FreeBSD 6.x, NIS, local root password, and nsswitch.conf

Artyom Viklenko artem at aws-net.org.ua
Wed Nov 22 07:08:59 PST 2006 

<quote who="Mark Hennessy">
> David Adam [zanchey at ucc.gu.uwa.edu.au] wrote:
>>On Tue, 21 Nov 2006, Mark Hennessy wrote:
>>> I have a new system that has FreeBSD 6.1 on it to replace a system with
>>> FreeBSD 4.11 being put out of service.
>>>
>>> I want to keep to using local root passwords only, but export other
>>> users'
>>> logins over NIS.  It acts presently as an NIS slave server.
>>>
>>> The NIS master server was upgraded a few months ago to FreeBSD 6.0 and
>>> then 6.1.
>>>
>>> All other machines are running FreeBSD 4.11.
>>>
>>> A weird thing started to happen with the new machine.  Only on this new
>>> machine, the local root password doesn't work and only the root
>>> password
>>> of the NIS master server will work to attain root.  Perhaps something
>>> needs to be changed somewhere to make the local root password work
>>> again?
>>>
>>> Here's the /etc/nsswitch.conf from the master server:
>>> group: compat
>>> group_compat: nis
>>> hosts: files dns
>>> networks: files
>>> passwd: compat
>>> passwd_compat: nis
>>> shells: files
>>>
>>> Here's the /etc/nsswitch.conf from the slave server:
>>> group: compat
>>> group_compat: nis
>>> hosts: files dns
>>> networks: files
>>> passwd: compat
>>> passwd_compat: nis
>>> shells: files
>>>
>>> They both appear to be set to defaults.
>>>
>>> I tried changing group and passwd to include 'files', I also tried
>>> changing group_compat and passwd_compat to include 'files', but no
>>> positive change.
>>
>>Mark,
>>
>>Careful here.
>>
>>The line needs to read 'files nis', not 'nis files' - if you used the
>>latter, try switching it around so that the local /etc/passwd is checked
>>for root logins before NIS is consulted.
>>
>>As I understand the man page, you want to change the
>> {group,passwd}_compat
>>lines, not the {group,passwd} lines themselves.
>>
>>> I couldn't find nsswitch.conf on any of the FreeBSD 4.11 servers.  They
>>> are served by NIS as clients and all of their local root passwords work
>>> fine.
>>
>>>From nsswitch.conf(5):
>>
>>"The nsswitch.conf file format first appeared in FreeBSD 5.0.  It was
>>imported from the NetBSD Project, where it appeared first in NetBSD 1.4."
>>
>>The NIS section of the handbook contains no mention of nsswitch.conf(5),
>>so I'm not actually sure that it's required for system authentication.
>>
>>David Adam
>>zanchey at ucc.gu.uwa.edu.au
>>_______________________________________________
>>freebsd-stable at freebsd.org mailing list
>>http://lists.freebsd.org/mailman/listinfo/freebsd-stable
>>To unsubscribe, send any mail to "freebsd-stable-unsubscribe at freebsd.org"
>
> I'm a bit unsure about it myself.
> I tried exactly what you suggested, putting files on the compat line and
> before nis for both passwd and groups on the NIS slave server only, and no
> go.  Perhaps it is the master server that actually controls this? I don't
> know.  Any further advice would be greatly appreciated.
>

You can try this config:

group: files nis
hosts: files dns
networks: files dns
passwd: files nis
shells: files

just removes *compat* stuff

works for me. :)

-- 
           Sincerely yours,
                            Artyom Viklenko.
-------------------------------------------------------
artem at aws-net.org.ua | http://www.aws-net.org.ua/~artem
FreeBSD: The Power to Serve   -  http://www.freebsd.org

More information about the freebsd-stable mailing list