Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!news.cs.su.oz.au!inferno.mpx.com.au!news.unimelb.EDU.AU!munnari.OZ.AU!news.mel.connect.com.au!yarrina.connect.com.au!news.mel.aone.net.au!imci4!newsfeed.internetmci.com!news.msfc.nasa.gov!sol.ctr.columbia.edu!startide.ctr.columbia.edu!wpaul
From: wpaul@ctr.columbia.edu (Bill Paul)
Newsgroups: comp.unix.bsd.freebsd.misc
Subject: Re: NIS EVIL!
Date: 29 Feb 1996 18:48:44 GMT
Organization: Columbia University Center for Telecommunications Research
Lines: 162
Message-ID: <4h4sec$k4a@sol.ctr.columbia.edu>
References: <alexei.825554455@albion.loach.org>
NNTP-Posting-Host: startide.ctr.columbia.edu
X-Newsreader: TIN [version 1.2 PL2]
Daring to challenge the will of the almighty Leviam00se, Alexei Nikolaevich
Romanov (alexei@albion.loach.org) had the courage to say:
: Hallo, there!
: I have a fairly straightforward problem,
That's what they all say.
: and a fairly straightforward
: need. I'm working on getting a _tiny_ NIS network up and running on my local
: area network, at home, in preparation for eventual bigger, and better things.
: The problem is a simple one, however. There is _NO_ _DOCUMENTATION_ really,
man yp(4)
man ypserv(4)
man ypbind(8)
man passwd(5)
: on setting up such services on a FreeBSD box, and the implementation of NIS
: is pretty dissimilar from the industry standard (whither goest ypinit? :).
ypinit is a shell script that does a couple of really simple things
which an administrator should know how to do by hand anyway.
: I need basic, simple, straightforward instructions on getting YP to actually
: _function_ on my machine.
On server:
# vi /etc/sysconfig (change nis_serverflags to something besides "NO" --
see the ypserv(8) man page if you want to use a
particular option. If you want, enable yppasswdd
by changing yppasswddflags to "-m /var/yp/master.passwd
-s -f" like it says in the comments. Lastly, set
defaultdomainname to the desired NIS domain)
# cd /var/yp
# vi ypservers (insert hostnames of all your NIS servers, one per line)
# cp /etc/master.passwd /var/yp/master.passwd
# chmod 600 /var/yp/master.passwd (for paranoia's sake)
# vi /var/yp/Makefile (uncomment the USECURE=True line like it says to do in
the ypserv(8) man page when using non-FreeBSD clients)
# make
# domainname my.nis.domain
# ypserv
# yppasswdd -m /var/yp/master.passwd -s -f
On clients:
# vi /etc/sysconfig (change nis_clientflags to "-s", set domain name)
# domainname my.nis.domain
# ypbind -s
# vipw (add +::::::::: to the end of /etc/master.passwd like it says in the
passwd(5) man page)
# vi /etc/group (add +::: to the end of /etc/group)
# echo "+" > /etc/netgroup
That's it.
: By way of background, I'm running FreeBSD 2.1.0-RELEASE/STABLE; there
: is a small amount of code admixture taking place. The NIS server, the machine
: from which I'm posting, I also want to act as a client to its own YP data.
Then do both the server and client configurations there.
: There are also two other clients, one a FreeBSD client, the other, a NeXT.
: I'm not worried about the NeXT. Once I've gotten past the obstacles ahead,
: then I can tackle it last, and on my own, since I know NeXT YP very well.
: The problem is in FreeBSD's stuff; I've set up the Makefile for my domain,
: which I've duly named, and designated.
Set up the Makefile? How? Other than uncommenting the UNSECURE=True
option, you shouldn't have to change anything.
: I've started ypbind, and ypserv on
: the central machine, and ypbind on the client.
You didn't say if you started yppasswdd, but I'll assume you did.
: The results I'm getting are
: mixed, though. Sometimes a password change will work. Sometimes it will not.
Check /var/log/messages for log messages from yppasswdd. Check for error
messages from the passwd or yppasswd client.
: Also, apparently random users aren't recognized by the YP map, though they were
: made from the same password file.
Not enough details. Use yp_mkdb -u /var/yp/loach/master.passwd.by{name,uid}
to dump out the contents of the maps and compare them to the original
password file. Check the passwd.by{uid,name} maps too and see if they
look right. Explain in better detail what you mean by 'aren't recognized
by the YP map.' Does 'ypcat passwd' show you their entries? What about
'ypcat passwd.byuid?' What about 'ypcat master.passwd.byname?' (Note that
inspecting the master.passwd maps will only work if you're root.)
: Here is the relevant set of sections from
: /etc/sysconfig, for YP setup:
: #!/bin/sh
: #
: # This is sysconfig - a file full of useful variables that you can set
: # to change the default startup behavior of your system.
: #
: # $Id: sysconfig,v 1.14.4.5 1995/09/19 12:09:03 jkh Exp $
: ######################### Start Of Netconfig Section #######################
: # Set to the NIS domainname of your host, or NO if none
: defaultdomainname=loach
Okay.
: # Set to appropriate flags if you want to start NIS for a client
: nis_clientflags=""
Should use -s, but okay.
: # Set to host to ypset to if you need to do that
: nis_ypsetflags="albion.loach.org"
Shouldn't be needed if you have only one NIS server, but okay."
: # Set to appropriate flags if you want to start NIS for a server
: nis_serverflags="-dns -k"
Okay.
: # Set to appropriate flags for yppasswdd, if you wish to run it.
: # Typical flags might be "-m /var/yp/master.passwd -s -f"
: yppasswddflags="-m /var/yp/master.passwd -s -f"
: #yppasswddflags="NO"
Okay.
: I'm at a loss as to what else to include; I have this to offer, however:
: If someone will help me through this (or lots of them! ;), and I can
: get it working with said help, or even if I dumb-luck through it alone, I
: _could_ write the YP-related section of the handbook, and would at least
: send my findings in SGML form to the maintainer to attempt to incorporate.
: I'm desperate enough to get these weird, niggling problems fixed to actually
: _contribute_, this time. :) Someone, please, please help! :)
You need to provide specific error messages or failure conditions before
I can diagnose the problem(s) There's only so much I can divine from
"sometimes it doesn't work."
-Bill
--
=============================================================================
-Bill Paul (212) 854-6020 | System Manager
Work: wpaul@ctr.columbia.edu | Center for Telecommunications Research
Home: wpaul@skynet.ctr.columbia.edu | Columbia University, New York City
=============================================================================
License error: The license for this .sig file has expired. You must obtain
a new license key before any more witty phrases will appear in this space.
=============================================================================