Migrating user information from SunOS 4 to Solaris 2.3 (SunOS 5.3

Migrating user information from SunOS 4 to Solaris 2.3 (SunOS 5.3

Post by Jason M » Mon, 24 Jan 1994 08:01:19



Has anyone come up with a relatively straightforward process for migrating
user (password and home directory) information from SunOS 4 (/etc files or
NIS maps) to Solaris 2.3 (NIS+)?  This process is proving to be a real
pain, and the manuals are so far from user-friendly that they might as well
be written in Japanese.

I've been able to import the /etc/passwd information using nisaddent.  This
doesn't seem to set up the passwords properly, though; running 'nispasswd'
explicitly on each user seems to be required before it's possible to log
in.

Once this has been done, logins seem to work fine on the NIS+ server or
client machines, but it's still not possible for a user to change his
password - nispasswd just says 'Sorry'.  So I went and added the user to
the credentials table with 'nisaddcred' (local and des entries), and now
nispasswd works.

Here's the process I've worked out so far:

        # cat old-passwd-file | nisaddent passwd
        [repeat the following lines for every user in the passwd file]
        # nispasswd user-name  
        # nisaddcred -p userid -P username.domain. local

All of these commands are documented in the NIS+ manual, but never all in
one place.  Surely there's a better way than this tedious procedure.

Once I've done this, I can't view the user information using admintool.
When I try to view a user in the User Account Manager window, I get the
error "Error code is 202, failure mode is CLEAN.  Error -2130640896
converting expiration date from internal format."  This suggests something
wrong the password expiration fields in the passwd table, but I would have
expected that NIS+ would have at least provided valid defaults.

Thanks for your help,
-Jason

=======================================================================

   CTP, Inc.   304 Vassar St.   Cambridge MA 02139     (617)374-8223
=======================================================================

 
 
 

Migrating user information from SunOS 4 to Solaris 2.3 (SunOS 5.3

Post by Jeff Giacob » Wed, 26 Jan 1994 05:01:44



>Has anyone come up with a relatively straightforward process for migrating
>user (password and home directory) information from SunOS 4 (/etc files or
>NIS maps) to Solaris 2.3 (NIS+)?  This process is proving to be a real
>pain, and the manuals are so far from user-friendly that they might as well
>be written in Japanese.
>I've been able to import the /etc/passwd information using nisaddent.  This
>doesn't seem to set up the passwords properly, though; running 'nispasswd'
>explicitly on each user seems to be required before it's possible to log
>in.

I too am struggling with the NIS+ passwd nightmare.

In my case, I'm running into a known bug (Bug id# 1091205).  Seems that when
you migrate your SunOS 4.1.x /etc/passwd file over to NIS+ using nisaddent,
it bungles the expiration field (or maybe it just leaves it blank, I'm not
sure).

So when unsuspecting users try to log in, /usr/bin/login sees what it thinks
is and EXPIRED password, and attempts to fork /usr/bin/passwd.  Well, since
the user's password entry is in an NIS+ table, not the local /etc/passwd file,
password returns with an error, and login aborts.

...oh what fun....

The way I see it, my only option is to manually change ~300 user passwords
by hand using nispasswd, and chkey -p

Anyone know if there is a patch for this, or know of a decent work-around?

I've RTFM'ed for the past week, and I'm still tearing my hair out.  The old
Solaris 2.2 docs are just plain wrong, the "Solaris Advanced Sysadmin Guide"
says to go buy Rick Ramsey's book, and I'm going blind trying to read entire
manuals from the 2.3 Answerbook CD.  (I'd print them...but setting up a 2.3
print server is the NEXT nightmare on my list...:-)  )

Thanks in advance for any and all advice/tips/etc

JG

--
--------------------------------------------------------------------
        "There's such a fine line between clever and stupid"
                                                -David St. Hubbins
--------------------------------------------------------------------

 
 
 

Migrating user information from SunOS 4 to Solaris 2.3 (SunOS 5.3

Post by Matt Wet » Wed, 26 Jan 1994 06:36:51




|> >Has anyone come up with a relatively straightforward process for migrating
|> >user (password and home directory) information from SunOS 4 (/etc files or
|> >NIS maps) to Solaris 2.3 (NIS+)?  This process is proving to be a real
|> >pain, and the manuals are so far from user-friendly that they might as well
|> >be written in Japanese.
|>
|> >I've been able to import the /etc/passwd information using nisaddent.  This
|> >doesn't seem to set up the passwords properly, though; running 'nispasswd'
|> >explicitly on each user seems to be required before it's possible to log
|> >in.

|> I too am struggling with the NIS+ passwd nightmare.

I've hacked up some perl scripts to convert.  It may not be pretty,
but it works (except for the host map -- which really screws up for
some reason).  The following files include
        map_1perday
        map_passwd
        map_
        chkpasswd

The first one maps files from our NIS domain (which here I call
"zzz-yyy") to our NIS+ domain (which here I call "yyy.zzz").  I've
replaced our NIS hostname with "ypservhostname".   The uglist one is
chkpasswd which scans through the NIS+ passwd file for additions and
deletions.  All other maps are updated via "nisaddent -r".  Eventually
I want to change to just "nistbladm -r"(remove) and "nistbladm -a"(add)

Matt

#! /bin/sh
# To extract, remove mail header lines and type "sh filename"
echo x - chkpasswd
sed -e 's/^X//' > chkpasswd << '!FaR!OuT!'
X#!/usr/bin/perl
X#
X# chkpasswd -
X#
X# history -
X#      ?????93 M.Wette: created.
X#      10Nov93 M.Wette: updated.
X#
X# version -
X#      $Id$
X
X$testing = 0;
X
X$domainname = `domainname`; chop($domainname);
X
X
X# --- get NIS passwd table ...
X%os4_passwd = "";
X$os4_passwdfile = "jpl-gnc/passwd";
Xopen(IN, "<$os4_passwdfile");
Xwhile ($entry = <IN>) {
X  chop($entry);
X  ($name,$passwd,$uid,$gid,$gcos,$home,$shell) = split(/:/, $entry);
X  if ($name =~ /^x_/) { next; }
X  $os4_passwd{$name} = $entry;
X}
Xclose(IN);
X
X
X# --- get NIS+ passwd table ...
X%os5_passwd = "";
X$os5_passwdfile = "/tmp/os5_passwdfile.$$";
Xsystem("niscat passwd.org_dir >$os5_passwdfile");
Xopen(IN, "<$os5_passwdfile");
Xwhile ($entry = <IN>) {
X  chop($entry);
X  ($name,$passwd,$uid,$gid,$gcos,$home,$shell,$shadow) = split(/:/, $entry);
X  $os5_passwd{$name} = $entry;
X}
Xclose(IN);
Xunlink($os5_passwdfile);
X


X  if (defined $os4_passwd{$name}) { next; }
X  &sys("nistbladm -r name=$name passwd.org_dir");
X  &sys("nisaddcred -r $name.${domainname}.");
X}
X


X  if (defined $os5_passwd{$name}) { next; }
X  ($name,$passwd,$uid,$gid,$gcos,$home,$shell) = split(':', $os4_passwd{$name});
X  #$gcos =~ s/'/\\'/;
X  &sys("echo \"$name:x:$uid:$gid:$gcos:$home:$shell\" | nisaddent -a passwd");
X  &sys("echo \"$name:$passwd:8470::::::\" | nisaddent shadow");
X  &sys("nischmod o=rm,gw=r \'[name=$name],passwd.org_dir\'");
X}
X
X
X# --- get NIS+ cred table ...
X%os5_cred = "";
X$os5_credfile = "/tmp/os5_credfile.$$";
Xsystem("nisgrep auth_type=LOCAL cred.org_dir >$os5_credfile");
Xopen(IN, "<$os5_credfile");
Xwhile ($entry = <IN>) {
X  chop($entry);
X  ($name = $entry) =~ s/:.*$//;
X  if ($name =~ /^\s*$/) { next; }
X  $os5_cred{$name} = $entry;
X}
Xclose(IN);
Xunlink($os5_credfile);
X


X  $name =~ s/\..*$//;
X  if (defined $os4_passwd{$name}) { next; }
X  &sys("nisaddcred -r $name.${domainname}.");
X}
X


X  if (defined $os5_cred{"$name.${domainname}."}) { next; }
X  ($name,$passwd,$uid,$gid,$gcos,$home,$shell) = split(':', $os4_passwd{$name});
X  &sys("nisaddcred -p $uid -P ${name}.${domainname}. local");
X  &sys("nischown $name.${domainname}. \'[cname=$name.${domainname}.,auth_type=LOCAL],cred.org_dir\'");

X  &sys("nischmod o=rm \'[cname=$name.${domainname}.,auth_type=LOCAL],cred.org_dir\'");
X}
X
X
X###############################################################################
X
Xsub sys {
X  local($cmd) = $_[0];
X  print STDERR $cmd, "\n";
X  if ($testing) { return 0; }
X  return system($cmd)/256;
X}
X
X# --- last line of chkpasswd ---
!FaR!OuT!
chmod ugo+x chkpasswd
echo x - map_
sed -e 's/^X//' > map_ << '!FaR!OuT!'
X#!/bin/sh
XPATH=/bin:/usr/bin:/usr/etc:/usr/lib/nis:/usr/lib/netsvc/yp:.
Xexport PATH
X
XYP_DIR=/var/yp
XYP_DOM=zzz-yyy
XYP_HOST=ypservhostname
XFILE_DIR=/var/nis-files
XNIS_DIR=/var/nis
XNIS_DOM=yyy.zzz
X
Xmap_type1 () {
X  ypxfr -d $YP_DOM -h $YP_HOST $1
X  $FILE_DIR/xfer_map $1
X  nisaddent -r -f $FILE_DIR/$YP_DOM/$1 $1
X}
X
Xmap_type2 () {
X  ypxfr -d $YP_DOM -h $YP_HOST $1
X  $FILE_DIR/xfer_map $2
X  nisaddent -r -f $FILE_DIR/$YP_DOM/$2 $2
X}
X
Xmap_type3 () {
X  ypxfr -d $YP_DOM -h $YP_HOST $1
X  $FILE_DIR/xfer_map $2
X  nisaddent -r -f $FILE_DIR/$YP_DOM/$2 -t $2.org_dir key-value
X}
X
Xmap_it () {
X  case $1 in
X  auto_home) map_type3 auto.home auto_home ;;
X  auto_proj) map_type3 auto.proj auto_proj ;;
X  auto_master) map_type3 auto.master auto_master ;;
X  auto_opt_sun3_sunos4) map_type3 auto.opt.sun3-sunos4 auto_opt_sun3_sunos4 ;;
X  auto_opt_sun4_sunos4) map_type3 auto.opt.sun4-sunos4 auto_opt_sun4_sunos4 ;;
X  auto_opt_sun4_sunos5) map_type3 auto.opt.sun4-sunos5 auto_opt_sun4_sunos5 ;;
X  bootparams) map_type1 bootparams ;;
X  group) map_type2 group.bygid group ;;
X  #aliases) map_type2 mail.aliases aliases ;;
X  hosts) map_type2 hosts.byaddr hosts ;;
X  ethers) map_type2 ethers.byname ethers ;;
X  netgroup) map_type1 netgroup netgroup ;;
X  netmasks) map_type2 netmasks.byaddr netmasks ;;
X  networks) map_type2 networks.byaddr networks ;;
X  esac
X}
X
Xmap_it $1
!FaR!OuT!
chmod ugo+x map_
echo x - map_1perday
sed -e 's/^X//' > map_1perday << '!FaR!OuT!'
X#!/bin/sh
XPATH=/bin:/usr/bin:/usr/etc:/usr/lib/nis:/usr/lib/netsvc/yp:.
Xexport PATH
X
XYP_DIR=/var/yp
XYP_DOM=zzz-yyy
XYP_HOST=ypservhostname
XFILE_DIR=/var/nis-files
XNIS_DIR=/var/nis
XNIS_DOM=yyy.zzz
X
X##set -x
X$FILE_DIR/map_ auto_home
X$FILE_DIR/map_ auto_proj
X#$FILE_DIR/map_ auto_master
X#$FILE_DIR/map_ auto_opt_sun3_sunos4
X#$FILE_DIR/map_ auto_opt_sun4_sunos4
X$FILE_DIR/map_ auto_opt_sun4_sunos5
X$FILE_DIR/map_ bootparams
X$FILE_DIR/map_ group
X##$FILE_DIR/map_ aliases
X##$FILE_DIR/map_ hosts
X$FILE_DIR/map_ ethers
X$FILE_DIR/map_ netgroup
X$FILE_DIR/map_ netmasks
X$FILE_DIR/map_ networks
Xnisping -C org_dir
!FaR!OuT!
chmod ugo+x map_1perday
echo x - map_passwd
sed -e 's/^X//' > map_passwd << '!FaR!OuT!'
X#!/bin/sh
XPATH=/bin:/usr/bin:/usr/etc:/usr/lib/nis:/usr/lib/netsvc/yp:.
Xexport PATH
X
X
XYP_DIR=/var/yp
XYP_DOM=zzz-yyy
XYP_HOST=ypservhostname
XFILE_DIR=/var/nis-files
XNIS_DIR=/var/nis
XNIS_DOM=yyy.zzz
X
Xypxfr -d $YP_DOM -h $YP_HOST passwd.byuid
X$FILE_DIR/xfer_map passwd
X
Xchkpasswd
X
Xnisping -C org_dir
!FaR!OuT!
chmod ugo+x map_passwd
exit

--

 
 
 

Migrating user information from SunOS 4 to Solaris 2.3 (SunOS 5.3

Post by Matt Wet » Wed, 26 Jan 1994 07:23:26


|> I've hacked up some perl scripts to convert.  It may not be pretty,
|> but it works (except for the host map -- which really screws up for
|> some reason).  The following files include
|>   map_1perday
|>   map_passwd
|>   map_
|>   chkpasswd
|>
|> The first one maps files from our NIS domain (which here I call
|> "zzz-yyy") to our NIS+ domain (which here I call "yyy.zzz").  I've
|> replaced our NIS hostname with "ypservhostname".   The uglist one is
|> chkpasswd which scans through the NIS+ passwd file for additions and
|> deletions.  All other maps are updated via "nisaddent -r".  Eventually
|> I want to change to just "nistbladm -r"(remove) and "nistbladm -a"(add)

Sorry.  My explanation was pretty bad.  I set up cron to call the
scripts map_1perday and map_passwd once a day.  "map_1perday" uses
map_ to xtransfer a map (e.g., auto.home) to a local file and then
inserts it into NIS+ via "nisaddent -rf ...".  "map_passwd" gets the
passwd map from the NIS server and then calls "chkpasswd" which
compares the transferred NIS password file with what lives in the NIS+
database.  It handles entries and deletions via nisgrpadm.  A new
entry results in additions to the passwd, shadow and cred tables.  The
DES cred entry is given password "easy".  When  a user logs in he must
use "keylogin" and "chkey" to change to the login password.

Matt

 
 
 

Migrating user information from SunOS 4 to Solaris 2.3 (SunOS 5.3

Post by Dave Miner - ...sometimes you're the b » Wed, 26 Jan 1994 07:26:08



...

Quote:>I too am struggling with the NIS+ passwd nightmare.

>In my case, I'm running into a known bug (Bug id# 1091205).  Seems that when
>you migrate your SunOS 4.1.x /etc/passwd file over to NIS+ using nisaddent,
>it bungles the expiration field (or maybe it just leaves it blank, I'm not
>sure).

>So when unsuspecting users try to log in, /usr/bin/login sees what it thinks
>is and EXPIRED password, and attempts to fork /usr/bin/passwd.  Well, since
>the user's password entry is in an NIS+ table, not the local /etc/passwd file,
>password returns with an error, and login aborts.

No, your problem is actually that when you do 'nisaddent passwd' it expects to see a passwd file without passwds filled in, so it doesn't grab the passwords from it.  If you quickly run a sed or something over your /etc/passwd to turn it into a dummy shadow file, then do a 'nisaddent shadow', you'll get the password data filled in and be quite happy.

Dave (a.k.a. the original submitter of infamous bug #1091205)

---
----------------------------------------------------------------------------

 
 
 

1. Q: max # processes (Solaris 2.3 / SunOS 5.3)

Greetings all.

I have just jumped from OpenVMS system management into Solaris system
management with very little background in Unix, so please excuse the
ignorant nature of my question.

Is there any kind of Solaris/SunOS system parameter which limits the
maximum # of processes on a system? In /etc/system I find the line

        set maxusers=255

but presumably each of those 255 users need to be able to create multiple
processes, so the max number of processes would need to be much higher.

TIA
Jeff Dykzeul
Hughes Aircraft Company

2. Equal Cost Multi Path on kernel 2.6

3. Help compiling gcc 2.5.8 w/Solaris 2.3 (SunOS 5.3)

4. Apache Standalone Config

5. Help with basic commands like 'system' on SunOs 5.3 (solaris 2.3)!!!

6. resolv.conf and ISP, confused!

7. Help needed with perl 4.036 on SunOS 5.3 (solaris 2.3)

8. SCSI problems with multimpel LUNs & RAID controller

9. Help with Perl 4.036 on SunOS 5.3 (solaris 2.3)!!

10. Patches to SunOS 5.3 (Solaris 2.3)

11. Help with basic commands like 'system' on SunOs 5.3 (solaris 2.3)!!

12. BSD remote printing environment Solaris 2.3/SunOS 5.3

13. SunOS 5.3 (Solaris 5.3) Patch Report