| View previous topic :: View next topic |
| Author |
Message |
hertog
Tux's lil' helper
Joined: 28 Jun 2002
Posts: 138
Location: Enschede/The Netherlands/Europe
|
 Posted: Sun Dec 01, 2002 6:59 pm Post subject: NIS problem: root gets passwd's normal users don't |
 |
|
Just installed NIS-server and client.
Now something weird happens...
Normal users don't see their names, look at the following:
[edit: this is all on the client]
As root:
big-iron root # ypcat passwd
hertog:<<removed>>:1000:100:Gert-Jan Rodenburg,,,:/home/hertog:/bin/bash
nobody:*:65534:65534:nobody:/:/bin/false
simone:<<removed>>:1001:100:Simone Middelveld,,,:/home/simone:/bin/bash
and as a user:big-iron root # su - hertog
/usr/bin/whoami: cannot find username for UID 1000
[: =: unary operator expected
I have no name!@big-iron hertog $ ypcat passwd
I have no name!@big-iron hertog $
(btw, note the lack of a username and the error)
Somehow, 'normal users' don't get the info they need.
Any hints? |
|
| Back to top |
|
 |
pillo79
n00b
Joined: 17 Oct 2002
Posts: 5
|
| Posted: Tue Jan 14, 2003 11:42 am Post subject: same here |
|
|
Hello,
I have the same problem. By the way, I think that regular users can't "ypcat passwd" for security. In fact, I tried "ypcat hosts" and it works even for regular users.
Anyone getting the problem solved  please post!
Thanks!! |
|
| Back to top |
|
|
pillo79
n00b
Joined: 17 Oct 2002
Posts: 5
|
|
| Back to top |
|
|
darkweaseljedi
Tux's lil' helper
Joined: 05 Jan 2003
Posts: 101
Location: Minneapolis, MN
|
| Posted: Wed Jan 15, 2003 8:40 pm Post subject: |
|
|
https://forums.gentoo.org/viewtopic.php?t=30301
I'm having the same problem. I guess I didn't read the forum search very closely at 2am otherwise I would have noticed your post.
You can ypcat group.byuid or group.byname, but not passwd.(anything)
darkweasel |
|
| Back to top |
|
|
darkweaseljedi
Tux's lil' helper
Joined: 05 Jan 2003
Posts: 101
Location: Minneapolis, MN
|
| Posted: Wed Jan 15, 2003 8:53 pm Post subject: |
|
|
Some of the follow up posts to that link you posted, pillo79, said that he fixed the problem by changing the permissions on his /etc/passwd file to 644 from 600.
My /etc/passwd file was 644. I checked my /var/yp/(domainname)/ files, and they were all 600, but changing their permissions didn't make anything different.
btw, I noticed I have a (none) directory in my /var/yp folder. Any one know what that is? I can't get into it, but it is a folder. I did a "locate passwd" and i get this near the end:
/var/yp/(none)/passwd.byname
/var/yp/(none)/passwd.byuid
shows up like:
drwxr-xr-x 2 root root 4096 Jan 10 19:03 (none)
-rw-r--r-- 1 root root 15784 Jan 14 11:01 Makefile
drwxr-xr-x 2 root root 4096 Jan 14 11:01 mynisdomain
-rw-r--r-- 1 root root 498 Jan 14 00:30 securenets
-rw-r--r-- 1 root root 21 Jan 14 00:00 ypservers
darkweasel |
|
| Back to top |
|
|
hertog
Tux's lil' helper
Joined: 28 Jun 2002
Posts: 138
Location: Enschede/The Netherlands/Europe
|
| Posted: Wed Jan 15, 2003 10:19 pm Post subject: |
|
|
| the (none) entry apears when starting nis without domain name specified I believe? |
|
| Back to top |
|
|
hertog
Tux's lil' helper
Joined: 28 Jun 2002
Posts: 138
Location: Enschede/The Netherlands/Europe
|
| Posted: Wed Jan 15, 2003 10:23 pm Post subject: |
|
|
Some time ago I got stuff working by the way, and got reminded to this by someone via e-mail...
My ypserv.con helped him to get stuff running, I'll include it here....
Warning tho.. it is quite 'not so subtile' I just axed the security, maybe someone can come up with a working config for this one.. however, for the meantime, with the following ypserv.conf (on the server) everything works (I commented 4 lines, starting with * out, dunno which one anymore, just compare them):
| Code: | fileserv root # cat /etc/ypserv.conf
#
# ypserv.conf In this file you can set certain options for the NIS server,
# and you can deny or restrict access to certain maps based
# on the originating host.
#
# See ypserv.conf(5) for a description of the syntax.
#
# Some options for ypserv. This things are all not needed, if
# you have a Linux net.
# Should we do DNS lookups for hosts not found in the hosts table ?
# This option is ignored in the moment.
dns: no
# How many map file handles should be cached ?
files: 30
# xfr requests are only allowed from ports < 1024
xfr_check_port: yes
# The following, when uncommented, will give you shadow like passwords.
# Note that it will not work if you have slave NIS servers in your
# network that do not run the same server as you.
# Host : Domain : Map : Security
#
#* : * : passwd.byname : port
#* : * : passwd.byuid : port
# Not everybody should see the shadow passwords, not secure, since
# under MSDOG everbody is root and can access ports < 1024 !!!
#* : * : shadow.byname : port
#* : * : passwd.adjunct.byname : port
# If you comment out the next rule, ypserv and rpc.ypxfrd will
# look for YP_SECURE and YP_AUTHDES in the maps. This will make
# the security check a little bit slower, but you only have to
# change the keys on the master server, not the configuration files
# on each NIS server.
# If you have maps with YP_SECURE or YP_AUTHDES, you should create
# a rule for them above, that's much faster.
# * : * : * : none
|
|
|
| Back to top |
|
|
darkweaseljedi
Tux's lil' helper
Joined: 05 Jan 2003
Posts: 101
Location: Minneapolis, MN
|
| Posted: Wed Jan 15, 2003 10:34 pm Post subject: |
|
|
Yep worked for me.
Would be nice to have the security thing functional though...
darkweasel |
|
| Back to top |
|
|
madmat
n00b
Joined: 22 Oct 2003
Posts: 8
|
| Posted: Sat Oct 25, 2003 1:23 pm Post subject: maybe... |
|
|
For me the security column in ypserv.conf doesn't work with port so I set it to none.
And for a minimum of security i allowed only my local network to access.
The lines in ypserv.conf look like this:
192.168.0.0/255.255.255.0 : * : passwd.byname : none
192.168.0.0/255.255.255.0 : * : passwd.byuid : none |
|
| Back to top |
|
|
|
Networking & Security
