[Freeipa-users] slapi-nis installation help

Rob Crittenden rcritten at redhat.com
Wed Oct 7 15:46:45 UTC 2009 

Gary Verhulp wrote:
> I have not done those steps. I did not see any of those in the doc anywhere!?
> 
> I do not seem to have "ipa-nis-manage" command  on this machine.

Don't panic, ipa-nis-manage is part of the next IPA release, V2.

> Seems like I'm missing a basic step somewhere.

I think you have things basically working. It looks like the problem is 
the password storage scheme being used, SSHA vs CRYPT.

rob

> 
> I know I'm serving NIS with this server as I'm able to bind a client and:
> 
> [root at fcds tmp]# rpcinfo -p 
>    program vers proto   port  service
>     100000    4   tcp    111  portmapper
>     100000    3   tcp    111  portmapper
>     100000    2   tcp    111  portmapper
>     100000    4   udp    111  portmapper
>     100000    3   udp    111  portmapper
>     100000    2   udp    111  portmapper
>     100024    1   udp  44690  status
>     100024    1   tcp  45670  status
>     100004    2   tcp    671  ypserv
>     100004    2   udp    671  ypserv
> 
> ___________________ _____________________
> From: yi zhang [yzhang at redhat.com]
> Sent: Tuesday, October 06, 2009 11:47 AM
> To: Gary Verhulp
> Cc: Freeipa-users at redhat.com
> Subject: Re: [Freeipa-users] slapi-nis installation  help
> 
> On 10/06/2009 11:33 AM, Gary Verhulp wrote:
>> Thanks for the response.
>> I have the NIS config on the client setup correctly I believe.
>> This client was moved from my current NIS domain and works fine.
>>
>> It's not that the client does not bind to the new FreeIPA NIS domain,
>> but rather there is no passwd hash  in the output of ypcat -k passwd so
>> it has no way to auth.
>>
>> garyv at fell:/var/log$ ypcat -k passwd
>> ttest ttest:*:1102:1002:Tim  Test:/home/ttest:/bin/bash
>>
>>
> have you enabled the IPA nis plug in? By default, this plug-in is
> disabled. To enable it, do following on ipa server
> 1. kinit admin
> 2. ipa-compat-manage enable -y <plain text password file>
> 3. ipa-nis-manage enable -y <plain text password file>
> 4. service dirsrv restart
>   where the password file contains plain text password of "admin"
>   and dirsrv is the backend DB for ipa
> Yi
>> br,
>> Gary
>>
>>
>> yi zhang wrote:
>>
>>> On 10/06/2009 10:36 AM, garyv wrote:
>>>
>>>> Hi,
>>>>
>>>> I've installed freeIPA  (ipa-server-1.2.2-1.fc11.i586)and have the
>>>> base functionality working and I'm quite pleased.
>>>>
>>>> The problem I'm experiencing is with getting slapi-nis to function
>>>> properly.
>>>>
>>>> Reading other posts in the list I was able to get FreeIPA to serve
>>>> NIS maps, and clients to bind to the NIS dom, but no passwords/auth
>>>> work for users.
>>>>
>>>> Any tips on setup/troubleshooting this?
>>>>
>>> I haven't do any ipa-nis configuration for a while, here is my old
>>> notes, they might still work
>>>
>>>      * NIS client host set up in general
>>>
>>> This is what RHEL linux should follow.
>>>
>>>     1. Append the following line in the */etc/sysconfig/network* file:
>>>            * NISDOMAIN=mynisdomain
>>>     2. Append the following line in */etc/yp.conf* :
>>>            * domain mynisdomain server 192.168.0.1 replace ip to the
>>>              IPA server IP
>>>     3. Make sure the following lines contain 'nis' as an option in the
>>>        file */etc/nsswitch.conf*
>>>            * passwd: files nis
>>>            * shadow: files nis
>>>            * group: files nis
>>>            * hosts: files nis dns
>>>            * networks: files nis
>>>            * protocols: files nis
>>>            * publickey: nisplus
>>>            * automount: files nis
>>>            * netgroup: files nis
>>>            * aliases: files nisplus
>>>     4. restart ypbind and portmap
>>>            * */etc/rc.d/init.d/ypbind restart*
>>>            * */etc/rc.d/init.d/portmap restart*
>>>
>>>
>>>
>>>> Thanks
>>>>
>>>> Gary
>>>>
>>>> on the Client:
>>>> root at fell:~$ ypcat -k passwd
>>>> ttest ttest:*:1102:1002:Tim  Test:/home/ttest:/bin/bash
>>>>
>>>> root at fell:~$ ypwhich  -m
>>>> passwd.byuid fcds.edited
>>>> passwd.byname fcds.edited
>>>> netid.byname fcds.edited
>>>> group.upg fcds.nes.edited
>>>> group.byname fcds.edited
>>>> group.bygid fcds.edited
>>>>
>>>> _______________________________________________
>>>> Freeipa-users mailing list
>>>> Freeipa-users at redhat.com
>>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>>>
>> _______________________________________________
>> Freeipa-users mailing list
>> Freeipa-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>
> 
> 
> Scanned by Check Point Total Security Gateway.
> 
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20091007/2c1f1d58/attachment.bin>

More information about the Freeipa-users mailing list