SUMMARY: nispopulate

From: Stuart Kendrick (sbk@fhcrc.org)
Date: Mon Mar 17 1997 - 18:54:27 CST


I've been having trouble automating the import of passwd/shadow files into
the NIS+ space.

Corresopndents concurred, saying that one would need to write one's own
script to automate this.

I continue to think, after more experimentation, that nisaddent and
nispopulate do not always correctly import passwd table information ...
e.g. users can't always logon, after their accounts have been imported.

--sk

Stuart Kendrick
Network Services
FHCRC

Original query:

I want to import an /etc/passwd and an /etc/shadow file into the NIS+ space.

nispopulate -v -F -d {domain} -l {string} -p /nis+files
If I use the above command (where /nis+files contains passwd and
shadow and "string" is an eleven character alpha-numeric string), then I
get appropriately populated passwd and cred tables ... but
those users can't log in. I can reset their password, using "passwd" from the
root account, and then they can log in. And run nisclient -u to sync their
NIS+ and login passwords. But that is tedious.

nisaddent -mvf passwd passwd
nisaddent -mvf shadow shadow
If I run these two commands (after cd'ing to /nis+files), then
users can log in fine. But they have no credentials. I have to run nisclient
-c for each and every one. Then, each user can run nisclient -u to sync NIS+
and login passwords. Tedious.

Neither solution scales to large numbers. Now, I could write an expect script
which automates the manual, per-user steps, but this would be a lot of work.
 Isn't there a canned strategy? Why doesn't nispopulate work? (or, rather, it
works fine ... but no one can log in until I've reset their passwords.)

And is there anyway around requiring each user to run nisclient -u? Or is that
an unavoidable step?

Solaris 2.5.1 with a selection of the latest patches.

--sk

---------- Forwarded message ----------
Date: Fri, 7 Mar 1997 11:36:00 -0500
From: "Marc S. Gibian" <gibian@stars1.hanscom.af.mil>
To: sbk@fhcrc.org
Subject: Re: nispopulate

Stuart,

I know of no automated solution to your problem. This is my primary complaint
with NIS+... I find that the technical foundations of NIS+ are quite sound, but
that the implementation by Sun has left out support for common routine tasks.

-Marc

Marc S. Gibian
Telos Comsys phone: (617) 377-6350
PRISM/TFS email: gibian@stars1.hanscom.af.mil

Date: Sat, 8 Mar 1997 13:46:35 +1100 (EST)
From: David Montgomery <david@cs.newcastle.edu.au>
To: sbk@fhcrc.org
Subject: Re: nispopulate

Hello Stuart,

{...}
        This is the approach I took. After adding new users I have a script
to run nisclient -c for them. I also have an expect script which prompts for
the user's login password then does a keylogin and chkey (using the default
network password which I use). This way the users doesn't need to know anything
about a "network password". It worked ok for about 1000 accounts last week.
Do you want a copy of the expect script?

        David.

-- 
--------------------------------------------------------------------------------
David Montgomery
Department of Computer Science
University of Newcastle
University Drive			Phone: +61 49 216174
Callaghan 2308 NSW			Fax  : +61 49 216929
AUSTRALIA				Email: david@cs.newcastle.edu.au
--------------------------------------------------------------------------------

Date: Tue, 11 Mar 1997 07:15:32 +1100 From: Jason Noorman <jasonn@nabaus.com.au> To: sbk@fhcrc.org Subject: Re: nispopulate

I use the nisaddent -mvf method and than script it to loom at the passwd table and do a nisaddcred -l passwd .... This only works when you know the passwords for all the users.

Jason



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:11:48 CDT