# yppasswd failed in FreeBSD9.x



## Apua (Sep 2, 2013)

I tried to run a NIS server/client with FreeBSD 9.1 RELEASE on ESXi4.1 and I found that it  seems like ypserv and ypbind run well but yppasswd failed.

Those are how I enable and test the NIS service:

Create a new VM and install a fresh FreeBSD 9.1 RELEASE.
Add a user (e.g.: asdf) and copy the entry of the account from /etc/master.passwd to /var/yp/master.passwd.
Use `vipw` to comment the entry of the account and add `+:::::::::`.
Add settings below to /etc/rc.conf:

```
nisdomainname="qwer" #eg
nis_server_enable="YES"
nis_client_enable="YES"
nis_yppasswdd_enable="YES"
```

Execute `domainname "qwer" ; cd /var/yp ; ypinit -m` to build the NIS map.
Execute `service ypserv start`, `service ypbind start`, `service yppasswdd start`.
Execute `id asdf` and `ypcat passwd` for testing.
Check if rpc.yppasswdd is turned on by `rpcinfo | grep yppasswdd`.
Execute `passwd asdf` or `yppasswd asdf`. Then it would get an error message as below:

```
# passwd asdf
Changing NIS password for asdf
passwd: pam_chauthtok(): error in service module
```


I tried to reboot, but nothing changed, then I set all.log in syslog.conf but got nothing.

I also tried the steps above in FreeBSD 9.0 RELEASE, 9.2 RC3, 8.3 RELEASE, 8.4 RELEASE. `yppasswd $NIS_USERNAME` fails in 9.x but successful in 8.x.

I'm not sure if it is a bug in FreeBSD 9.x or something I am doing wrong. I googled the error message with "FreeBSD9" and other keywords, but got nothing, too.


----------



## fonz (Sep 2, 2013)

This sounds awfully familiar. I had a similar problem when I set up NIS to share users between jails (and the host). I had to add entries to the host's /etc/hosts for every jail. Perhaps something similar will help here. I'm not that familiar with ESXi, but perhaps it helps if you add an entry to /etc/hosts with the IP address of the VM (assuming it has one).


----------



## Apua (Sep 2, 2013)

fonz said:
			
		

> but perhaps it helps if you add an entry to /etc/hosts with the IP address of the VM (assuming it has one).



It works! I add an entry in /etc/hosts below

```
#IP            #domainname (NIS) but hostname
192.168.1.1    qwer
```

After installing FreeBSD 8.x , it would add an IP-hostname-hostname.domainname mapping to /etc/hosts, and I take the same name ("qwer") for hostname and domainname. So it works in my test in 8.x is unexpected. I miss the setting in every environment. :r

I think if I didn`t give the argument "-h" to `passwd/yppasswd`, it would just know in which domainname the account is, so passwd/yppasswd has to refer to DNS or /etc/hosts. So it could work without /etc/hosts like this: `passwd -h $YPSERV_IP $USERNAME`

Thanks for the help!


----------

