*BSD News Article 56596


Return to BSD News archive

Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!news.rmit.EDU.AU!news.unimelb.EDU.AU!munnari.OZ.AU!news.hawaii.edu!ames!agate!news.mindlink.net!sol.ctr.columbia.edu!startide.ctr.columbia.edu!wpaul
From: wpaul@ctr.columbia.edu (Bill Paul)
Newsgroups: comp.unix.bsd.freebsd.misc
Subject: Re: rexec/telnet/NIS problems
Date: 5 Dec 1995 15:55:47 GMT
Organization: Columbia University Center for Telecommunications Research
Lines: 108
Message-ID: <4a1q23$97p@sol.ctr.columbia.edu>
References: <49vf87$mb2@news1.is.net>
NNTP-Posting-Host: startide.ctr.columbia.edu
X-Newsreader: TIN [version 1.2 PL2]

Daring to challenge the will of the almighty Leviam00se, David R. Bixby
(bix@otcinc.com) had the courage to say:

: I have been unable to start an "xterm" remotely using rexec. The call just seems to
: time out. Same call works great to Solaris box.

Check that DNS is properly set up on the FreeBSD machine.

Also read the rexecd man page, especially the part where it says it's
disabled by default because it's largely considered to be a whopping great
security hole.

Try rsh instead.

: I've compared inetd.conf and services
: on both systems and rexec is defined and should be available.

Look closer. My inetd.conf file says this:

shell   stream  tcp     nowait  root    /usr/libexec/rshd       rshd
login   stream  tcp     nowait  root    /usr/libexec/rlogind    rlogind
#exec   stream  tcp     nowait  root    /usr/libexec/rexecd     rexecd

The entry for rexecd is commented out, which means it's _not_ defined.

: Also:
: How do I enable root telnet access? I tried the login.access file but it did not help.

You have to edit /etc/ttys and mark all the pseudo ttys as 'secure'

I advise not doing this, however. Just log into the machine as yourself
and use 'su' to become root.

Allowing rsh/rlogin access is another matter: you should be able to let
root rsh into the machine by creating a /.rhosts file and filling it with
the names of the trusted hosts that are allowed access.

: Additional issues for challenging souls:
: How do I integrate my FreeBSD box with a Solaris NIS+ master? I tried the sysconfig
: file setting and even manual setup, to no avail...

"To no avail." I just love it when people say that. You have to explain in
more detail what you tried to do. I'm not psychic: I can't tell you what
might be wrong if you don't describe the situation to me.

That said, you should be able to use your FreeBSD machine as an NIS client
with the Solaris machine provided you use the NIS compatibility mode.
FreeBSD does not understand NIS+, only NIS v2. Also, you'll need to use
FreeBSD 2.1.0 to really have it work right: I made the foolish assumption
that in 2.0.5 that Solaris's NIS compat mode supported _all_ of the NIS v2
procedures, which it doesn't. (The YPPROC_ORDER function is not supported,
which means the yppoll command won't work. Unfortunately I tried to use
yp_order() inside libc to detect the presence of the master.passwd.* shadow
maps, which made a horrible mess. I changed it to use yp_first() in 2.1.0,
which should work fine, though it's slightly slower.)

You can check the yp(4) and passwd(5) man pages for some tips on how to
configure FreeBSD as an NIS client. (Again, this is with FreeBSD 2.1.0
or later.) The highlights are:

1) set your NIS domain name in /etc/sysconfig (and use the domainname(1)
   command to set the system domain name this first time)
2) set nis_clientflags to YES in /etc/sysconfig (and start ypbind(8) manually
   rhis first time
3) add '+:*::' to the end of /etc/group
4) using vipw, add +::::::::: to the end of /etc/master.passwd
5) Create an /etc/netgroup file with only a single '+' in it.
6) Optionally, create /etc/bootparams and /etc/ethers files with a '+'
   in them too.

Do _NOT_ put an asterix in the password field of the +::::::::: entry that
you place in /etc/master.passwd! In fact, do _NOT_ put _ANYTHING_ in _ANY_
of the fields unless you know what you're doing! Replacing fields like this
will cause substitution to be done, and you'll turn everyone's password
into '*', which won't work. Then you'll come post another message on this
newsgroup asking none of your NIS users can log in, and I'll tell you to
go read the man pages where this behavior is documented.

: How can I configure the FreeBSD box to automount home directories from the Solaris
: box?

You can use amd(8) to do that. But first you have to understand how to
create an amd map. I'm not 100% certain that the map format used by the
Solaris autmount daemon is the same as amd's. Even if it isn't you should
be able to use the Solaris automount maps as a guide to create new maps
for the FreeBSD machine. I happen to use amd(8) on all the platforms I
manage rather than the vendor-supplied automounters just so that I won't
have to worry about syntax differences between versions.

You will also have to arrange for the Solaris machine to export its
filesystems to the FreeBSD machine. You also have to turn on NFS on
the FreeBSD box.

: thanks,

: bix

-Bill

--
=============================================================================
-Bill Paul            (212) 854-6020 | System Manager
Work:         wpaul@ctr.columbia.edu | Center for Telecommunications Research
Home:  wpaul@skynet.ctr.columbia.edu | Columbia University, New York City
=============================================================================
License error: The license for this .sig file has expired. You must obtain
a new license key before any more witty phrases will appear in this space.
=============================================================================