[Freeipa-users] slapi-nis installation help
Rob Crittenden
rcritten at redhat.com
Wed Oct 7 15:46:45 UTC 2009
Gary Verhulp wrote:
> I have not done those steps. I did not see any of those in the doc anywhere!?
>
> I do not seem to have "ipa-nis-manage" command on this machine.
Don't panic, ipa-nis-manage is part of the next IPA release, V2.
> Seems like I'm missing a basic step somewhere.
I think you have things basically working. It looks like the problem is
the password storage scheme being used, SSHA vs CRYPT.
rob
>
> I know I'm serving NIS with this server as I'm able to bind a client and:
>
> [root at fcds tmp]# rpcinfo -p
> program vers proto port service
> 100000 4 tcp 111 portmapper
> 100000 3 tcp 111 portmapper
> 100000 2 tcp 111 portmapper
> 100000 4 udp 111 portmapper
> 100000 3 udp 111 portmapper
> 100000 2 udp 111 portmapper
> 100024 1 udp 44690 status
> 100024 1 tcp 45670 status
> 100004 2 tcp 671 ypserv
> 100004 2 udp 671 ypserv
>
> ___________________ _____________________
> From: yi zhang [yzhang at redhat.com]
> Sent: Tuesday, October 06, 2009 11:47 AM
> To: Gary Verhulp
> Cc: Freeipa-users at redhat.com
> Subject: Re: [Freeipa-users] slapi-nis installation help
>
> On 10/06/2009 11:33 AM, Gary Verhulp wrote:
>> Thanks for the response.
>> I have the NIS config on the client setup correctly I believe.
>> This client was moved from my current NIS domain and works fine.
>>
>> It's not that the client does not bind to the new FreeIPA NIS domain,
>> but rather there is no passwd hash in the output of ypcat -k passwd so
>> it has no way to auth.
>>
>> garyv at fell:/var/log$ ypcat -k passwd
>> ttest ttest:*:1102:1002:Tim Test:/home/ttest:/bin/bash
>>
>>
> have you enabled the IPA nis plug in? By default, this plug-in is
> disabled. To enable it, do following on ipa server
> 1. kinit admin
> 2. ipa-compat-manage enable -y <plain text password file>
> 3. ipa-nis-manage enable -y <plain text password file>
> 4. service dirsrv restart
> where the password file contains plain text password of "admin"
> and dirsrv is the backend DB for ipa
> Yi
>> br,
>> Gary
>>
>>
>> yi zhang wrote:
>>
>>> On 10/06/2009 10:36 AM, garyv wrote:
>>>
>>>> Hi,
>>>>
>>>> I've installed freeIPA (ipa-server-1.2.2-1.fc11.i586)and have the
>>>> base functionality working and I'm quite pleased.
>>>>
>>>> The problem I'm experiencing is with getting slapi-nis to function
>>>> properly.
>>>>
>>>> Reading other posts in the list I was able to get FreeIPA to serve
>>>> NIS maps, and clients to bind to the NIS dom, but no passwords/auth
>>>> work for users.
>>>>
>>>> Any tips on setup/troubleshooting this?
>>>>
>>> I haven't do any ipa-nis configuration for a while, here is my old
>>> notes, they might still work
>>>
>>> * NIS client host set up in general
>>>
>>> This is what RHEL linux should follow.
>>>
>>> 1. Append the following line in the */etc/sysconfig/network* file:
>>> * NISDOMAIN=mynisdomain
>>> 2. Append the following line in */etc/yp.conf* :
>>> * domain mynisdomain server 192.168.0.1 replace ip to the
>>> IPA server IP
>>> 3. Make sure the following lines contain 'nis' as an option in the
>>> file */etc/nsswitch.conf*
>>> * passwd: files nis
>>> * shadow: files nis
>>> * group: files nis
>>> * hosts: files nis dns
>>> * networks: files nis
>>> * protocols: files nis
>>> * publickey: nisplus
>>> * automount: files nis
>>> * netgroup: files nis
>>> * aliases: files nisplus
>>> 4. restart ypbind and portmap
>>> * */etc/rc.d/init.d/ypbind restart*
>>> * */etc/rc.d/init.d/portmap restart*
>>>
>>>
>>>
>>>> Thanks
>>>>
>>>> Gary
>>>>
>>>> on the Client:
>>>> root at fell:~$ ypcat -k passwd
>>>> ttest ttest:*:1102:1002:Tim Test:/home/ttest:/bin/bash
>>>>
>>>> root at fell:~$ ypwhich -m
>>>> passwd.byuid fcds.edited
>>>> passwd.byname fcds.edited
>>>> netid.byname fcds.edited
>>>> group.upg fcds.nes.edited
>>>> group.byname fcds.edited
>>>> group.bygid fcds.edited
>>>>
>>>> _______________________________________________
>>>> Freeipa-users mailing list
>>>> Freeipa-users at redhat.com
>>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>>>
>> _______________________________________________
>> Freeipa-users mailing list
>> Freeipa-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>
>
>
> Scanned by Check Point Total Security Gateway.
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20091007/2c1f1d58/attachment.bin>
More information about the Freeipa-users
mailing list