[Freeipa-users] slapi-nis installation help
garyv
garyv at gmoneylove.com
Wed Oct 7 19:44:40 UTC 2009
Is there a way to get the NIS plugin to hand out DES passwords.
I have some freebsd 3.51 and old solaris machines that will not
play nice except for DES.
I know it's not ideal but such is my lot.
I looked at the dse.ldif
dn: cn=Password Storage Schemes
Any suggestions on how to serve DES passwds from the NIS plugin??
Thanks
Gary
Rob Crittenden wrote:
> Gary Verhulp wrote:
>> I have not done those steps. I did not see any of those in the doc
>> anywhere!?
>>
>> I do not seem to have "ipa-nis-manage" command on this machine.
>
> Don't panic, ipa-nis-manage is part of the next IPA release, V2.
>
>> Seems like I'm missing a basic step somewhere.
>
> I think you have things basically working. It looks like the problem is
> the password storage scheme being used, SSHA vs CRYPT.
>
> rob
>
>>
>> I know I'm serving NIS with this server as I'm able to bind a client and:
>>
>> [root at fcds tmp]# rpcinfo -p program vers proto port service
>> 100000 4 tcp 111 portmapper
>> 100000 3 tcp 111 portmapper
>> 100000 2 tcp 111 portmapper
>> 100000 4 udp 111 portmapper
>> 100000 3 udp 111 portmapper
>> 100000 2 udp 111 portmapper
>> 100024 1 udp 44690 status
>> 100024 1 tcp 45670 status
>> 100004 2 tcp 671 ypserv
>> 100004 2 udp 671 ypserv
>>
>> ___________________ _____________________
>> From: yi zhang [yzhang at redhat.com]
>> Sent: Tuesday, October 06, 2009 11:47 AM
>> To: Gary Verhulp
>> Cc: Freeipa-users at redhat.com
>> Subject: Re: [Freeipa-users] slapi-nis installation help
>>
>> On 10/06/2009 11:33 AM, Gary Verhulp wrote:
>>> Thanks for the response.
>>> I have the NIS config on the client setup correctly I believe.
>>> This client was moved from my current NIS domain and works fine.
>>>
>>> It's not that the client does not bind to the new FreeIPA NIS domain,
>>> but rather there is no passwd hash in the output of ypcat -k passwd so
>>> it has no way to auth.
>>>
>>> garyv at fell:/var/log$ ypcat -k passwd
>>> ttest ttest:*:1102:1002:Tim Test:/home/ttest:/bin/bash
>>>
>>>
>> have you enabled the IPA nis plug in? By default, this plug-in is
>> disabled. To enable it, do following on ipa server
>> 1. kinit admin
>> 2. ipa-compat-manage enable -y <plain text password file>
>> 3. ipa-nis-manage enable -y <plain text password file>
>> 4. service dirsrv restart
>> where the password file contains plain text password of "admin"
>> and dirsrv is the backend DB for ipa
>> Yi
>>> br,
>>> Gary
>>>
>>>
>>> yi zhang wrote:
>>>
>>>> On 10/06/2009 10:36 AM, garyv wrote:
>>>>
>>>>> Hi,
>>>>>
>>>>> I've installed freeIPA (ipa-server-1.2.2-1.fc11.i586)and have the
>>>>> base functionality working and I'm quite pleased.
>>>>>
>>>>> The problem I'm experiencing is with getting slapi-nis to function
>>>>> properly.
>>>>>
>>>>> Reading other posts in the list I was able to get FreeIPA to serve
>>>>> NIS maps, and clients to bind to the NIS dom, but no passwords/auth
>>>>> work for users.
>>>>>
>>>>> Any tips on setup/troubleshooting this?
>>>>>
>>>> I haven't do any ipa-nis configuration for a while, here is my old
>>>> notes, they might still work
>>>>
>>>> * NIS client host set up in general
>>>>
>>>> This is what RHEL linux should follow.
>>>>
>>>> 1. Append the following line in the */etc/sysconfig/network* file:
>>>> * NISDOMAIN=mynisdomain
>>>> 2. Append the following line in */etc/yp.conf* :
>>>> * domain mynisdomain server 192.168.0.1 replace ip to the
>>>> IPA server IP
>>>> 3. Make sure the following lines contain 'nis' as an option in the
>>>> file */etc/nsswitch.conf*
>>>> * passwd: files nis
>>>> * shadow: files nis
>>>> * group: files nis
>>>> * hosts: files nis dns
>>>> * networks: files nis
>>>> * protocols: files nis
>>>> * publickey: nisplus
>>>> * automount: files nis
>>>> * netgroup: files nis
>>>> * aliases: files nisplus
>>>> 4. restart ypbind and portmap
>>>> * */etc/rc.d/init.d/ypbind restart*
>>>> * */etc/rc.d/init.d/portmap restart*
>>>>
>>>>
>>>>
>>>>> Thanks
>>>>>
>>>>> Gary
>>>>>
>>>>> on the Client:
>>>>> root at fell:~$ ypcat -k passwd
>>>>> ttest ttest:*:1102:1002:Tim Test:/home/ttest:/bin/bash
>>>>>
>>>>> root at fell:~$ ypwhich -m
>>>>> passwd.byuid fcds.edited
>>>>> passwd.byname fcds.edited
>>>>> netid.byname fcds.edited
>>>>> group.upg fcds.nes.edited
>>>>> group.byname fcds.edited
>>>>> group.bygid fcds.edited
>>>>>
>>>>> _______________________________________________
>>>>> Freeipa-users mailing list
>>>>> Freeipa-users at redhat.com
>>>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>>>>
>>> _______________________________________________
>>> Freeipa-users mailing list
>>> Freeipa-users at redhat.com
>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>>
>>
>>
>> Scanned by Check Point Total Security Gateway.
>>
>> _______________________________________________
>> Freeipa-users mailing list
>> Freeipa-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
More information about the Freeipa-users
mailing list