Redhat 7.2 and Nis+ issues

Bob Edwards Robert.Edwards at anu.edu.au
Thu Dec 6 09:57:17 EST 2001


Ben Middleton wrote:
> 
> Hello.
> 
> There still does not seem to be a definitive solution to installing the
> nisplus client software on a Redhat box.
> 
> I have followed a whole range of different mails to try different things
> out.  Still cannot log on as an nisplus user - keeps coming back with
> unknown user.
> 
> Does anyone have a simple set of steps taken for redhat 7.*?
> 
> I can provide loads more detail if necessary.
> 
> Thanks.
> 
> Ben.

I have no problems running nisplus on RH7.2 machines (we have quite a
few running RH7.2 now - and even more still on RH7.1).

I use nis-utils-1.3 always (could never get 1.4 to compile and haven't
looked for more recent versions for a while).

So: 
 1) compile and install nis-utils-1.3
 2) set a domainname (I have a file /etc/defaultdomain ala Solaris)
 2a) make sure that your client and nisplus server agree on the time
	(I use ntp, other mechanisms should also work well)
 3) copy a known good /var/nis/NIS_COLD_START file into /var/nis (from
	another Linux box, or a Solaris box)
 3a) make sure your hostname is not fully qualified!!!
 4) I have a script to start nisplus (see at end of message) - install
	in /etc/init.d
 5) make sure your machine has a credential on the nisplus server
	(use nisaddcred, or nisinit etc.)
 6) run /etc/init.d/nisplus start
 7) put in the required passwords etc.
 8) use nisdefaults to confirm that the Principal Name is not
	"(Not Authenticated)" (excuse the double negative there)
 9) use nismatch <some user> passwd.org_dir to ensure that nisplus can
	get the users passwd details, including an encrypted password
 10) use ntsysv (or whatever) to make sure that the nisplus script gets
	called next time your machine boots (I also enable nscd at this
	point as well)

That basically does it for getting nisplus going. 

Now for authentication:
 1) compile up pam_unix2.so (or install a binary from somewhere)
 2) install in /lib/security
 3) edit /etc/pam.d/system_auth to look something like:

auth        sufficient    /lib/security/pam_unix2.so set_secrpc
auth        sufficient    /lib/security/pam_unix.so likeauth nullok md5 shadow
auth        required      /lib/security/pam_deny.so
account     sufficient    /lib/security/pam_unix2.so set_secrpc
account     sufficient    /lib/security/pam_unix.so
account     required      /lib/security/pam_deny.so
password    required      /lib/security/pam_cracklib.so retry=3
password    sufficient    /lib/security/pam_unix2.so set_secrpc
password    sufficient    /lib/security/pam_unix.so nullok use_authtok md5
shadow
password    required      /lib/security/pam_deny.so
session     required      /lib/security/pam_limits.so
session     required      /lib/security/pam_unix.so

	(note that I have both pam_unix2 and pam_unix - to check the
	password file as well)

You should now be able to log in.

We also use autofs with nisplus to locate peoples home directories. Add
this to /etc/auto.master:

/home   nisplus:auto_home rsize=8192,wsize=8192,timeo=14,intr

then stop and restart autofs.

This all works fine on recently patched RH7.2 machines. If it doesn't
work for you, then I'd suspect that your nisplus server may have different
permissions on the nisplus tables to ours. Let me know and I'll check into
that if necessary.

Here is the script I use for starting nisplus in /etc/init.d:
#!/bin/sh
#
# nisplus:              Starts the Network Information Service Plus Daemon
#
# chkconfig: - 14 86
# description:  This is a daemon which handles passwd and group lookups \
#               for running programs and cache the results for the next \
#               query.  You should start this daemon only if you use \
#               slow Services like NIS or NIS+
# processname: nisplus
#

# Sanity checks.
[ -f /etc/defaultdomain ] || exit 0
[ -f /var/nis/NIS_COLD_START ] || exit 0
[ -x /bin/nisdomainname ] || exit 0
[ -x /usr/sbin/nisinit ] || exit 0
[ -x /usr/sbin/keyserv ] || exit 0

# Source function library.
. /etc/rc.d/init.d/functions

# See how we were called.
case "$1" in
    start)
        echo -n "Starting NIS+ services: "
        nisdomainname `cat /etc/defaultdomain`
        nisinit -c -C /var/nis/NIS_COLD_START
        daemon keyserv
        if [ ! -f /etc/.rootkey ]; then
             chkey -p -s nisplus
        fi
        echo
        touch /var/lock/subsys/nisplus
        ;;
    stop)
        echo -n "Stopping NIS+ Daemon: "
        killproc keyserv
        rm -f /var/lock/subsys/nisplus
        echo nis+
        ;;
  status)
        status nisplus
        ;;
  restart)
        $0 stop
        $0 start
        ;;
    *)
        echo "Usage: $0 {start|stop|status|restart}"
        ;;
esac
exit 0

Hope this helps,

Cheers,

Bob Edwards.




More information about the linux-nisplus mailing list