problems with NIS/NYS ypserv and yppasswd

problems with NIS/NYS ypserv and yppasswd

Post by Georg P. Israe » Tue, 12 Nov 1996 04:00:00



Hallo,

I'm trying to set up a Linux machine as a NIS server (but unfortunately
without much success). I installed the following packages on my machine:

yp-clients-2.2
yppasswd-0.9
ypserv-1.1.0

The init scripts in rc3.d appear to run properly i.e.

S65ypserve:

Quote:>domainname ${NIS_DOMAIN}
>daemon ypserv

S67yppasswd

Quote:>daemon rpc.yppasswdd  -e chsh -e chfn

S68ypclient

Quote:>daemon /usr/sbin/ypbind

Now, if I want to execute >yppasswd< it just says:
yppasswd: can't get local yp domain: local domain name not set

but >ypdomainname< returns the right domain name

Is there anybody that can help me with this problem??

Thanks

Georg

--

----------------------------------------------------------------------
Georg P. Israel                 Phone:        +41-1-6324583
IBT                             Fax:          +41-1-6321214


SWITZERLAND

 
 
 

problems with NIS/NYS ypserv and yppasswd

Post by Georg P. Israe » Thu, 14 Nov 1996 04:00:00


: Hallo,

: I'm trying to set up a Linux machine as a NIS server (but
unfortunately
: without much success). I installed the following packages on my
machine:

: yp-clients-2.2
: yppasswd-0.9
: ypserv-1.1.0

Looks liek a RedHat System to me. Even it looks like the rpm's I've
made.

: init scripts in rc3.d appear to run properly i.e.

: S65ypserve:
: >domainname ${NIS_DOMAIN}
: >daemon ypserv

OK. First. Your ypserv.conf file in /etc/ypserv.conf has to be set
up. After that, you didn't read the Docu to yp-clients. In fact,
yppasswd and everything that runs with the NIS-Stuff built into the
libc depends of a file called /etc/yp.conf that _HAS_ to exist.
Mine here is:

domain Wandering_between_Galaxys
ypserver stargate

Where domain is your NIS Domain also set as ${NIS_DOMAIN} in
/etc/sysconfig/network and ypserver mus have the Server name
behind. After that, everything should work fine.
BTW: /etc/nsswitch has to exist too, since it is the Configuration
file for the libc-part of NIS.

: S67yppasswd
: >daemon rpc.yppasswdd  -e chsh -e chfn

: S68ypclient
: >daemon /usr/sbin/ypbind

No. Don't ever Run ypbind on a Client or Server System that has NIS
built into the libc. Deactivate it. Don't start it.

: Now, if I want to execute >yppasswd< it just says:
: yppasswd: can't get local yp domain: local domain name not set

Right. Unfortunatly, yppasswd looks first in the /etc/yp.conf file, if
it doesn't find it, it complains.

: but >ypdomainname< returns the right domain name

Yes, but this has to be set in /etc/yp.conf too.

: Is there anybody that can help me with this problem??

Yep. Read again what I wrote ;)

PS: IF you can Post my reply to the list, please do. Would be great,
since
I have a Read-Only newsfeeds for comp.os.linux.* :(

 
 
 

problems with NIS/NYS ypserv and yppasswd

Post by Georg P. Israe » Thu, 14 Nov 1996 04:00:00


----- Transcript of session follows -----
While talking to subnet.sub.net:

is not allowed to receive mail

   ----- Unsent message follows -----
Received: from zaphod.ethz.ch by colombo.ethz.ch with SMTP id AA19868

1996 17:12:19 +0100


Date: Wed, 13 Nov 1996 17:22:02 +0100

Organization: IBT - ETH
X-Mailer: Mozilla 3.0 (X11; I; Linux 2.0.18 i586)
Mime-Version: 1.0

Subject: Re: problems with NIS/NYS ypserv and yppasswd

Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Hallo Joerg,

great to receive your e-mail.

You are right about the assumptions.
Yes I run a RedHat system and
yes I installed your rpm's (BTW, thanks for your effort :-)

Now to the not so great news.
Even thought, I would love to run a YP server on my machine, it is still
not running. I believe I did all that you told me to do i.e.

1. removed ypbind (S65ypserver and S67yppasswdd)
2. generated /etc/yp.conf
   >domain   magrathea
   >ypserver zaphod

Then, after I did all this editing stuff, the machine was booting very
slowly. It seemed that all network operations took ages. But finally
when I got to the login screen, the machine did not let me in again.
After typing in my password the machine took approximately 1 minute for
the verification. So, I believe I did probably something very stupid, I
just don't know.
If you have a clue, please let me know.
Additionally, I have the feeling that I was reading the wrong HOWTOs.
Are there any HOWTOs which are specific for this package?

I'm looking forward to your e-mail

Georg

 
 
 

problems with NIS/NYS ypserv and yppasswd

Post by Anmin De » Fri, 15 Nov 1996 04:00:00



:> Even thought, I would love to run a YP server on my machine, it is still
:> not running. I believe I did all that you told me to do i.e.
:> 1. removed ypbind (S65ypserver and S67yppasswdd)
:> 2. generated /etc/yp.conf
:>    >domain   magrathea
:>    >ypserver zaphod
:> ...............

Here is my tips..
0. set yp-domain-name on all the yphosts. (you have done this)
1. Edit /etc/{passwd,group}. (remove the users/groups that are supposed
   to be on YP in all-the-ypclients, and append a "+" sign at tails of
   all-the-yphosts:/etc/{passwd,group}.
   "+:*::...." decribed in NIS-HOWTO is obsolete).
2. Correctly set /etc/yp.conf.  Here is my /etc/yp.conf as an example..
   ypserver:/etc/yp.conf=====
   ypserver 127.0.0.1
   all-the-ypclients:/etc/yp.conf=====
   ypserver 111.222.333.444  # assume my ypserver ip== 111.222.333.444.
3. Run "cd /var/yp; make" on ypserver.
4. Edit ypserver:/etc/hosts.{allow,deny} or /var/yp/securenet.
5. Run ypserv, yppasswdd -e ..., and ypbind on ypserver, then run
   ypbind on all the ypclients.
6. If it works, put 0 and 5 at rc file.

NOTE..
1. Make users change their passwd, fn, and sh by yppasswd in package
   yppasswdd.
2. YP-account maintainers should always keep the "+" sign at the very
   last line of /etc/{passwd,group}.  Many adduser utilities fail to
   do that since they put new user/group entries below "+" sign.

 
 
 

problems with NIS/NYS ypserv and yppasswd

Post by Arndt Hinuebe » Fri, 15 Nov 1996 04:00:00



Quote:> NOTE..
> 1. Make users change their passwd, fn, and sh by yppasswd in package
>    yppasswdd.

you should set permissions for passwd, chfn, chsh to 700 so that only root
can use them. For a yp-user, change of passwd with 'passwd' doesn't work
(on our standard installation) *by default* -- system recognizes that it
is a yp-account.

The 3 command should if possible also be avoided by root on a NIS client,
because when using them the '+' in /etc/passwd is replaced with the
yp-entries of the NIS server (those you also get by 'ypcat passwd'), and
as a result the former yp-users get local-users.

Quote:> 2. YP-account maintainers should always keep the "+" sign at the very
>    last line of /etc/{passwd,group}.  Many adduser utilities fail to
>    do that since they put new user/group entries below "+" sign.

Arndt

+----------------------------------------------------------------------------+

+----------------------------------------------------------------------------+

 
 
 

problems with NIS/NYS ypserv and yppasswd

Post by Georg P. Israe » Sat, 16 Nov 1996 04:00:00


Salute Everybody,

thanks for all the suggestions that I got :-).
This, really, did help me allot.
I'm now a step further in the process to set up a NYS server.
However, to me, it appears to be rather unusually difficult.
So fare, I was reading throe allot of misleading HOWTOS e.g. the
"+:0::::::" stuff that did initially scrough up my system for an hour or
so :-/.
However, after reading all the e-mail I have come so fare:

I'm running RedHat 4.0 (upgrade from 3.0.3)

additionally installed RPMs:
yp-clients-2.2
yppasswd-0.9
ypserv-1.1.0

(the rpm had been made available by Joerg Mertin, but I can't reach him
because of some strange e-mail problems :-/ )

My system looks currently something like this:

rc3.d:
======

S90ypserv:

Quote:>domainname $(NIS_DOMAIN)
>daemon ypserv

S91yppasswd:

Quote:>daemon rpc.yppasswdd -e chsh -e chfn

/etc/yp.conf:

Quote:>ypserver  127.0.0.1
>domain    myYPdomain

/etc/ypserv.conf:

Quote:>sunos_kludge: no
>tryresolve: no
>dns: no
> *                          : passwd.byname    : port       : yes
> *                          : passwd.byuid     : port       : yes
> *                          : shadow.byname    : port       : yes
> *                          : *                : none

/etc/passwd:

Quote:>....
>+

/etc/group:

Quote:>....
>+

/etc/sysconfig/network:

Quote:>....
>NIS_DOMAIN=mydomain

/etc/nsswitch.conf:

Quote:>passwd:     compat
>shadow:     files nisplus nis
>group:      compat
>hosts:      files nisplus nis dns
>services:   nisplus [NOTFOUND=return] files
>networks:   nisplus [NOTFOUND=return] files
>protocols:  nisplus [NOTFOUND=return] files
>rpc:        nisplus [NOTFOUND=return] files
>ethers:     nisplus [NOTFOUND=return] files
>netmasks:   nisplus [NOTFOUND=return] files    
>bootparams: nisplus [NOTFOUND=return] files
>netgroup:   nisplus
>publickey:  nisplus
>automount:  files nisplus
>aliases:    files nisplus

/var/yp/mydomain  OK

/var/yp/ypservers:

Quote:>zaphod.ethz.ch

/var/yp/securenets:
255.255.255.192 129.132.82.0

additionally:
after all this work, I did end up having a /var/yp and /var/nis
directory. I think they should be pretty much the same.

-------------------------------------------------------

Now:

- ypdomain is returning the right domain name.

- yppasswd returns:
  >yppasswd: can't find the master ypserver: internal NIS server or
client error

- ypwhich returns:
  >can't yp_bind: Reason: RPC failure on NIS operation

- ypwhich -x returns:
  >Use "passwd" for "passwd.byname"
  >Use "group" for "group.byname"
  >Use "networks" for "networks.byaddr"
  >Use "hosts" for "hosts.byaddr"
  >Use "protocols" for "protocols.bynumber"
  >Use "services" for "services.byname"
  >Use "aliases" for "mail.aliases"
  >Use "ethers" for "ethers.byname"

- ypcat passwd returns nothing at all!!

So, if anybody has some bright idea about what is going wrong at my
site, then pleas let me know

Georg (in pain)

 
 
 

problems with NIS/NYS ypserv and yppasswd

Post by Martin Spo » Sun, 17 Nov 1996 04:00:00



Quote:> Salute Everybody,
> /etc/nsswitch.conf:

[...]

Change 'nisplus' to 'nis' in nsswitch.conf . As far as I know ypbind is a
'nis'-server, not a 'nisplus'-server. Anyway, to use /etc/nsswitch.conf, you
have to compile libc with NYS-support, then you don't have to add any dotted
line to /etc/passwd.

Martin.
--


--------------------------------------------------------------------------
 Unix _IS_ user friendly - it's just selective about who its friends are !
--------------------------------------------------------------------------

 
 
 

1. NIS: ypserv 1.99.0 rejects ypserv.conf

I'm trying to install ypserv. Ypserv ignores ypserv.conf entries.
Could anyone give me a hint what am I doing wrong?

Linux distribution=Debian Potato,
libc 5.3.12-31
glibc 2.1.3

#ypserv -v
ypserv (ypserv) 1.99.0
#uname -a
Linux 2.2.14-6.1.1smp #1 SMP Thu Apr 13 19:55:55 EDT 2000 i686 unknown

Apparently man pages for ypserv.conf didn't install, so I found man
ypserv.conf at http://www.linux.com/develop/man/5/ypserv.conf/.
According to it, I created ypserv.conf (just 2 lines):
*                                       : shadow.byname    : port       : yes
132.146.124.212/255.255.255.255         : *          : none

And when I try to run ypserv it says:
# ypserv --debug
[ypserv (ypserv) 1.99.0]

Find securenet: 255.255.255.255
 127.0.0.1
Find securenet: ....
...
Unknown security option "yes" in line 1 => Ignore line
No security entry in line 2 => Ignore line
#

Why is ypserv ignoring ypserv.conf entries? My guess is that the file
format changed and I don't have the newest documentations. If this is
the case, where do I find one?

Thanks a lot for help,
Pawel

2. /proc

3. HELP: NYS works but not yppasswd

4. ppp mtu's, x2 modems, etc.

5. NYS-yppasswd

6. Problems with linking

7. Multiple/BACKUP NIS servers with NYS NIS client?

8. Q: SCO 3.0 and IBM Valuepoint 6384

9. NIS & NYS & NIS+

10. ypserv 1.2.0 - NYS YP server

11. NIS+, NIS and yppasswd

12. Why does yppasswd-0.9-1 need ypserv-1.1.7-1 (and other yp questions)