[Freeipa-users] slapi-nis installation help

garyv garyv at gmoneylove.com
Wed Oct 7 19:44:40 UTC 2009 

Is there a way to get the NIS plugin to hand out DES passwords.

I have some freebsd 3.51 and old solaris  machines that will not
play nice except for DES.

I know it's not ideal but such is my lot.

I looked at the dse.ldif

dn: cn=Password Storage Schemes

Any suggestions on how to serve DES passwds from the NIS plugin??
Thanks
Gary


Rob Crittenden wrote:
> Gary Verhulp wrote:
>> I have not done those steps. I did not see any of those in the doc 
>> anywhere!?
>>
>> I do not seem to have "ipa-nis-manage" command  on this machine.
> 
> Don't panic, ipa-nis-manage is part of the next IPA release, V2.
> 
>> Seems like I'm missing a basic step somewhere.
> 
> I think you have things basically working. It looks like the problem is 
> the password storage scheme being used, SSHA vs CRYPT.
> 
> rob
> 
>>
>> I know I'm serving NIS with this server as I'm able to bind a client and:
>>
>> [root at fcds tmp]# rpcinfo -p    program vers proto   port  service
>>     100000    4   tcp    111  portmapper
>>     100000    3   tcp    111  portmapper
>>     100000    2   tcp    111  portmapper
>>     100000    4   udp    111  portmapper
>>     100000    3   udp    111  portmapper
>>     100000    2   udp    111  portmapper
>>     100024    1   udp  44690  status
>>     100024    1   tcp  45670  status
>>     100004    2   tcp    671  ypserv
>>     100004    2   udp    671  ypserv
>>
>> ___________________ _____________________
>> From: yi zhang [yzhang at redhat.com]
>> Sent: Tuesday, October 06, 2009 11:47 AM
>> To: Gary Verhulp
>> Cc: Freeipa-users at redhat.com
>> Subject: Re: [Freeipa-users] slapi-nis installation  help
>>
>> On 10/06/2009 11:33 AM, Gary Verhulp wrote:
>>> Thanks for the response.
>>> I have the NIS config on the client setup correctly I believe.
>>> This client was moved from my current NIS domain and works fine.
>>>
>>> It's not that the client does not bind to the new FreeIPA NIS domain,
>>> but rather there is no passwd hash  in the output of ypcat -k passwd so
>>> it has no way to auth.
>>>
>>> garyv at fell:/var/log$ ypcat -k passwd
>>> ttest ttest:*:1102:1002:Tim  Test:/home/ttest:/bin/bash
>>>
>>>
>> have you enabled the IPA nis plug in? By default, this plug-in is
>> disabled. To enable it, do following on ipa server
>> 1. kinit admin
>> 2. ipa-compat-manage enable -y <plain text password file>
>> 3. ipa-nis-manage enable -y <plain text password file>
>> 4. service dirsrv restart
>>   where the password file contains plain text password of "admin"
>>   and dirsrv is the backend DB for ipa
>> Yi
>>> br,
>>> Gary
>>>
>>>
>>> yi zhang wrote:
>>>
>>>> On 10/06/2009 10:36 AM, garyv wrote:
>>>>
>>>>> Hi,
>>>>>
>>>>> I've installed freeIPA  (ipa-server-1.2.2-1.fc11.i586)and have the
>>>>> base functionality working and I'm quite pleased.
>>>>>
>>>>> The problem I'm experiencing is with getting slapi-nis to function
>>>>> properly.
>>>>>
>>>>> Reading other posts in the list I was able to get FreeIPA to serve
>>>>> NIS maps, and clients to bind to the NIS dom, but no passwords/auth
>>>>> work for users.
>>>>>
>>>>> Any tips on setup/troubleshooting this?
>>>>>
>>>> I haven't do any ipa-nis configuration for a while, here is my old
>>>> notes, they might still work
>>>>
>>>>      * NIS client host set up in general
>>>>
>>>> This is what RHEL linux should follow.
>>>>
>>>>     1. Append the following line in the */etc/sysconfig/network* file:
>>>>            * NISDOMAIN=mynisdomain
>>>>     2. Append the following line in */etc/yp.conf* :
>>>>            * domain mynisdomain server 192.168.0.1 replace ip to the
>>>>              IPA server IP
>>>>     3. Make sure the following lines contain 'nis' as an option in the
>>>>        file */etc/nsswitch.conf*
>>>>            * passwd: files nis
>>>>            * shadow: files nis
>>>>            * group: files nis
>>>>            * hosts: files nis dns
>>>>            * networks: files nis
>>>>            * protocols: files nis
>>>>            * publickey: nisplus
>>>>            * automount: files nis
>>>>            * netgroup: files nis
>>>>            * aliases: files nisplus
>>>>     4. restart ypbind and portmap
>>>>            * */etc/rc.d/init.d/ypbind restart*
>>>>            * */etc/rc.d/init.d/portmap restart*
>>>>
>>>>
>>>>
>>>>> Thanks
>>>>>
>>>>> Gary
>>>>>
>>>>> on the Client:
>>>>> root at fell:~$ ypcat -k passwd
>>>>> ttest ttest:*:1102:1002:Tim  Test:/home/ttest:/bin/bash
>>>>>
>>>>> root at fell:~$ ypwhich  -m
>>>>> passwd.byuid fcds.edited
>>>>> passwd.byname fcds.edited
>>>>> netid.byname fcds.edited
>>>>> group.upg fcds.nes.edited
>>>>> group.byname fcds.edited
>>>>> group.bygid fcds.edited
>>>>>
>>>>> _______________________________________________
>>>>> Freeipa-users mailing list
>>>>> Freeipa-users at redhat.com
>>>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>>>>
>>> _______________________________________________
>>> Freeipa-users mailing list
>>> Freeipa-users at redhat.com
>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>>
>>
>>
>> Scanned by Check Point Total Security Gateway.
>>
>> _______________________________________________
>> Freeipa-users mailing list
>> Freeipa-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-users
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users

More information about the Freeipa-users mailing list