Date: Wed, 20 Mar 1996 02:31:52 -0500 (EST) From: Bill Paul <wpaul@skynet.ctr.columbia.edu> To: scrappy@ki.net (Marc G. Fournier) Cc: current@freebsd.org Subject: Re: NIS problem Message-ID: <199603200731.CAA10198@skynet.ctr.columbia.edu> In-Reply-To: <Pine.BSF.3.91.960319152223.249A-100000@ki.net> from "Marc G. Fournier" at Mar 19, 96 03:28:08 pm
next in thread | previous in thread | raw e-mail | index | archive | help
Of all the gin joints in all the towns in all the world, Marc G. Fournier had to walk into mine and say: > Hi... > > I'm not sure if its something I'm forgetting to run, or if > its a bug somewhere, but I can't seem to get login's working on my > -current machine with NIS running. Well, since you didn't actually describe what you did to set up NIS on your client, it's hard for me to tell where the problem may lie. > I've set the appropriate settings in sysconfig, and am running > ypbind -s on that machine, but try as I might, I can't login to that > machine unless the user entry is in the password file on that machine. There's stuff missing here. Editing sysconfig is not all there is to it (though I'm sure people would like it to be that way :). You need to add +::::::::: to the end of /etc/master.passwd and rebuild the password databases (with vipw, preferable). You also want to add +::: to the end of /etc/group. Read the passwd(5) man page when modifying /etc/master.passwd. Don't get clever with the magic '+' entries unless you know what you're doing. Don't use +:*::::::::. Don't use +::0:0::::::. Don't use any combination thereof. This is not SunOS. Don't expect everything to work the same. > If I run chsh userid, it will grab the NIS data though. This could mean that you used one of the bad + entries I mentioned. > Someone asked if maybe I had md5 instead of des encryption > installed, so that the encryption mechanisms are different, but an > md5 encrypted password is a substantially "longer" string then a des > encrypted one, so as far as I can see, both are using des. I take this to mean that the encrypted passwords in your local /etc/master.passwd file appear to be in DES format (the MD5 hash passwords all start with a $1$, and yes they are long. DES passwords are always 13 characters (11 ciphertext plus 2 salt)). If so, then this is correct, assuing the passwords in the passwd maps are also in DES format. > The ypserver is a -stable box, if that means anything? It shouldn't matter. > I know > there were some changes recently to -current's des, but I wouldn't have > assumed that those would have affected it in such a way as to produce > this sort of problem...would it? Again, as long as you're running the same kind of encryption format on both client and server, it shouldn't make any difference. I need more details. Please show me exactly what + lines you've added to /etc/master.passwd. Also, try using 'id nisuser' to see if the system actually recognizes the user (without the added local master.passwd entry, that is). -Bill -- ============================================================================= -Bill Paul (212) 854-6020 | System Manager Work: wpaul@ctr.columbia.edu | Center for Telecommunications Research Home: wpaul@skynet.ctr.columbia.edu | Columbia University, New York City ============================================================================= License error: The license for this .sig file has expired. You must obtain a new license key before any more witty phrases will appear in this space. =============================================================================
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199603200731.CAA10198>