HPE Community
Operating System - HP-UX
1834518 Members
1947 Online
110068 Solutions
New Discussion

NIS

 
SOLVED
Go to solution
Ricky B. Nino
Frequent Advisor

‎03-11-2003 06:37 PM

‎03-11-2003 06:37 PM

NIS

Hi,

I have 3 UNIX Servers.

I have all the users in my SERVER1 (NIS Server).

I wanted to prevent certain users to login in my SERVER2.

What's the best thing to do?

regards...
Opportunities expand for people willing to put time and effort into learning new skills.
0 Kudos
Reply
8 REPLIES 8
S.K. Chan
Honored Contributor

‎03-11-2003 07:55 PM

‎03-11-2003 07:55 PM

Re: NIS

You're saying SERVER1 is your master NIS. And lets say SERVER2 is a NIS client. For instance if you want to prevent user "skchan", "jim" and "robbie" (their password entries are in the NIS password map) from being able to login to SERVER2 you would ..
==> Edit SERVER2 /etc/passwd and insert these above your last line that typically looks like this ..
+::0:0:::
or
+::-2:60001:::
The lines you should put above it are ..
-skchan::0:0:::
-jim::0:0:::
-robbie::0:0:::
I think that should do it and you would want to test it thoroughly afterwards.
0 Kudos
Reply
Ricky B. Nino
Frequent Advisor

‎03-11-2003 09:01 PM

‎03-11-2003 09:01 PM

Re: NIS

Hi SK,

Nothings happened. Still the user (i.e. "rickyn") I put on the SERVER2://etc/passwd gets thru.

Opportunities expand for people willing to put time and effort into learning new skills.
0 Kudos
Reply
S.K. Chan
Honored Contributor

‎03-11-2003 09:08 PM

‎03-11-2003 09:08 PM

Re: NIS

Can you show me the last 3 lines in SERVER2's /etc/passwd. Also attach the content of /etc/nsswitch.conf. Thanks..
0 Kudos
Reply
Ricky B. Nino
Frequent Advisor

‎03-11-2003 09:23 PM

‎03-11-2003 09:23 PM

Re: NIS

Hi SK,

See attached file...
Opportunities expand for people willing to put time and effort into learning new skills.
0 Kudos
Reply
S.K. Chan
Honored Contributor

‎03-11-2003 09:40 PM

‎03-11-2003 09:40 PM

Solution

Re: NIS

The order is all wrong in the /etc/passwd file ... cut the last line ..
tftp:*:510:1:Trivial FTP user:/usr/tftpdir:false
and paste above ..
-rickyn::0:0:::
Basically the ..
+::-2:-2:::
should be last. So the last 2 lines in the file should be ..
-rickyn::0:0:::
+::-2:-2:::
As for the /etc/nsswitch.conf file, change these so that the + and - syntax can be used by the password file.
passwd: compat
group: compat
Now try the login again ..
Reply
Ricky B. Nino
Frequent Advisor

‎03-12-2003 12:26 AM

‎03-12-2003 12:26 AM

Re: NIS

Hi SK,

Its working now. Many thanks...

If its not to much to you, could you provide brief explanation on the solution you have provided.

Thanks in advance and best regards...
Opportunities expand for people willing to put time and effort into learning new skills.
0 Kudos
Reply
S.K. Chan
Honored Contributor

‎03-12-2003 12:45 AM

‎03-12-2003 12:45 AM

Re: NIS

Sure .. first the /etc/passwd file. If you want it to look at the NIS password map to authenticate users in that map you need to have the escape sequence put at the end of the file (ie the last line in the local password file). The escape sequence can be in the form of ..
+::-2:60001:::
which in my opinion is more secure. But it's still ok to have ..
+::-2:-2:::
No big deal. So remember the order of that entry is important. Let say for some reason you want to create a local temporary user account (not NIS), you can edit the /etc/passwd file and put the appropriate entry above the escape sequence entry and that password entry would only apply to that particular machine. Bottomline .. escape sequence MUST be at the last line. The "-" key is used to disallow login of a particular NIS account, as simple as that.
Finally the /etc/nsswitch.conf file. Your original entry ..
passwd: files nis
group: files nis
basically tell the system to first look in the local /etc/passwd and /etc/group for an entry. If not found then fall-back and query NIS map. The rule is if you want the "+" and "-" to behave well you got to put "compat" instead.
Hope that explains it .. :)
Reply
Ricky B. Nino
Frequent Advisor

‎03-12-2003 12:54 AM

‎03-12-2003 12:54 AM

Re: NIS

Hi SK,

Very well said...I got it.

regards...
Opportunities expand for people willing to put time and effort into learning new skills.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.