amd64/122858: nsswitch in 7.0 is f*cked up

John Baldwin jhb at freebsd.org
Fri Apr 18 19:10:05 UTC 2008 

The following reply was made to PR amd64/122858; it has been noted by GNATS.

From: John Baldwin <jhb at freebsd.org>
To: freebsd-amd64 at freebsd.org
Cc: tom <zaphod at fsklaw.com>, freebsd-gnats-submit at freebsd.org
Subject: Re: amd64/122858: nsswitch in 7.0 is f*cked up
Date: Fri, 18 Apr 2008 14:39:15 -0400

 On Thursday 17 April 2008 11:40:17 am tom wrote:
 > I've used this nsswitch.conf file for YEARS for samba/ldap/login etc.
 > 
 > passwd: files ldap
 > shadow: files ldap
 > group: files ldap
 > hosts: files dns wins
 > ####NEW###
 > networks: files dns
 > automount:  files ldap nisplus
 > aliases:    files ldap nisplus
 > 
 > Use this and samba-ldap works but you can't shell in or ftp or anything. 
 
 Did you look at the logs to see why you can't login to the box?  Can you login 
 on the console or can you not login in remotely?
 
 > Use this:
 > 
 > group: cache files ldap[ unavail=continue notfound=continue ]
 > passwd: cache files ldap [ unavail=continue notfound=continue ]
 > #group_compat: nis
 > hosts: compat
 > networks: files
 > #passwd_compat: nis
 > shells: files
 > services: compat
 > services_compat: nis
 > protocols: files
 > rpc: files
 > 
 > And samba-ldap, ssh login and ftp login works, but the damned machine won't 
 resolve DNS.
 
 If you read the nsswitch.conf(5) manpage, you will find that 'compat' is only 
 used for 'passwd' and 'group' to support the old NIS '+/-' entries in the 
 password and group files.  It is useless for other sources:
 
      compat  support `+/-' in the ``passwd'' and ``group'' databases.  If this
              is present, it must be the only source for that entry.
 
 So, having 'hosts: compat' would certainly break all the hostname resolution.
 
 > Desperately flailing about and doing this:
 > 
 > group: cache files ldap[ unavail=continue notfound=continue ]
 > passwd: cache files ldap [ unavail=continue notfound=continue ]
 > #group_compat: nis
 > hosts: compat dns
 > networks: files dns
 > #passwd_compat: nis
 > shells: files dns
 > services: compat dns
 > services_compat: nis dns
 > protocols: files dns
 > rpc: files dns 
 
 Don't use 'compat'.  You don't need it (you aren't running NIS).  I would try:
 
 group: cache files ldap[ blah blah ]
 passwd: cache files ldap[ blah blah ]
 hosts: files dns
 network: files dns
 automount: files ldap
 aliases: files ldap
 
 Some notes:  Do you really need 'network', 'automount', and 'aliases' entries?
 
 -- 
 John Baldwin

More information about the freebsd-amd64 mailing list