From Robert.Edwards at anu.edu.au Tue Feb 4 17:27:56 2003 From: Robert.Edwards at anu.edu.au (Robert Edwards) Date: Tue Dec 2 13:41:49 2003 Subject: nis linux workstation to server In-Reply-To: <3E385928.217.5CF1EC@localhost> References: <3E385928.217.5CF1EC@localhost> Message-ID: <200302041727.56434.Robert.Edwards@anu.edu.au> On Thu, 30 Jan 2003 03:43 pm, stewartkc1@comcast.net wrote: > I?m trying to setup linux workstations to authenticate to a linux > server. I have no problems with windows clients authenticating on > my lan ? using samba and domain logins ? works beautifully. I hope > to avoid having to setup each user individually on the linux > workstation as well as the server and believe nis is the way to go. I > run ipchains firewall on the server, and cannot figure the rules as I > can?t find any info on the ports nis uses. I?ve added the following > rules to open portmap in ipchains: > > -A input -s 192.168.1.0/255.255.255.0 -d 0/0 111 -p tcp -y -j > ACCEPT > -A input -s 192.168.1.0/255.255.255.0 -d 0/0 111 -p udp -i eth0 -j > ACCEPT > > This doesn?t help. However if I flush ipchains, then I can logon from > the linux workstation. So I?m sure ipchains is the problem. If you run > with ipchains, what is the ruleset you use? Or if you don?t run a > firewall on your server I?d like to know how you implement security. > > Thanks if you have the time. > Keith Stewart > Stewartkc1@comcast.net This is really a NIS question and not really all the relevant on a NIS+ mailing list. NIS and NIS+ are really two very different beasts. I am afraid that I can't really help you with this NIS question. Cheers, Bob Edwards. From daniel.franke at imbs.uni-luebeck.de Tue Feb 18 02:15:12 2003 From: daniel.franke at imbs.uni-luebeck.de (Daniel Franke) Date: Tue Dec 2 13:41:49 2003 Subject: nisplus authentication problem - sent 06Jan, revisited Message-ID: Hi there, Bob Edwards wrote Mon, 06 Jan 2003: > If nisdefaults runs OK, then try "nismatch someuser passwd.org_dir" > ("someuser" is replaced by some real username in the NIS+ server database). > If all is well, you should see an encrypted passwd entry in the second field > (after the first colon) of the output. If you see something like "*NP*" > instead, then again, the NIS+ server is not giving the password back to the > client (doesn't trust it). Which describes exactly my problem. I've got a Solaris 8 NIS+ Server, one Solaris 8 client, two runing SuSE 8.1 linux clients - and one (again SuSE 8.1, but this time running within vmware under windows) that doesn't. Everything seems more or less fine ... * I'm able to `niscat ` any table (but *NP* in pwd-fields) * `nisdefaults` seems fine (sorry, unable to copy-paste) * login as local root, then `su - ` works fine * login as user (shell/ssh) fails Bob say's, the server doesn't trust my client ... *hmm* I added the credentials as I did before using `nisaddcred -p unix.vmware@mydomain.com -P vmware.mydomain.com. des`. AS mentioned above, three times this worked fine?! I compared: nsswitch.conf, NIS_COLD_START ... (I believe, I do not use secrpc, so there should not be any timing probs) Another problem (maybe corellated): * booting my vmware-linux, everythings looks good - at first sight * directly after boot: `niscat passwd.org_dir` -> "passwd.org_dir: Error in RPC-Subsystem" (btw, NFS-mount was successful) * restart the portmapper * again the niscat cmd -> expected output, including *NP* (niscat at the working hosts gives a complete list, including the encrypted pw) I'm doing this in my spare time ... please, any help would really be appreciated! Thnx in advance Daniel Franke -- Dipl.-Math. (FH) Daniel Franke Institut fuer Medizinische Biometrie und Statistik Medizinische Universitaet zu Luebeck Ratzeburger Allee 160, Haus 4 23538 Luebeck Telefon: 0451-500-2786 Telefax: 0451-500-2999 daniel.franke@imbs.mu-luebeck.de From daniel.franke at imbs.uni-luebeck.de Tue Feb 18 03:01:53 2003 From: daniel.franke at imbs.uni-luebeck.de (Daniel Franke) Date: Tue Dec 2 13:41:49 2003 Subject: nisplus authentication problem - sent 06Jan, revisited In-Reply-To: <3E510078.2060008@fedex.com> Message-ID: > -----Original Message----- > From: Jimmy Beasley [mailto:jjbeasley@fedex.com] > Sent: Monday, February 17, 2003 4:32 PM > To: Daniel Franke > Subject: Re: nisplus authentication problem - sent 06Jan, revisited > Try this for a user > > login as local root, then `su - ` and run chkey -p as the "someuser" this should > correct the creds for that user. Thanks Jimmy, this didn't the trick, but maybe i found the real source of my problem: When stopping and restarting the portmapper, keyserv is stopped as well, but not restarted again. If I restart the behaves like waiting on a timeout. I enabled debugging and got output like: --cut-- key_encrypt_pk_svc() uid=0 remotename=unix@blade1.imbs.edu <...> --cut-- here, in remotename, I'm missing my hostname ... I would expect s.th. like: "unix.vmware@blade1.imbs.edu" ?? Might this be the right direction where to look further? Daniel -- Dipl.-Math. (FH) Daniel Franke Institut fuer Medizinische Biometrie und Statistik Medizinische Universitaet zu Luebeck Ratzeburger Allee 160, Haus 4 23538 Luebeck Telefon: 0451-500-2786 Telefax: 0451-500-2999 daniel.franke@imbs.mu-luebeck.de From rstaub at arrow.com Tue Feb 18 11:02:10 2003 From: rstaub at arrow.com (Doug Staub) Date: Tue Dec 2 13:41:49 2003 Subject: Starting NIS+ on boot failing Message-ID: All, I'm a newbie to Linux (go easy), but I cannot find very extensive documentation on the problem I am having. New machine with Linux RedHat 8 installed and everything works fine with NIS+ except after reboots - connecting to the NIS+ server (Solaris 8) fails, so a manual "keyserv" followed by a "keylogin -r" is required - any ideas or is there something I missed? Any help would be appreciated! Thanks, Doug -------------------------- R. Doug Staub UNIX System Administrator Arrow Electronics 805-557-2223 rstaub@arrow.com --------------------------- 225 W. Hillcrest Dr. #200 Thousand Oaks, CA 91360 From Robert.Edwards at anu.edu.au Thu Feb 20 09:54:51 2003 From: Robert.Edwards at anu.edu.au (Robert Edwards) Date: Tue Dec 2 13:41:49 2003 Subject: Starting NIS+ on boot failing In-Reply-To: References: Message-ID: <200302200954.51816.Robert.Edwards@anu.edu.au> What stage of the startup sequence are you trying to start keyserv? Is it before, or after, you have started your time synchronisation daemon? Is it before or after you start portmap? I am not sure why you need to do a keylogin -r. Is there a /etc/.rootkey file present before you start keyserv? Cheers, Bob Edwards. On Tue, 18 Feb 2003 11:02 am, Doug Staub wrote: > All, > > I'm a newbie to Linux (go easy), but I cannot find very extensive > documentation on the problem I am having. > > New machine with Linux RedHat 8 installed and everything works fine with > NIS+ except after reboots - connecting to the NIS+ server (Solaris 8) > fails, so a manual "keyserv" followed by a "keylogin -r" is required - any > ideas or is there something I missed? > > Any help would be appreciated! > > Thanks, > Doug > > -------------------------- > R. Doug Staub > UNIX System Administrator > Arrow Electronics > 805-557-2223 > rstaub@arrow.com > --------------------------- > 225 W. Hillcrest Dr. #200 > Thousand Oaks, CA 91360 From jessvgs at online.no Tue Feb 25 21:15:55 2003 From: jessvgs at online.no (Jessheim vgs.Ullersmo) Date: Tue Dec 2 13:41:50 2003 Subject: No subject Message-ID: <000801c2dcb6$f6646b50$2e2a4382@CPQ14115235368> do I need nis for the domainlogin of windows XP clients? purely with samba I get some problems. Expanation next time thanks b.christukat -------------- next part -------------- HTML attachment scrubbed and removed From bathd at jane.edipost.auspost.com.au Wed Feb 26 11:03:07 2003 From: bathd at jane.edipost.auspost.com.au (David T. Bath) Date: Tue Dec 2 13:41:50 2003 Subject: XP domain logon In-Reply-To: <20030225120059.4568C2C6B4@lists.samba.org> References: <20030225120059.4568C2C6B4@lists.samba.org> Message-ID: <200302261103.07568.bathd@jane.edipost.auspost.com.au> > do I need nis for the domainlogin of windows XP clients? > purely with samba I get some problems. Apparently there are some problems with Samba PDC and XP clients. I do not believe you *need* NIS(+), but there are hacks around it. I suppose it depends if you are using an XP PDC and merely sharing from Samba, or whether you have a Samba PDC. If you are using an XP PDC, then you may like to consider LDAP, as this can tie in a bit better with XP ActiveDirectory. -- David T. Bath EDIPost, Australia Post Ph:0418-316-634 Email:David.Bath@auspost.com.au RFC does not stand for Richmond Football Club Australia Post is committed to providing our customers with excellent service. If we can assist you in any way please either telephone 13 13 18 or visit our website www.auspost.com.au. CAUTION This e-mail and any files transmitted with it are privileged and confidential information intended for the use of the addressee. The confidentiality and/or privilege in this e-mail is not waived, lost or destroyed if it has been transmitted to you in error. If you have received this e-mail in error you must (a) not disseminate, copy or take any action in reliance on it; (b) please notify Australia Post immediately by return e-mail to the sender; and (c) please delete the original e-mail.