[Freeipa-users] slapi-nis installation help
Nalin Dahyabhai
nalin at redhat.com
Tue Oct 6 19:45:14 UTC 2009
On Tue, Oct 06, 2009 at 11:33:02AM -0700, Gary Verhulp wrote:
> Thanks for the response.
> I have the NIS config on the client setup correctly I believe.
> This client was moved from my current NIS domain and works fine.
>
> It's not that the client does not bind to the new FreeIPA NIS domain,
> but rather there is no passwd hash in the output of ypcat -k passwd so
> it has no way to auth.
>
> garyv at fell:/var/log$ ypcat -k passwd
> ttest ttest:*:1102:1002:Tim Test:/home/ttest:/bin/bash
The plugin's default configuration has it search for a "crypt" style
value in the userPassword attribute for that entry, which is what a
client would understand. (Specifically, it looks for an entry that
begins with the magic value "{CRYPT}", strips that off of the front, and
puts the rest into that field. Failing that, it uses "*".)
If you use ldapsearch to search for ttest's entry as the directory
administrator, do you see values of the form "{CRYPT}xxxxxxxxxxxxx" for
the entry's "userPassword" attribute?
If they're base64-encoded (marked by two ':' characters instead of one
between the attribute name and value in the LDIF output), you may need
to pipe the value through "openssl base64 -d" or something similar.
Nalin
More information about the Freeipa-users
mailing list