# NIS gentoo client

## DaGr8Gatzby

I have an OpenBSD NIS master server and I am unable to connect to it with my gentoo box. I know it's not a server error due to the fact that I have a FreeBSD webserver box, and that box is able to use NIS names. Could someone help me get this thing up and running? The error states that it couldn't find an NIS server, but all my files are configured correctly on the gentoo box. I know about the advantages of LDAP but for now I'll stick with NIS just to see if I could get it to work. Thanks all...

----------

## KShots

It seems that there is an incompatability between linux and FreeBSD (Probably OpenBSD as well) in NIS, apparently due to a different structure in the passwd file.

I have similar problems.

One of my FreeBSD clients can use NIS no problem on my FreeBSD NIS server. My Gentoo clients can do a ypcat passwd and see all the login information correctly, but they cannot use it (login always fails).

Looking around, it seems this is a common problem, but I haven't seen anyone solve it yet. I'm about at the point where I'm about ready to give up. It seems really rediculous to me that there is no solution when all the information is *right there* and plainly visible to the linux clients.

Anyone know of a good alternative?

----------

## UberLord

 *KShots wrote:*   

> Anyone know of a good alternative?

 

LDAP  :Laughing: 

----------

## KShots

Hmm... actually, it seems I have spoken too soon.

As I was testing it, I was going through SSH - it failed every time.

When I got home and logged in locally with my NIS test account, I got in no problem.

When I restarted SSH (thinking it may be caching users itself), I still couldn't log in via SSH. I think I'm pretty close to a solution - I'll post my config later if anyone else wants to get that far... heck, maybe someone knows what to do with SSH.

EDIT:

Server config:

/var/yp/master.passwd

```
# $FreeBSD: src/etc/master.passwd,v 1.39 2004/08/01 21:33:47 markm Exp $

#

rich:** Masked for security - make your own **:1001:1002::0:0:Richard F. Ostrow Jr.:/home/rich:/usr/local/bin/bash

test:** Masked for security - make your own **:1003:1004::0:0:User &:/home/test:/usr/local/bin/bash
```

Note that the shell is /usr/local/bin/bash - I'm not sure if this is required or not, but on my test client I made a symlink to that location for bash. The locations differred between FreeBSD and Gentoo. If you don't know how to generate the passwords, try simply adding users to the local machine, running vipw to cut them (so they are removed), and paste them into this file. This worked for me. Alternatively, add all the users you want to the local machine, copy the whole file over, then remove everything but those users you want (no root, nobody, www, etc.).

Permissions of master.passwd: chmod 600 master.passwd && chown root master.passwd

/var/yp/securenets

```
# allow connections from local host -- mandatory

127.0.0.1       255.255.255.255

# allow connections from any host on the 10.4.12.0 network

10.4.12.0       255.255.255.0
```

This restricts NIS to my local subnet (I have other subnets, so this is important)

Permissions of securenets: chmod 600 securenets && chown root securenets

Now, within /etc/rc.conf, make sure you have the following lines (from the FreeBSD handbook):

1. nisdomainname="MyDomainName" - Rename that to match your domain.

2. nis_server_enable="YES" - I think that's self-explanatory

3. nis_yppasswdd_enable="YES" - allows clients to change their passwords from client machines - optional

4. nis_yppasswdd_flags="-t /var/yp/master.passwd" - Tells yppasswdd where to find the passwd file

5. nis_client_enable="YES" - allows your server to also be a client - optional

6. nis_client_flags="-S NIS domain,server" - If you are a client, you should define this. Use your domain and a hostname is fine here (probably localhost will work - I used the machine's hostname)

7. nis_ypxfrd_enable="YES" - Starts up the ypxfrd daemon - should only be needed if you have slave servers... I'm currently running it though I have none, I haven't yet tried it without this line. It speeds up the distribution of very large NIS maps to the slave servers. Note - this and the following line I got from this source

8. nis_ypset_enable="NO" - This should tell ypset not to start up - the server doesn't seem to need this to work.

Next, run ypinit -m MyDomain - where MyDomain is whatever your domain name is. Follow the instructions. If you have slave servers, add them in when it asks. Otherwise, hit CTRL-D to end the list. Finish up by running make.

Now we're almost done with the server. Run /etc/netstart to restart network services, and NIS should be up and running (there's probably something under /etc/rc.d that starts just NIS, but the handbook didn't show any other method and that's what I know works. Feel free to try using /etc/rc.d/*)

Client setup

First, make sure NIS is installed: emerge -av ypbind ought to do the trick. I should note that I have the nls flag active. I think it was a default flag, and an equery u ypbind simply shows it to be an unknown flag... I'm not sure what it is, just that I have it and it seems to work (partially).

Edit /etc/yp.conf to contain the following string: domain MyDomain server MyServer - fill in your domain and your server's host name or IP (I used the host name and it seems to work fine).

The installation of ypbind suggests you edit /etc/conf.d/ypbind for your setup. My setup needed no modification of that file (it lets you set the options passed into ypbind), but yours may. Look up the ypbind man page for command-line options, and add any you may need here.

Next, run vipw and add this to the bottom of the file: +:::::: - this tells the client to use NIS accounts as well. You can also add this to /etc/group: +:*:: - this imports the groups from the server (if you defined them).

OK... now cross your fingers and run /etc/init.d/ypbind start.

At this point, you should be able to see the accounts. Try running ypcat passwd - you should see the contents of your master.passwd file on the server.

If all seems to be working so far, you should be able to log in locally with your NIS account. Unfortunately, I have not succeeded yet in logging in remotely via SSH. If anyone finds a way for that to work, that would be great  :Smile: .

----------

