Date: Wed, 22 Nov 2006 17:08:40 +0200 (EET) From: "Artyom Viklenko" <artem@aws-net.org.ua> To: "Mark Hennessy" <mark@cloud9.net> Cc: freebsd-stable@freebsd.org Subject: Re: FreeBSD 6.x, NIS, local root password, and nsswitch.conf Message-ID: <64383.217.12.197.82.1164208120.squirrel@sigma.interami.com> In-Reply-To: <Pine.BSF.4.64.0611220857001.23875@earl-grey.cloud9.net> References: <Pine.BSF.4.64.0611220857001.23875@earl-grey.cloud9.net>
next in thread | previous in thread | raw e-mail | index | archive | help
<quote who="Mark Hennessy">
> David Adam [zanchey@ucc.gu.uwa.edu.au] wrote:
>>On Tue, 21 Nov 2006, Mark Hennessy wrote:
>>> I have a new system that has FreeBSD 6.1 on it to replace a system with
>>> FreeBSD 4.11 being put out of service.
>>>
>>> I want to keep to using local root passwords only, but export other
>>> users'
>>> logins over NIS. It acts presently as an NIS slave server.
>>>
>>> The NIS master server was upgraded a few months ago to FreeBSD 6.0 and
>>> then 6.1.
>>>
>>> All other machines are running FreeBSD 4.11.
>>>
>>> A weird thing started to happen with the new machine. Only on this new
>>> machine, the local root password doesn't work and only the root
>>> password
>>> of the NIS master server will work to attain root. Perhaps something
>>> needs to be changed somewhere to make the local root password work
>>> again?
>>>
>>> Here's the /etc/nsswitch.conf from the master server:
>>> group: compat
>>> group_compat: nis
>>> hosts: files dns
>>> networks: files
>>> passwd: compat
>>> passwd_compat: nis
>>> shells: files
>>>
>>> Here's the /etc/nsswitch.conf from the slave server:
>>> group: compat
>>> group_compat: nis
>>> hosts: files dns
>>> networks: files
>>> passwd: compat
>>> passwd_compat: nis
>>> shells: files
>>>
>>> They both appear to be set to defaults.
>>>
>>> I tried changing group and passwd to include 'files', I also tried
>>> changing group_compat and passwd_compat to include 'files', but no
>>> positive change.
>>
>>Mark,
>>
>>Careful here.
>>
>>The line needs to read 'files nis', not 'nis files' - if you used the
>>latter, try switching it around so that the local /etc/passwd is checked
>>for root logins before NIS is consulted.
>>
>>As I understand the man page, you want to change the
>> {group,passwd}_compat
>>lines, not the {group,passwd} lines themselves.
>>
>>> I couldn't find nsswitch.conf on any of the FreeBSD 4.11 servers. They
>>> are served by NIS as clients and all of their local root passwords work
>>> fine.
>>
>>>From nsswitch.conf(5):
>>
>>"The nsswitch.conf file format first appeared in FreeBSD 5.0. It was
>>imported from the NetBSD Project, where it appeared first in NetBSD 1.4."
>>
>>The NIS section of the handbook contains no mention of nsswitch.conf(5),
>>so I'm not actually sure that it's required for system authentication.
>>
>>David Adam
>>zanchey@ucc.gu.uwa.edu.au
>>_______________________________________________
>>freebsd-stable@freebsd.org mailing list
>>http://lists.freebsd.org/mailman/listinfo/freebsd-stable
>>To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org"
>
> I'm a bit unsure about it myself.
> I tried exactly what you suggested, putting files on the compat line and
> before nis for both passwd and groups on the NIS slave server only, and no
> go. Perhaps it is the master server that actually controls this? I don't
> know. Any further advice would be greatly appreciated.
>
You can try this config:
group: files nis
hosts: files dns
networks: files dns
passwd: files nis
shells: files
just removes *compat* stuff
works for me. :)
--
Sincerely yours,
Artyom Viklenko.
-------------------------------------------------------
artem@aws-net.org.ua | http://www.aws-net.org.ua/~artem
FreeBSD: The Power to Serve - http://www.freebsd.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?64383.217.12.197.82.1164208120.squirrel>