LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices


Reply
  Search this Thread
Old 03-30-2020, 04:48 AM   #1
LinuGeek
Member
 
Registered: Jun 2008
Posts: 90

Rep: Reputation: 0
SuSE Linux NIS


Hello Experts,

we wish to upgrade NIS Authentication running SuSE Linux 10 to NIS SLES 15. If anyone has experience on this then please share your thoughts if it is a recommended. If Sles 10 Clients will be able to connect to NIS Server running on SLES 15. If NIS Database can be exported to NIS Server on SLES 15.

I would ofcourse be testing the migration first on Virtual Machine.

Thanks in advance.

Regards,
Admin
 
Old 03-30-2020, 07:39 AM   #2
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 22,816

Rep: Reputation: 6317Reputation: 6317Reputation: 6317Reputation: 6317Reputation: 6317Reputation: 6317Reputation: 6317Reputation: 6317Reputation: 6317Reputation: 6317Reputation: 6317
Quote:
Originally Posted by LinuGeek View Post
Hello Experts,
we wish to upgrade NIS Authentication running SuSE Linux 10 to NIS SLES 15. If anyone has experience on this then please share your thoughts if it is a recommended. If Sles 10 Clients will be able to connect to NIS Server running on SLES 15. If NIS Database can be exported to NIS Server on SLES 15.

I would ofcourse be testing the migration first on Virtual Machine.
If you're using SLES, that's a pay-for distro...as such, you are PAYING for support from SuSE, so have you contacted them for assistance/help? And just saying "NIS" doesn't tell us much of anything...what VERSION is running on both systems?? What have you done/tried/looked-up to resolve your issue? There are many guides on how to migrate a NIS database, with many options, but you don't tell us anything about what you're running and have.

Easiest thing would be to make your new NIS server a slave to your current master...then when you're ready, take down the existing master and promote the slave.
 
Old 03-30-2020, 01:43 PM   #3
MadeInGermany
Senior Member
 
Registered: Dec 2011
Location: Simplicity
Posts: 1,394

Rep: Reputation: 625Reputation: 625Reputation: 625Reputation: 625Reputation: 625Reputation: 625
I guess you'll have to open ports in firewalld.
And you'll have to learn systemd.
And ... A lot of stuff has changed.
 
Old 04-09-2020, 08:19 AM   #4
LinuGeek
Member
 
Registered: Jun 2008
Posts: 90

Original Poster
Rep: Reputation: 0
Thanks TB0ne and MadeInGermany for your replies.

I once again try to explain the case.
Current running NIS Server has ypserv (ypserv) 2.12.1. And the target System having SLES 15 has ypserv (ypserv) 4.0.

So we would be configuring SLES 15 system and migrating the userdatabase from current ypserv. What have we done so far? We have installed the ypserv packets and tried to configure a test domain. Created some NIS Users. I could see the passwd map onto test SLES 10 as well as test SLES 12 System. (these 2 NIS client systems I have created for test purpose). Secondly I tried to login onto these 2 test systems using password created on the NIS Server but managed to only login on SLES 12 but not on SuSE 10 Client.
Further investigation revealed that it is likely because of different Encryption methods used on SuSE 10 and SLES 12 and 15.
Like on SuSE 10 it is DES as per /etc/default/passwd: CRYPT_YP=des whereas,
on SLES 15 and SLES 12 both the encryption methods are possible MD5 and SHA512 (ENCRYPT_METHOD_NIS).
But on SuSE 10 I do not find the possibility to change the encryption method to MD5 or SHA512.
So it seems my observation is , if we create the users on SLES 15 , the password-encryption will not be recognised by SuSE 10 and which will prohibit the user from logging in. Does it also mean, post migration the existing users (which were created on SuSE 10 previously) will not be recognised on new ypserv?
Are my observations correct? When yes then is there any hint or suggestion to tackle this problem?

I would ofcourse be exploring from my side the solution for this problem. I do not post and forget ;-)

Thanx once again for your feedbacks.
 
Old 04-09-2020, 08:28 AM   #5
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 22,816

Rep: Reputation: 6317Reputation: 6317Reputation: 6317Reputation: 6317Reputation: 6317Reputation: 6317Reputation: 6317Reputation: 6317Reputation: 6317Reputation: 6317Reputation: 6317
Quote:
Originally Posted by LinuGeek View Post
Thanks TB0ne and MadeInGermany for your replies.

I once again try to explain the case. Current running NIS Server has ypserv (ypserv) 2.12.1. And the target System having SLES 15 has ypserv (ypserv) 4.0.

So we would be configuring SLES 15 system and migrating the userdatabase from current ypserv. What have we done so far? We have installed the ypserv packets and tried to configure a test domain. Created some NIS Users. I could see the passwd map onto test SLES 10 as well as test SLES 12 System. (these 2 NIS client systems I have created for test purpose). Secondly I tried to login onto these 2 test systems using password created on the NIS Server but managed to only login on SLES 12 but not on SuSE 10 Client.
Further investigation revealed that it is likely because of different Encryption methods used on SuSE 10 and SLES 12 and 15.
Like on SuSE 10 it is DES as per /etc/default/passwd: CRYPT_YP=des whereas,
on SLES 15 and SLES 12 both the encryption methods are possible MD5 and SHA512 (ENCRYPT_METHOD_NIS).
But on SuSE 10 I do not find the possibility to change the encryption method to MD5 or SHA512.
So it seems my observation is , if we create the users on SLES 15 , the password-encryption will not be recognised by SuSE 10 and which will prohibit the user from logging in. Does it also mean, post migration the existing users (which were created on SuSE 10 previously) will not be recognised on new ypserv?
Are my observations correct? When yes then is there any hint or suggestion to tackle this problem?

I would ofcourse be exploring from my side the solution for this problem. I do not post and forget ;-) Thanx once again for your feedbacks.
Don't use text-speak; see the LQ Rules. And there's no need to 'again explain the case', as we understand what you're wanting to do.

Did you read the reply you received? Did you configure master/slave configurations as suggested? Did you contact SuSE support, since you're using SLES?? Again, as you were told, a LOT has changed between 2 and 4...if you can't do a master/slave between the two, your option is to manually fix things and move forward. This is exactly the reason it's suggested that people upgrade things and keep them current, to avoid such issues.
 
Old 04-09-2020, 08:37 AM   #6
dc.901
Member
 
Registered: Aug 2018
Location: Atlanta, GA - USA
Distribution: CentOS/RHEL, openSuSE/SLES, Ubuntu
Posts: 778

Rep: Reputation: 241Reputation: 241Reputation: 241
You are running seriously old OS with SLES 10, which you already know. I think that is where you should focus on to update first.
Until then, if you have any sort of LDAP server, why not setup PAM/LDAP authentication? This will eliminate some of these dependencies that you have already found.
Sorry, not the answers you are looking for, but based on your post, I feel like you already know this.
 
1 members found this post helpful.
Old 04-09-2020, 12:21 PM   #7
MadeInGermany
Senior Member
 
Registered: Dec 2011
Location: Simplicity
Posts: 1,394

Rep: Reputation: 625Reputation: 625Reputation: 625Reputation: 625Reputation: 625Reputation: 625
Interesting. In SuSE 12.3 I read in /etc/default/passwd
Quote:
# For NIS, we should prefer DES if we have other UNIX
# clients than Linux:
CRYPT_YP=des
That lets me think it should still work with a SuSE 12 NIS server.

As I remember from Solaris, changing NIS passwords work through the "yppasswdd" daemon that inserts it into the passwd or shadow or passwd.adjunct NIS source file and runs the command "make passwd" to rebuild the respective DB files.
I don't know if "yppasswdd" is also present on a Linux NIS master server, or if it uses another mechanism.

Last edited by MadeInGermany; 04-09-2020 at 12:23 PM.
 
Old 04-17-2020, 04:28 AM   #8
LinuGeek
Member
 
Registered: Jun 2008
Posts: 90

Original Poster
Rep: Reputation: 0
Thanks for your replied. Further tests,

I changed the Encryption method on NIS Server to be DES instead of SHA15 and then created a testuser with password. With this method the user is recognised on both the test client systems. ie. On SuSE 10 and SLES 12. So the user could logon to both the systems.

The main intention of NIS Upgrade is that we wish to incorporate latest software and stop using very old NIS Software. And at the same time pose user-account restrictions. For example, password to be reset every 3 months, account lock out after certain failed attempts etc.

I would be exploring pam modules for this. So a combination of new version of NIS + pam should suffice.
 
Old 04-18-2020, 11:28 AM   #9
MadeInGermany
Senior Member
 
Registered: Dec 2011
Location: Simplicity
Posts: 1,394

Rep: Reputation: 625Reputation: 625Reputation: 625Reputation: 625Reputation: 625Reputation: 625
AFAIK there are no updates in NIS.
The DES crypt allows only 8 characters in passwords (further characters are ignored).
 
Old 05-18-2020, 05:48 AM   #10
LinuGeek
Member
 
Registered: Jun 2008
Posts: 90

Original Poster
Rep: Reputation: 0
Moreover, I have noticed that unless I create a local user (using useradd) on SLES 15 NIS Server , it does not work.
I have to create local user alongwith an entry in /var/yp/passwd so that it works. If I only directly put an new user entry in /var/yp/passwd and do not create a user account locally , then I can not login via Client Systems. I dont know why? Am I missing something?
 
Old 05-18-2020, 07:48 AM   #11
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 22,816

Rep: Reputation: 6317Reputation: 6317Reputation: 6317Reputation: 6317Reputation: 6317Reputation: 6317Reputation: 6317Reputation: 6317Reputation: 6317Reputation: 6317Reputation: 6317
Quote:
Originally Posted by LinuGeek View Post
Moreover, I have noticed that unless I create a local user (using useradd) on SLES 15 NIS Server , it does not work.
I have to create local user alongwith an entry in /var/yp/passwd so that it works. If I only directly put an new user entry in /var/yp/passwd and do not create a user account locally , then I can not login via Client Systems. I dont know why? Am I missing something?
You were given several suggestions previously, which you seem to have ignored. And you were told to contact SuSE support, since you're using SuSE Enterprise, which is a commercial, PAY-FOR distro; have you done that???
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
how the NIS information will propagate fron NIS master to NIS slave & vicevarsa? dezavu Linux - Server 5 10-14-2011 03:08 AM
Nis Client On Centos not working with Suse Server . But works with Suse Nis Client jibinforu Linux - Server 2 07-23-2009 08:44 PM
Nis Client On Centos not working with Suse Server . But works with Suse Nis Client jibinforu Linux - Networking 1 07-13-2009 05:51 AM
NIS: NIS running but users not able to log in with NIS credentials outerspace Linux - Server 3 10-17-2007 08:51 AM
NIS-Problem - search for NIS-Guru or SuSE Profesional krischeu MEPIS 0 06-16-2005 07:21 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - General

All times are GMT -5. The time now is 09:40 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration