[Freeipa-users] slapi-nis installation help
Gary Verhulp
gverhulp at checkpoint.com
Tue Oct 6 19:12:11 UTC 2009
I have not done those steps. I did not see any of those in the doc anywhere!?
I do not seem to have "ipa-nis-manage" command on this machine.
Seems like I'm missing a basic step somewhere.
I know I'm serving NIS with this server as I'm able to bind a client and:
[root at fcds tmp]# rpcinfo -p
program vers proto port service
100000 4 tcp 111 portmapper
100000 3 tcp 111 portmapper
100000 2 tcp 111 portmapper
100000 4 udp 111 portmapper
100000 3 udp 111 portmapper
100000 2 udp 111 portmapper
100024 1 udp 44690 status
100024 1 tcp 45670 status
100004 2 tcp 671 ypserv
100004 2 udp 671 ypserv
___________________ _____________________
From: yi zhang [yzhang at redhat.com]
Sent: Tuesday, October 06, 2009 11:47 AM
To: Gary Verhulp
Cc: Freeipa-users at redhat.com
Subject: Re: [Freeipa-users] slapi-nis installation help
On 10/06/2009 11:33 AM, Gary Verhulp wrote:
> Thanks for the response.
> I have the NIS config on the client setup correctly I believe.
> This client was moved from my current NIS domain and works fine.
>
> It's not that the client does not bind to the new FreeIPA NIS domain,
> but rather there is no passwd hash in the output of ypcat -k passwd so
> it has no way to auth.
>
> garyv at fell:/var/log$ ypcat -k passwd
> ttest ttest:*:1102:1002:Tim Test:/home/ttest:/bin/bash
>
>
have you enabled the IPA nis plug in? By default, this plug-in is
disabled. To enable it, do following on ipa server
1. kinit admin
2. ipa-compat-manage enable -y <plain text password file>
3. ipa-nis-manage enable -y <plain text password file>
4. service dirsrv restart
where the password file contains plain text password of "admin"
and dirsrv is the backend DB for ipa
Yi
> br,
> Gary
>
>
> yi zhang wrote:
>
>> On 10/06/2009 10:36 AM, garyv wrote:
>>
>>> Hi,
>>>
>>> I've installed freeIPA (ipa-server-1.2.2-1.fc11.i586)and have the
>>> base functionality working and I'm quite pleased.
>>>
>>> The problem I'm experiencing is with getting slapi-nis to function
>>> properly.
>>>
>>> Reading other posts in the list I was able to get FreeIPA to serve
>>> NIS maps, and clients to bind to the NIS dom, but no passwords/auth
>>> work for users.
>>>
>>> Any tips on setup/troubleshooting this?
>>>
>> I haven't do any ipa-nis configuration for a while, here is my old
>> notes, they might still work
>>
>> * NIS client host set up in general
>>
>> This is what RHEL linux should follow.
>>
>> 1. Append the following line in the */etc/sysconfig/network* file:
>> * NISDOMAIN=mynisdomain
>> 2. Append the following line in */etc/yp.conf* :
>> * domain mynisdomain server 192.168.0.1 replace ip to the
>> IPA server IP
>> 3. Make sure the following lines contain 'nis' as an option in the
>> file */etc/nsswitch.conf*
>> * passwd: files nis
>> * shadow: files nis
>> * group: files nis
>> * hosts: files nis dns
>> * networks: files nis
>> * protocols: files nis
>> * publickey: nisplus
>> * automount: files nis
>> * netgroup: files nis
>> * aliases: files nisplus
>> 4. restart ypbind and portmap
>> * */etc/rc.d/init.d/ypbind restart*
>> * */etc/rc.d/init.d/portmap restart*
>>
>>
>>
>>> Thanks
>>>
>>> Gary
>>>
>>> on the Client:
>>> root at fell:~$ ypcat -k passwd
>>> ttest ttest:*:1102:1002:Tim Test:/home/ttest:/bin/bash
>>>
>>> root at fell:~$ ypwhich -m
>>> passwd.byuid fcds.edited
>>> passwd.byname fcds.edited
>>> netid.byname fcds.edited
>>> group.upg fcds.nes.edited
>>> group.byname fcds.edited
>>> group.bygid fcds.edited
>>>
>>> _______________________________________________
>>> Freeipa-users mailing list
>>> Freeipa-users at redhat.com
>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>>
>>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
>
Scanned by Check Point Total Security Gateway.
More information about the Freeipa-users
mailing list