Re: Setting up NIS questions?

2006-05-23 Thread David Robillard 

I have 2 NICS in the master node of a small cluster.
bge0 is connected to the outside world with a FQDN
and registered DNS IP address.  bge1 is connected to
a 192.168.0.x internal network.  I'm trying to configure
NIS for the internal network, but ypinit is grabbing the
FQDN.  I've read the Handbook and ypinit manual page
without too much enlightment. :(

What I'm after is

192.168.0.10  NIS master server
192.168.0.11  NIS slave server
192.168.0.[12-15] NIS clients

Anyone have a pointer to a method to achieve my goals.


I would _strongly_ suggest that you run you firewall from another
machine instead of using you NIS master for this. This really is
Security 101 :)
Check out OpenBSD with pf for this purpose or use a Cisco PIX (you can
find several on eBay).

But if you don't want/can do this, why don't you setup a jail for you
NIS master? You can bind the jail to the RFC 1918 IP address range.
Therefore, starting up ypbind inside the jail would only see the
192.168.0/24 network and bind to it. See jail(8), jls(8) and jexec(8).
You might also want to check mount_nullfs(8) to help you with the
jail's ports tree. If you need help with the jail setup, feel free to
email me off the list.

David

--
David Robillard
UNIX systems administrator
CISSP
Sun Certified Security Administrator
Sun Certified Systems Administrator
Montreal: +1 514 966 0122
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Setting up NIS questions?

2006-05-20 Thread Steve Kargl 
On Fri, May 19, 2006 at 05:55:22PM -0500, Derek Ragona wrote:
 At 05:48 PM 5/19/2006, Steve Kargl wrote:
I have 2 NICS in the master node of a small cluster.
bge0 is connected to the outside world with a FQDN
and registered DNS IP address.  bge1 is connected to
a 192.168.0.x internal network.  I'm trying to configure
NIS for the internal network, but ypinit is grabbing the
FQDN.  I've read the Handbook and ypinit manual page
without too much enlightment. :(

What I'm after is

192.168.0.10  NIS master server
192.168.0.11  NIS slave server
192.168.0.[12-15] NIS clients

Anyone have a pointer to a method to achieve my goals.


 If memory serves YP will grab the first interface.  If you switch the 
 stacks/IPs on the interfaces I think you will get what you want.
 

I can't even get NIS set up with ypinit.  It unconditionally
uses /bin/hostname, which will grab the FQDN of the system.
You have given me an idea.  I can change rc.conf to set hostname
to the name I've given 192.168.0.10, put that on bge0, put 
the IP address associated with the FQDN on bge1, and reboot.
This might permit NIS to come up.  Though this seems like a hack,
because when someone connects to the seem via the FQDN, 
/bin/hostname will give the wrong answer.

-- 
Steve
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Setting up NIS questions?

2006-05-20 Thread Chuck Swiger 

Steve Kargl wrote:

I can't even get NIS set up with ypinit.  It unconditionally
uses /bin/hostname, which will grab the FQDN of the system.
You have given me an idea.  I can change rc.conf to set hostname
to the name I've given 192.168.0.10, put that on bge0, put 
the IP address associated with the FQDN on bge1, and reboot.

This might permit NIS to come up.  Though this seems like a hack,
because when someone connects to the seem via the FQDN, 
/bin/hostname will give the wrong answer.


Associating the ypdomain with the FQDN from the DNS is convenient, and a 
convention that many follow, but it is not required, by any means.  The 
O'Reilly Managing NIS and NFS book is a fine reference on this sort of 
thing, BTW, and is probably available online in PDF form if you look.


Nevertheless, YP/NIS predates many of the more convoluted network 
designs that people set up nowadays, and was intended for machines which 
have a single identity even if they have multiple NICs-- Sun used to 
assign the same MAC address to all NICs on one machine, to ensure that 
people respected collision domains.  It is not normally desirable to set 
up a YP/NIS master server on a machine which is multihomed in the sense 
of doing NAT or needing a firewall to separate internal from external, 
and obvious a firewall machine running zero or the minimal necessary 
services is a lot more secure


--
-Chuck

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Setting up NIS questions?

2006-05-20 Thread Steve Kargl 
On Sat, May 20, 2006 at 12:33:21PM -0400, Chuck Swiger wrote:
 Steve Kargl wrote:
 I can't even get NIS set up with ypinit.  It unconditionally
 uses /bin/hostname, which will grab the FQDN of the system.
 You have given me an idea.  I can change rc.conf to set hostname
 to the name I've given 192.168.0.10, put that on bge0, put 
 the IP address associated with the FQDN on bge1, and reboot.
 This might permit NIS to come up.  Though this seems like a hack,
 because when someone connects to the seem via the FQDN, 
 /bin/hostname will give the wrong answer.
 
 Associating the ypdomain with the FQDN from the DNS is convenient, and a 
 convention that many follow, but it is not required, by any means.  The 
 O'Reilly Managing NIS and NFS book is a fine reference on this sort of 
 thing, BTW, and is probably available online in PDF form if you look.

Thanks for the pointer.  I'll go looking for this book.

 Nevertheless, YP/NIS predates many of the more convoluted network 
 designs that people set up nowadays, and was intended for machines which 
 have a single identity even if they have multiple NICs-- Sun used to 
 assign the same MAC address to all NICs on one machine, to ensure that 
 people respected collision domains.

I don't see how this is convoluted.  In fact, I would be inclined
to claim that it is the defacto method for setting up an internal
computational cluster

 s  --- node1
internet -F- FQDN|master --- w  --- node2
 t  --- node3

where swt = switch.

 It is not normally desirable to set up a YP/NIS master server on
 a machine which is multihomed in the sense of doing NAT or needing
 a firewall to separate internal from external, and obvious a
 firewall machine running zero or the minimal necessary services is
 a lot more secure

Note that -F- actually has at least one firewall.  Only people in
the apl.washington.edu domain can get to FQDN.  I was hoping to 
use NIS to simplify the propagation of info (eg., passwd, hosts,
etc.) from master to the nodes.  Propagating the info by hand
isn't too bad because I only have five nodes represently.  However,
I hope to grow an additional 11 nodes.

-- 
Steve
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Setting up NIS questions?

2006-05-19 Thread Steve Kargl 
I have 2 NICS in the master node of a small cluster.
bge0 is connected to the outside world with a FQDN
and registered DNS IP address.  bge1 is connected to
a 192.168.0.x internal network.  I'm trying to configure
NIS for the internal network, but ypinit is grabbing the
FQDN.  I've read the Handbook and ypinit manual page
without too much enlightment. :(

What I'm after is

192.168.0.10  NIS master server
192.168.0.11  NIS slave server
192.168.0.[12-15] NIS clients

Anyone have a pointer to a method to achieve my goals.

-- 
Steve
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Setting up NIS questions?

2006-05-19 Thread Derek Ragona 
If memory serves YP will grab the first interface.  If you switch the 
stacks/IPs on the interfaces I think you will get what you want.


-Derek


At 05:48 PM 5/19/2006, Steve Kargl wrote:

I have 2 NICS in the master node of a small cluster.
bge0 is connected to the outside world with a FQDN
and registered DNS IP address.  bge1 is connected to
a 192.168.0.x internal network.  I'm trying to configure
NIS for the internal network, but ypinit is grabbing the
FQDN.  I've read the Handbook and ypinit manual page
without too much enlightment. :(

What I'm after is

192.168.0.10  NIS master server
192.168.0.11  NIS slave server
192.168.0.[12-15] NIS clients

Anyone have a pointer to a method to achieve my goals.

--
Steve
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
MailScanner thanks transtec Computers for their support.


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
MailScanner thanks transtec Computers for their support.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Setting up NIS questions?

2006-05-19 Thread Lawrence Horvath 

There isnt a way to specify which ip or interface NIS will bind to?

On 5/19/06, Derek Ragona [EMAIL PROTECTED] wrote:

If memory serves YP will grab the first interface.  If you switch the
stacks/IPs on the interfaces I think you will get what you want.

 -Derek


At 05:48 PM 5/19/2006, Steve Kargl wrote:
I have 2 NICS in the master node of a small cluster.
bge0 is connected to the outside world with a FQDN
and registered DNS IP address.  bge1 is connected to
a 192.168.0.x internal network.  I'm trying to configure
NIS for the internal network, but ypinit is grabbing the
FQDN.  I've read the Handbook and ypinit manual page
without too much enlightment. :(

What I'm after is

192.168.0.10  NIS master server
192.168.0.11  NIS slave server
192.168.0.[12-15] NIS clients

Anyone have a pointer to a method to achieve my goals.

--
Steve
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
MailScanner thanks transtec Computers for their support.

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
MailScanner thanks transtec Computers for their support.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]




--
-Lawrence
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

help setting up NIS ???

2004-10-24 Thread Brent 
I'm running Freebsd 4.10 , we were thinking of running NIS so that user 
accounts get propagated to other servers in our infrastructure. 

can it be done ? 

any thoughts or help is greatly appreciated 

thank you 

-- 
Brent 

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: help setting up NIS ???

2004-10-24 Thread Matthew Seaman 
On Sun, Oct 24, 2004 at 09:13:35AM -0500, Brent wrote:
 I'm running Freebsd 4.10 , we were thinking of running NIS so that user 
 accounts get propagated to other servers in our infrastructure. 
 
 can it be done ? 

Yes.  Read the ypinit(8) man page.

Cheers,

Matthew

-- 
Dr Matthew J Seaman MA, D.Phil.   26 The Paddocks
  Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey Marlow
Tel: +44 1628 476614  Bucks., SL7 1TH UK


pgpDXKz39d5qp.pgp
Description: PGP signature

Setting up NIS

2004-03-24 Thread Jamel Brown 
freebsd1.compulinux.org 4.9-RELEASE FreeBSD
4.9-RELEASE #0: Mon Oct 27 17:51:09 GMT 2003
[EMAIL PROTECTED]:/usr/obj/usr/src/sys/GENERIC
 i386

freebsd2.compulinux.org 4.9-RELEASE FreeBSD
4.9-RELEASE #0: Mon Oct 27 17:51:09 GMT 2003
[EMAIL PROTECTED]:/usr/obj/usr/src/sys/GENERIC
 i386

freebsd3.compulinux.org 4.9-RELEASE FreeBSD
4.9-RELEASE #0: Mon Oct 27 17:51:09 GMT 2003
[EMAIL PROTECTED]:/usr/obj/usr/src/sys/GENERIC
 i386

FreeBSD freebsd4.compulinux.org 4.9-RELEASE FreeBSD
4.9-RELEASE #0: Mon Oct 27 17:51:09 GMT 2003
[EMAIL PROTECTED]:/usr/obj/usr/src/sys/GENERIC
 i386 

I'm having several problems setting up nis on my
system I have 4 computers that I am trying to setup
nis on. The roles I would like my computers to play
are as follows Freebsd1 Server, Freebsd2 Slave,
Freebsd3 Client, and Freebsd4 Client. I have been
trying to set up NIS according to what the FreeBSD
hand book says several times but all with no luck. Ok
here's is another thing I’m new to FreeBSD so I don’t
know how to use vi and vipw very well so I always use
Pico or edit instead please let me know if I am
causing the problem by not using these programs. Also
if you notice I have missed anything please let me
know. I am not going to explain freebsd4 because
freebsd3 is the same as it. Everything I typed in is
after a fresh install of FreeBSD this is no other
programs running except what is listed in /etc/rc.conf
Also Please Type in the exact command needed to fix my
problem if at all possible as I have stated before I
am new to FreeBSD so please assume I don’t know.

This is my output of /etc/rc.conf on Freebsd1
freebsd1# cat /etc/rc.conf
kern_securelevel_enable=NO
nfs_reserved_port_only=YES
sendmail_enable=YES
sshd_enable=YES
usbd_enable=YES
moused_port=/dev/psm0
moused_type=auto
moused_enable=YES
named_enable=YES
ifconfig_rl0=inet 192.168.123.1  netmask
255.255.255.0
ipv6_enable=YES
defaultrouter=192.168.123.254
hostname=freebsd1.compulinux.org
nisdomainname=compulinux.org
nis_server_enable=YES
nis_yppasswdd_enable=YES

This is /etc/rc.conf on freebsd2
freebsd2# cat /etc/rc.conf
kern_securelevel_enable=NO
nfs_client_enable=YES
nfs_reserved_port_only=YES
sendmail_enable=YES
sshd_enable=YES
usbd_enable=YES
ifconfig_rl0=inet 192.168.123.2  netmask
255.255.255.0
moused_port=/dev/psm0
moused_type=auto
moused_enable=YES
ipv6_enable=YES
defaultrouter=192.168.123.254
hostname=freebsd2.compulinux.org
named_enable=YES
nisdomainname=compulinux.org
nis_yppasswdd_enable=YES
nis_server_enable=YES

This is /etc/rc.conf on Freebsd3
freebsd3# cat /etc/rc.conf
kern_securelevel_enable=NO
moused_enable=YES
moused_port=/dev/psm0
moused_type=auto
nfs_reserved_port_only=YES
nfs_server_enable=YES
mountd_flags=-r
sendmail_enable=YES
sshd_enable=YES
usbd_enable=YES
ifconfig_rl0=inet 192.168.123.3  netmask
255.255.255.0
ipv6_enable=YES
defaultrouter=192.168.123.254
hostname=freebsd3.compulinux.org
nis_client_enable=YES
nisdomainname=compulinux.org

This is my /etc/master.passwd on freebsd3
freebsd3# cat /etc/master.passwd
# $FreeBSD: src/etc/master.passwd,v 1.25.2.6
2002/06/30 17:57:17 des Exp $
#
root:$1$9S9qmgEH$RNedtYvD6KwWd.R09ku2.0:0:0::0:0:Charlie
:/root:/bin/csh
toor:*:0:0::0:0:Bourne-again Superuser:/root:
daemon:*:1:1::0:0:Owner of many system
processes:/root:/sbin/nologin
operator:*:2:5::0:0:System :/:/sbin/nologin
bin:*:3:7::0:0:Binaries Commands and
Source:/:/sbin/nologin
tty:*:4:65533::0:0:Tty Sandbox:/:/sbin/nologin
kmem:*:5:65533::0:0:KMem Sandbox:/:/sbin/nologin
games:*:7:13::0:0:Games
pseudo-user:/usr/games:/sbin/nologin
news:*:8:8::0:0:News Subsystem:/:/sbin/nologin
man:*:9:9::0:0:Mister Man
Pages:/usr/share/man:/sbin/nologin
sshd:*:22:22::0:0:Secure Shell
Daemon:/var/empty:/sbin/nologin
smmsp:*:25:25::0:0:Sendmail Submission
User:/var/spool/clientmqueue:/sbin/nologin
mailnull:*:26:26::0:0:Sendmail Default
User:/var/spool/mqueue:/sbin/nologin
bind:*:53:53::0:0:Bind Sandbox:/:/sbin/nologin
uucp:*:66:66::0:0:UUCP
pseudo-user:/var/spool/uucppublic:/usr/libexec/uucp/uucico
xten:*:67:67::0:0:X-10
daemon:/usr/local/xten:/sbin/nologin
pop:*:68:6::0:0:Post Office
Owner:/nonexistent:/sbin/nologin
www:*:80:80::0:0:World Wide Web
Owner:/nonexistent:/sbin/nologin
nobody:*:65534:65534::0:0:Unprivileged
user:/nonexistent:/sbin/nologin

+:

This is /etc/group on Freebsd3

freebsd3# cat /etc/group
# $FreeBSD: src/etc/group,v 1.19.2.3 2002/06/30
17:57:17 des Exp $
#
wheel:*:0:root
daemon:*:1:daemon
kmem:*:2:root
sys:*:3:root
tty:*:4:root
operator:*:5:root
mail:*:6:
bin:*:7:
news:*:8:
man:*:9:
games:*:13:
staff:*:20:root
sshd:*:22:
smmsp:*:25:
mailnull:*:26:
guest:*:31:root
bind:*:53:
uucp:*:66:
xten:*:67:xten
dialer:*:68:
network:*:69:
www:*:80:
nogroup:*:65533:
nobody:*:65534:

+:*::

The handbook then tells you to type a couple simple
things into the server
1. nisdomainname=compulinux.org
2. nis_server_enable=YES
3. nis_yppasswdd_enable=YES
after doing that Instead of running /etc/netstart I
just reboot
then run the following

Problem Setting up NIS Server and Client

2004-03-22 Thread Jamel Brown 
freebsd1.compulinux.org 4.9-RELEASE FreeBSD
4.9-RELEASE #0: Mon Oct 27 17:51:09 GMT 2003
[EMAIL PROTECTED]:/usr/obj/usr/src/sys/GENERIC
 i386

freebsd2.compulinux.org 4.9-RELEASE FreeBSD
4.9-RELEASE #0: Mon Oct 27 17:51:09 GMT 2003
[EMAIL PROTECTED]:/usr/obj/usr/src/sys/GENERIC
 i386

freebsd3.compulinux.org 4.9-RELEASE FreeBSD
4.9-RELEASE #0: Mon Oct 27 17:51:09 GMT 2003
[EMAIL PROTECTED]:/usr/obj/usr/src/sys/GENERIC
 i386

FreeBSD freebsd4.compulinux.org 4.9-RELEASE FreeBSD
4.9-RELEASE #0: Mon Oct 27 17:51:09 GMT 2003
[EMAIL PROTECTED]:/usr/obj/usr/src/sys/GENERIC
 i386 

I'm having several problems setting up nis on my
system I have 4 computers that I am trying to setup
nis on. The roles I would like my computers to play
are as follows Freebsd1 Server, Freebsd2 Slave,
Freebsd3 Client, and Freebsd4 Client. I have been
trying to set up NIS according to what the FreeBSD
hand book says several times but all with no luck. Ok
here's is another thing I’m new to FreeBSD so I don’t
know how to use vi and vipw very well so I always use
Pico or edit instead please let me know if I am
causing the problem by not using these programs. Also
if you notice I have missed anything please let me
know. I am not going to explain freebsd4 because
freebsd3 is the same as it. Everything I typed in is
after a fresh install of FreeBSD this is no other
programs running except what is listed in /etc/rc.conf
Also Please Type in the exact command needed to fix my
problem if at all possible as I have stated before I
am new to FreeBSD so please assume I don’t know.

This is my output of /etc/rc.conf on Freebsd1
freebsd1# cat /etc/rc.conf
kern_securelevel_enable=NO
nfs_reserved_port_only=YES
sendmail_enable=YES
sshd_enable=YES
usbd_enable=YES
moused_port=/dev/psm0
moused_type=auto
moused_enable=YES
named_enable=YES
ifconfig_rl0=inet 192.168.123.1  netmask
255.255.255.0
ipv6_enable=YES
defaultrouter=192.168.123.254
hostname=freebsd1.compulinux.org
nisdomainname=compulinux.org
nis_server_enable=YES
nis_yppasswdd_enable=YES

This is /etc/rc.conf on freebsd2
freebsd2# cat /etc/rc.conf
kern_securelevel_enable=NO
nfs_client_enable=YES
nfs_reserved_port_only=YES
sendmail_enable=YES
sshd_enable=YES
usbd_enable=YES
ifconfig_rl0=inet 192.168.123.2  netmask
255.255.255.0
moused_port=/dev/psm0
moused_type=auto
moused_enable=YES
ipv6_enable=YES
defaultrouter=192.168.123.254
hostname=freebsd2.compulinux.org
named_enable=YES
nisdomainname=compulinux.org
nis_yppasswdd_enable=YES
nis_server_enable=YES

This is /etc/rc.conf on Freebsd3
freebsd3# cat /etc/rc.conf
kern_securelevel_enable=NO
moused_enable=YES
moused_port=/dev/psm0
moused_type=auto
nfs_reserved_port_only=YES
nfs_server_enable=YES
mountd_flags=-r
sendmail_enable=YES
sshd_enable=YES
usbd_enable=YES
ifconfig_rl0=inet 192.168.123.3  netmask
255.255.255.0
ipv6_enable=YES
defaultrouter=192.168.123.254
hostname=freebsd3.compulinux.org
nis_client_enable=YES
nisdomainname=compulinux.org

This is my /etc/master.passwd on freebsd3
freebsd3# cat /etc/master.passwd
# $FreeBSD: src/etc/master.passwd,v 1.25.2.6
2002/06/30 17:57:17 des Exp $
#
root:$1$9S9qmgEH$RNedtYvD6KwWd.R09ku2.0:0:0::0:0:Charlie
:/root:/bin/csh
toor:*:0:0::0:0:Bourne-again Superuser:/root:
daemon:*:1:1::0:0:Owner of many system
processes:/root:/sbin/nologin
operator:*:2:5::0:0:System :/:/sbin/nologin
bin:*:3:7::0:0:Binaries Commands and
Source:/:/sbin/nologin
tty:*:4:65533::0:0:Tty Sandbox:/:/sbin/nologin
kmem:*:5:65533::0:0:KMem Sandbox:/:/sbin/nologin
games:*:7:13::0:0:Games
pseudo-user:/usr/games:/sbin/nologin
news:*:8:8::0:0:News Subsystem:/:/sbin/nologin
man:*:9:9::0:0:Mister Man
Pages:/usr/share/man:/sbin/nologin
sshd:*:22:22::0:0:Secure Shell
Daemon:/var/empty:/sbin/nologin
smmsp:*:25:25::0:0:Sendmail Submission
User:/var/spool/clientmqueue:/sbin/nologin
mailnull:*:26:26::0:0:Sendmail Default
User:/var/spool/mqueue:/sbin/nologin
bind:*:53:53::0:0:Bind Sandbox:/:/sbin/nologin
uucp:*:66:66::0:0:UUCP
pseudo-user:/var/spool/uucppublic:/usr/libexec/uucp/uucico
xten:*:67:67::0:0:X-10
daemon:/usr/local/xten:/sbin/nologin
pop:*:68:6::0:0:Post Office
Owner:/nonexistent:/sbin/nologin
www:*:80:80::0:0:World Wide Web
Owner:/nonexistent:/sbin/nologin
nobody:*:65534:65534::0:0:Unprivileged
user:/nonexistent:/sbin/nologin

+:

This is /etc/group on Freebsd3

freebsd3# cat /etc/group
# $FreeBSD: src/etc/group,v 1.19.2.3 2002/06/30
17:57:17 des Exp $
#
wheel:*:0:root
daemon:*:1:daemon
kmem:*:2:root
sys:*:3:root
tty:*:4:root
operator:*:5:root
mail:*:6:
bin:*:7:
news:*:8:
man:*:9:
games:*:13:
staff:*:20:root
sshd:*:22:
smmsp:*:25:
mailnull:*:26:
guest:*:31:root
bind:*:53:
uucp:*:66:
xten:*:67:xten
dialer:*:68:
network:*:69:
www:*:80:
nogroup:*:65533:
nobody:*:65534:

+:*::

The handbook then tells you to type a couple simple
things into the server
1. nisdomainname=compulinux.org
2. nis_server_enable=YES
3. nis_yppasswdd_enable=YES
after doing that Instead of running /etc/netstart I
just reboot
then run the following

Re: Problem Setting up NIS Server and Client

2004-03-22 Thread Matthew Seaman 
On Mon, Mar 22, 2004 at 04:08:26AM -0800, Jamel Brown wrote:

[...]

 I'm having several problems setting up nis on my
 system I have 4 computers that I am trying to setup
 nis on. The roles I would like my computers to play
 are as follows Freebsd1 Server, Freebsd2 Slave,
 Freebsd3 Client, and Freebsd4 Client. I have been
 trying to set up NIS according to what the FreeBSD
 hand book says several times but all with no luck. Ok
 here's is another thing I?m new to FreeBSD so I don?t
 know how to use vi and vipw very well so I always use
 Pico or edit instead please let me know if I am
 causing the problem by not using these programs. Also
 if you notice I have missed anything please let me
 know. I am not going to explain freebsd4 because
 freebsd3 is the same as it. Everything I typed in is
 after a fresh install of FreeBSD this is no other
 programs running except what is listed in /etc/rc.conf
 Also Please Type in the exact command needed to fix my
 problem if at all possible as I have stated before I
 am new to FreeBSD so please assume I don?t know.

[...]

Wow.  Excellent report.  However, you seem to have done everything
correctly, so far.

You need to enable 'portmap' on all your machines. Add:

portmap_enable=YES

If you don't want to reboot all those machines, you can just start
portmap from the command line:

# /usr/sbin/portmap

Note that portmap enabled machines need extra care if they're exposed
to the internet: you should set up firewalls to prevent external
access to port 111 and the high-numbered ports that RPC based services
use.  You can also use tcp_wrappers to good effect to protect portmap:
see the examples in /etc/hosts.allow, but be aware that portmap is a
special case which you have to configure access by IP number rather
than hostname.

Once that has been enabled, you should be able to run:

% rpcinfo

to see what RPC services are available on your hosts,

% ypwhich

to show which NIS server that host has bound to, and:

% ypcat passwd

to download one of your NIS maps and prove that it's accessible from
that host.

After all that, the NIS userids should be accessible from your client
machines, given that you've put the correct magic token in the
/etc/master.passwd and /etc/group files.

One thing that can help if the clients are refusing to bind properly
to the server is to put:

nis_client_flags=-S 
compulinux.org,freebsd1.compulinux.org,freebsd2.compulinux.org

See ypbind(8) for more details.

For setting up NIS users, use pw(8) rather than adduser(8).  pw(8) has
a '-V' flags which you can use to make it modify your master.passwd
and group files in /var/yp rather than /etc.  Unfortunately, and for
reasons I don't really understand, this will also cause pw(8) to
silently fail to create home directories.  However, once the account
has been created in NIS, you should be able to use:

# pw usermod -n username -m

to create the home directory for 'username'.

Cheers,

Matthew

-- 
Dr Matthew J Seaman MA, D.Phil.   26 The Paddocks
  Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey Marlow
Tel: +44 1628 476614  Bucks., SL7 1TH UK


pgp0.pgp
Description: PGP signature

Problem Setting up NIS Server and Client

2004-03-22 Thread Jamel Brown 
freebsd1.compulinux.org 4.9-RELEASE FreeBSD
4.9-RELEASE #0: Mon Oct 27 17:51:09 GMT 2003
[EMAIL PROTECTED]:/usr/obj/usr/src/sys/GENERIC
 i386

freebsd2.compulinux.org 4.9-RELEASE FreeBSD
4.9-RELEASE #0: Mon Oct 27 17:51:09 GMT 2003
[EMAIL PROTECTED]:/usr/obj/usr/src/sys/GENERIC
 i386

freebsd3.compulinux.org 4.9-RELEASE FreeBSD
4.9-RELEASE #0: Mon Oct 27 17:51:09 GMT 2003
[EMAIL PROTECTED]:/usr/obj/usr/src/sys/GENERIC
 i386

FreeBSD freebsd4.compulinux.org 4.9-RELEASE FreeBSD
4.9-RELEASE #0: Mon Oct 27 17:51:09 GMT 2003
[EMAIL PROTECTED]:/usr/obj/usr/src/sys/GENERIC
 i386 

I'm having several problems setting up nis on my
system I have 4 computers that I am trying to setup
nis on. The roles I would like my computers to play
are as follows Freebsd1 Server, Freebsd2 Slave,
Freebsd3 Client, and Freebsd4 Client. I have been
trying to set up NIS according to what the FreeBSD
hand book says several times but all with no luck. Ok
here's is another thing I’m new to FreeBSD so I don’t
know how to use vi and vipw very well so I always use
Pico or edit instead please let me know if I am
causing the problem by not using these programs. Also
if you notice I have missed anything please let me
know. I am not going to explain freebsd4 because
freebsd3 is the same as it. Everything I typed in is
after a fresh install of FreeBSD this is no other
programs running except what is listed in /etc/rc.conf
Also Please Type in the exact command needed to fix my
problem if at all possible as I have stated before I
am new to FreeBSD so please assume I don’t know.

This is my output of /etc/rc.conf on Freebsd1
freebsd1# cat /etc/rc.conf
kern_securelevel_enable=NO
nfs_reserved_port_only=YES
sendmail_enable=YES
sshd_enable=YES
usbd_enable=YES
moused_port=/dev/psm0
moused_type=auto
moused_enable=YES
named_enable=YES
ifconfig_rl0=inet 192.168.123.1  netmask
255.255.255.0
ipv6_enable=YES
defaultrouter=192.168.123.254
hostname=freebsd1.compulinux.org
nisdomainname=compulinux.org
nis_server_enable=YES
nis_yppasswdd_enable=YES

This is /etc/rc.conf on freebsd2
freebsd2# cat /etc/rc.conf
kern_securelevel_enable=NO
nfs_client_enable=YES
nfs_reserved_port_only=YES
sendmail_enable=YES
sshd_enable=YES
usbd_enable=YES
ifconfig_rl0=inet 192.168.123.2  netmask
255.255.255.0
moused_port=/dev/psm0
moused_type=auto
moused_enable=YES
ipv6_enable=YES
defaultrouter=192.168.123.254
hostname=freebsd2.compulinux.org
named_enable=YES
nisdomainname=compulinux.org
nis_yppasswdd_enable=YES
nis_server_enable=YES

This is /etc/rc.conf on Freebsd3
freebsd3# cat /etc/rc.conf
kern_securelevel_enable=NO
moused_enable=YES
moused_port=/dev/psm0
moused_type=auto
nfs_reserved_port_only=YES
nfs_server_enable=YES
mountd_flags=-r
sendmail_enable=YES
sshd_enable=YES
usbd_enable=YES
ifconfig_rl0=inet 192.168.123.3  netmask
255.255.255.0
ipv6_enable=YES
defaultrouter=192.168.123.254
hostname=freebsd3.compulinux.org
nis_client_enable=YES
nisdomainname=compulinux.org

This is my /etc/master.passwd on freebsd3
freebsd3# cat /etc/master.passwd
# $FreeBSD: src/etc/master.passwd,v 1.25.2.6
2002/06/30 17:57:17 des Exp $
#
root:$1$9S9qmgEH$RNedtYvD6KwWd.R09ku2.0:0:0::0:0:Charlie
:/root:/bin/csh
toor:*:0:0::0:0:Bourne-again Superuser:/root:
daemon:*:1:1::0:0:Owner of many system
processes:/root:/sbin/nologin
operator:*:2:5::0:0:System :/:/sbin/nologin
bin:*:3:7::0:0:Binaries Commands and
Source:/:/sbin/nologin
tty:*:4:65533::0:0:Tty Sandbox:/:/sbin/nologin
kmem:*:5:65533::0:0:KMem Sandbox:/:/sbin/nologin
games:*:7:13::0:0:Games
pseudo-user:/usr/games:/sbin/nologin
news:*:8:8::0:0:News Subsystem:/:/sbin/nologin
man:*:9:9::0:0:Mister Man
Pages:/usr/share/man:/sbin/nologin
sshd:*:22:22::0:0:Secure Shell
Daemon:/var/empty:/sbin/nologin
smmsp:*:25:25::0:0:Sendmail Submission
User:/var/spool/clientmqueue:/sbin/nologin
mailnull:*:26:26::0:0:Sendmail Default
User:/var/spool/mqueue:/sbin/nologin
bind:*:53:53::0:0:Bind Sandbox:/:/sbin/nologin
uucp:*:66:66::0:0:UUCP
pseudo-user:/var/spool/uucppublic:/usr/libexec/uucp/uucico
xten:*:67:67::0:0:X-10
daemon:/usr/local/xten:/sbin/nologin
pop:*:68:6::0:0:Post Office
Owner:/nonexistent:/sbin/nologin
www:*:80:80::0:0:World Wide Web
Owner:/nonexistent:/sbin/nologin
nobody:*:65534:65534::0:0:Unprivileged
user:/nonexistent:/sbin/nologin

+:

This is /etc/group on Freebsd3

freebsd3# cat /etc/group
# $FreeBSD: src/etc/group,v 1.19.2.3 2002/06/30
17:57:17 des Exp $
#
wheel:*:0:root
daemon:*:1:daemon
kmem:*:2:root
sys:*:3:root
tty:*:4:root
operator:*:5:root
mail:*:6:
bin:*:7:
news:*:8:
man:*:9:
games:*:13:
staff:*:20:root
sshd:*:22:
smmsp:*:25:
mailnull:*:26:
guest:*:31:root
bind:*:53:
uucp:*:66:
xten:*:67:xten
dialer:*:68:
network:*:69:
www:*:80:
nogroup:*:65533:
nobody:*:65534:

+:*::

The handbook then tells you to type a couple simple
things into the server
1. nisdomainname=compulinux.org
2. nis_server_enable=YES
3. nis_yppasswdd_enable=YES
after doing that Instead of running /etc/netstart I
just reboot
then run the following