script you're comfortable with. Or, if all your NIS users are members of a certain group, you could use the pam_group module to deny them. I found these: http://osdir.com/ml/linux.admin.managers/2003-08/msg00016.html for a user who had a similar problem, but freebsd doesn't appear to have the requisite module. This could also be implemented as an option to pam_unix (which could check either /etc/shells or the NIS equivalent, since it already has the NIS hooks.) It looks like our pam_unix module has a local_pass option, whch claims to disallow NIS logins. Have you tried that? I'll make a separate post to -hackers requesting this. it's probably pretty trivial to port, but I'm leery to do so not-being a c-coder. -- Dan Nelson [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to block NIS logins via ssh?
On Wed, 10 Dec 2008, Dan Nelson wrote: In the last episode (Dec 10), Dan Mahoney, System Admin said: On Wed, 10 Dec 2008, Dan Nelson wrote: In the last episode (Dec 10), Dan Mahoney, System Admin said: I'm noticing that when following the directions given here: http://www.freebsd.org/doc/en/books/handbook/network-nis.html For how to disable logins, the recommended action is to set the shell to /sbin/nologin. However, this is sloppy as it allows the user to log in, get the motd, do everything short of getting a shell. I've tried starring out the password in the +: entry, (and putting in a bad password, like x), and those don't seem to work. I am still able to connect via sshd and prove that the account works. By default, the passwd field is ignored in an NIS + or - line. It looks like if you rebuild libc with PW_OVERRIDE_PASSWD=1, you will get the behaviour you're looking for (see the compat_set_template function in src/lib/libc/gen/getpwent.c). Okay, let's look at it from an alternate tack then -- what else renders an account invalid? Is there a pam knob to check /etc/shells? Or an sshd option? There's a pam_exec module which launches a program of your choice. You could look up the user's shell from there using whatever script you're comfortable with. Or, if all your NIS users are members of a certain group, you could use the pam_group module to deny them. I found these: http://osdir.com/ml/linux.admin.managers/2003-08/msg00016.html for a user who had a similar problem, but freebsd doesn't appear to have the requisite module. This could also be implemented as an option to pam_unix (which could check either /etc/shells or the NIS equivalent, since it already has the NIS hooks.) It looks like our pam_unix module has a local_pass option, whch claims to disallow NIS logins. Have you tried that? No, I'm using netgroups -- i.e. allow one user (or, rather, allow the @STAFF group, import the whole map, disallow the rest from logging in.) Actually, I just found the answer to this...instead of putting nologin in, put in something bogus (I'm using /nonexistent)...and the password will just loop. This is something sshd does internally. Given, there's several solutions to this: 1) The Kluge as above. 2) A pam module to check /etc/group (this is standard login behavior, and historically supported, and available on other platforms, adding a module, even to ports, is trivial. 3) A patch to openssh to do /etc/shells checking (I'll note that openSSH has the UseLogin option, which may also do this. 4) An option to pam_unix to check this. Differs from #2 in that it's a change to an existing module instead of one in ports. -Dan -- The first annual 5th of July party...have you been invited? It's a Jack Party. Okay, so Long Island's been invited. --Cali and Gushi, 6/23/02 Dan Mahoney Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC ICQ: 13735144 AIM: LarpGM Site: http://www.gushi.org --- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
nspluginwrapper and NIS
Has anyone noticed that nspluginwrapper -a -i -v crashes when operating under a userid which is defined under NIS? If you put the user's full master.passwd entry in the local master.passwd it works fine. Rich ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Does 7.0 is NIS compatible by default ?
Hello I've setup NIS client on a fresh 7.0 installed machine but it is unable to su to a NIS account , id command give a user unknown response, BUT ypcat or ypmatch commands works ... Thanks for any help/infos. Frank ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
NIS in a jail?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hey everyone, I've been struggling with something, and I'm starting to wonder if this is even supposed to work. I have a 6.2 box (haven't moved to 6.3 yet) running a set of jails, and all has been well for quite a while. I recently tried to get one of the jails to be a NIS slave and it seemed to come online and get maps OK, but no other servers could use it. I've set up NIS before, so I think I've got that part ok. Anyway, I tried to make it a master today for other reasons, but also so I could repeat the setup process. In doing so, I tried to change it's nisdomainname. I've found that it wants to use the host's nisdomainname instead of its local value (in the jailed rc.conf). This made me realize that maybe the problem is more fundamental and that this is not supported. Does anyone have an guidance for me? My most pressing question is can you setup a NIS master or slave in a jail at all? If yes, then I can keep plugging away (help is appreciated). Maybe I just need to have a consistent nisdomainname. if not, then so be it, at least I'll know. Eric -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (Darwin) iD4DBQFHsk2rK/tq6CJjZQIRAunrAJdQU+9JYn4ELUuDaIQSMrw16+SsAJ4x55/k HSFaa4gMr0f/3W3npnmVWQ== =+RKR -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: NIS Linux - Ubuntu
On Wed, Dec 26, 2007 at 09:10:00PM -0500, Lowell Gilbert wrote: Chad Perrin [EMAIL PROTECTED] writes: The behavior with an asterisk instead of an X is pretty worrisome, however, and is not strictly Ubuntu's fault. Security of a server should not rely on the good will and competence of the client developers. I agree with the latter sentence, but not the former. When using NFS (without Kerberos), it is built into the protocol that the server trusts the client on the UID/GID. That is a good reason not to use NFS in an untrusted environment, but there really isn't anything FreeBSD can do about it. I'm not clear on how that makes it Ubuntu's fault -- which seems to be what you're saying, since you disagreed with the sentence in which I stated it is not strictly Ubuntu's fault. -- CCD CopyWrite Chad Perrin [ http://ccd.apotheon.org ] John Kenneth Galbraith: If all else fails, immortality can always be assured through spectacular error. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: NIS Linux - Ubuntu
Chad Perrin [EMAIL PROTECTED] writes: On Thu, Dec 20, 2007 at 09:32:50AM -0500, Lowell Gilbert wrote: RA Cohen [EMAIL PROTECTED] writes: I am sorry, here is an addendum to my previous post: Somehow Ubuntu was given root user permissions Actually, upon rereading my notes, Ubuntu was only given permissions of the user doing the login - not root - but we could login with any valid user apparently FreeBSD thought it was presented with a wildcard password. And I can also verify that FreeBSD clients are able to use the password map when x is used instead of * in the map to represent the password. So I can secure the system using the x but still cannot get Ubuntu clients to authenticate. Sounds like Ubuntu is using the wrong map, probably one where it's getting a different and empty field where it expects to find a password. The behavior with an asterisk instead of an X is pretty worrisome, however, and is not strictly Ubuntu's fault. Security of a server should not rely on the good will and competence of the client developers. I agree with the latter sentence, but not the former. When using NFS (without Kerberos), it is built into the protocol that the server trusts the client on the UID/GID. That is a good reason not to use NFS in an untrusted environment, but there really isn't anything FreeBSD can do about it. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: NIS Linux - Ubuntu
RA Cohen [EMAIL PROTECTED] writes: I am sorry, here is an addendum to my previous post: Somehow Ubuntu was given root user permissions Actually, upon rereading my notes, Ubuntu was only given permissions of the user doing the login - not root - but we could login with any valid user apparently FreeBSD thought it was presented with a wildcard password. And I can also verify that FreeBSD clients are able to use the password map when x is used instead of * in the map to represent the password. So I can secure the system using the x but still cannot get Ubuntu clients to authenticate. Sounds like Ubuntu is using the wrong map, probably one where it's getting a different and empty field where it expects to find a password. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: NIS Linux - Ubuntu
On Thu, Dec 20, 2007 at 09:32:50AM -0500, Lowell Gilbert wrote: RA Cohen [EMAIL PROTECTED] writes: I am sorry, here is an addendum to my previous post: Somehow Ubuntu was given root user permissions Actually, upon rereading my notes, Ubuntu was only given permissions of the user doing the login - not root - but we could login with any valid user apparently FreeBSD thought it was presented with a wildcard password. And I can also verify that FreeBSD clients are able to use the password map when x is used instead of * in the map to represent the password. So I can secure the system using the x but still cannot get Ubuntu clients to authenticate. Sounds like Ubuntu is using the wrong map, probably one where it's getting a different and empty field where it expects to find a password. The behavior with an asterisk instead of an X is pretty worrisome, however, and is not strictly Ubuntu's fault. Security of a server should not rely on the good will and competence of the client developers. -- CCD CopyWrite Chad Perrin [ http://ccd.apotheon.org ] Baltasar Gracian: A wise man gets more from his enemies than a fool from his friends. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
NIS Linux - Ubuntu
I've read most of what is out there on NIS - Linux interoperability. Unfortunately, nothing explains what we encountered on a FreeBSD 6.2 machine running NFS and NIS: 1. FreeBSD clients work as advertised, they interpret the password maps correctly; we export the server's /usr/home filesystem and users' home directories are automatically easily available. 2. ...just installed a clean Ubuntu 7.10 (newest) and set up NIS and he's STILL able to log in as ANY user without a password and can access their network drive when it's mounted Number 2 above scared the living daylights out of me. I checked permissions on the /usr/home directories, all set to 770 (each user in in their own group). The Ubuntu client could still walk all over this filesystem. Let me be clear: any valid username (as exported by the NIS maps) was authenticated with any password. Somehow Ubuntu was given root user permissions no matter what user was logged in. When we changed the /var/yp/Makefile to create maps with an 'x' instead of an '*' this fixed the problem but also resulted in no valid logins from the Ubuntu clients at all. And I have not checked the FreeBSD client machines to see how they deal with the 'x' in the password map but that doesn't matter; what concerns me is how Ubuntu was given free access over the filesystem...That makes NIS unuseable in our environment (a public high school) because what about Mac's? and other Linux-type clients? Can anyone shed a clue on what is occurring here? Seems like a dangerous hole in FBSD's NIS implementation. I know, I should move to Kerberos/LDAP but that realistically cannot happen until the summer. Thank you in advance for your help! RA Cohen Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
NIS Linux - Ubuntu
I am sorry, here is an addendum to my previous post: Somehow Ubuntu was given root user permissions Actually, upon rereading my notes, Ubuntu was only given permissions of the user doing the login - not root - but we could login with any valid user apparently FreeBSD thought it was presented with a wildcard password. And I can also verify that FreeBSD clients are able to use the password map when x is used instead of * in the map to represent the password. So I can secure the system using the x but still cannot get Ubuntu clients to authenticate. Roy Looking for last minute shopping deals? Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
NIS group mQuestion
Hello, I'm trying to setup a NIS Server under FreeBSD 6.2 to serve Linux Clients (CentOS4). The main problem i have is with the group map. When FreeBSD generates the maps it gets the info for this from /etc/group, which gets imported from the Linux clients. My question is: Is there anyway to avoid this? I would like to use a different group file, not the one in /etc in the same way it's done with master.passwd Best regards ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: NIS group mQuestion
Hello, I'm trying to setup a NIS Server under FreeBSD 6.2 to serve Linux Clients (CentOS4). The main problem i have is with the group map. When FreeBSD generates the maps it gets the info for this from /etc/group, which gets imported from the Linux clients. My question is: Is there anyway to avoid this? I would like to use a different group file, not the one in /etc in the same way it's done with master.passwd Best regards Hi again, i'll answer to myself. To change the way NIS works in FreeBSD i have just to edit /var/yp/Makefile and change the place where NIS takes the source files. I just had to read the Makefile first to send the question to the list! Thanks again ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: NIS interoperability with Linux, was Re: Following directions doesn't seem to work: Adding users in NIS
Manolis Kiagias [EMAIL PROTECTED] writes: Lowell Gilbert wrote: Manolis Kiagias [EMAIL PROTECTED] writes: I've read this the first time I tried and decided not to go with it. The manual says: If you plan to use a FreeBSD system to serve non-FreeBSD clients that have no support for password shadowing (which is most of them), you will have to disable the password shadowing entirely by uncommenting the UNSECURE=True entry in /var/yp/Makefile. Linux certainly uses password shadowing, and I can see in my debian server maps passwd.byname and shadow.byname files If I perform ypcat passwd.byname from a client I get the standard passwd file with no passwords (exactly like /etc/passwd) The encrypted passwords are in the shadow.byname map. Now, if I understand correctly, the above solution would put the passwords in the passwd.byname map, thus making the system less secure, where in fact I should be able to make FreeBSD export a shadow.byname map that would be compatible with Linux. Am I missing something here / are my assumptions wrong? I think you are assuming that Linux uses password shadowing over NIS. This is not possible, and no system does it. The FreeBSD security method in question just forces requests for the password maps to come from privileged ports. This is a very minor security method, and other systems don't support it. Fundamentally, NIS assumes that you trust the machines you are serving. Or at least are willing to let them have the encrypted passwords. No OS can change this; it's not a Linux/FreeBSD issue. I have experimented a bit further with my debian NIS server, and this is what I found: From a NIS client, I can do with my standard user account: [EMAIL PROTECTED]:~$ ypcat passwd.byname user1:x:1010:1010:Joe User,,,:/home/user1:/bin/bash and I get the standard, world-readable password file (the one without the passwords) However, the standard user cannot run: This is the answer: [EMAIL PROTECTED]:~$ ypcat shadow.byname No such map shadow.byname. Reason: No such map in server's domain As root, however: [EMAIL PROTECTED]:~# ypcat shadow.byname user1:$1$1233245435435345543545345sfsdfsfdf:13577:0:9:7::: ... This seems to be consistent with the FreeBSD NIS Server behaviour described in nis(8) manual page: To help prevent this, FreeBSD's NIS server handles the shadow password maps (master.passwd.byname and master.passwd.byuid) in a special way: the server will only provide access to these maps in response to requests that originate on privileged ports. Since only the super-user is allowed to bind to a privileged port, the server assumes that all such requests come from privileged users. All other requests are denied: requests from non-privileged ports will receive only an error code from the server. So, it seems linux handles this the same way. Difference is linux has a shadow.byname map while FreeBSD has a master.passwd.byname map (possibly also internal differences in the files) Now, if I understand correctly, If I where to add the UNSECURE feature in the FreeBSD server, I expect the shadow passwords would be inserted in the passwd.byname map which is world readable and hence a security issue. (Perhaps I will do this experiment next and let you know of the outcome) This is hardly important for my home server scenario, but it would be, should I decide to implement a FreeBSD NIS server somewhere else. Hence, the best possible solution would be to get a Makefile for the FreeBSD NIS server that would produce completely Linux compatible maps. Hmm. What you're saying makes sense; unfortunately, I haven't had a network configured this way in a while, so I'm rather rusty on the details. It sounds as though this is just a matter of the map names. Perhaps you could handle that with nicknames? I believe that the master.passwd.byname map is in the same FreeBSD- specific format as master.passwd, but that on all systems passwd.byname is the standard old format that YP always used. In most (not all, but most) cases, I don't think it's worth worrying about the secure modes available, whether you're taking the FreeBSD or the Linux map names and formats. It's based on the assumption that someone untrusted can be on your network but can't use low-numbered TCP ports. This is unusual in my experience. Good luck. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: NIS interoperability with Linux, was Re: Following directions doesn't seem to work: Adding users in NIS
Lowell Gilbert wrote: Manolis Kiagias [EMAIL PROTECTED] writes: I have experimented a bit further with my debian NIS server, and this is what I found: From a NIS client, I can do with my standard user account: [EMAIL PROTECTED]:~$ ypcat passwd.byname user1:x:1010:1010:Joe User,,,:/home/user1:/bin/bash and I get the standard, world-readable password file (the one without the passwords) However, the standard user cannot run: This is the answer: [EMAIL PROTECTED]:~$ ypcat shadow.byname No such map shadow.byname. Reason: No such map in server's domain As root, however: [EMAIL PROTECTED]:~# ypcat shadow.byname user1:$1$1233245435435345543545345sfsdfsfdf:13577:0:9:7::: ... This seems to be consistent with the FreeBSD NIS Server behaviour described in nis(8) manual page: To help prevent this, FreeBSD's NIS server handles the shadow password maps (master.passwd.byname and master.passwd.byuid) in a special way: the server will only provide access to these maps in response to requests that originate on privileged ports. Since only the super-user is allowed to bind to a privileged port, the server assumes that all such requests come from privileged users. All other requests are denied: requests from non-privileged ports will receive only an error code from the server. So, it seems linux handles this the same way. Difference is linux has a shadow.byname map while FreeBSD has a master.passwd.byname map (possibly also internal differences in the files) Now, if I understand correctly, If I where to add the UNSECURE feature in the FreeBSD server, I expect the shadow passwords would be inserted in the passwd.byname map which is world readable and hence a security issue. (Perhaps I will do this experiment next and let you know of the outcome) This is hardly important for my home server scenario, but it would be, should I decide to implement a FreeBSD NIS server somewhere else. Hence, the best possible solution would be to get a Makefile for the FreeBSD NIS server that would produce completely Linux compatible maps. Hmm. What you're saying makes sense; unfortunately, I haven't had a network configured this way in a while, so I'm rather rusty on the details. It sounds as though this is just a matter of the map names. Perhaps you could handle that with nicknames? It is a matter of names, but also there are changes internally in the file. All can be handled by a modified Makefile, which I hope to be able to patch I have a few more urgent experiments with the test machine, so this will have to wait for a while. I believe that the master.passwd.byname map is in the same FreeBSD- specific format as master.passwd, but that on all systems passwd.byname is the standard old format that YP always used. In fact, in Linux, shadow.byname is the exact same format as /etc/shadow, so I believe your assumption about master.passwd.byname is true. In most (not all, but most) cases, I don't think it's worth worrying about the secure modes available, whether you're taking the FreeBSD or the Linux map names and formats. It's based on the assumption that someone untrusted can be on your network but can't use low-numbered TCP ports. This is unusual in my experience. True, and as I said for my home network this is more of an academic exercise. However considering the (probable) outcome of the UNSECURE line in Makefile, it would reduce the security of a host to pre-shadow days. The hashes would be available to anyone, and then someone could discover john the ripper and give brute force a try. This is probably something to keep in mind for more security-conscious environments. Combine it with the fact it would affect all nis clients and not a single machine, and you may get a serious security incident. Good luck. ___ Thanks, should I decide to wrestle with the Makefile, I will need it :) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: NIS interoperability with Linux, was Re: Following directions doesn't seem to work: Adding users in NIS
Manolis Kiagias [EMAIL PROTECTED] writes: I've read this the first time I tried and decided not to go with it. The manual says: If you plan to use a FreeBSD system to serve non-FreeBSD clients that have no support for password shadowing (which is most of them), you will have to disable the password shadowing entirely by uncommenting the UNSECURE=True entry in /var/yp/Makefile. Linux certainly uses password shadowing, and I can see in my debian server maps passwd.byname and shadow.byname files If I perform ypcat passwd.byname from a client I get the standard passwd file with no passwords (exactly like /etc/passwd) The encrypted passwords are in the shadow.byname map. Now, if I understand correctly, the above solution would put the passwords in the passwd.byname map, thus making the system less secure, where in fact I should be able to make FreeBSD export a shadow.byname map that would be compatible with Linux. Am I missing something here / are my assumptions wrong? I think you are assuming that Linux uses password shadowing over NIS. This is not possible, and no system does it. The FreeBSD security method in question just forces requests for the password maps to come from privileged ports. This is a very minor security method, and other systems don't support it. Fundamentally, NIS assumes that you trust the machines you are serving. Or at least are willing to let them have the encrypted passwords. No OS can change this; it's not a Linux/FreeBSD issue. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: NIS interoperability with Linux, was Re: Following directions doesn't seem to work: Adding users in NIS
Lowell Gilbert wrote: Manolis Kiagias [EMAIL PROTECTED] writes: I've read this the first time I tried and decided not to go with it. The manual says: If you plan to use a FreeBSD system to serve non-FreeBSD clients that have no support for password shadowing (which is most of them), you will have to disable the password shadowing entirely by uncommenting the UNSECURE=True entry in /var/yp/Makefile. Linux certainly uses password shadowing, and I can see in my debian server maps passwd.byname and shadow.byname files If I perform ypcat passwd.byname from a client I get the standard passwd file with no passwords (exactly like /etc/passwd) The encrypted passwords are in the shadow.byname map. Now, if I understand correctly, the above solution would put the passwords in the passwd.byname map, thus making the system less secure, where in fact I should be able to make FreeBSD export a shadow.byname map that would be compatible with Linux. Am I missing something here / are my assumptions wrong? I think you are assuming that Linux uses password shadowing over NIS. This is not possible, and no system does it. The FreeBSD security method in question just forces requests for the password maps to come from privileged ports. This is a very minor security method, and other systems don't support it. Fundamentally, NIS assumes that you trust the machines you are serving. Or at least are willing to let them have the encrypted passwords. No OS can change this; it's not a Linux/FreeBSD issue. I have experimented a bit further with my debian NIS server, and this is what I found: From a NIS client, I can do with my standard user account: [EMAIL PROTECTED]:~$ ypcat passwd.byname user1:x:1010:1010:Joe User,,,:/home/user1:/bin/bash and I get the standard, world-readable password file (the one without the passwords) However, the standard user cannot run: This is the answer: [EMAIL PROTECTED]:~$ ypcat shadow.byname No such map shadow.byname. Reason: No such map in server's domain As root, however: [EMAIL PROTECTED]:~# ypcat shadow.byname user1:$1$1233245435435345543545345sfsdfsfdf:13577:0:9:7::: ... This seems to be consistent with the FreeBSD NIS Server behaviour described in nis(8) manual page: To help prevent this, FreeBSD's NIS server handles the shadow password maps (master.passwd.byname and master.passwd.byuid) in a special way: the server will only provide access to these maps in response to requests that originate on privileged ports. Since only the super-user is allowed to bind to a privileged port, the server assumes that all such requests come from privileged users. All other requests are denied: requests from non-privileged ports will receive only an error code from the server. So, it seems linux handles this the same way. Difference is linux has a shadow.byname map while FreeBSD has a master.passwd.byname map (possibly also internal differences in the files) Now, if I understand correctly, If I where to add the UNSECURE feature in the FreeBSD server, I expect the shadow passwords would be inserted in the passwd.byname map which is world readable and hence a security issue. (Perhaps I will do this experiment next and let you know of the outcome) This is hardly important for my home server scenario, but it would be, should I decide to implement a FreeBSD NIS server somewhere else. Hence, the best possible solution would be to get a Makefile for the FreeBSD NIS server that would produce completely Linux compatible maps. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: NIS interoperability with Linux, was Re: Following directions doesn't seem to work: Adding users in NIS
Manolis Kiagias [EMAIL PROTECTED] writes: Olivier Nicole wrote: Linux doesn't normally use master.passwd. If I recall correctly, it uses /etc/shadow instead (but I don't have such a box at hand right now to check). And yes, the internal format is different (and, again, I don't remember details). If I am not wrong, NIS does not know anything about master.passwd or shadow, it has only passwd.byname passwd.byuid as password maps, both maps including password in them. Olivier You are probably right, I don't remember the exact files right now, the thing is the maps are not linux compatible, so if anyone has a NIS Makefile for this, I'd be glad to get a copy. I already tried a patch I found but was not successful. Don't patch anything. Just edit /var/yp/Makefile to remove the comment character from the UNSECURE line, rebuild, and you're done. This is fully explained inline in that file, as well as in the manual for ypserv(8). ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: NIS interoperability with Linux, was Re: Following directions doesn't seem to work: Adding users in NIS
Lowell Gilbert wrote: Manolis Kiagias [EMAIL PROTECTED] writes: Olivier Nicole wrote: Linux doesn't normally use master.passwd. If I recall correctly, it uses /etc/shadow instead (but I don't have such a box at hand right now to check). And yes, the internal format is different (and, again, I don't remember details). If I am not wrong, NIS does not know anything about master.passwd or shadow, it has only passwd.byname passwd.byuid as password maps, both maps including password in them. Olivier You are probably right, I don't remember the exact files right now, the thing is the maps are not linux compatible, so if anyone has a NIS Makefile for this, I'd be glad to get a copy. I already tried a patch I found but was not successful. Don't patch anything. Just edit /var/yp/Makefile to remove the comment character from the UNSECURE line, rebuild, and you're done. This is fully explained inline in that file, as well as in the manual for ypserv(8). ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] I've read this the first time I tried and decided not to go with it. The manual says: If you plan to use a FreeBSD system to serve non-FreeBSD clients that have no support for password shadowing (which is most of them), you will have to disable the password shadowing entirely by uncommenting the UNSECURE=True entry in /var/yp/Makefile. Linux certainly uses password shadowing, and I can see in my debian server maps passwd.byname and shadow.byname files If I perform ypcat passwd.byname from a client I get the standard passwd file with no passwords (exactly like /etc/passwd) The encrypted passwords are in the shadow.byname map. Now, if I understand correctly, the above solution would put the passwords in the passwd.byname map, thus making the system less secure, where in fact I should be able to make FreeBSD export a shadow.byname map that would be compatible with Linux. Am I missing something here / are my assumptions wrong? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Following directions doesn't seem to work: Adding users in NIS
David Benfell [EMAIL PROTECTED] writes: Where are there working directions for adding users under NIS? The instructions in the FreeBSD handbook don't seem to result in added users being propagated out to slaves. And the failure is silent, so I have no idea what I'm really supposed to be doing to make this work. All I know is that added users end up in the main /etc/passwd and /etc/master.passwd; the -Y option to pw seems to change nothing other than to consume time updating (but I don't know what, since the changes I'm looking for don't appear) various maps and pushing the maps. And, having evidently done the *wrong* thing, how do I fix the added users so they now appear in NIS? adduser(8) doesn't know anything about NIS. I don't know any automated way of adding users to a NIS map, but my home network is small enough that I don't bother. What you want to do is move the users' entries from master.passwd into your NIS master file, and rebuild the maps. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Following directions doesn't seem to work: Adding users in NIS
David Benfell wrote: Hello all, Where are there working directions for adding users under NIS? The instructions in the FreeBSD handbook don't seem to result in added users being propagated out to slaves. And the failure is silent, so I have no idea what I'm really supposed to be doing to make this work. All I know is that added users end up in the main /etc/passwd and /etc/master.passwd; the -Y option to pw seems to change nothing other than to consume time updating (but I don't know what, since the changes I'm looking for don't appear) various maps and pushing the maps. And, having evidently done the *wrong* thing, how do I fix the added users so they now appear in NIS? Thanks! The following comes from the handbook and works for me: copy your master.passwd to /var/yp, i.e: cp /etc/master.passwd /var/yp/master.passwd Edit the copy of master.passwd and exclude all irrelevant accounts (root,servers and so on) Then run: ypinit -m your-nis.domain My real problem with nis is the fact the freebsd maps are not compatible with linux clients, and I can't seem to get the Makefile right... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Following directions doesn't seem to work: Adding users in NIS
On Mon, 15 Oct 2007 10:54:45 -0400, Lowell Gilbert wrote: David Benfell [EMAIL PROTECTED] writes: Where are there working directions for adding users under NIS? The instructions in the FreeBSD handbook don't seem to result in added users being propagated out to slaves. And the failure is silent, so I have no idea what I'm really supposed to be doing to make this work. All I know is that added users end up in the main /etc/passwd and /etc/master.passwd; the -Y option to pw seems to change nothing other than to consume time updating (but I don't know what, since the changes I'm looking for don't appear) various maps and pushing the maps. And, having evidently done the *wrong* thing, how do I fix the added users so they now appear in NIS? adduser(8) doesn't know anything about NIS. I don't know any automated way of adding users to a NIS map, but my home network is small enough that I don't bother. I was using pw, which claims to be able to update NIS via the -Y option, but frankly, the behavior you describe seems to match its behavior as well. My network is also a home network, but the complications I get into are nothing short of amazing. What you want to do is move the users' entries from master.passwd into your NIS master file, and rebuild the maps. Do I also need to modify the copy of passwd or is master.passwd the only one that matters? Thanks! -- David Benfell, LCP [EMAIL PROTECTED] --- Resume available at http://www.parts-unknown.org/ NOTE: I sign all messages with GnuPG (0DD1D1E3). pgpC7kHryDDzp.pgp Description: PGP signature
Re: Following directions doesn't seem to work: Adding users in NIS
David Benfell wrote: Hello all, Where are there working directions for adding users under NIS? The instructions in the FreeBSD handbook don't seem to result in added users being propagated out to slaves. And the failure is silent, so I have no idea what I'm really supposed to be doing to make this work. All I know is that added users end up in the main /etc/passwd and /etc/master.passwd; the -Y option to pw seems to change nothing other than to consume time updating (but I don't know what, since the changes I'm looking for don't appear) various maps and pushing the maps. And, having evidently done the *wrong* thing, how do I fix the added users so they now appear in NIS? Stupid question here, so I'll be the one to ask (seems a perfect job for a troll like me), did you read pw.conf(5)? Kevin Kinsey -- Join in the new game that's sweeping the country. It's called Bureaucracy. Everybody stands in a circle. The first person to do anything loses. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Following directions doesn't seem to work: Adding users in NIS
On Mon, 15 Oct 2007 18:57:27 +0300, Manolis Kiagias wrote: The following comes from the handbook and works for me: copy your master.passwd to /var/yp, i.e: cp /etc/master.passwd /var/yp/master.passwd Edit the copy of master.passwd and exclude all irrelevant accounts (root,servers and so on) Then run: ypinit -m your-nis.domain So the message I'm getting here is that the procedure used to initially set up NIS is the same as that used to update NIS. Further down that page, it claims that pw can be used to add users to an existing scheme: quote 27.4.8 Important Things to Remember There are still a couple of things that you will need to do differently now that you are in an NIS environment. * Every time you wish to add a user to the lab, you must add it to the master NIS server only, and you must remember to rebuild the NIS maps. If you forget to do this, the new user will not be able to login anywhere except on the NIS master. For example, if we needed to add a new user jsmith to the lab, we would: # pw useradd jsmith # cd /var/yp # make test-domain You could also run adduser jsmith instead of pw useradd jsmith. /quote My real problem with nis is the fact the freebsd maps are not compatible with linux clients, and I can't seem to get the Makefile right... Ouch! I'm ultimately planning to add a Linux client. In theory, I can get by with just NFS for this particular application, but it would be better to have NIS as well. -- David Benfell, LCP [EMAIL PROTECTED] --- Resume available at http://www.parts-unknown.org/ NOTE: I sign all messages with GnuPG (0DD1D1E3). pgpSkvYz91VAZ.pgp Description: PGP signature
Re: Following directions doesn't seem to work: Adding users in NIS
David Benfell wrote: On Mon, 15 Oct 2007 18:57:27 +0300, Manolis Kiagias wrote: The following comes from the handbook and works for me: copy your master.passwd to /var/yp, i.e: cp /etc/master.passwd /var/yp/master.passwd Edit the copy of master.passwd and exclude all irrelevant accounts (root,servers and so on) Then run: ypinit -m your-nis.domain So the message I'm getting here is that the procedure used to initially set up NIS is the same as that used to update NIS. Further down that page, it claims that pw can be used to add users to an existing scheme Reinitializing the maps like this should cause no problem, and you will get all the new accounts. I have not tried the update procedure from the handbook, I got stuck with the linux client. : quote 27.4.8 Important Things to Remember There are still a couple of things that you will need to do differently now that you are in an NIS environment. * Every time you wish to add a user to the lab, you must add it to the master NIS server only, and you must remember to rebuild the NIS maps. If you forget to do this, the new user will not be able to login anywhere except on the NIS master. For example, if we needed to add a new user jsmith to the lab, we would: # pw useradd jsmith # cd /var/yp # make test-domain You could also run adduser jsmith instead of pw useradd jsmith. /quote This looks more or less similar to Linux procedures ( usually make -C /var/yp), but as I said I have not tried this on FreeBSD. My real problem with nis is the fact the freebsd maps are not compatible with linux clients, and I can't seem to get the Makefile right... Ouch! I'm ultimately planning to add a Linux client. In theory, I can get by with just NFS for this particular application, but it would be better to have NIS as well. Well I can tell you with certainty, it is not compatible out of the box, and I have not managed to make it work (though I must admit I did not put a lot of effort into this). Seems the exported master.passwd map needs a filename change + internal changes, thus the NIS Makefile needs to be modified. On the Linux side, the users are visible (e.g. you can run id username and the user is there) but they cannot login. If you Google FreeBSD NIS Server Linux Clients you will get some patches for the NIS Makefile to make it Linux compatible. I was not however successful with this. If you do try it and get it to work, please report back. Manolis ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Following directions doesn't seem to work: Adding users in NIS
David Benfell [EMAIL PROTECTED] writes: On Mon, 15 Oct 2007 10:54:45 -0400, Lowell Gilbert wrote: adduser(8) doesn't know anything about NIS. I don't know any automated way of adding users to a NIS map, but my home network is small enough that I don't bother. I was using pw, which claims to be able to update NIS via the -Y option, but frankly, the behavior you describe seems to match its behavior as well. That's different. According to its manual page, I would expect you to need the -y option to go with -Y. My network is also a home network, but the complications I get into are nothing short of amazing. Nah. It takes some time to set up, but it works very easily after that. What you want to do is move the users' entries from master.passwd into your NIS master file, and rebuild the maps. Do I also need to modify the copy of passwd or is master.passwd the only one that matters? passwd gets generated automatically from master.passwd. For the main system files, see the manual for pwd_mkdb(8). For the NIS versions, I don't remember the details offhand, but the Makefile under /var/yp probably knows all the relevant magic. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
NIS interoperability with Linux, was Re: Following directions doesn't seem to work: Adding users in NIS
On Mon, 15 Oct 2007 22:29:35 +0300, Manolis Kiagias wrote: Well I can tell you with certainty, it is not compatible out of the box, and I have not managed to make it work (though I must admit I did not put a lot of effort into this). Seems the exported master.passwd map needs a filename change + internal changes, thus the NIS Makefile needs to be modified. On the Linux side, the users are visible (e.g. you can run id username and the user is there) but they cannot login. If you Google FreeBSD NIS Server Linux Clients you will get some patches for the NIS Makefile to make it Linux compatible. I was not however successful with this. If you do try it and get it to work, please report back. Linux doesn't normally use master.passwd. If I recall correctly, it uses /etc/shadow instead (but I don't have such a box at hand right now to check). And yes, the internal format is different (and, again, I don't remember details). This conversion, however, sounds like an ugly hack. I'm thinking a *correct* (tm) solution would be a pluggable authentication module (pam) that could interpret the master.passwd file properly. This would also depend on Linux supporting the cryptography method used to encrypt the passwords (perhaps it does, but I'm not sure). What I wasn't realizing was that NIS operated by simply propagating versions of master.passwd (and maybe passwd); while this will certainly be interoperable between FreeBSD (and I think OpenBSD) systems, it is clearly a problem with Linux and probably other UNIX-like OS's. -- David Benfell, LCP [EMAIL PROTECTED] --- Resume available at http://www.parts-unknown.org/ NOTE: I sign all messages with GnuPG (0DD1D1E3). pgpA6BTi4TWOA.pgp Description: PGP signature
Re: Following directions doesn't seem to work: Adding users in NIS
On Mon, 15 Oct 2007 16:17:59 -0400, Lowell Gilbert wrote: David Benfell [EMAIL PROTECTED] writes: On Mon, 15 Oct 2007 10:54:45 -0400, Lowell Gilbert wrote: What you want to do is move the users' entries from master.passwd into your NIS master file, and rebuild the maps. Do I also need to modify the copy of passwd or is master.passwd the only one that matters? passwd gets generated automatically from master.passwd. For the main system files, see the manual for pwd_mkdb(8). For the NIS versions, I don't remember the details offhand, but the Makefile under /var/yp probably knows all the relevant magic. This worked, thanks! -- David Benfell, LCP [EMAIL PROTECTED] --- Resume available at http://www.parts-unknown.org/ NOTE: I sign all messages with GnuPG (0DD1D1E3). pgpiwLcTb4lQe.pgp Description: PGP signature
Re: Following directions doesn't seem to work: Adding users in NIS
On Mon, 15 Oct 2007 13:54:56 -0500, Kevin Kinsey wrote: Stupid question here, so I'll be the one to ask (seems a perfect job for a troll like me), did you read pw.conf(5)? Didn't even know it existed. Thanks! -- David Benfell, LCP [EMAIL PROTECTED] --- Resume available at http://www.parts-unknown.org/ NOTE: I sign all messages with GnuPG (0DD1D1E3). pgplVic1HhZK0.pgp Description: PGP signature
Re: NIS interoperability with Linux, was Re: Following directions doesn't seem to work: Adding users in NIS
Linux doesn't normally use master.passwd. If I recall correctly, it uses /etc/shadow instead (but I don't have such a box at hand right now to check). And yes, the internal format is different (and, again, I don't remember details). If I am not wrong, NIS does not know anything about master.passwd or shadow, it has only passwd.byname passwd.byuid as password maps, both maps including password in them. Olivier ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Following directions doesn't seem to work: Adding users in NIS
And, having evidently done the *wrong* thing, how do I fix the added users so they now appear in NIS? cs /var/yp make ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: NIS interoperability with Linux, was Re: Following directions doesn't seem to work: Adding users in NIS
Olivier Nicole wrote: Linux doesn't normally use master.passwd. If I recall correctly, it uses /etc/shadow instead (but I don't have such a box at hand right now to check). And yes, the internal format is different (and, again, I don't remember details). If I am not wrong, NIS does not know anything about master.passwd or shadow, it has only passwd.byname passwd.byuid as password maps, both maps including password in them. Olivier ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] You are probably right, I don't remember the exact files right now, the thing is the maps are not linux compatible, so if anyone has a NIS Makefile for this, I'd be glad to get a copy. I already tried a patch I found but was not successful. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Following directions doesn't seem to work: Adding users in NIS
Hello all, Where are there working directions for adding users under NIS? The instructions in the FreeBSD handbook don't seem to result in added users being propagated out to slaves. And the failure is silent, so I have no idea what I'm really supposed to be doing to make this work. All I know is that added users end up in the main /etc/passwd and /etc/master.passwd; the -Y option to pw seems to change nothing other than to consume time updating (but I don't know what, since the changes I'm looking for don't appear) various maps and pushing the maps. And, having evidently done the *wrong* thing, how do I fix the added users so they now appear in NIS? Thanks! -- David Benfell, LCP [EMAIL PROTECTED] --- Resume available at http://www.parts-unknown.org/ NOTE: I sign all messages with GnuPG (0DD1D1E3). pgpwEyAPkAAnC.pgp Description: PGP signature
NIS server over IPv6
Hi Group, I wish to know whether FreeBSD supports NIS server running over IPv6 protocol? I'm clueless in getting information about NIS server over IPv6 configuration and availability in any Unix flavors including *BSDs, Solaris or Linux distros. Thanks in Advance, Prabhu H ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: NIS server over IPv6
On Friday 31 August 2007 11:15:51 Prabhu Harihar wrote: I wish to know whether FreeBSD supports NIS server running over IPv6 protocol? I'm clueless in getting information about NIS server over IPv6 configuration and availability in any Unix flavors including *BSDs, Solaris or Linux distros. Except from configuring IPv6 and host resolving correctly, I don't think there's anything different with respect to NIS. It's all based on host and domainnames, so if a domain has one or more hosts with only IPv6 address, then it'll use IPv6. -- Mel ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: NIS server over IPv6
I think, the underlying RPC portmapper needs to be ipv6-aware. Whether this is supported in FreeBSD? Do you think no other configuration changes needed for NIS server / client running natively over IPv6 network? Thanks! On 8/31/07, Mel [EMAIL PROTECTED] wrote: On Friday 31 August 2007 11:15:51 Prabhu Harihar wrote: I wish to know whether FreeBSD supports NIS server running over IPv6 protocol? I'm clueless in getting information about NIS server over IPv6 configuration and availability in any Unix flavors including *BSDs, Solaris or Linux distros. Except from configuring IPv6 and host resolving correctly, I don't think there's anything different with respect to NIS. It's all based on host and domainnames, so if a domain has one or more hosts with only IPv6 address, then it'll use IPv6. -- Mel ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: NIS server over IPv6
On Friday 31 August 2007 15:23:23 Prabhu Harihar wrote: reformatted for clarity(tm) On 8/31/07, Mel [EMAIL PROTECTED] wrote: On Friday 31 August 2007 11:15:51 Prabhu Harihar wrote: I wish to know whether FreeBSD supports NIS server running over IPv6 protocol? I'm clueless in getting information about NIS server over IPv6 configuration and availability in any Unix flavors including *BSDs, Solaris or Linux distros. Except from configuring IPv6 and host resolving correctly, I don't think there's anything different with respect to NIS. It's all based on host and domainnames, so if a domain has one or more hosts with only IPv6 address, then it'll use IPv6. I think, the underlying RPC portmapper needs to be ipv6-aware. Whether this is supported in FreeBSD? Do you think no other configuration changes needed for NIS server / client running natively over IPv6 network? man rpcbind shows a -6 option, giving it the ability to only bind to IPv6 addresses, so I assume it's IPv6 ready. I can't think of a network utility/daemon in stock FreeBSD that isn't actually. -- Mel ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
configuring nis
Hi, I have been having some trouble with getting NIS working on my freebsd server. Mainly because I have never before used this. I now have it working, but there is an odd inconsistency which I don't know how to remove/update. I changed the gid of a user with: 'pw usermod -n sam -g 1000', but this change is not reflected in the yp maps. I did recreate the maps again with 'ypinit -m', but I guess that was not the trick I needed to update the maps. So, now when I run 'ypcat passwd', I see something like this: sam:*:1000:1001:Sam Genter:/home/sam:/usr/local/bin/bash while I also see this: 'id sam' uid=1000(sam) gid=1000(sam) groups=1000(sam), 100(users) The difference is thus the gid. I can find information about updating/pushing the maps onto slave servers, but not about getting changes into the maps on the sole nis server I have. Cheers, Warren ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: configuring nis
WarrenHead schreef: Hi, I have been having some trouble with getting NIS working on my freebsd server. Mainly because I have never before used this. I now have it working, but there is an odd inconsistency which I don't know how to remove/update. I changed the gid of a user with: 'pw usermod -n sam -g 1000', but this change is not reflected in the yp maps. I did recreate the maps again with 'ypinit -m', but I guess that was not the trick I needed to update the maps. So, now when I run 'ypcat passwd', I see something like this: sam:*:1000:1001:Sam Genter:/home/sam:/usr/local/bin/bash while I also see this: 'id sam' uid=1000(sam) gid=1000(sam) groups=1000(sam), 100(users) The difference is thus the gid. I can find information about updating/pushing the maps onto slave servers, but not about getting changes into the maps on the sole nis server I have. Cheers, Warren Oh and just running 'make -C /var/yp' doesn't solve it either. This command is suggested here: http://www.linux-nis.org/nis-howto/HOWTO/maps.html Cheers, Warren ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: configuring nis
Reid Linnemann schreef: Written by WarrenHead on 05/21/07 15:34 Hi, I have been having some trouble with getting NIS working on my freebsd server. Mainly because I have never before used this. I now have it working, but there is an odd inconsistency which I don't know how to remove/update. I changed the gid of a user with: 'pw usermod -n sam -g 1000', but this change is not reflected in the yp maps. I did recreate the maps again with 'ypinit -m', but I guess that was not the trick I needed to update the maps. So, now when I run 'ypcat passwd', I see something like this: sam:*:1000:1001:Sam Genter:/home/sam:/usr/local/bin/bash while I also see this: 'id sam' uid=1000(sam) gid=1000(sam) groups=1000(sam), 100(users) The difference is thus the gid. I can find information about updating/pushing the maps onto slave servers, but not about getting changes into the maps on the sole nis server I have. Cheers, Warren pw by default works on the local /etc/passwd, not the yp passwd database. I suggest reading about the -y option in the manpage: -y path This sets the pathname of the database used by NIS if you are not sharing the information from /etc/master.passwd directly with NIS. You should only set this option for NIS servers. Ah ofcourse. I wasn't using the default /etc/master.passwd because that one contains way more users than I want to share among machines. Thanks for the heads up! Cheers, Warren ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: configuring nis
Written by WarrenHead on 05/21/07 15:34 Hi, I have been having some trouble with getting NIS working on my freebsd server. Mainly because I have never before used this. I now have it working, but there is an odd inconsistency which I don't know how to remove/update. I changed the gid of a user with: 'pw usermod -n sam -g 1000', but this change is not reflected in the yp maps. I did recreate the maps again with 'ypinit -m', but I guess that was not the trick I needed to update the maps. So, now when I run 'ypcat passwd', I see something like this: sam:*:1000:1001:Sam Genter:/home/sam:/usr/local/bin/bash while I also see this: 'id sam' uid=1000(sam) gid=1000(sam) groups=1000(sam), 100(users) The difference is thus the gid. I can find information about updating/pushing the maps onto slave servers, but not about getting changes into the maps on the sole nis server I have. Cheers, Warren pw by default works on the local /etc/passwd, not the yp passwd database. I suggest reading about the -y option in the manpage: -y path This sets the pathname of the database used by NIS if you are not sharing the information from /etc/master.passwd directly with NIS. You should only set this option for NIS servers. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: configuring nis
WarrenHead [EMAIL PROTECTED] writes: I have been having some trouble with getting NIS working on my freebsd server. Mainly because I have never before used this. I now have it working, but there is an odd inconsistency which I don't know how to remove/update. I changed the gid of a user with: 'pw usermod -n sam -g 1000', but this change is not reflected in the yp maps. I did recreate the maps again with 'ypinit -m', but I guess that was not the trick I needed to update the maps. So, now when I run 'ypcat passwd', I see something like this: sam:*:1000:1001:Sam Genter:/home/sam:/usr/local/bin/bash while I also see this: 'id sam' uid=1000(sam) gid=1000(sam) groups=1000(sam), 100(users) The difference is thus the gid. I can find information about updating/pushing the maps onto slave servers, but not about getting changes into the maps on the sole nis server I have. This depends on where the sources for the maps are stored on the master. If NIS on the master is not getting its data directly from /etc/master.passwd, then I think you need to give the -y option to the pw(8) command to get it to change the maps. [Or you can just edit the files directly. That's what I do on my (very small) home network.] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: configuring nis
Written by WarrenHead on 05/21/07 16:11 Reid Linnemann schreef: Written by WarrenHead on 05/21/07 15:34 Hi, I have been having some trouble with getting NIS working on my freebsd server. Mainly because I have never before used this. I now have it working, but there is an odd inconsistency which I don't know how to remove/update. I changed the gid of a user with: 'pw usermod -n sam -g 1000', but this change is not reflected in the yp maps. I did recreate the maps again with 'ypinit -m', but I guess that was not the trick I needed to update the maps. So, now when I run 'ypcat passwd', I see something like this: sam:*:1000:1001:Sam Genter:/home/sam:/usr/local/bin/bash while I also see this: 'id sam' uid=1000(sam) gid=1000(sam) groups=1000(sam), 100(users) The difference is thus the gid. I can find information about updating/pushing the maps onto slave servers, but not about getting changes into the maps on the sole nis server I have. Cheers, Warren pw by default works on the local /etc/passwd, not the yp passwd database. I suggest reading about the -y option in the manpage: -y path This sets the pathname of the database used by NIS if you are not sharing the information from /etc/master.passwd directly with NIS. You should only set this option for NIS servers. Ah ofcourse. I wasn't using the default /etc/master.passwd because that one contains way more users than I want to share among machines. Thanks for the heads up! Cheers, Warren Also of interest should be the -Y option, which when used with the -y flag automatically triggers a 'make' in /var/yp. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
NIS intermittent connection trouble
I have an NIS server setup on a specific vlan. All my nis clients are setup on separate vlans with different networks. All of my clients have the same problem. When i run /etc/rc.d/ypbind start then /etc/rc.d/ypset start, everything works properly. However it will stop working for no apparent reason, and just timeout until it is restarted. Also If i make the server unavailable, then bring it back it has the same affect. It is as if it fails once, and never retries the same server. How can i fix this? Currently I have a cronjob set to restart ypbind and ypset. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
NIS intermittent connection trouble
I have an NIS server setup on a specific vlan. All my nis clients are setup on separate vlans with different networks. All of my clients have the same problem. When i run /etc/rc.d/ypbind start then /etc/rc.d/ypset start, everything works properly. However it will stop working for no apparent reason, and just timeout until it is restarted. Also If i make the server unavailable, then bring it back it has the same affect. It is as if it fails once, and never retries the same server. How can i fix this? Currently I have a cronjob set to restart ypbind and ypset. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
configuring nis
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I realize there is a nis section in the handbook, and I've read that. I was wondering how you configured the nis master.passwd maps, after you add a user with: pw useradd something - - the something user isn't automatically propegated to the /var/yp/master.passwd file. How can this be solved? This isn't explained in the handbook, and I was wondering if I should file it as a bug? -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (FreeBSD) iD8DBQFFTu5STsjaYASMWKQRAhG8AJ4vaXQLnvy8gS+mD9IRjAqi1YSbvACfewlf /vq8vJAORr4tZkUinvp+wEA= =RbRi -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RHEL 4 slave NIS server setup problem
Hi, Hope someone can help me here. We have a NIS master server running on FreeBSD 4.11. RHEL clients can bind to the server without any problem. Now I want to add another nis slave server using RHEL 4. When I issued command /usr/lib/yp/ypinit -s master, I got following errors: We will need a few minutes to copy the data from master. Transferring passwd.byuid... Trying ypxfrd ...rpc.ypxfrd doesn't support the needed database type call to rpc.ypxfrd failed: RPC: Can't decode result (failed, fallback to enumeration) Transferring passwd.byname... Trying ypxfrd ...rpc.ypxfrd doesn't support the needed database type call to rpc.ypxfrd failed: RPC: Can't decode result (failed, fallback to enumeration) Transferring group.bygid... Trying ypxfrd ...rpc.ypxfrd doesn't support the needed database type call to rpc.ypxfrd failed: RPC: Can't decode result (failed, fallback to enumeration) Transferring group.byname... Trying ypxfrd ...rpc.ypxfrd doesn't support the needed database type call to rpc.ypxfrd failed: RPC: Can't decode result (failed, fallback to enumeration) Transferring services.byname... Trying ypxfrd ...rpc.ypxfrd doesn't support the needed database type call to rpc.ypxfrd failed: RPC: Can't decode result (failed, fallback to enumeration) Transferring rpc.bynumber... Trying ypxfrd ...rpc.ypxfrd doesn't support the needed database type call to rpc.ypxfrd failed: RPC: Can't decode result (failed, fallback to enumeration) Transferring rpc.byname... Trying ypxfrd ...rpc.ypxfrd doesn't support the needed database type call to rpc.ypxfrd failed: RPC: Can't decode result (failed, fallback to enumeration) Transferring protocols.byname... Trying ypxfrd ...rpc.ypxfrd doesn't support the needed database type call to rpc.ypxfrd failed: RPC: Can't decode result (failed, fallback to enumeration) Transferring networks.byname... Trying ypxfrd ...rpc.ypxfrd doesn't support the needed database type call to rpc.ypxfrd failed: RPC: Can't decode result (failed, fallback to enumeration) Transferring protocols.bynumber... Trying ypxfrd ...rpc.ypxfrd doesn't support the needed database type call to rpc.ypxfrd failed: RPC: Can't decode result (failed, fallback to enumeration) Transferring hosts.byaddr... Trying ypxfrd ...rpc.ypxfrd doesn't support the needed database type call to rpc.ypxfrd failed: RPC: Can't decode result (failed, fallback to enumeration) Transferring netid.byname... Trying ypxfrd ...rpc.ypxfrd doesn't support the needed database type call to rpc.ypxfrd failed: RPC: Can't decode result (failed, fallback to enumeration) Transferring networks.byaddr... Trying ypxfrd ...rpc.ypxfrd doesn't support the needed database type call to rpc.ypxfrd failed: RPC: Can't decode result (failed, fallback to enumeration) Transferring ypservers... Trying ypxfrd ...rpc.ypxfrd doesn't support the needed database type call to rpc.ypxfrd failed: RPC: Can't decode result (failed, fallback to enumeration) Transferring hosts.byname... Trying ypxfrd ...rpc.ypxfrd doesn't support the needed database type call to rpc.ypxfrd failed: RPC: Can't decode result (failed, fallback to enumeration) faith.schrodinger.com's NIS data base has been set up. If there were warnings, please figure out what went wrong, and fix it. At this point, make sure that /etc/passwd and /etc/group have been edited so that when the NIS is activated, the data bases you have just created will be used, instead of the /etc ASCII files. Is it required to have the same nis map data file type on both master and slave? How to make maps transfer from FreeBSD to Linux correctly? Simon ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
NIS ypserv problem with client ypbind
Hi, We are running a NIS server on FreeBSD 4.7. Clients running Gentoo can not bind to the server. The ypbind on Gentoo client is ypbind-1.19.1-r1. Tests with NIS servrs running on Gentoo and Redhat machines do not show any problem with the same Gentoo clients. I tried to find version of ypserv installed on the machine. However, I could not. Neither pkg_info nor /usr/sbin/ypserv provides any version information. Any other way to find out which version of ypserv is installed? Simon ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
freebsd nis and solaris
freebsd 6.1 solaris9 questions on the freebsd side:( internal machine running no firewall) - soalris 9 is the yp server, and two ypslaves are also on solaris 9 built a freebsd 6.1 and i am running into some problems *** when i initiate ypcat command, all results return correctly i have standard nis map, like auto_volume/auto_home/packages..pretty standard all i need from this yp services is to be able to ie cd /home/ and /volume/, and its not showing up, it just hang, control c to get out also i've mande a mount point on the freebsd machine, ie /raid7.already setup in the yp auto_volume, but from a solaris machine, if I go ...cd /volume/raid7, i got permission denied, but its completely open! does anyone have some howto? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: NIS and Kerberos 5 : is it possible / smart?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Scott Peshak wrote: On 8/4/06, Garrett Cooper [EMAIL PROTECTED] wrote: Hi all, Just wondering if it's possible for NIS and Kerberos 5 to work in tandem with one another, such that NIS would handle groups and configuration file management and Kerberos would handle authentication only. Also, is this sort of overkill perhaps, where NIS is not really needed? I basically have 3+ machines (2 desktops, 1 laptop, currently), and I want to keep my credentials and information uniform across the machines as much as possible. The network I would be implementing this on is a low-traffic, private network. On my low-traffic, private network I use a combination of krb5 and hesiod. If you're already running a dns server I would suggest at least a look at hesiod, you wouldn't need to add any new services. Scott H... the only problem with this is that it doesn't look like it's easily enabled out of the box for OSX authentication (assuming that I actually did filesharing via hesoid). - -Garrett -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE29Pi6CkrZkzMC68RAn2HAJ4+4mvliNBjKNPnA8sxxUL0VjlwdACfbsnl Rw/mNOVYi+ZTW5zraIR4cCg= =/G3v -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: NIS and Kerberos 5 : is it possible / smart?
On 8/4/06, Garrett Cooper [EMAIL PROTECTED] wrote: Hi all, Just wondering if it's possible for NIS and Kerberos 5 to work in tandem with one another, such that NIS would handle groups and configuration file management and Kerberos would handle authentication only. Also, is this sort of overkill perhaps, where NIS is not really needed? I basically have 3+ machines (2 desktops, 1 laptop, currently), and I want to keep my credentials and information uniform across the machines as much as possible. The network I would be implementing this on is a low-traffic, private network. (sorry for hijacking another persons reply, but I didn't have the original post available to reply to) Kerberos works fine with NIS. It's more secure if you run both over IPsec (host-to-host transport mode for the local network) because that ensures that the NIS maps themselves maintain integrity (secrecy isn't needed with them, integrity is), though it's not necessary for many environments. This has come up on these lists a few times in the past. Here's some links to the threads in the archives: http://lists.freebsd.org/pipermail/freebsd-questions/2003-September/018487.html http://lists.freebsd.org/pipermail/freebsd-questions/2003-September/018838.html http://archives.neohapsis.com/archives/freebsd/2003-09/0224.html -T -- Who would have suspected that life was all going to turn out well? -- Robert Allen ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
NIS and Kerberos 5 : is it possible / smart?
Hi all, Just wondering if it's possible for NIS and Kerberos 5 to work in tandem with one another, such that NIS would handle groups and configuration file management and Kerberos would handle authentication only. Also, is this sort of overkill perhaps, where NIS is not really needed? I basically have 3+ machines (2 desktops, 1 laptop, currently), and I want to keep my credentials and information uniform across the machines as much as possible. The network I would be implementing this on is a low-traffic, private network. Thanks, -Garrett ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Setting up NIS questions?
I have 2 NICS in the master node of a small cluster. bge0 is connected to the outside world with a FQDN and registered DNS IP address. bge1 is connected to a 192.168.0.x internal network. I'm trying to configure NIS for the internal network, but ypinit is grabbing the FQDN. I've read the Handbook and ypinit manual page without too much enlightment. :( What I'm after is 192.168.0.10 NIS master server 192.168.0.11 NIS slave server 192.168.0.[12-15] NIS clients Anyone have a pointer to a method to achieve my goals. I would _strongly_ suggest that you run you firewall from another machine instead of using you NIS master for this. This really is Security 101 :) Check out OpenBSD with pf for this purpose or use a Cisco PIX (you can find several on eBay). But if you don't want/can do this, why don't you setup a jail for you NIS master? You can bind the jail to the RFC 1918 IP address range. Therefore, starting up ypbind inside the jail would only see the 192.168.0/24 network and bind to it. See jail(8), jls(8) and jexec(8). You might also want to check mount_nullfs(8) to help you with the jail's ports tree. If you need help with the jail setup, feel free to email me off the list. David -- David Robillard UNIX systems administrator CISSP Sun Certified Security Administrator Sun Certified Systems Administrator Montreal: +1 514 966 0122 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Setting up NIS questions?
On Fri, May 19, 2006 at 05:55:22PM -0500, Derek Ragona wrote: At 05:48 PM 5/19/2006, Steve Kargl wrote: I have 2 NICS in the master node of a small cluster. bge0 is connected to the outside world with a FQDN and registered DNS IP address. bge1 is connected to a 192.168.0.x internal network. I'm trying to configure NIS for the internal network, but ypinit is grabbing the FQDN. I've read the Handbook and ypinit manual page without too much enlightment. :( What I'm after is 192.168.0.10 NIS master server 192.168.0.11 NIS slave server 192.168.0.[12-15] NIS clients Anyone have a pointer to a method to achieve my goals. If memory serves YP will grab the first interface. If you switch the stacks/IPs on the interfaces I think you will get what you want. I can't even get NIS set up with ypinit. It unconditionally uses /bin/hostname, which will grab the FQDN of the system. You have given me an idea. I can change rc.conf to set hostname to the name I've given 192.168.0.10, put that on bge0, put the IP address associated with the FQDN on bge1, and reboot. This might permit NIS to come up. Though this seems like a hack, because when someone connects to the seem via the FQDN, /bin/hostname will give the wrong answer. -- Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Setting up NIS questions?
Steve Kargl wrote: I can't even get NIS set up with ypinit. It unconditionally uses /bin/hostname, which will grab the FQDN of the system. You have given me an idea. I can change rc.conf to set hostname to the name I've given 192.168.0.10, put that on bge0, put the IP address associated with the FQDN on bge1, and reboot. This might permit NIS to come up. Though this seems like a hack, because when someone connects to the seem via the FQDN, /bin/hostname will give the wrong answer. Associating the ypdomain with the FQDN from the DNS is convenient, and a convention that many follow, but it is not required, by any means. The O'Reilly Managing NIS and NFS book is a fine reference on this sort of thing, BTW, and is probably available online in PDF form if you look. Nevertheless, YP/NIS predates many of the more convoluted network designs that people set up nowadays, and was intended for machines which have a single identity even if they have multiple NICs-- Sun used to assign the same MAC address to all NICs on one machine, to ensure that people respected collision domains. It is not normally desirable to set up a YP/NIS master server on a machine which is multihomed in the sense of doing NAT or needing a firewall to separate internal from external, and obvious a firewall machine running zero or the minimal necessary services is a lot more secure -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Setting up NIS questions?
On Sat, May 20, 2006 at 12:33:21PM -0400, Chuck Swiger wrote: Steve Kargl wrote: I can't even get NIS set up with ypinit. It unconditionally uses /bin/hostname, which will grab the FQDN of the system. You have given me an idea. I can change rc.conf to set hostname to the name I've given 192.168.0.10, put that on bge0, put the IP address associated with the FQDN on bge1, and reboot. This might permit NIS to come up. Though this seems like a hack, because when someone connects to the seem via the FQDN, /bin/hostname will give the wrong answer. Associating the ypdomain with the FQDN from the DNS is convenient, and a convention that many follow, but it is not required, by any means. The O'Reilly Managing NIS and NFS book is a fine reference on this sort of thing, BTW, and is probably available online in PDF form if you look. Thanks for the pointer. I'll go looking for this book. Nevertheless, YP/NIS predates many of the more convoluted network designs that people set up nowadays, and was intended for machines which have a single identity even if they have multiple NICs-- Sun used to assign the same MAC address to all NICs on one machine, to ensure that people respected collision domains. I don't see how this is convoluted. In fact, I would be inclined to claim that it is the defacto method for setting up an internal computational cluster s --- node1 internet -F- FQDN|master --- w --- node2 t --- node3 where swt = switch. It is not normally desirable to set up a YP/NIS master server on a machine which is multihomed in the sense of doing NAT or needing a firewall to separate internal from external, and obvious a firewall machine running zero or the minimal necessary services is a lot more secure Note that -F- actually has at least one firewall. Only people in the apl.washington.edu domain can get to FQDN. I was hoping to use NIS to simplify the propagation of info (eg., passwd, hosts, etc.) from master to the nodes. Propagating the info by hand isn't too bad because I only have five nodes represently. However, I hope to grow an additional 11 nodes. -- Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Setting up NIS questions?
I have 2 NICS in the master node of a small cluster. bge0 is connected to the outside world with a FQDN and registered DNS IP address. bge1 is connected to a 192.168.0.x internal network. I'm trying to configure NIS for the internal network, but ypinit is grabbing the FQDN. I've read the Handbook and ypinit manual page without too much enlightment. :( What I'm after is 192.168.0.10 NIS master server 192.168.0.11 NIS slave server 192.168.0.[12-15] NIS clients Anyone have a pointer to a method to achieve my goals. -- Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Setting up NIS questions?
If memory serves YP will grab the first interface. If you switch the stacks/IPs on the interfaces I think you will get what you want. -Derek At 05:48 PM 5/19/2006, Steve Kargl wrote: I have 2 NICS in the master node of a small cluster. bge0 is connected to the outside world with a FQDN and registered DNS IP address. bge1 is connected to a 192.168.0.x internal network. I'm trying to configure NIS for the internal network, but ypinit is grabbing the FQDN. I've read the Handbook and ypinit manual page without too much enlightment. :( What I'm after is 192.168.0.10 NIS master server 192.168.0.11 NIS slave server 192.168.0.[12-15] NIS clients Anyone have a pointer to a method to achieve my goals. -- Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Setting up NIS questions?
There isnt a way to specify which ip or interface NIS will bind to? On 5/19/06, Derek Ragona [EMAIL PROTECTED] wrote: If memory serves YP will grab the first interface. If you switch the stacks/IPs on the interfaces I think you will get what you want. -Derek At 05:48 PM 5/19/2006, Steve Kargl wrote: I have 2 NICS in the master node of a small cluster. bge0 is connected to the outside world with a FQDN and registered DNS IP address. bge1 is connected to a 192.168.0.x internal network. I'm trying to configure NIS for the internal network, but ypinit is grabbing the FQDN. I've read the Handbook and ypinit manual page without too much enlightment. :( What I'm after is 192.168.0.10 NIS master server 192.168.0.11 NIS slave server 192.168.0.[12-15] NIS clients Anyone have a pointer to a method to achieve my goals. -- Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- -Lawrence ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
FreeBSD NIS server authenticating Linux
Hello, i'm trying to bind a Linux client (Fedora Core 5) to a FreeBSD 6.1-RC NIS Server. The linux client seems to bind correctly to the NIS Domain. Anyway when i try to log into the linux machine i can't log in. As i have seen on google, there seems to be some kind of problem with a neccesary shadow map for the linux machine to authenticate, but these seems to be old problems. Any ideas on what is happening really and some way to solve it? Thanks a lot ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: NIS
Normally you add the account to the master then do a yppush to push the new maps out right away. -Derek At 09:15 PM 4/7/2006, [EMAIL PROTECTED] wrote: I have nis setup and working great. I made a copy of master.passwd in /var/yp and removed the system accounts. The manual says that when I add a user to the primary server and issue make nisdomainname(in /var/yp) the new user should be added to the nis maps. Am I missing something, as I have to copy over master.passwd and remove all system accounts everytime I add an account. I know there has to be an easier way. I am running FreeBSD 6.1(Current Branch) Thanks for your time, Freesbie ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
NIS
I have nis setup and working great. I made a copy of master.passwd in /var/yp and removed the system accounts. The manual says that when I add a user to the primary server and issue make nisdomainname(in /var/yp) the new user should be added to the nis maps. Am I missing something, as I have to copy over master.passwd and remove all system accounts everytime I add an account. I know there has to be an easier way. I am running FreeBSD 6.1(Current Branch) Thanks for your time, Freesbie ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: NIS
On Fri, 7 Apr 2006 20:15:15 -0600 (MDT) [EMAIL PROTECTED] wrote: I have nis setup and working great. I made a copy of master.passwd in /var/yp and removed the system accounts. The manual says that when I add a user to the primary server and issue make nisdomainname(in /var/yp) the new user should be added to the nis maps. Am I missing something, as I have to copy over master.passwd and remove all system accounts everytime I add an account. I know there has to be an easier way. I am running FreeBSD 6.1(Current Branch) pw can be pointed at where you are storing the files for NIS. Look at the man page for it. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
root authentication FreeBSD NIS client
Dear All, I have set up an OpenBSD NIS server which is working as expected. However, there is one point I have not understood yet. My NIS clients are FreeBSD stations. I have added an entry at the bottom of /etc/passwd to request NIS authentication. But the behaviour of the root account authentication is somewhat different. If I login from the console, it uses the local root password. However, if use the su - command, it uses NIS authentication. Is there a way to tell FreeBSD to use only local password for the root account? Thanks in advance. Best regards, José Fragoso -- ___ Play 100s of games for FREE! http://games.mail.com/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
FBSD5 and FBSD6 aren't too keen on the SFU/AD NIS server
My current situation is that I have a Solaris based NIS server and various client machines, including FreeBSD. A production FreeBSD 5 machine and a test FreeBSD 6 machine work just fine with it, except for a small glitch on the FreeBSD 6 machine: speyburn# ypwhich panther.internal.local speyburn# ypwhich -m ypwhich: can't find the master of ``: reason: No such map in server's domain The FreeBSD 5 machine correctly lists all the maps. I want to move to a NIS server provided by Microsoft's Services for Unix running on an Active Directory domain controller. FreeBSD 6 seems to work OK, though the error message changes slightly: speyburn# ypwhich axiom.internal.local speyburn# ypwhich -m ypwhich: can't find the master of `: reason: No such map in server's domain (only one quote rather than two). But it actually functions fine: speyburn# id jhatfield uid=115(jhatfield) gid=100(Domain Users) groups=100(Domain Users), 0(wheel) I can log in with no problem. Unfortunately the FreeBSD 5 machine does not work fine at all. Firstly it can only find one map: banff# ypwhich axiom.internal.local banff# ypwhich -m ypservers axiom And it can't convert login names to UIDs: banff# id jhatfield id: jhatfield: no such user If anyone has experience of pointing FreeBSD at an SFU/AD NIS server I'd like to know if they had this problem and if so how it was solved. I really want to move to the AD NIS so if I have to I'll replace the machine with one running FreeBSD 6, but I'd prefer not to have to. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
NIS client differences between FBSD5 and FBSD6?
Still trying to migrate our NIS from an old Sparc to a Services For Unix/Active Directory setup. AMD won't play so I'm using text files for that. Now to move forward to actually logging in A test machine running FreeBSD 6 seems to work OK, though ypwhich -m behaves strangely: speyburn# uname -v FreeBSD 6.0-RELEASE #0: Thu Nov 17 12:42:17 GMT 2005 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/GENERIC speyburn# ypwhich -m ypwhich: can't find the master of `: reason: No such map in server's domain speyburn# ypwhich -m ypservers axiom speyburn# id jhatfield uid=115(jhatfield) gid=100(Domain Users) groups=100(Domain Users), 0(wheel) But a production machine running FreeBSD 5 does not: banff# uname -v FreeBSD 5.1-RELEASE-p16 #1: Wed Apr 7 15:14:39 BST 2004 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/BANFF banff# ypwhich -m ypservers axiom banff# id jhatfield id: jhatfield: no such user The only change I made is to the nisdomainname line in /etc/rc.conf, followed by a reboot. All the ypxxx commmands seem to work OK, yet usernames can't be looked up. Why would this be? I really don't want to replace this machine with a FBSD6 machine just to fix this, though I will if I have to. Jim ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Courier-imap and NIS
Hi, I want to set-up a simple courier-imap server that can authenticate with plain passwords from NIS. I installed courier-imap from the ports, but authentication of the style 1 login name password is refused each time: * BYE Temporary problem, please try again later An by the way, where/how to tell courier-imap that it should look for the mailboxes in a directory different from /var/mail? TIA Olivier ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
amd doesn't like NIS maps from a Windows NIS server
We've been using NIS-based automounter maps for ages, using a Solaris NIS server. Some of our machines use autofs type maps, and some use amd, notably the FreeBSD boxes. As part of a move to single sign-on I've implemented a NIS server using Microsoft's Services for Unix installed on an Active Directory domain controller, and (painfully) created the automounting maps. The autofs-using machines are OK, but amd just doesn't want to play. It seems to be OK about the top-level master map, but not the ones referenced by that. As an experiment I've mixed file-based and NIS maps. My rc.conf contains: amd_enable=YES amd_map_program=cat /usr/local/etc/amd.master amd_flags=-x all -D info -l syslog:local7 /usr/local/etc/amd.master contains: /home amd.home /mp /usr/local/etc/amd.mp /net/usr/local/etc/amd.net /users /usr/local/etc/amd.users When the machine starts I get: Jan 11 11:52:30 speyburn amd[408]: /mp: disabling nfs congestion window Jan 11 11:52:30 speyburn amd[410]: /users: disabling nfs congestion window Jan 11 11:52:30 speyburn amd[411]: /net: disabling nfs congestion window Jan 11 11:52:30 speyburn amd[409]: /home: disabling nfs congestion window Jan 11 11:52:30 speyburn amd[407]: first time load of map /usr/local/etc/amd.mp succeeded Jan 11 11:52:30 speyburn amd[407]: /usr/local/etc/amd.mp mounted fstype toplvl o n /mp Jan 11 11:52:30 speyburn amd[407]: first time load of map /usr/local/etc/amd.use rs succeeded Jan 11 11:52:30 speyburn amd[407]: /usr/local/etc/amd.users mounted fstype toplv l on /users Jan 11 11:52:30 speyburn amd[407]: first time load of map /usr/local/etc/amd.net succeeded Jan 11 11:52:30 speyburn amd[407]: /usr/local/etc/amd.net mounted fstype toplvl on /net Jan 11 11:52:30 speyburn amd[407]: No source data for map amd.home Jan 11 11:52:30 speyburn amd[407]: amd.home mounted fstype toplvl on /home So the file-based ones work fine, but the single NIS map, amd.home, does not. And yet if I do a ypcat -k amd.home I get exactly the same as when I was talking to the Solaris NIS server - but it just doesn't work. If I replace it with a file with the same contents, it works fine. Aaargh! I've looked at the source of amd but my C experience is 15 years old now and I'm struggling a bit! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
NIS versus LDAP authentication
We are getting ready to migrate from a single super server solution to a group of Freebsd servers doing seperate tasks...I was wondering whats everyones opinions on NIS versus LDAP for authentication ...and if anyone can point me at any good howto's for both NIS or LDAP in a multi server environment on Freebsd? thank you for your help Merry Christmas -- Brent Bailey CCNA Bmyster LLC --RIP Brother Dime-- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: NIS versus LDAP authentication
Brent wrote: We are getting ready to migrate from a single super server solution to a group of Freebsd servers doing seperate tasks...I was wondering whats everyones opinions on NIS versus LDAP for authentication ...and if anyone can point me at any good howto's for both NIS or LDAP in a multi server environment on Freebsd? I think that unless you have a legacy NIS server to support, LDAP is the way to go. LDAP system administration from O'Reilly is a good book that tells you how to migrate your users and groups to LDAP and even how to migrate NIS to LDAP. http://www.oreilly.com/catalog/ldapsa/index.html The book is more a practical guide on how to instead of getting lost in technicalities and history. Cheers, Erik -- Ph: +34.666334818 web: www.locolomo.org S/MIME Certificate: www.daemonsecurity.com/ca/8D03551FFCE04F06.crt Subject ID: 9E:AA:18:E6:94:7A:91:44:0A:E4:DD:87:73:7F:4E:82:E7:08:9C:72 Fingerprint: 5B:D5:1E:3E:47:E7:EC:1C:4C:C8:3A:19:CC:AE:14:F5:DF:18:0F:B9 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
FreeBSD as nis client using Linux nis server
Hi List, I was told there are no bigger problems using nis with Linux as server so i tried to configure my Freebsd6.0 to use my Linux nis server. (Linux 2.6.12 Debian sarge ypserv 2.14 I followed the advises from: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-nis.html on how to configure fbsd as nis client. I used vipw to change the passwd file and added the correct number of :. ypcat passwd works fine - ypbind is running rc.conf: nis_client_enable=YES nisdomainname=seifert.lan rpcbind_enable=YES nsswitch.conf: group: compat group_compat: nis passwd: compat passwd_compat: nis The problem is I can't login as an user that wasn't locally added. User foo exists on the nis server. On all other machines I can login as foo without any problems. My freebsd denies access for user foo. On the consoel with login incorrect and when I try to login using ssh I get an error: Dec 12 19:56:49 miraculix sshd[609]: error: PAM: authentication error for illegal user foo from stronghold.seifert.lan bye, Julian `alamar` Seifert -- Where patience fails, force prevails. gpg fingerprint: 435D DDDA 251B 9D70 2F72 78E0 AA5F 11F4 A4ED 451E pgpPh47HkvmW3.pgp Description: PGP signature
Re: NIS on FreeBSD 5.4/4.11
Michael Jeung [EMAIL PROTECTED] writes: Good evening all, I am desperately trying to get NIS working in my FreeBSD 5.4 and 4.11 environment - specifically, I'm trying to get NIS set up such that a NIS client is able to change the password for an account. Like a good little rabbit, I have followed, step-by-step the NIS guide in the handbook: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network- nis.html In my test environment, I have two servers set up: BoxA and BoxB. BoxA is the NIS Master running 5.4, BoxB is the NIS client running 4.11. I have created a NIS user named charlie on BoxA. I am able to log into BoxB as charlie. Great so far, right? ypcat demonstrates that the correct user on BoxB is coming down and ypwhich passwd shows that BoxA is BoxB's daddy. Now, I want to be able to change charlie's NIS password while I'm logged into BoxB. Here's where I run into problems. Whenever I run yppasswd or passwd as charlie, I get Permission Denied. I know I've run into this error before (without ever being able to fix it) and after googling for quite some time, I've been unable to find anyone else who seems to be running into this problem -- but I know other people must have encountered this before, because I'm not doing anything fancy. This is the most vanilla install of NIS I can create. If anyone has any hints on where I should look from here, I would very much appreciate it! I just set it up yesterday with no problem, working from the same doc. Have you got yppasswdd running? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
NIS on FreeBSD 5.4/4.11
Good evening all, I am desperately trying to get NIS working in my FreeBSD 5.4 and 4.11 environment - specifically, I'm trying to get NIS set up such that a NIS client is able to change the password for an account. Like a good little rabbit, I have followed, step-by-step the NIS guide in the handbook: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network- nis.html In my test environment, I have two servers set up: BoxA and BoxB. BoxA is the NIS Master running 5.4, BoxB is the NIS client running 4.11. I have created a NIS user named charlie on BoxA. I am able to log into BoxB as charlie. Great so far, right? ypcat demonstrates that the correct user on BoxB is coming down and ypwhich passwd shows that BoxA is BoxB's daddy. Now, I want to be able to change charlie's NIS password while I'm logged into BoxB. Here's where I run into problems. Whenever I run yppasswd or passwd as charlie, I get Permission Denied. I know I've run into this error before (without ever being able to fix it) and after googling for quite some time, I've been unable to find anyone else who seems to be running into this problem -- but I know other people must have encountered this before, because I'm not doing anything fancy. This is the most vanilla install of NIS I can create. If anyone has any hints on where I should look from here, I would very much appreciate it! Thanks, Michael Jeung
yp/nis in jails
Is it possible to run yp/nis inside of a jail? Is is possible to run the automounter (amd) inside of a jail? -Paul ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: NIS problems on FreeBSD 5.4
On 8/8/05, Dan Nelson [EMAIL PROTECTED] wrote: In the last episode (Aug 08), Jeremy Utley said: I'm trying to use FreeBSD 5.4 as an NIS client, and am encountering problems. I've followed the instructions given in the FreeBSD docs (http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-nis.html) successfully, but the system does not recognize my NIS users. Running ypcat passwd shows expected output: freebsd5# ypcat passwd Administrator:omitted:0:0::/root:/bin/bash jeremy:omitted:500:100::/home/jeremy:/bin/bash test:omitted:501:100::/home/test:/bin/bash You might want to change these passwords now that everyone knows the hash :) No worries - this is a reserved network with no direct connectivity to the net at large, otherwise I would have done so. I suppose I should also mention that the NIS master server is a W2K3 AD controller with Services for Unix, but that doesn't seem to be involved, since a linux system on the same NIS domain appears to work properly. However, when I try to login as any of these 3 users, it rejects the login - even using the id command fails: freebsd5# id jeremy id: jeremy: no such user You need either a plus line in your master.passwd file (best way to add it is to use the vipw command): +: This part has already been done - it was part of the docs I followed from the FreeBSD site. Or you need this in /etc/nsswitch.conf: passwd: files nis Haven't done this...the passwd section of my current nsswitch.conf is: passwd: compat passwd_compat: nis Adding this to nsswitch.conf seems to have resolved the problem - perhaps doing so should be added to the docs. Jeremy ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: NIS problems on FreeBSD 5.4
In the last episode (Aug 09), Jeremy Utley said: On 8/8/05, Dan Nelson [EMAIL PROTECTED] wrote: In the last episode (Aug 08), Jeremy Utley said: I'm trying to use FreeBSD 5.4 as an NIS client, and am encountering problems. I've followed the instructions given in the FreeBSD docs ( http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-nis.html ) successfully, but the system does not recognize my NIS users. You need either a plus line in your master.passwd file (best way to add it is to use the vipw command): +: This part has already been done - it was part of the docs I followed from the FreeBSD site. Or you need this in /etc/nsswitch.conf: passwd: files nis Haven't done this...the passwd section of my current nsswitch.conf is: passwd: compat passwd_compat: nis Adding this to nsswitch.conf seems to have resolved the problem - perhaps doing so should be added to the docs. Only one is necessary. You can remove the plus line from master.passwd if you're using the passwd: files nis line. With passwd: compat, the NIS tables are consulted whenever there's a + or - line in master.passwd and netgroups are used. With passwd: files nis, nis is checked if the user isn't in the local passwd file, and you can't use netgroups. Also remember to change the group: line in nsswitch.conf to match, and remove the + line from /etc/groups. -- Dan Nelson [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
NIS problems on FreeBSD 5.4
Greetings all! I'm trying to use FreeBSD 5.4 as an NIS client, and am encountering problems. I've followed the instructions given in the FreeBSD docs (http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-nis.html) successfully, but the system does not recognize my NIS users. Running ypcat passwd shows expected output: freebsd5# ypcat passwd Administrator:Lav79IkYtvC3g:0:0::/root:/bin/bash jeremy:iZ45wDaonJWpA:500:100::/home/jeremy:/bin/bash test:vXiHWkO7dsBl.:501:100::/home/test:/bin/bash However, when I try to login as any of these 3 users, it rejects the login - even using the id command fails: freebsd5# id jeremy id: jeremy: no such user Can anyone give me some insight on why this is happening. A RedHat EL 4 installation connected to the same NIS domain works perfectly. Thanks for any help you can provide! Jeremy ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: NIS problems on FreeBSD 5.4
In the last episode (Aug 08), Jeremy Utley said: I'm trying to use FreeBSD 5.4 as an NIS client, and am encountering problems. I've followed the instructions given in the FreeBSD docs (http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-nis.html) successfully, but the system does not recognize my NIS users. Running ypcat passwd shows expected output: freebsd5# ypcat passwd Administrator:omitted:0:0::/root:/bin/bash jeremy:omitted:500:100::/home/jeremy:/bin/bash test:omitted:501:100::/home/test:/bin/bash You might want to change these passwords now that everyone knows the hash :) However, when I try to login as any of these 3 users, it rejects the login - even using the id command fails: freebsd5# id jeremy id: jeremy: no such user You need either a plus line in your master.passwd file (best way to add it is to use the vipw command): +: Or you need this in /etc/nsswitch.conf: passwd: files nis -- Dan Nelson [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Odd nis problem..
I've used yp in FBSD for some time now. I've never ran across this particular issue though, until now. My layout. I have a 4.10 yp master server. I have various servers linked to it including other fbsd 5.3 servers. They do well. However, I have one inparticular server that simply will not pull one specific group name over. drwxr-xr-x 2 root$FreeBSD512 Apr 12 15:54 Usage Policy drwxr-xr-x 7 rootwheel 512 Jun 9 04:45 archives Instead of showing the actual group name, it displays $FreeBSD. Can anyone shed some light on possibly why this is occuring since the particular gid is viewable via ypcat group (itdept:*:32:root). -- Micheal Patterson Senior Communications Systems Engineer 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Odd nis problem..
Nevermind folks. I'm feeling pretty stupid right now. The problem was starting me right in the face and I totally missed it. Just an FYI, the # in the #$FreeBSD: src/etc/group,v 1.31 2004/06/23 01:32:28 mlaier Exp $ line in the /etc/group file is a *VERY* important thing. The affected gid was 32. Now, as it turns out, the 32 is in the proper spot to indicate that $FreeBSD is the group name. Who'da thunk! -- Micheal Patterson Senior Communications Systems Engineer 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. - Original Message - From: Micheal Patterson [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, June 09, 2005 4:54 AM Subject: Odd nis problem.. I've used yp in FBSD for some time now. I've never ran across this particular issue though, until now. My layout. I have a 4.10 yp master server. I have various servers linked to it including other fbsd 5.3 servers. They do well. However, I have one inparticular server that simply will not pull one specific group name over. drwxr-xr-x 2 root$FreeBSD512 Apr 12 15:54 Usage Policy drwxr-xr-x 7 rootwheel 512 Jun 9 04:45 archives Instead of showing the actual group name, it displays $FreeBSD. Can anyone shed some light on possibly why this is occuring since the particular gid is viewable via ypcat group (itdept:*:32:root). -- Micheal Patterson Senior Communications Systems Engineer 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
FreeBSD 5.3 and NIS
I'm running nfs/nis off of a FreeBSD 4.10 system. I have a secondary NIS master on a freebsd 5.3 system and so far, everything is cool between them. There is one thing that I've noticed that I've never seen before though. I have a nfs mount mounted but the permissions for the group show as $FreeBSD instead of the actual group it should be. I've checked my nis settings in /etc/group and have the standard +::: at the end. Anyone else seen this or can possibly explain why this isn't listing as the appropriate group? Thanks. -- Micheal Patterson Senior Communications Systems Engineer 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD 5.3 and NIS
I know this is going to be a hot in the dark for me since I left 4x behind quite a long while ago, but I seem to remember reading something about some compatibility issues between nis on 4x and 5x. There were changes that could be made to work around it, but wow...I just don't remember where I saw it. I think FreeBSD Diary, if you want to google there. On Thu, 19 May 2005, Micheal Patterson wrote: I'm running nfs/nis off of a FreeBSD 4.10 system. I have a secondary NIS master on a freebsd 5.3 system and so far, everything is cool between them. There is one thing that I've noticed that I've never seen before though. I have a nfs mount mounted but the permissions for the group show as $FreeBSD instead of the actual group it should be. I've checked my nis settings in /etc/group and have the standard +::: at the end. Anyone else seen this or can possibly explain why this isn't listing as the appropriate group? Thanks. -- Micheal Patterson Senior Communications Systems Engineer 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
