Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!news.rmit.EDU.AU!news.unimelb.EDU.AU!munnari.OZ.AU!news.hawaii.edu!ames!agate!news.mindlink.net!sol.ctr.columbia.edu!startide.ctr.columbia.edu!wpaul From: wpaul@ctr.columbia.edu (Bill Paul) Newsgroups: comp.unix.bsd.freebsd.misc Subject: Re: rexec/telnet/NIS problems Date: 5 Dec 1995 15:55:47 GMT Organization: Columbia University Center for Telecommunications Research Lines: 108 Message-ID: <4a1q23$97p@sol.ctr.columbia.edu> References: <49vf87$mb2@news1.is.net> NNTP-Posting-Host: startide.ctr.columbia.edu X-Newsreader: TIN [version 1.2 PL2] Daring to challenge the will of the almighty Leviam00se, David R. Bixby (bix@otcinc.com) had the courage to say: : I have been unable to start an "xterm" remotely using rexec. The call just seems to : time out. Same call works great to Solaris box. Check that DNS is properly set up on the FreeBSD machine. Also read the rexecd man page, especially the part where it says it's disabled by default because it's largely considered to be a whopping great security hole. Try rsh instead. : I've compared inetd.conf and services : on both systems and rexec is defined and should be available. Look closer. My inetd.conf file says this: shell stream tcp nowait root /usr/libexec/rshd rshd login stream tcp nowait root /usr/libexec/rlogind rlogind #exec stream tcp nowait root /usr/libexec/rexecd rexecd The entry for rexecd is commented out, which means it's _not_ defined. : Also: : How do I enable root telnet access? I tried the login.access file but it did not help. You have to edit /etc/ttys and mark all the pseudo ttys as 'secure' I advise not doing this, however. Just log into the machine as yourself and use 'su' to become root. Allowing rsh/rlogin access is another matter: you should be able to let root rsh into the machine by creating a /.rhosts file and filling it with the names of the trusted hosts that are allowed access. : Additional issues for challenging souls: : How do I integrate my FreeBSD box with a Solaris NIS+ master? I tried the sysconfig : file setting and even manual setup, to no avail... "To no avail." I just love it when people say that. You have to explain in more detail what you tried to do. I'm not psychic: I can't tell you what might be wrong if you don't describe the situation to me. That said, you should be able to use your FreeBSD machine as an NIS client with the Solaris machine provided you use the NIS compatibility mode. FreeBSD does not understand NIS+, only NIS v2. Also, you'll need to use FreeBSD 2.1.0 to really have it work right: I made the foolish assumption that in 2.0.5 that Solaris's NIS compat mode supported _all_ of the NIS v2 procedures, which it doesn't. (The YPPROC_ORDER function is not supported, which means the yppoll command won't work. Unfortunately I tried to use yp_order() inside libc to detect the presence of the master.passwd.* shadow maps, which made a horrible mess. I changed it to use yp_first() in 2.1.0, which should work fine, though it's slightly slower.) You can check the yp(4) and passwd(5) man pages for some tips on how to configure FreeBSD as an NIS client. (Again, this is with FreeBSD 2.1.0 or later.) The highlights are: 1) set your NIS domain name in /etc/sysconfig (and use the domainname(1) command to set the system domain name this first time) 2) set nis_clientflags to YES in /etc/sysconfig (and start ypbind(8) manually rhis first time 3) add '+:*::' to the end of /etc/group 4) using vipw, add +::::::::: to the end of /etc/master.passwd 5) Create an /etc/netgroup file with only a single '+' in it. 6) Optionally, create /etc/bootparams and /etc/ethers files with a '+' in them too. Do _NOT_ put an asterix in the password field of the +::::::::: entry that you place in /etc/master.passwd! In fact, do _NOT_ put _ANYTHING_ in _ANY_ of the fields unless you know what you're doing! Replacing fields like this will cause substitution to be done, and you'll turn everyone's password into '*', which won't work. Then you'll come post another message on this newsgroup asking none of your NIS users can log in, and I'll tell you to go read the man pages where this behavior is documented. : How can I configure the FreeBSD box to automount home directories from the Solaris : box? You can use amd(8) to do that. But first you have to understand how to create an amd map. I'm not 100% certain that the map format used by the Solaris autmount daemon is the same as amd's. Even if it isn't you should be able to use the Solaris automount maps as a guide to create new maps for the FreeBSD machine. I happen to use amd(8) on all the platforms I manage rather than the vendor-supplied automounters just so that I won't have to worry about syntax differences between versions. You will also have to arrange for the Solaris machine to export its filesystems to the FreeBSD machine. You also have to turn on NFS on the FreeBSD box. : thanks, : bix -Bill -- ============================================================================= -Bill Paul (212) 854-6020 | System Manager Work: wpaul@ctr.columbia.edu | Center for Telecommunications Research Home: wpaul@skynet.ctr.columbia.edu | Columbia University, New York City ============================================================================= License error: The license for this .sig file has expired. You must obtain a new license key before any more witty phrases will appear in this space. =============================================================================