Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
we wish to upgrade NIS Authentication running SuSE Linux 10 to NIS SLES 15. If anyone has experience on this then please share your thoughts if it is a recommended. If Sles 10 Clients will be able to connect to NIS Server running on SLES 15. If NIS Database can be exported to NIS Server on SLES 15.
I would ofcourse be testing the migration first on Virtual Machine.
Hello Experts,
we wish to upgrade NIS Authentication running SuSE Linux 10 to NIS SLES 15. If anyone has experience on this then please share your thoughts if it is a recommended. If Sles 10 Clients will be able to connect to NIS Server running on SLES 15. If NIS Database can be exported to NIS Server on SLES 15.
I would ofcourse be testing the migration first on Virtual Machine.
If you're using SLES, that's a pay-for distro...as such, you are PAYING for support from SuSE, so have you contacted them for assistance/help? And just saying "NIS" doesn't tell us much of anything...what VERSION is running on both systems?? What have you done/tried/looked-up to resolve your issue? There are many guides on how to migrate a NIS database, with many options, but you don't tell us anything about what you're running and have.
Easiest thing would be to make your new NIS server a slave to your current master...then when you're ready, take down the existing master and promote the slave.
I once again try to explain the case.
Current running NIS Server has ypserv (ypserv) 2.12.1. And the target System having SLES 15 has ypserv (ypserv) 4.0.
So we would be configuring SLES 15 system and migrating the userdatabase from current ypserv. What have we done so far? We have installed the ypserv packets and tried to configure a test domain. Created some NIS Users. I could see the passwd map onto test SLES 10 as well as test SLES 12 System. (these 2 NIS client systems I have created for test purpose). Secondly I tried to login onto these 2 test systems using password created on the NIS Server but managed to only login on SLES 12 but not on SuSE 10 Client.
Further investigation revealed that it is likely because of different Encryption methods used on SuSE 10 and SLES 12 and 15.
Like on SuSE 10 it is DES as per /etc/default/passwd: CRYPT_YP=des whereas,
on SLES 15 and SLES 12 both the encryption methods are possible MD5 and SHA512 (ENCRYPT_METHOD_NIS).
But on SuSE 10 I do not find the possibility to change the encryption method to MD5 or SHA512.
So it seems my observation is , if we create the users on SLES 15 , the password-encryption will not be recognised by SuSE 10 and which will prohibit the user from logging in. Does it also mean, post migration the existing users (which were created on SuSE 10 previously) will not be recognised on new ypserv?
Are my observations correct? When yes then is there any hint or suggestion to tackle this problem?
I would ofcourse be exploring from my side the solution for this problem. I do not post and forget ;-)
I once again try to explain the case. Current running NIS Server has ypserv (ypserv) 2.12.1. And the target System having SLES 15 has ypserv (ypserv) 4.0.
So we would be configuring SLES 15 system and migrating the userdatabase from current ypserv. What have we done so far? We have installed the ypserv packets and tried to configure a test domain. Created some NIS Users. I could see the passwd map onto test SLES 10 as well as test SLES 12 System. (these 2 NIS client systems I have created for test purpose). Secondly I tried to login onto these 2 test systems using password created on the NIS Server but managed to only login on SLES 12 but not on SuSE 10 Client.
Further investigation revealed that it is likely because of different Encryption methods used on SuSE 10 and SLES 12 and 15.
Like on SuSE 10 it is DES as per /etc/default/passwd: CRYPT_YP=des whereas,
on SLES 15 and SLES 12 both the encryption methods are possible MD5 and SHA512 (ENCRYPT_METHOD_NIS).
But on SuSE 10 I do not find the possibility to change the encryption method to MD5 or SHA512.
So it seems my observation is , if we create the users on SLES 15 , the password-encryption will not be recognised by SuSE 10 and which will prohibit the user from logging in. Does it also mean, post migration the existing users (which were created on SuSE 10 previously) will not be recognised on new ypserv?
Are my observations correct? When yes then is there any hint or suggestion to tackle this problem?
I would ofcourse be exploring from my side the solution for this problem. I do not post and forget ;-) Thanx once again for your feedbacks.
Don't use text-speak; see the LQ Rules. And there's no need to 'again explain the case', as we understand what you're wanting to do.
Did you read the reply you received? Did you configure master/slave configurations as suggested? Did you contact SuSE support, since you're using SLES?? Again, as you were told, a LOT has changed between 2 and 4...if you can't do a master/slave between the two, your option is to manually fix things and move forward. This is exactly the reason it's suggested that people upgrade things and keep them current, to avoid such issues.
You are running seriously old OS with SLES 10, which you already know. I think that is where you should focus on to update first.
Until then, if you have any sort of LDAP server, why not setup PAM/LDAP authentication? This will eliminate some of these dependencies that you have already found.
Sorry, not the answers you are looking for, but based on your post, I feel like you already know this.
Interesting. In SuSE 12.3 I read in /etc/default/passwd
Quote:
# For NIS, we should prefer DES if we have other UNIX
# clients than Linux:
CRYPT_YP=des
That lets me think it should still work with a SuSE 12 NIS server.
As I remember from Solaris, changing NIS passwords work through the "yppasswdd" daemon that inserts it into the passwd or shadow or passwd.adjunct NIS source file and runs the command "make passwd" to rebuild the respective DB files.
I don't know if "yppasswdd" is also present on a Linux NIS master server, or if it uses another mechanism.
Last edited by MadeInGermany; 04-09-2020 at 12:23 PM.
I changed the Encryption method on NIS Server to be DES instead of SHA15 and then created a testuser with password. With this method the user is recognised on both the test client systems. ie. On SuSE 10 and SLES 12. So the user could logon to both the systems.
The main intention of NIS Upgrade is that we wish to incorporate latest software and stop using very old NIS Software. And at the same time pose user-account restrictions. For example, password to be reset every 3 months, account lock out after certain failed attempts etc.
I would be exploring pam modules for this. So a combination of new version of NIS + pam should suffice.
Moreover, I have noticed that unless I create a local user (using useradd) on SLES 15 NIS Server , it does not work.
I have to create local user alongwith an entry in /var/yp/passwd so that it works. If I only directly put an new user entry in /var/yp/passwd and do not create a user account locally , then I can not login via Client Systems. I dont know why? Am I missing something?
Moreover, I have noticed that unless I create a local user (using useradd) on SLES 15 NIS Server , it does not work.
I have to create local user alongwith an entry in /var/yp/passwd so that it works. If I only directly put an new user entry in /var/yp/passwd and do not create a user account locally , then I can not login via Client Systems. I dont know why? Am I missing something?
You were given several suggestions previously, which you seem to have ignored. And you were told to contact SuSE support, since you're using SuSE Enterprise, which is a commercial, PAY-FOR distro; have you done that???
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.