Re: [Freeipa-users] slapi-nis installation help

garyv Wed, 07 Oct 2009 12:45:00 -0700

Is there a way to get the NIS plugin to hand out DES passwords.


I have some freebsd 3.51 and old solaris  machines that will not
play nice except for DES.

I know it's not ideal but such is my lot.

I looked at the dse.ldif

dn: cn=Password Storage Schemes

Any suggestions on how to serve DES passwds from the NIS plugin??
Thanks
Gary


Rob Crittenden wrote:

Gary Verhulp wrote:

I have not done those steps. I did not see any of those in the docanywhere!?
I do not seem to have "ipa-nis-manage" command  on this machine.


Don't panic, ipa-nis-manage is part of the next IPA release, V2.

Seems like I'm missing a basic step somewhere.

I think you have things basically working. It looks like the problem isthe password storage scheme being used, SSHA vs CRYPT.

rob


I know I'm serving NIS with this server as I'm able to bind a client and:

[r...@fcds tmp]# rpcinfo -p    program vers proto   port  service
    100000    4   tcp    111  portmapper
    100000    3   tcp    111  portmapper
    100000    2   tcp    111  portmapper
    100000    4   udp    111  portmapper
    100000    3   udp    111  portmapper
    100000    2   udp    111  portmapper
    100024    1   udp  44690  status
    100024    1   tcp  45670  status
    100004    2   tcp    671  ypserv
    100004    2   udp    671  ypserv

___________________ _____________________
From: yi zhang [[email protected]]
Sent: Tuesday, October 06, 2009 11:47 AM
To: Gary Verhulp
Cc: [email protected]
Subject: Re: [Freeipa-users] slapi-nis installation  help

On 10/06/2009 11:33 AM, Gary Verhulp wrote:

Thanks for the response.
I have the NIS config on the client setup correctly I believe.
This client was moved from my current NIS domain and works fine.

It's not that the client does not bind to the new FreeIPA NIS domain,
but rather there is no passwd hash  in the output of ypcat -k passwd so
it has no way to auth.

ga...@fell:/var/log$ ypcat -k passwd
ttest ttest:*:1102:1002:Tim  Test:/home/ttest:/bin/bash

have you enabled the IPA nis plug in? By default, this plug-in is
disabled. To enable it, do following on ipa server
1. kinit admin
2. ipa-compat-manage enable -y <plain text password file>
3. ipa-nis-manage enable -y <plain text password file>
4. service dirsrv restart
  where the password file contains plain text password of "admin"
  and dirsrv is the backend DB for ipa
Yi

br,
Gary


yi zhang wrote:

On 10/06/2009 10:36 AM, garyv wrote:

Hi,

I've installed freeIPA  (ipa-server-1.2.2-1.fc11.i586)and have the
base functionality working and I'm quite pleased.

The problem I'm experiencing is with getting slapi-nis to function
properly.

Reading other posts in the list I was able to get FreeIPA to serve
NIS maps, and clients to bind to the NIS dom, but no passwords/auth
work for users.

Any tips on setup/troubleshooting this?

I haven't do any ipa-nis configuration for a while, here is my old
notes, they might still work

     * NIS client host set up in general

This is what RHEL linux should follow.

    1. Append the following line in the */etc/sysconfig/network* file:
           * NISDOMAIN=mynisdomain
    2. Append the following line in */etc/yp.conf* :
           * domain mynisdomain server 192.168.0.1 replace ip to the
             IPA server IP
    3. Make sure the following lines contain 'nis' as an option in the
       file */etc/nsswitch.conf*
           * passwd: files nis
           * shadow: files nis
           * group: files nis
           * hosts: files nis dns
           * networks: files nis
           * protocols: files nis
           * publickey: nisplus
           * automount: files nis
           * netgroup: files nis
           * aliases: files nisplus
    4. restart ypbind and portmap
           * */etc/rc.d/init.d/ypbind restart*
           * */etc/rc.d/init.d/portmap restart*

Thanks

Gary

on the Client:
r...@fell:~$ ypcat -k passwd
ttest ttest:*:1102:1002:Tim  Test:/home/ttest:/bin/bash

r...@fell:~$ ypwhich  -m
passwd.byuid fcds.edited
passwd.byname fcds.edited
netid.byname fcds.edited
group.upg fcds.nes.edited
group.byname fcds.edited
group.bygid fcds.edited

_______________________________________________
Freeipa-users mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-users

_______________________________________________
Freeipa-users mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-users



Scanned by Check Point Total Security Gateway.

_______________________________________________
Freeipa-users mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-users



------------------------------------------------------------------------

_______________________________________________
Freeipa-users mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-users


_______________________________________________
Freeipa-users mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-users

Re: [Freeipa-users] slapi-nis installation help

Reply via email to