On Sunday, 27 בNovember 2011 12:30:52 Hetz Ben Hamo wrote:
> Hi,
> Doesn't help. Actually the problem is bigger..
Isolate the problem in steps:
1. Check NIS as a directory service (without even using it in nsswitch).
Here is a quick checklist -- no use trying a step if previous one failed:
* Verify ypbind is running via ps(1)
* Verify it successfully bound to the NIS domain via ypwhich(1):
- Failed binding is #1 error in NIS
- Verify domainname(1) match (server/client)
- Verify client access correct server (/etc/yp.conf)
- Modern (90's) NIS servers don't answer RPC broadcasts (security)
so you must specify the server in the clients /etc/yp.conf
- Modern (90's) NIS servers only answer subnets listed in
their /var/yp/securenets -- have you added yours to this file?
* Verify it returns correct information via ypcat(1), ypmatch(1):
- Enumeration: ypcat passwd
Modern NIS server enumerate users/groups with id's above specific
threshold (e.g: 500 and above), so "system" users should not be
listed. Maybe your NIS server start above 1000.
- Lookup (e.g: your "vic" user): ypmatch vic passwd
* If any of these does not work correctly, you need to fix NIS
configuration -- don't try to debug nsswitch until all these
tests are OK.
2. Only if all items in 1. passed OK, check its integration in NSS
(name service switch):
* Verify enumeration:
- getent passwd
* Verify lookup:
- getent passwd vic
* Or equivalently:
- id vic
* If previous items in 2. weren't OK, but items on 1. were OK,
you have a problem in /etc/nsswitch.conf:
- The simplest config is to have "files nis" in the lines
of "passwd", "shadow" and "group"
- A "compat" line in those three lines serves a special form
of "files" where special lines in these files can (selectively)
include data from NIS. Examples:
+oron # include only oron's record from NIS
+@foobar # include everybody from netgroup (NOT group) foobar
-badguy # Obviously
+ # Everybody (except badguy -- line order affect results)
- This means that a "passwd: files nis" in /etc/nsswitch.conf is
equivalent to "passwd: compat" with a '+' in the end of /etc/passwd.
Hope it helps,
--
Oron Peled Voice: +972-4-8228492
o...@actcom.co.il http://users.actcom.co.il/~oron
When you say "I wrote a program that crashed Windows", people just stare
at you blankly and say "Hey, I got those with the system, *for free*"
_______________________________________________
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
