Solved

Interoperability for Unix Trouble Synchronizing with Server 2003, R2

Posted on 2008-10-28
4
883 Views
Last Modified: 2013-12-19
Trying to follow;
1) http://technet.microsoft.com/en-us/library/cc737658.aspx (Server for NIS, Step-by-Step)
2) http://technet.microsoft.com/en-us/library/cc780148.aspx (Deploying Password Synchronization)

Environment:
1) Windows Server 2003 R2, Domain Controller (Master for NIS)
     Installed: Server for NIS, and Password Synchronization for the Windows Components, Active Directory Services, Identity for Unix Module.

2) Redhat Enterprise 5 Server, Clean Install (Slave for NIS)
     Installed: yp-tools, port-map and ssod


Scenario: (See attached file for screen shots and log info)
On the Windows side of the house, if we enter into the Management console for Unix, we can see that the service is started, the Master and Slave have been defined, encryption has been set, Use windows for NIS is check marked. (The port number has been changed on purpose; but the reflection was made on the other server correctly.)

On the Redhat side; I can see the passwd database from the NIS.
[root@amf-asic1 ~]# ypcat passwd
timmy:ABCD!efgh12345$67890:10013:10000::/home/timmy:/bin/tcsh
[root@amf-asic1 ~]#
[root@amf-asic1 init.d]# ./ypbind restart
Shutting down NIS services:                                [  OK  ]
Binding to the NIS domain:                                 [  OK  ]
Listening for an NIS domain server.
[root@amf-asic1 init.d]# ./yppasswdd start
Starting YP passwd service:                                [  OK  ]
[root@amf-asic1 init.d]# ./ypxfrd start
Starting YP map server:                                    [  OK  ]
[root@amf-asic1 init.d]# cd /opt/Ssod/
[root@amf-asic1 Ssod]# ./Ssod -v
Port:  9817
Use shadow:  1
Case Ignore Name:  1
Use temp:  0
Use NIS:  1
File path:  /etc/shadow
Temp path:  /etc
Pam_supported  0
NIS update path:  /var/yp
NIS update makefile:  Makefile
[root@amf-asic1 Ssod]#

So I know I'm getting information from the NIS. but it's not relfected in my passwd file and I cannot log in. I assume that is due to the password not being sync'd. And I cannot change the password for a user on the Redhat side.
[root@amf-asic1 ~]# yppasswd timmy
Changing NIS account information for timmy on amf-dc1.
Please enter root password:
Changing NIS password for timmy on amf-dc1.
Please enter new password:
Please retype new password:
Error while changing the NIS password.
The NIS password has not been changed on amf-dc1.

[root@amf-asic1 ~]# yppasswd timmy
Changing NIS account information for timmy on amf-dc1.
Please enter root password:
Changing NIS password for timmy on amf-dc1.
Please enter new password:
Please retype new password:
Error while changing the NIS password.
The NIS password has not been changed on amf-dc1.

[root@amf-asic1 ~]# Tried it twice to make sure I wasn't misssppeeling it! :D

I really need to get these two machines to sync up properly.

Anyone have an answer for this? I've been at it for days. My brain feels like swiss cheese.
ScreenShots1.doc
0
Comment
Question by:bindnera
  • 3
4 Comments
 
LVL 61

Accepted Solution

by:
gheist earned 500 total points
ID: 22830825
What does "password synchronization" do? I have not seen any references in M$ doscs. How does rpcinfo -p windows_ip look from unix side?
How does nsswitch.conf look on Linux?

Why dont you use winbind but some obscure heap of extra software? Winbind works against all versions of domain servers.
0
 
LVL 61

Expert Comment

by:gheist
ID: 23071182
Was WINBIND the answer or you fixed NIS (M$ supports somewhat old revision)?
0
 
LVL 1

Author Comment

by:bindnera
ID: 23073893
Gheist-

WINDBIND is.. technically.. a right answer; but there is a reason that I need NIS. The server will be placed into a a live/existing network, and the stupid(PREVIOUS) IT department before me made the current setup quite combersome. Everything is networked together via UID/GIDs. I need to keep a handfull of the UIDs and GIDs; Windows Server 2003, R2 will allow you to perform a NIS like function and intergrate a Unix NIS with Active directory.  We are trying to do manny things at once and felt this it would be the "simplest" (GOD WERE We WRONG) way. There is very little documentation from Microsoft and even fewer white papers on the internet.

In the end, we have installed WINBIND and are currently working on a long drawn out method to fix everything as quickly as possible. More or less it boiled down to, "just make it right and follow the industry standard."
0
 
LVL 61

Expert Comment

by:gheist
ID: 23076169
First sentence of last paragraph descibes definite industry standard, thank you for taking time explaining. Good luck!
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Suggested Solutions

On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now