Re: Setting up NIS questions?
I have 2 NICS in the master node of a small cluster. bge0 is connected to the outside world with a FQDN and registered DNS IP address. bge1 is connected to a 192.168.0.x internal network. I'm trying to configure NIS for the internal network, but ypinit is grabbing the FQDN. I've read the Handbook and ypinit manual page without too much enlightment. :( What I'm after is 192.168.0.10 NIS master server 192.168.0.11 NIS slave server 192.168.0.[12-15] NIS clients Anyone have a pointer to a method to achieve my goals. I would _strongly_ suggest that you run you firewall from another machine instead of using you NIS master for this. This really is Security 101 :) Check out OpenBSD with pf for this purpose or use a Cisco PIX (you can find several on eBay). But if you don't want/can do this, why don't you setup a jail for you NIS master? You can bind the jail to the RFC 1918 IP address range. Therefore, starting up ypbind inside the jail would only see the 192.168.0/24 network and bind to it. See jail(8), jls(8) and jexec(8). You might also want to check mount_nullfs(8) to help you with the jail's ports tree. If you need help with the jail setup, feel free to email me off the list. David -- David Robillard UNIX systems administrator CISSP Sun Certified Security Administrator Sun Certified Systems Administrator Montreal: +1 514 966 0122 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Setting up NIS questions?
On Fri, May 19, 2006 at 05:55:22PM -0500, Derek Ragona wrote: At 05:48 PM 5/19/2006, Steve Kargl wrote: I have 2 NICS in the master node of a small cluster. bge0 is connected to the outside world with a FQDN and registered DNS IP address. bge1 is connected to a 192.168.0.x internal network. I'm trying to configure NIS for the internal network, but ypinit is grabbing the FQDN. I've read the Handbook and ypinit manual page without too much enlightment. :( What I'm after is 192.168.0.10 NIS master server 192.168.0.11 NIS slave server 192.168.0.[12-15] NIS clients Anyone have a pointer to a method to achieve my goals. If memory serves YP will grab the first interface. If you switch the stacks/IPs on the interfaces I think you will get what you want. I can't even get NIS set up with ypinit. It unconditionally uses /bin/hostname, which will grab the FQDN of the system. You have given me an idea. I can change rc.conf to set hostname to the name I've given 192.168.0.10, put that on bge0, put the IP address associated with the FQDN on bge1, and reboot. This might permit NIS to come up. Though this seems like a hack, because when someone connects to the seem via the FQDN, /bin/hostname will give the wrong answer. -- Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Setting up NIS questions?
Steve Kargl wrote: I can't even get NIS set up with ypinit. It unconditionally uses /bin/hostname, which will grab the FQDN of the system. You have given me an idea. I can change rc.conf to set hostname to the name I've given 192.168.0.10, put that on bge0, put the IP address associated with the FQDN on bge1, and reboot. This might permit NIS to come up. Though this seems like a hack, because when someone connects to the seem via the FQDN, /bin/hostname will give the wrong answer. Associating the ypdomain with the FQDN from the DNS is convenient, and a convention that many follow, but it is not required, by any means. The O'Reilly Managing NIS and NFS book is a fine reference on this sort of thing, BTW, and is probably available online in PDF form if you look. Nevertheless, YP/NIS predates many of the more convoluted network designs that people set up nowadays, and was intended for machines which have a single identity even if they have multiple NICs-- Sun used to assign the same MAC address to all NICs on one machine, to ensure that people respected collision domains. It is not normally desirable to set up a YP/NIS master server on a machine which is multihomed in the sense of doing NAT or needing a firewall to separate internal from external, and obvious a firewall machine running zero or the minimal necessary services is a lot more secure -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Setting up NIS questions?
On Sat, May 20, 2006 at 12:33:21PM -0400, Chuck Swiger wrote: Steve Kargl wrote: I can't even get NIS set up with ypinit. It unconditionally uses /bin/hostname, which will grab the FQDN of the system. You have given me an idea. I can change rc.conf to set hostname to the name I've given 192.168.0.10, put that on bge0, put the IP address associated with the FQDN on bge1, and reboot. This might permit NIS to come up. Though this seems like a hack, because when someone connects to the seem via the FQDN, /bin/hostname will give the wrong answer. Associating the ypdomain with the FQDN from the DNS is convenient, and a convention that many follow, but it is not required, by any means. The O'Reilly Managing NIS and NFS book is a fine reference on this sort of thing, BTW, and is probably available online in PDF form if you look. Thanks for the pointer. I'll go looking for this book. Nevertheless, YP/NIS predates many of the more convoluted network designs that people set up nowadays, and was intended for machines which have a single identity even if they have multiple NICs-- Sun used to assign the same MAC address to all NICs on one machine, to ensure that people respected collision domains. I don't see how this is convoluted. In fact, I would be inclined to claim that it is the defacto method for setting up an internal computational cluster s --- node1 internet -F- FQDN|master --- w --- node2 t --- node3 where swt = switch. It is not normally desirable to set up a YP/NIS master server on a machine which is multihomed in the sense of doing NAT or needing a firewall to separate internal from external, and obvious a firewall machine running zero or the minimal necessary services is a lot more secure Note that -F- actually has at least one firewall. Only people in the apl.washington.edu domain can get to FQDN. I was hoping to use NIS to simplify the propagation of info (eg., passwd, hosts, etc.) from master to the nodes. Propagating the info by hand isn't too bad because I only have five nodes represently. However, I hope to grow an additional 11 nodes. -- Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Setting up NIS questions?
I have 2 NICS in the master node of a small cluster. bge0 is connected to the outside world with a FQDN and registered DNS IP address. bge1 is connected to a 192.168.0.x internal network. I'm trying to configure NIS for the internal network, but ypinit is grabbing the FQDN. I've read the Handbook and ypinit manual page without too much enlightment. :( What I'm after is 192.168.0.10 NIS master server 192.168.0.11 NIS slave server 192.168.0.[12-15] NIS clients Anyone have a pointer to a method to achieve my goals. -- Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Setting up NIS questions?
If memory serves YP will grab the first interface. If you switch the stacks/IPs on the interfaces I think you will get what you want. -Derek At 05:48 PM 5/19/2006, Steve Kargl wrote: I have 2 NICS in the master node of a small cluster. bge0 is connected to the outside world with a FQDN and registered DNS IP address. bge1 is connected to a 192.168.0.x internal network. I'm trying to configure NIS for the internal network, but ypinit is grabbing the FQDN. I've read the Handbook and ypinit manual page without too much enlightment. :( What I'm after is 192.168.0.10 NIS master server 192.168.0.11 NIS slave server 192.168.0.[12-15] NIS clients Anyone have a pointer to a method to achieve my goals. -- Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Setting up NIS questions?
There isnt a way to specify which ip or interface NIS will bind to? On 5/19/06, Derek Ragona [EMAIL PROTECTED] wrote: If memory serves YP will grab the first interface. If you switch the stacks/IPs on the interfaces I think you will get what you want. -Derek At 05:48 PM 5/19/2006, Steve Kargl wrote: I have 2 NICS in the master node of a small cluster. bge0 is connected to the outside world with a FQDN and registered DNS IP address. bge1 is connected to a 192.168.0.x internal network. I'm trying to configure NIS for the internal network, but ypinit is grabbing the FQDN. I've read the Handbook and ypinit manual page without too much enlightment. :( What I'm after is 192.168.0.10 NIS master server 192.168.0.11 NIS slave server 192.168.0.[12-15] NIS clients Anyone have a pointer to a method to achieve my goals. -- Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- -Lawrence ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
help setting up NIS ???
I'm running Freebsd 4.10 , we were thinking of running NIS so that user accounts get propagated to other servers in our infrastructure. can it be done ? any thoughts or help is greatly appreciated thank you -- Brent ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: help setting up NIS ???
On Sun, Oct 24, 2004 at 09:13:35AM -0500, Brent wrote: I'm running Freebsd 4.10 , we were thinking of running NIS so that user accounts get propagated to other servers in our infrastructure. can it be done ? Yes. Read the ypinit(8) man page. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgpDXKz39d5qp.pgp Description: PGP signature
Setting up NIS
freebsd1.compulinux.org 4.9-RELEASE FreeBSD 4.9-RELEASE #0: Mon Oct 27 17:51:09 GMT 2003 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/GENERIC i386 freebsd2.compulinux.org 4.9-RELEASE FreeBSD 4.9-RELEASE #0: Mon Oct 27 17:51:09 GMT 2003 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/GENERIC i386 freebsd3.compulinux.org 4.9-RELEASE FreeBSD 4.9-RELEASE #0: Mon Oct 27 17:51:09 GMT 2003 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/GENERIC i386 FreeBSD freebsd4.compulinux.org 4.9-RELEASE FreeBSD 4.9-RELEASE #0: Mon Oct 27 17:51:09 GMT 2003 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/GENERIC i386 I'm having several problems setting up nis on my system I have 4 computers that I am trying to setup nis on. The roles I would like my computers to play are as follows Freebsd1 Server, Freebsd2 Slave, Freebsd3 Client, and Freebsd4 Client. I have been trying to set up NIS according to what the FreeBSD hand book says several times but all with no luck. Ok here's is another thing Im new to FreeBSD so I dont know how to use vi and vipw very well so I always use Pico or edit instead please let me know if I am causing the problem by not using these programs. Also if you notice I have missed anything please let me know. I am not going to explain freebsd4 because freebsd3 is the same as it. Everything I typed in is after a fresh install of FreeBSD this is no other programs running except what is listed in /etc/rc.conf Also Please Type in the exact command needed to fix my problem if at all possible as I have stated before I am new to FreeBSD so please assume I dont know. This is my output of /etc/rc.conf on Freebsd1 freebsd1# cat /etc/rc.conf kern_securelevel_enable=NO nfs_reserved_port_only=YES sendmail_enable=YES sshd_enable=YES usbd_enable=YES moused_port=/dev/psm0 moused_type=auto moused_enable=YES named_enable=YES ifconfig_rl0=inet 192.168.123.1 netmask 255.255.255.0 ipv6_enable=YES defaultrouter=192.168.123.254 hostname=freebsd1.compulinux.org nisdomainname=compulinux.org nis_server_enable=YES nis_yppasswdd_enable=YES This is /etc/rc.conf on freebsd2 freebsd2# cat /etc/rc.conf kern_securelevel_enable=NO nfs_client_enable=YES nfs_reserved_port_only=YES sendmail_enable=YES sshd_enable=YES usbd_enable=YES ifconfig_rl0=inet 192.168.123.2 netmask 255.255.255.0 moused_port=/dev/psm0 moused_type=auto moused_enable=YES ipv6_enable=YES defaultrouter=192.168.123.254 hostname=freebsd2.compulinux.org named_enable=YES nisdomainname=compulinux.org nis_yppasswdd_enable=YES nis_server_enable=YES This is /etc/rc.conf on Freebsd3 freebsd3# cat /etc/rc.conf kern_securelevel_enable=NO moused_enable=YES moused_port=/dev/psm0 moused_type=auto nfs_reserved_port_only=YES nfs_server_enable=YES mountd_flags=-r sendmail_enable=YES sshd_enable=YES usbd_enable=YES ifconfig_rl0=inet 192.168.123.3 netmask 255.255.255.0 ipv6_enable=YES defaultrouter=192.168.123.254 hostname=freebsd3.compulinux.org nis_client_enable=YES nisdomainname=compulinux.org This is my /etc/master.passwd on freebsd3 freebsd3# cat /etc/master.passwd # $FreeBSD: src/etc/master.passwd,v 1.25.2.6 2002/06/30 17:57:17 des Exp $ # root:$1$9S9qmgEH$RNedtYvD6KwWd.R09ku2.0:0:0::0:0:Charlie :/root:/bin/csh toor:*:0:0::0:0:Bourne-again Superuser:/root: daemon:*:1:1::0:0:Owner of many system processes:/root:/sbin/nologin operator:*:2:5::0:0:System :/:/sbin/nologin bin:*:3:7::0:0:Binaries Commands and Source:/:/sbin/nologin tty:*:4:65533::0:0:Tty Sandbox:/:/sbin/nologin kmem:*:5:65533::0:0:KMem Sandbox:/:/sbin/nologin games:*:7:13::0:0:Games pseudo-user:/usr/games:/sbin/nologin news:*:8:8::0:0:News Subsystem:/:/sbin/nologin man:*:9:9::0:0:Mister Man Pages:/usr/share/man:/sbin/nologin sshd:*:22:22::0:0:Secure Shell Daemon:/var/empty:/sbin/nologin smmsp:*:25:25::0:0:Sendmail Submission User:/var/spool/clientmqueue:/sbin/nologin mailnull:*:26:26::0:0:Sendmail Default User:/var/spool/mqueue:/sbin/nologin bind:*:53:53::0:0:Bind Sandbox:/:/sbin/nologin uucp:*:66:66::0:0:UUCP pseudo-user:/var/spool/uucppublic:/usr/libexec/uucp/uucico xten:*:67:67::0:0:X-10 daemon:/usr/local/xten:/sbin/nologin pop:*:68:6::0:0:Post Office Owner:/nonexistent:/sbin/nologin www:*:80:80::0:0:World Wide Web Owner:/nonexistent:/sbin/nologin nobody:*:65534:65534::0:0:Unprivileged user:/nonexistent:/sbin/nologin +: This is /etc/group on Freebsd3 freebsd3# cat /etc/group # $FreeBSD: src/etc/group,v 1.19.2.3 2002/06/30 17:57:17 des Exp $ # wheel:*:0:root daemon:*:1:daemon kmem:*:2:root sys:*:3:root tty:*:4:root operator:*:5:root mail:*:6: bin:*:7: news:*:8: man:*:9: games:*:13: staff:*:20:root sshd:*:22: smmsp:*:25: mailnull:*:26: guest:*:31:root bind:*:53: uucp:*:66: xten:*:67:xten dialer:*:68: network:*:69: www:*:80: nogroup:*:65533: nobody:*:65534: +:*:: The handbook then tells you to type a couple simple things into the server 1. nisdomainname=compulinux.org 2. nis_server_enable=YES 3. nis_yppasswdd_enable=YES after doing that Instead of running /etc/netstart I just reboot then run the following
Problem Setting up NIS Server and Client
freebsd1.compulinux.org 4.9-RELEASE FreeBSD 4.9-RELEASE #0: Mon Oct 27 17:51:09 GMT 2003 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/GENERIC i386 freebsd2.compulinux.org 4.9-RELEASE FreeBSD 4.9-RELEASE #0: Mon Oct 27 17:51:09 GMT 2003 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/GENERIC i386 freebsd3.compulinux.org 4.9-RELEASE FreeBSD 4.9-RELEASE #0: Mon Oct 27 17:51:09 GMT 2003 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/GENERIC i386 FreeBSD freebsd4.compulinux.org 4.9-RELEASE FreeBSD 4.9-RELEASE #0: Mon Oct 27 17:51:09 GMT 2003 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/GENERIC i386 I'm having several problems setting up nis on my system I have 4 computers that I am trying to setup nis on. The roles I would like my computers to play are as follows Freebsd1 Server, Freebsd2 Slave, Freebsd3 Client, and Freebsd4 Client. I have been trying to set up NIS according to what the FreeBSD hand book says several times but all with no luck. Ok here's is another thing Im new to FreeBSD so I dont know how to use vi and vipw very well so I always use Pico or edit instead please let me know if I am causing the problem by not using these programs. Also if you notice I have missed anything please let me know. I am not going to explain freebsd4 because freebsd3 is the same as it. Everything I typed in is after a fresh install of FreeBSD this is no other programs running except what is listed in /etc/rc.conf Also Please Type in the exact command needed to fix my problem if at all possible as I have stated before I am new to FreeBSD so please assume I dont know. This is my output of /etc/rc.conf on Freebsd1 freebsd1# cat /etc/rc.conf kern_securelevel_enable=NO nfs_reserved_port_only=YES sendmail_enable=YES sshd_enable=YES usbd_enable=YES moused_port=/dev/psm0 moused_type=auto moused_enable=YES named_enable=YES ifconfig_rl0=inet 192.168.123.1 netmask 255.255.255.0 ipv6_enable=YES defaultrouter=192.168.123.254 hostname=freebsd1.compulinux.org nisdomainname=compulinux.org nis_server_enable=YES nis_yppasswdd_enable=YES This is /etc/rc.conf on freebsd2 freebsd2# cat /etc/rc.conf kern_securelevel_enable=NO nfs_client_enable=YES nfs_reserved_port_only=YES sendmail_enable=YES sshd_enable=YES usbd_enable=YES ifconfig_rl0=inet 192.168.123.2 netmask 255.255.255.0 moused_port=/dev/psm0 moused_type=auto moused_enable=YES ipv6_enable=YES defaultrouter=192.168.123.254 hostname=freebsd2.compulinux.org named_enable=YES nisdomainname=compulinux.org nis_yppasswdd_enable=YES nis_server_enable=YES This is /etc/rc.conf on Freebsd3 freebsd3# cat /etc/rc.conf kern_securelevel_enable=NO moused_enable=YES moused_port=/dev/psm0 moused_type=auto nfs_reserved_port_only=YES nfs_server_enable=YES mountd_flags=-r sendmail_enable=YES sshd_enable=YES usbd_enable=YES ifconfig_rl0=inet 192.168.123.3 netmask 255.255.255.0 ipv6_enable=YES defaultrouter=192.168.123.254 hostname=freebsd3.compulinux.org nis_client_enable=YES nisdomainname=compulinux.org This is my /etc/master.passwd on freebsd3 freebsd3# cat /etc/master.passwd # $FreeBSD: src/etc/master.passwd,v 1.25.2.6 2002/06/30 17:57:17 des Exp $ # root:$1$9S9qmgEH$RNedtYvD6KwWd.R09ku2.0:0:0::0:0:Charlie :/root:/bin/csh toor:*:0:0::0:0:Bourne-again Superuser:/root: daemon:*:1:1::0:0:Owner of many system processes:/root:/sbin/nologin operator:*:2:5::0:0:System :/:/sbin/nologin bin:*:3:7::0:0:Binaries Commands and Source:/:/sbin/nologin tty:*:4:65533::0:0:Tty Sandbox:/:/sbin/nologin kmem:*:5:65533::0:0:KMem Sandbox:/:/sbin/nologin games:*:7:13::0:0:Games pseudo-user:/usr/games:/sbin/nologin news:*:8:8::0:0:News Subsystem:/:/sbin/nologin man:*:9:9::0:0:Mister Man Pages:/usr/share/man:/sbin/nologin sshd:*:22:22::0:0:Secure Shell Daemon:/var/empty:/sbin/nologin smmsp:*:25:25::0:0:Sendmail Submission User:/var/spool/clientmqueue:/sbin/nologin mailnull:*:26:26::0:0:Sendmail Default User:/var/spool/mqueue:/sbin/nologin bind:*:53:53::0:0:Bind Sandbox:/:/sbin/nologin uucp:*:66:66::0:0:UUCP pseudo-user:/var/spool/uucppublic:/usr/libexec/uucp/uucico xten:*:67:67::0:0:X-10 daemon:/usr/local/xten:/sbin/nologin pop:*:68:6::0:0:Post Office Owner:/nonexistent:/sbin/nologin www:*:80:80::0:0:World Wide Web Owner:/nonexistent:/sbin/nologin nobody:*:65534:65534::0:0:Unprivileged user:/nonexistent:/sbin/nologin +: This is /etc/group on Freebsd3 freebsd3# cat /etc/group # $FreeBSD: src/etc/group,v 1.19.2.3 2002/06/30 17:57:17 des Exp $ # wheel:*:0:root daemon:*:1:daemon kmem:*:2:root sys:*:3:root tty:*:4:root operator:*:5:root mail:*:6: bin:*:7: news:*:8: man:*:9: games:*:13: staff:*:20:root sshd:*:22: smmsp:*:25: mailnull:*:26: guest:*:31:root bind:*:53: uucp:*:66: xten:*:67:xten dialer:*:68: network:*:69: www:*:80: nogroup:*:65533: nobody:*:65534: +:*:: The handbook then tells you to type a couple simple things into the server 1. nisdomainname=compulinux.org 2. nis_server_enable=YES 3. nis_yppasswdd_enable=YES after doing that Instead of running /etc/netstart I just reboot then run the following
Re: Problem Setting up NIS Server and Client
On Mon, Mar 22, 2004 at 04:08:26AM -0800, Jamel Brown wrote: [...] I'm having several problems setting up nis on my system I have 4 computers that I am trying to setup nis on. The roles I would like my computers to play are as follows Freebsd1 Server, Freebsd2 Slave, Freebsd3 Client, and Freebsd4 Client. I have been trying to set up NIS according to what the FreeBSD hand book says several times but all with no luck. Ok here's is another thing I?m new to FreeBSD so I don?t know how to use vi and vipw very well so I always use Pico or edit instead please let me know if I am causing the problem by not using these programs. Also if you notice I have missed anything please let me know. I am not going to explain freebsd4 because freebsd3 is the same as it. Everything I typed in is after a fresh install of FreeBSD this is no other programs running except what is listed in /etc/rc.conf Also Please Type in the exact command needed to fix my problem if at all possible as I have stated before I am new to FreeBSD so please assume I don?t know. [...] Wow. Excellent report. However, you seem to have done everything correctly, so far. You need to enable 'portmap' on all your machines. Add: portmap_enable=YES If you don't want to reboot all those machines, you can just start portmap from the command line: # /usr/sbin/portmap Note that portmap enabled machines need extra care if they're exposed to the internet: you should set up firewalls to prevent external access to port 111 and the high-numbered ports that RPC based services use. You can also use tcp_wrappers to good effect to protect portmap: see the examples in /etc/hosts.allow, but be aware that portmap is a special case which you have to configure access by IP number rather than hostname. Once that has been enabled, you should be able to run: % rpcinfo to see what RPC services are available on your hosts, % ypwhich to show which NIS server that host has bound to, and: % ypcat passwd to download one of your NIS maps and prove that it's accessible from that host. After all that, the NIS userids should be accessible from your client machines, given that you've put the correct magic token in the /etc/master.passwd and /etc/group files. One thing that can help if the clients are refusing to bind properly to the server is to put: nis_client_flags=-S compulinux.org,freebsd1.compulinux.org,freebsd2.compulinux.org See ypbind(8) for more details. For setting up NIS users, use pw(8) rather than adduser(8). pw(8) has a '-V' flags which you can use to make it modify your master.passwd and group files in /var/yp rather than /etc. Unfortunately, and for reasons I don't really understand, this will also cause pw(8) to silently fail to create home directories. However, once the account has been created in NIS, you should be able to use: # pw usermod -n username -m to create the home directory for 'username'. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Problem Setting up NIS Server and Client
freebsd1.compulinux.org 4.9-RELEASE FreeBSD 4.9-RELEASE #0: Mon Oct 27 17:51:09 GMT 2003 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/GENERIC i386 freebsd2.compulinux.org 4.9-RELEASE FreeBSD 4.9-RELEASE #0: Mon Oct 27 17:51:09 GMT 2003 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/GENERIC i386 freebsd3.compulinux.org 4.9-RELEASE FreeBSD 4.9-RELEASE #0: Mon Oct 27 17:51:09 GMT 2003 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/GENERIC i386 FreeBSD freebsd4.compulinux.org 4.9-RELEASE FreeBSD 4.9-RELEASE #0: Mon Oct 27 17:51:09 GMT 2003 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/GENERIC i386 I'm having several problems setting up nis on my system I have 4 computers that I am trying to setup nis on. The roles I would like my computers to play are as follows Freebsd1 Server, Freebsd2 Slave, Freebsd3 Client, and Freebsd4 Client. I have been trying to set up NIS according to what the FreeBSD hand book says several times but all with no luck. Ok here's is another thing Im new to FreeBSD so I dont know how to use vi and vipw very well so I always use Pico or edit instead please let me know if I am causing the problem by not using these programs. Also if you notice I have missed anything please let me know. I am not going to explain freebsd4 because freebsd3 is the same as it. Everything I typed in is after a fresh install of FreeBSD this is no other programs running except what is listed in /etc/rc.conf Also Please Type in the exact command needed to fix my problem if at all possible as I have stated before I am new to FreeBSD so please assume I dont know. This is my output of /etc/rc.conf on Freebsd1 freebsd1# cat /etc/rc.conf kern_securelevel_enable=NO nfs_reserved_port_only=YES sendmail_enable=YES sshd_enable=YES usbd_enable=YES moused_port=/dev/psm0 moused_type=auto moused_enable=YES named_enable=YES ifconfig_rl0=inet 192.168.123.1 netmask 255.255.255.0 ipv6_enable=YES defaultrouter=192.168.123.254 hostname=freebsd1.compulinux.org nisdomainname=compulinux.org nis_server_enable=YES nis_yppasswdd_enable=YES This is /etc/rc.conf on freebsd2 freebsd2# cat /etc/rc.conf kern_securelevel_enable=NO nfs_client_enable=YES nfs_reserved_port_only=YES sendmail_enable=YES sshd_enable=YES usbd_enable=YES ifconfig_rl0=inet 192.168.123.2 netmask 255.255.255.0 moused_port=/dev/psm0 moused_type=auto moused_enable=YES ipv6_enable=YES defaultrouter=192.168.123.254 hostname=freebsd2.compulinux.org named_enable=YES nisdomainname=compulinux.org nis_yppasswdd_enable=YES nis_server_enable=YES This is /etc/rc.conf on Freebsd3 freebsd3# cat /etc/rc.conf kern_securelevel_enable=NO moused_enable=YES moused_port=/dev/psm0 moused_type=auto nfs_reserved_port_only=YES nfs_server_enable=YES mountd_flags=-r sendmail_enable=YES sshd_enable=YES usbd_enable=YES ifconfig_rl0=inet 192.168.123.3 netmask 255.255.255.0 ipv6_enable=YES defaultrouter=192.168.123.254 hostname=freebsd3.compulinux.org nis_client_enable=YES nisdomainname=compulinux.org This is my /etc/master.passwd on freebsd3 freebsd3# cat /etc/master.passwd # $FreeBSD: src/etc/master.passwd,v 1.25.2.6 2002/06/30 17:57:17 des Exp $ # root:$1$9S9qmgEH$RNedtYvD6KwWd.R09ku2.0:0:0::0:0:Charlie :/root:/bin/csh toor:*:0:0::0:0:Bourne-again Superuser:/root: daemon:*:1:1::0:0:Owner of many system processes:/root:/sbin/nologin operator:*:2:5::0:0:System :/:/sbin/nologin bin:*:3:7::0:0:Binaries Commands and Source:/:/sbin/nologin tty:*:4:65533::0:0:Tty Sandbox:/:/sbin/nologin kmem:*:5:65533::0:0:KMem Sandbox:/:/sbin/nologin games:*:7:13::0:0:Games pseudo-user:/usr/games:/sbin/nologin news:*:8:8::0:0:News Subsystem:/:/sbin/nologin man:*:9:9::0:0:Mister Man Pages:/usr/share/man:/sbin/nologin sshd:*:22:22::0:0:Secure Shell Daemon:/var/empty:/sbin/nologin smmsp:*:25:25::0:0:Sendmail Submission User:/var/spool/clientmqueue:/sbin/nologin mailnull:*:26:26::0:0:Sendmail Default User:/var/spool/mqueue:/sbin/nologin bind:*:53:53::0:0:Bind Sandbox:/:/sbin/nologin uucp:*:66:66::0:0:UUCP pseudo-user:/var/spool/uucppublic:/usr/libexec/uucp/uucico xten:*:67:67::0:0:X-10 daemon:/usr/local/xten:/sbin/nologin pop:*:68:6::0:0:Post Office Owner:/nonexistent:/sbin/nologin www:*:80:80::0:0:World Wide Web Owner:/nonexistent:/sbin/nologin nobody:*:65534:65534::0:0:Unprivileged user:/nonexistent:/sbin/nologin +: This is /etc/group on Freebsd3 freebsd3# cat /etc/group # $FreeBSD: src/etc/group,v 1.19.2.3 2002/06/30 17:57:17 des Exp $ # wheel:*:0:root daemon:*:1:daemon kmem:*:2:root sys:*:3:root tty:*:4:root operator:*:5:root mail:*:6: bin:*:7: news:*:8: man:*:9: games:*:13: staff:*:20:root sshd:*:22: smmsp:*:25: mailnull:*:26: guest:*:31:root bind:*:53: uucp:*:66: xten:*:67:xten dialer:*:68: network:*:69: www:*:80: nogroup:*:65533: nobody:*:65534: +:*:: The handbook then tells you to type a couple simple things into the server 1. nisdomainname=compulinux.org 2. nis_server_enable=YES 3. nis_yppasswdd_enable=YES after doing that Instead of running /etc/netstart I just reboot then run the following