amd64/122858: nsswitch in 7.0 is f*cked up

John Baldwin jhb at freebsd.org
Fri Apr 18 19:05:22 UTC 2008 

On Thursday 17 April 2008 11:40:17 am tom wrote:
> I've used this nsswitch.conf file for YEARS for samba/ldap/login etc.
> 
> passwd: files ldap
> shadow: files ldap
> group: files ldap
> hosts: files dns wins
> ####NEW###
> networks: files dns
> automount:  files ldap nisplus
> aliases:    files ldap nisplus
> 
> Use this and samba-ldap works but you can't shell in or ftp or anything. 

Did you look at the logs to see why you can't login to the box?  Can you login 
on the console or can you not login in remotely?

> Use this:
> 
> group: cache files ldap[ unavail=continue notfound=continue ]
> passwd: cache files ldap [ unavail=continue notfound=continue ]
> #group_compat: nis
> hosts: compat
> networks: files
> #passwd_compat: nis
> shells: files
> services: compat
> services_compat: nis
> protocols: files
> rpc: files
> 
> And samba-ldap, ssh login and ftp login works, but the damned machine won't 
resolve DNS.

If you read the nsswitch.conf(5) manpage, you will find that 'compat' is only 
used for 'passwd' and 'group' to support the old NIS '+/-' entries in the 
password and group files.  It is useless for other sources:

     compat  support `+/-' in the ``passwd'' and ``group'' databases.  If this
             is present, it must be the only source for that entry.

So, having 'hosts: compat' would certainly break all the hostname resolution.

> Desperately flailing about and doing this:
> 
> group: cache files ldap[ unavail=continue notfound=continue ]
> passwd: cache files ldap [ unavail=continue notfound=continue ]
> #group_compat: nis
> hosts: compat dns
> networks: files dns
> #passwd_compat: nis
> shells: files dns
> services: compat dns
> services_compat: nis dns
> protocols: files dns
> rpc: files dns 

Don't use 'compat'.  You don't need it (you aren't running NIS).  I would try:

group: cache files ldap[ blah blah ]
passwd: cache files ldap[ blah blah ]
hosts: files dns
network: files dns
automount: files ldap
aliases: files ldap

Some notes:  Do you really need 'network', 'automount', and 'aliases' entries?

-- 
John Baldwin

More information about the freebsd-amd64 mailing list