Hello Experts,

we wish to upgrade NIS Authentication running SuSE Linux 10 to NIS SLES 15. If anyone has experience on this then please share your thoughts if it is a recommended. If Sles 10 Clients will be able to connect to NIS Server running on SLES 15. If NIS Database can be exported to NIS Server on SLES 15.

I would ofcourse be testing the migration first on Virtual Machine.

Thanks in advance.

Regards,
Admin

If you're using SLES, that's a pay-for distro...as such, you are PAYING for support from SuSE, so have you contacted them for assistance/help? And just saying "NIS" doesn't tell us much of anything...what VERSION is running on both systems?? What have you done/tried/looked-up to resolve your issue? There are many guides on how to migrate a NIS database, with many options, but you don't tell us anything about what you're running and have.

Easiest thing would be to make your new NIS server a slave to your current master...then when you're ready, take down the existing master and promote the slave.

I guess you'll have to open ports in firewalld.
And you'll have to learn systemd.
And ... A lot of stuff has changed.

Thanks TB0ne and MadeInGermany for your replies.

I once again try to explain the case.
Current running NIS Server has ypserv (ypserv) 2.12.1. And the target System having SLES 15 has ypserv (ypserv) 4.0.

So we would be configuring SLES 15 system and migrating the userdatabase from current ypserv. What have we done so far? We have installed the ypserv packets and tried to configure a test domain. Created some NIS Users. I could see the passwd map onto test SLES 10 as well as test SLES 12 System. (these 2 NIS client systems I have created for test purpose). Secondly I tried to login onto these 2 test systems using password created on the NIS Server but managed to only login on SLES 12 but not on SuSE 10 Client.
Further investigation revealed that it is likely because of different Encryption methods used on SuSE 10 and SLES 12 and 15.
Like on SuSE 10 it is DES as per /etc/default/passwd: CRYPT_YP=des whereas,
on SLES 15 and SLES 12 both the encryption methods are possible MD5 and SHA512 (ENCRYPT_METHOD_NIS).
But on SuSE 10 I do not find the possibility to change the encryption method to MD5 or SHA512.
So it seems my observation is , if we create the users on SLES 15 , the password-encryption will not be recognised by SuSE 10 and which will prohibit the user from logging in. Does it also mean, post migration the existing users (which were created on SuSE 10 previously) will not be recognised on new ypserv?
Are my observations correct? When yes then is there any hint or suggestion to tackle this problem?

I would ofcourse be exploring from my side the solution for this problem. I do not post and forget ;-)

Thanx once again for your feedbacks.

Don't use text-speak; see the LQ Rules. And there's no need to 'again explain the case', as we understand what you're wanting to do.

Did you read the reply you received? Did you configure master/slave configurations as suggested? Did you contact SuSE support, since you're using SLES?? Again, as you were told, a LOT has changed between 2 and 4...if you can't do a master/slave between the two, your option is to manually fix things and move forward. This is exactly the reason it's suggested that people upgrade things and keep them current, to avoid such issues.

You are running seriously old OS with SLES 10, which you already know. I think that is where you should focus on to update first.
Until then, if you have any sort of LDAP server, why not setup PAM/LDAP authentication? This will eliminate some of these dependencies that you have already found.
Sorry, not the answers you are looking for, but based on your post, I feel like you already know this.

1 members found this post helpful.

Interesting. In SuSE 12.3 I read in /etc/default/passwd
That lets me think it should still work with a SuSE 12 NIS server.

As I remember from Solaris, changing NIS passwords work through the "yppasswdd" daemon that inserts it into the passwd or shadow or passwd.adjunct NIS source file and runs the command "make passwd" to rebuild the respective DB files.
I don't know if "yppasswdd" is also present on a Linux NIS master server, or if it uses another mechanism.

Thanks for your replied. Further tests,

I changed the Encryption method on NIS Server to be DES instead of SHA15 and then created a testuser with password. With this method the user is recognised on both the test client systems. ie. On SuSE 10 and SLES 12. So the user could logon to both the systems.

The main intention of NIS Upgrade is that we wish to incorporate latest software and stop using very old NIS Software. And at the same time pose user-account restrictions. For example, password to be reset every 3 months, account lock out after certain failed attempts etc.

I would be exploring pam modules for this. So a combination of new version of NIS + pam should suffice.

AFAIK there are no updates in NIS.
The DES crypt allows only 8 characters in passwords (further characters are ignored).

Moreover, I have noticed that unless I create a local user (using useradd) on SLES 15 NIS Server , it does not work.
I have to create local user alongwith an entry in /var/yp/passwd so that it works. If I only directly put an new user entry in /var/yp/passwd and do not create a user account locally , then I can not login via Client Systems. I dont know why? Am I missing something?

You were given several suggestions previously, which you seem to have ignored. And you were told to contact SuSE support, since you're using SuSE Enterprise, which is a commercial, PAY-FOR distro; have you done that???