There are some problems connnecting a Linux NIS client to a FreeBSD NIS server (Linux is RH9 and freeBSD is 4.9 RELEASE but i believe it concerns all versions) Having both sides setup , users always get an authentication failure on the linux boxes. Same problem is described in http://lists.freebsd.org/pipermail/freebsd-net/2003-August/001126.html There it is suggested that the only problem is a missing NIS map ( named master.passwd in freeBSD) shadow.byname. However patching as suggested the /var/yp/Makefile doesnot solve the problem although it sure is necssary to make the shadow map. Fix: Linux authentication routine is distrubbed by the presence of asterisk in tha passwd tables and maps an really foolishly expects an "x" I have made small modification in line 470 of /var/yp/Makefile changing from print $$1":*:"$$3":"$$4":"$$8":"$$9":"$$10}' $^ \ to print $$1":x"$$3":"$$4":"$$8":"$$9":"$$10}' $^ \ FreeBSD NIS clients seem not have spotted the difference. However having searched for possible implications i must point out that the asterisk is used in the /usr/src/usr.sbin/rpc.yppasswdd/yppasswdd_server.c (read comments line 348 ) so i suggest changing line 416 pw->pw_name, *(ptr+1) == '*' ? "*" : pw->pw_passwd, to pw->pw_name, *(ptr+1) == ('*'||'x') ? "x" : pw->pw_passwd, (I am not so sure what would be the implications if we dont... ) Results: Linux client users can cleanly authenticate now I have no indication of any implication in FBSD NIS clients but it sure is necessary for someone to look more thoroughly ATTENTION : More work to be done: A user on a linux client still cant change his password using yppasswd , so .. they still have to visit a freebsd box and use yppasswd there :-) Conclusion: It would be appreciable if someone (on either side) made NIS work fine out of the box How-To-Repeat: Just try to set out of the box a linux NIS client to authenticate against a Freebsd NIS server
Hi, I write a mail to freebsd-bugs [1] and I get answer to make a pr. So I searched the bug reports and find this open bug. I think that my patch [2] could help to solve the bug in such a way that you don'nt need to patch ypasswd or some c-program else. Only apply the patch and everything works fine. With best regards Andreas Sources: [1] http://lists.freebsd.org/pipermail/freebsd-bugs/2006-March/017532.html [2] http://w5/~lnxbil/bsd-patches/nis-clients-unter-linux.patch Inline Patch: --- Makefile.dist Thu Nov 3 09:12:04 2005 +++ Makefile Fri Mar 17 09:55:48 2006 @@ -40,6 +40,11 @@ # key will be removed from these maps, allowing anyone to access them. S=-s +# If you want to have linux NIS clients you must enable this: +# Comment the line if you have no linux NIS clients +#LINUXCOMPMODE=1 + + # These are commands which this Makefile needs to properly rebuild the # NIS databases. Don't change these unless you have a good reason. Also # be sure not to place an @ in front of /usr/bin/awk: it isn't necessary @@ -196,6 +201,7 @@ aliases: mail.aliases master.passwd: master.passwd.byname master.passwd.byuid +master.passwd: shadow.byname # # This is a special target used only when doing in-place updates with @@ -498,6 +504,16 @@ $(PASSWD): $(MASTER) @echo "Creating new $@ file from $(MASTER)..." +.if defined(LINUXCOMPMODE) + @if [ ! $(UNSECURE) ]; then \ + $(AWK) -F: '{if ($$1 != "" && $$1 !~ "^#.*" && $$1 != "+") \ + print $$1":x:"$$3":"$$4":"$$8":"$$9":"$$10}' $(MASTER) \ + > $(PASSWD) ; \ + else \ + $(AWK) -F: '{if ($$1 != "" && $$1 !~ "^#.*" && $$1 != "+") \ + print $$1":"$$2":"$$3":"$$4":"$$8":"$$9":"$$10}' $(MASTER) \ + > $(PASSWD) ; fi +.else @if [ ! $(UNSECURE) ]; then \ $(AWK) -F: '{if ($$1 != "" && $$1 !~ "^#.*" && $$1 != "+") \ print $$1":*:"$$3":"$$4":"$$8":"$$9":"$$10}' $(MASTER) \ @@ -506,6 +522,7 @@ $(AWK) -F: '{if ($$1 != "" && $$1 !~ "^#.*" && $$1 != "+") \ print $$1":"$$2":"$$3":"$$4":"$$8":"$$9":"$$10}' $(MASTER) \ > $(PASSWD) ; fi +.endif passwd.byname: $(PASSWD) @@ -613,3 +630,20 @@ @if [ ! $(NOPUSH) ]; then $(YPPUSH) -d $(DOMAIN) $@; fi @if [ ! $(NOPUSH) ]; then echo "Pushed $@ map." ; fi + +shadow.byname: $(MASTER) +.if defined(LINUXCOMPMODE) + @echo "Updating $@..." +.if ${MASTER} == "/dev/null" + @echo "Master.passwd source file not found -- skipping" +.else + @cat $(MASTER) | \ + $(AWK) -F: '{ if ($$1 != "" && $$1 !~ "^#.*" && $$1 != "+") \ + print $$1"\t"$$1":"$$2":::::::" }' $^ \ + | $(DBLOAD) ${S} -f -i $(MASTER) -o $(YPMAPDIR)/$@ - $(TMP); \ + $(RMV) $(TMP) $@ + @$(DBLOAD) -c + @if [ ! $(NOPUSH) ]; then $(YPPUSH) -d $(DOMAIN) $@; fi + @if [ ! $(NOPUSH) ]; then echo "Pushed $@ map." ; fi +.endif +.endif -- Andreas Steinel email: lnxbil@xantippe.cs.uni-sb.de Zimmer 122 web: http://w5.cs.uni-sb.de Bau 36.1 Phone: +49 (0) 681 302-4135 Lehrstuhl Prof. Wahlster fax: +49 (0) 12 12 / 52 35 64 89 Fakultät 6 - Informatik Universität des Saarlandes 66123 Saarbrücken GPG-Fingerprint: C09D 96DD 548C 8F13 097A 8D04 8329 7BEA A623 11D6
Hello, the patch from Mr. Andreas Steinel fails with the following errors (FBSD 5.3-RELEASE, but similar to 6.0): =================== Hunk #1 succeeded at 40. Hunk #2 failed at 201. Hunk #3 failed at 504. Hunk #4 failed at 522. Hunk #5 succeeded at 629 with fuzz 2 (offset -1 lines). patch: **** misordered hunks! output would be garbled =================== In fact, the lines that need to be altered are not those. Besides, there are strange characters sequences (=2D, =3D etc., probably an encoding issue) in the above copy of patch, but not in the original file at http://www.bsdforen.de/showthread.php?t=14059 However, when manually applying this patch, "make" fails with: ==================== "Makefile", line 597: Need an operator "Makefile", line 607: Need an operator "Makefile", line 609: warning: duplicate script for target "@if" ignored "Makefile", line 609: warning: duplicate script for target "[" ignored "Makefile", line 611: warning: duplicate script for target "@if" ignored "Makefile", line 611: warning: duplicate script for target "[" ignored make: fatal errors encountered -- cannot continue ==================== The reason, simple as it is, is that the patch is indented with spaces, and for some reason "make" doesn´t accept that. The solution is to replace the spaces with tabs. I´m submitting a copy of the resulting unified diff, which can be applied with: patch -p1 Makefile <Yp.Makefile.patch It was built for 5.3-RELEASE, but also works on 6.2-RELEASE (untested as NIS-server, though) with only different offsets. If some peaceful mind would apply it to 6.4 or 7.1, or host it at FreeBSD servers, I (and all other people that would use Linux clients) will be very grateful. It´s about time to such a simple issue to disappear, don´t you think? ;-) One last note, though, is that passwd from the client machines will alter only the NIS passwords, not the server´s own pwd.db, which I don´t know if it´s a desired behaviour. Having said that, I´m attaching the patch, but here it is (inline), for any case: ------------------------------ +++ Makefile Tue Jan 22 21:45:02 2008 @@ -40,6 +40,10 @@ # key will be removed from these maps, allowing anyone to access them. S=-s +# If you want to have linux NIS clients you must enable this: +# Comment the line if you have no linux NIS clients +LINUXCOMPMODE=1 + # These are commands which this Makefile needs to properly rebuild the # NIS databases. Don't change these unless you have a good reason. Also # be sure not to place an @ in front of /usr/bin/awk: it isn't necessary @@ -187,7 +191,7 @@ publickey: publickey.byname aliases: mail.aliases -master.passwd: master.passwd.byname master.passwd.byuid +master.passwd: master.passwd.byname master.passwd.byuid shadow.byname # # This is a special target used only when doing in-place updates with @@ -460,6 +464,16 @@ $(PASSWD): $(MASTER) @echo "Creating new $@ file from $(MASTER)..." +.if defined(LINUXCOMPMODE) + @if [ ! $(UNSECURE) ]; then \ + $(AWK) -F: '{if ($$1 != "" && $$1 !~ "^#.*" && $$1 != "+") \ + print $$1":x:"$$3":"$$4":"$$8":"$$9":"$$10}' $(MASTER) \ + > $(PASSWD) ; \ + else \ + $(AWK) -F: '{if ($$1 != "" && $$1 !~ "^#.*" && $$1 != "+") \ + print $$1":"$$2":"$$3":"$$4":"$$8":"$$9":"$$10}' $(MASTER) \ + > $(PASSWD) ; fi +.else @if [ ! $(UNSECURE) ]; then \ $(AWK) -F: '{if ($$1 != "" && $$1 !~ "^#.*" && $$1 != "+") \ print $$1":*:"$$3":"$$4":"$$8":"$$9":"$$10}' $(MASTER) \ @@ -468,6 +482,7 @@ $(AWK) -F: '{if ($$1 != "" && $$1 !~ "^#.*" && $$1 != "+") \ print $$1":"$$2":"$$3":"$$4":"$$8":"$$9":"$$10}' $(MASTER) \ > $(PASSWD) ; fi +.endif passwd.byname: $(PASSWD) @@ -574,4 +589,22 @@ @$(DBLOAD) -c @if [ ! $(NOPUSH) ]; then $(YPPUSH) -d $(DOMAIN) $@; fi @if [ ! $(NOPUSH) ]; then echo "Pushed $@ map." ; fi + + +shadow.byname: $(MASTER) +.if defined(LINUXCOMPMODE) + @echo "Updating $@..." +.if ${MASTER} == "/dev/null" + @echo "Master.passwd source file not found -- skipping" +.else + @cat $(MASTER) | \ + $(AWK) -F: '{ if ($$1 != "" && $$1 !~ "^#.*" && $$1 != "+") \ + print $$1"\t"$$1":"$$2":::::::" }' $^ \ + | $(DBLOAD) ${S} -f -i $(MASTER) -o $(YPMAPDIR)/$@ - $(TMP); \ + $(RMV) $(TMP) $@ + @$(DBLOAD) -c + @if [ ! $(NOPUSH) ]; then $(YPPUSH) -d $(DOMAIN) $@; fi + @if [ ! $(NOPUSH) ]; then echo "Pushed $@ map." ; fi +.endif +.endif -------------------- Thanks to Mr. Steinel for the original work and efforts. Sincerely, Tulio G. da Silva
I can't reproduce this problem.