Date: Sun, 6 Jun 1999 11:52:35 -0700 (PDT) From: wpaul@FreeBSD.ORG (Bill Paul) To: kreuzing@dbai.tuwien.ac.at (Andreas Kreuzinger) Cc: freebsd-questions@freebsd.org, pfeifer@dbai.tuwien.ac.at, brian@visionpro.com Subject: Re: authentication for nis-user fails, only local user can login Message-ID: <19990606185235.3370114E7F@hub.freebsd.org> In-Reply-To: <Pine.GSO.4.10.9906061938150.1649-100000@alphard.dbai.tuwien.ac.at> from Andreas Kreuzinger at "Jun 6, 1999 7:48: 4 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
> Hi ! > > On Thu, 3 Jun 1999, Robert Beer wrote: > > > At 4:06 PM -0400 6/3/1999, Andreas Kreuzinger wrote: > > >Any other hints? > > > > Well, you need the nis domainname set and verified. You can see which NIS server you are bound to with ypwhich and you can test the communication with ypcat and ypmatch. If this stuff fails look at the /var/yp/Makefile on the NIS server. > > As I wrote in my first mail, I can get the passwd file with ypcat. That's > why I think that the problem is the encryption and not the nis system. Grrrr. Okay people, here we go for the umpity-umpth time: - Read the man pages! man 5 passwd, man group, man yp, man ypbind, man ypserv, man netgroup You should read the man pages *first* before you go out wasting bandwidth browsing the web and sending mail to the lists. I'm sorry shatter of a point and click world, but there's no substitute for reading the instructions. - NIS itself doesn't care about the password encryption scheme used, except for rpc.yppasswdd. However, for clients and servers to all work together, they must all use the same scheme. FreeBSD uses an MD5-based crypt() by default, so it won't understand DES-encrypted passwords from a non-FreeBSD NIS server unless you install the DES option when you install FreeBSD. If all your machines are FreeBSD, then they should all understand the MD5-based passwords. - Read the passwd(5) man page, especially the part where it says in big letters: *DON'T* use +:*:::::::: in /etc/master.passwd. Use +::::::::: instead! (Notice the missing asterisk.) - Do *NOT* edit /etc/passwd. FreeBSD doesn't work that way. Read the vipw, pwd_mkdb, chpass and pw man pages. If you want to add a line to the password database, do the following: # setenv EDITOR /path/to/my/favorite/editor # vipw # <add the line +::::::::: to the end of /etc/master.passwd and save> The default editor should be vi(1). Setting the EDITOR variable will select a different editor if you don't like vi. When you exit vipw, it will run pwd_mkdb for you to regenerate the databases. I repeat do *NOT* edit /etc/passwd by hand. It has no effect. When you have become sufficiently familiar with the ways of the force, you can edit /etc/master.passwd by hand and use pwd_mkdb to rebuild the databases, but don't try to attempt this right away or else you'll make a mess out of your system. - Remember to set the domainname in rc.conf and set nis_client to YES to that ypbind will run. -Bill To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990606185235.3370114E7F>