MS Identity Management for Unix and FreeBSD

Stephen Allen sdafreebsduk at rowyerboat.com
Tue Jun 12 00:01:29 BST 2007


I'm trying to work with a FreeBSD box on a NIS domain, handled by MS 
Identity Management for Unix.  On the MS server, I've populated the Unix 
attributes for NIS domain, UID, login shell, home dir and GID.

OK - ypwhich displays the name of the MS server as the NIS server.
OK - ypcat passwd displays the user who's UNIX attributes I added.

In the Identity Management tools on MS, I've set the password encryption 
type to MD5.  Also verified that /etc/login.conf and /etc/auth.conf both 
allude to MD5.  However, when I try to login, it fails with this error 
in syslog:  PAM: authentication error for illegal user.

If I examine the password file format in /etc/master.passwd, they appear 
to be different (and the NIS password doesn't seem to have been set for 
MyUser):

[root at vh1a9f58 ~]$ ypcat passwd
MyUser:ABCD!efgh12345$67890:10000:20::/disk1/test:/usr/local/bin/bash
[root at vh1a9f58 ~]$ grep nobody /etc/master.passwd
nobody:*:65534:65534::0:0:Unprivileged user:/nonexistent:/usr/sbin/nologin

A kind soul on #freebsd has suggested that the password file formats are 
not compatible, so I could:

make FreeBSD a NIS slave as well as a NIS client
run awk over ypcat passwd to correct the format (every hour)
copy output to /var/yp/master.passwd and run make

Alternatively, use ldap for authentication against AD.

My primary aim is to handle user account creation and password changes 
in one place (preferably Windows).  Which direction should I be heading in?

Many thanks,
Steve




More information about the Ukfreebsd mailing list