11:33 p.m.
Hello Everyone,
I'm a long time freeipa admin, but I've never used its NIS
compatibility features. I'm also not well versed with NIS in general.
Anyway, I'm testing out migrating NIS users, netgroup, etc. to freeipa
and pointing a test NIS client at the freeipa server to get the NIS
users, groups, etc. from.
It occurred to me afterwards that the old NIS domain name doesn't match
the test freeipa realm I've stood up. Do they both have to match on the
freeipa server for NIS to work or can the freeipa realm be "A" and the
NIS domain be "B"? If they can be different, how do I change the NIS
domain name in freeipa?
I tried the following (see below).
[root@freeipatest01 ~]# ipa-compat-manage --realm swamp enable
[root@freeipatest01 ~]# ipa-nis-manage --realm swamp enable
I have no idea what the --realm switch is for. The man page is no help.
I took a wild guess that I could specify a different NIS domain name
with it.
After doing the above, I created a freeipa user. I then tried to lookup
the user from another server, which didn't work:
[user@another-host ~]$ ypcat -h freeipatest01 -d swamp passwd
No such map passwd.byname. Reason: No such map in server's domain
NIS look ups do work if I don't specify a different NIS domain:
[root@freeipatest01 ~]# ypcat passwd
rsandhu:*:22205:100:Ranbir Sandhu:/home/rsandhu:/bin/bash
admin:*:494800000:494800000:Administrator:/home/admin:/bin/bash
My initial thought was the freeipa realm and the NIS domain name have
to match. But, I decided to play around to see what would happen.
I'd appreciate it if anyone can clear this up for me.
--
Ranbir