Solved

Interoperability for Unix Trouble Synchronizing with Server 2003, R2

Posted on 2008-10-28
4
884 Views
Last Modified: 2013-12-19
Trying to follow;
1) http://technet.microsoft.com/en-us/library/cc737658.aspx (Server for NIS, Step-by-Step)
2) http://technet.microsoft.com/en-us/library/cc780148.aspx (Deploying Password Synchronization)

Environment:
1) Windows Server 2003 R2, Domain Controller (Master for NIS)
     Installed: Server for NIS, and Password Synchronization for the Windows Components, Active Directory Services, Identity for Unix Module.

2) Redhat Enterprise 5 Server, Clean Install (Slave for NIS)
     Installed: yp-tools, port-map and ssod


Scenario: (See attached file for screen shots and log info)
On the Windows side of the house, if we enter into the Management console for Unix, we can see that the service is started, the Master and Slave have been defined, encryption has been set, Use windows for NIS is check marked. (The port number has been changed on purpose; but the reflection was made on the other server correctly.)

On the Redhat side; I can see the passwd database from the NIS.
[root@amf-asic1 ~]# ypcat passwd
timmy:ABCD!efgh12345$67890:10013:10000::/home/timmy:/bin/tcsh
[root@amf-asic1 ~]#
[root@amf-asic1 init.d]# ./ypbind restart
Shutting down NIS services:                                [  OK  ]
Binding to the NIS domain:                                 [  OK  ]
Listening for an NIS domain server.
[root@amf-asic1 init.d]# ./yppasswdd start
Starting YP passwd service:                                [  OK  ]
[root@amf-asic1 init.d]# ./ypxfrd start
Starting YP map server:                                    [  OK  ]
[root@amf-asic1 init.d]# cd /opt/Ssod/
[root@amf-asic1 Ssod]# ./Ssod -v
Port:  9817
Use shadow:  1
Case Ignore Name:  1
Use temp:  0
Use NIS:  1
File path:  /etc/shadow
Temp path:  /etc
Pam_supported  0
NIS update path:  /var/yp
NIS update makefile:  Makefile
[root@amf-asic1 Ssod]#

So I know I'm getting information from the NIS. but it's not relfected in my passwd file and I cannot log in. I assume that is due to the password not being sync'd. And I cannot change the password for a user on the Redhat side.
[root@amf-asic1 ~]# yppasswd timmy
Changing NIS account information for timmy on amf-dc1.
Please enter root password:
Changing NIS password for timmy on amf-dc1.
Please enter new password:
Please retype new password:
Error while changing the NIS password.
The NIS password has not been changed on amf-dc1.

[root@amf-asic1 ~]# yppasswd timmy
Changing NIS account information for timmy on amf-dc1.
Please enter root password:
Changing NIS password for timmy on amf-dc1.
Please enter new password:
Please retype new password:
Error while changing the NIS password.
The NIS password has not been changed on amf-dc1.

[root@amf-asic1 ~]# Tried it twice to make sure I wasn't misssppeeling it! :D

I really need to get these two machines to sync up properly.

Anyone have an answer for this? I've been at it for days. My brain feels like swiss cheese.
ScreenShots1.doc
0
Comment
Question by:bindnera
  • 3
4 Comments
 
LVL 61

Accepted Solution

by:
gheist earned 500 total points
ID: 22830825
What does "password synchronization" do? I have not seen any references in M$ doscs. How does rpcinfo -p windows_ip look from unix side?
How does nsswitch.conf look on Linux?

Why dont you use winbind but some obscure heap of extra software? Winbind works against all versions of domain servers.
0
 
LVL 61

Expert Comment

by:gheist
ID: 23071182
Was WINBIND the answer or you fixed NIS (M$ supports somewhat old revision)?
0
 
LVL 1

Author Comment

by:bindnera
ID: 23073893
Gheist-

WINDBIND is.. technically.. a right answer; but there is a reason that I need NIS. The server will be placed into a a live/existing network, and the stupid(PREVIOUS) IT department before me made the current setup quite combersome. Everything is networked together via UID/GIDs. I need to keep a handfull of the UIDs and GIDs; Windows Server 2003, R2 will allow you to perform a NIS like function and intergrate a Unix NIS with Active directory.  We are trying to do manny things at once and felt this it would be the "simplest" (GOD WERE We WRONG) way. There is very little documentation from Microsoft and even fewer white papers on the internet.

In the end, we have installed WINBIND and are currently working on a long drawn out method to fix everything as quickly as possible. More or less it boiled down to, "just make it right and follow the industry standard."
0
 
LVL 61

Expert Comment

by:gheist
ID: 23076169
First sentence of last paragraph descibes definite industry standard, thank you for taking time explaining. Good luck!
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now