MS Identity Management for Unix and FreeBSD
sdafreebsduk at rowyerboat.com
Tue Jun 12 00:01:29 BST 2007
I'm trying to work with a FreeBSD box on a NIS domain, handled by MS
Identity Management for Unix. On the MS server, I've populated the Unix
attributes for NIS domain, UID, login shell, home dir and GID.
OK - ypwhich displays the name of the MS server as the NIS server.
OK - ypcat passwd displays the user who's UNIX attributes I added.
In the Identity Management tools on MS, I've set the password encryption
type to MD5. Also verified that /etc/login.conf and /etc/auth.conf both
allude to MD5. However, when I try to login, it fails with this error
in syslog: PAM: authentication error for illegal user.
If I examine the password file format in /etc/master.passwd, they appear
to be different (and the NIS password doesn't seem to have been set for
[root at vh1a9f58 ~]$ ypcat passwd
[root at vh1a9f58 ~]$ grep nobody /etc/master.passwd
A kind soul on #freebsd has suggested that the password file formats are
not compatible, so I could:
make FreeBSD a NIS slave as well as a NIS client
run awk over ypcat passwd to correct the format (every hour)
copy output to /var/yp/master.passwd and run make
Alternatively, use ldap for authentication against AD.
My primary aim is to handle user account creation and password changes
in one place (preferably Windows). Which direction should I be heading in?
More information about the Ukfreebsd