Date: Tue, 11 Jul 2000 16:32:12 +0000 From: Matthew Seaman <m.seaman@inpharmatica.co.uk> To: "Brandon D. Valentine" <bandix@looksharp.net> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: NIS/YP compatibility Message-ID: <396B4C0C.5027C98C@inpharmatica.co.uk> References: <Pine.BSF.4.21.0007111105440.3232-100000@turtle.looksharp.net>
next in thread | previous in thread | raw e-mail | index | archive | help
"Brandon D. Valentine" wrote:
>
> [A -questions matter. BCC'd to -stable to gain the input of the many on
> that list who run FreeBSD in an enterprise situation. Please, if you
> reply on -questions CC me as I have trouble sifting through all of my
> -questions mailbox]
>
> I'm running into some NIS/YP issues which I would like the community's
> input on. To make a long story short we need our users to be machine
> independent. We run such a motley collection of OSes on the hardware we
> have around here that NIS/YP is the lowest common denominator solution
> for user account management. It's the only scheme every platform we run
> has support for.
Same here. I run NIS servers on FBSD (master) with slaves on FBSD, Solaris 7
and Debian Linux 2.2. Clients include all those OSes plus Irix 6.5
Everything works reasonably well, except that:
ypxfr from FBSD to the other OSes doesn't work: they all have DBM based yp map
files... The fallback (slow) method of updating yp databases gets there in the
end though.
You have to use DES encryption for passwords, and edit /var/yp/Makefile to
enable the compat options for the passwd.{byuid,byname} maps.
The shadow password formats for the different unices are incompatible: you've
got to have encrypted passwords in the (world readable) passwd maps.
Passwords must be 8 characters or fewer --- recent versions of pw will
generate longer random passwords than that.
You'll possibly need to edit /var/yp/Makefile to generate Sun style automount
maps, if you're using automount. Something like this should work for you:
auto.master: $(AUTOMASTER)
@echo "Updating $@..."
$(CAT) $(AUTOMASTER) | \
$(AWK) '{ if ($$1 != "" && $$1 !~ "^#.*") print $$0 }' $^ \
| $(DBLOAD) -i $(AUTOMASTER) -o $(YPMAPDIR)/$@ - $(TMP); \
$(RMV) $(TMP) $@
@$(DBLOAD) -c
@if [ ! $(NOPUSH) ]; then $(YPPUSH) -d $(DOMAIN) $@; fi
@if [ ! $(NOPUSH) ]; then echo "Pushed $@ map." ; fi
auto.home: $(AUTOHOME)
@echo "Updating $@..."
$(CAT) $(AUTOHOME) | \
$(AWK) '{ if ($$1 != "" && $$1 !~ "^#.*") print $$0 }' $^ \
| $(DBLOAD) -i $(AUTOHOME) -o $(YPMAPDIR)/$@ - $(TMP); \
$(RMV) $(TMP) $@
@$(DBLOAD) -c
@if [ ! $(NOPUSH) ]; then $(YPPUSH) -d $(DOMAIN) $@; fi
@if [ ! $(NOPUSH) ]; then echo "Pushed $@ map." ; fi
FreeBSD rpc.yppasswdd seems to be more compatible with yppasswd commands on
assorted other OSes than any other permutation I've tried. It certainly
caused all sorts of grief when the master NIS box was running Redhat Linux
5.1...
Also make sure that you configure sufficient NIS servers or run them on fairly
fast machines: rpc timeouts will make your whole network slow down, just like
misconfigured DNS. I find that an AMD K6-2 300MHz F-BSD box running NIS and
DNS servers will support about 20 desktop clients amply.
Matthew
--
Certe, Toto, sentio nos in Kansate non iam adesse.
Dr. Matthew Seaman, Inpharmatica Ltd, 60 Charlotte St, London, W1T 2NU
Tel: +44 20 7631 4644 x229 Fax: +44 20 7631 4844
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?396B4C0C.5027C98C>