From owner-freebsd-stable Thu Jun 11 15:52:15 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id PAA21670 for freebsd-stable-outgoing; Thu, 11 Jun 1998 15:52:15 -0700 (PDT) (envelope-from owner-freebsd-stable@FreeBSD.ORG) Received: from pop.uniserve.com (pop.uniserve.com [204.244.156.3]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id PAA21534 for ; Thu, 11 Jun 1998 15:51:48 -0700 (PDT) (envelope-from tom@uniserve.com) Received: from shell.uniserve.ca [204.244.186.218] by pop.uniserve.com with smtp (Exim 1.82 #4) id 0ykGC2-0006Og-00; Thu, 11 Jun 1998 15:51:38 -0700 Date: Thu, 11 Jun 1998 15:51:35 -0700 (PDT) From: Tom X-Sender: tom@shell.uniserve.ca To: John Kenagy cc: Atipa , freebsd-stable@FreeBSD.ORG Subject: Re: NIS client maintenance script In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Wed, 10 Jun 1998, John Kenagy wrote: > Thanks! > > I'll give this a try in a day or so and post it with the tutorial > as well. Or, would you rather I posted a link to the source file? > > Also, please send me your full name, etc. so I can credit you. > (I know I've seen it but can't find it now, oops.) > > John There are several problems with the script as attached. It assumes only one NIS server ($nis_host). You'd have to be mad to have only one NIS server in a production environment, especially since clients can automatically kick over to another if one fails. Since all the *pwnam fuctions (getpwnam, getpwent, etc) are flawed in that they can not return a temporary failure code, such functions should block until NIS services are back up. This is critical for systems running mail service, because you don't want all your users to disappear when NIS goes down. Tom > > > Everyone, > > > > > > You may find this script to be of use for NIS clients. It can be run from > > > crontab every minute or so to make sure NIS connections are up and > > > running. > > > > > > It disables NIS authentication during network failures, and > > > resets and enables NIS if the connection is restored. > > > > > > Must be run as root. May work with /bin/sh, but I like bash better. > > > > > > WARNING!!! This may modify your /etc/master.password file. If you can not > > > understand what it does, do not use it! :) > > > > > > Kevin > > > > > > > > > ----- > > > #!/usr/local/bin/bash > > > > > > # This script maintains NIS client connections on simple networks > > > # Rev. 1.0, 05-09-98, Kevin McCarthy (kmcc@atipa.com) > > > > > > # It disables NIS authentication during network failures, and resets > > > # and enables NIS if the connection is restored. > > > > > > # User defined variables > > > nis_host="host.domain.tld" # required > > > nis_domainname="freakazoid" # required > > > ypbind_args="-s -ypsetme" # -s for security > > > ypset_args="$nis_host" # "" for no ypset > > > > > > # Clearspace for readability > > > echo " " > > > > > > # Find current state (bool) of NIS > > > nis_state=`grep + /etc/master.passwd && ps ax |grep yp` > > > if [ -n "$nis_state" ]; then > > > echo NIS authentication is ON > > > else > > > echo NIS authentication is OFF > > > fi > > > > > > # Set up NIS conditional functions > > > function nis_down () { > > > echo "Error: $nis_problem" > > > > > > if [ -n "$nis_state"]; then > > > echo "Disabling NIS authentication" > > > umask 077 > > > grep -v + /etc/master.passwd > /root/mp.nonis > > > mv /etc/master.passwd /etc/master.passwd.nis > > > mv /root/mp.nonis /etc/master.passwd > > > pwd_mkdb -p /etc/master.passwd > > > else > > > echo "NIS remaining disabled" > > > fi > > > > > > exit 1 > > > } > > > > > > function nis_reset () { > > > if [ -n "$nis_problem"]; then > > > echo "Error: $nis_problem" > > > fi > > > > > > echo -n "Resetting NIS services... " > > > killall ypbind >> /dev/null > > > domainname $nis_domainname > > > ypbind $ypbind_args > > > if [ -n "$ypset_args"]; then > > > ypset $ypset_args > > > fi > > > echo "Done" > > > > > > reset_done="true" > > > } > > > > > > function nis_up () { > > > if [ -z "$nis_state" ]; then > > > echo "NIS services restored. Enabling NIS authentication" > > > umask 077 > > > mv /etc/master.passwd.nis /etc/master.passwd > > > pwd_mkdb -p /etc/master.passwd > > > fi > > > > > > nis_working="true" > > > } > > > > > > echo -n "Network connecion to $nis_host is " > > > up=`ping -c1 $nis_host | grep transmitted | awk -F, '{print $2}' \ > > > | awk '{print $1}'` > > > if [ "$up" = "1" ]; then > > > echo ON > > > else > > > echo OFF > > > nis_problem="host not reachable (ping failed)" > > > nis_down > > > fi > > > > > > while [ -z "$nis_working" ]; do > > > # Check if NIS is bound > > > nis_bound=`ypwhich` > > > > > > if [ "$nis_bound" = "$nis_host" ]; then > > > echo NIS binding to $nis_bound is ON > > > nis_up > > > else > > > if [ -z "$reset_done" ]; then > > > nis_problem="NIS binding to $nis_host is OFF" > > > nis_reset > > > else > > > echo "Reset Failed; disabling NIS services" > > > nis_down > > > fi > > > fi > > > done > > > > > > echo "Exiting" > > > echo " " > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > with "unsubscribe freebsd-stable" in the body of the message > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-stable" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message