From owner-freebsd-stable@FreeBSD.ORG  Wed Nov 22 13:51:51 2006
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
X-Original-To: freebsd-stable@freebsd.org
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 6F8F016A505
	for <freebsd-stable@freebsd.org>; Wed, 22 Nov 2006 13:51:51 +0000 (UTC)
	(envelope-from zanchey@ucc.gu.uwa.edu.au)
Received: from asclepius2.uwa.edu.au (asclepius2.uwa.edu.au [130.95.128.59])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 02E3643D5C
	for <freebsd-stable@freebsd.org>; Wed, 22 Nov 2006 13:51:17 +0000 (GMT)
	(envelope-from zanchey@ucc.gu.uwa.edu.au)
Received: from panacea.kas (localhost.localdomain [127.0.0.1])
	by panacea.uwa.edu.au (Postfix) with SMTP id 30D6E4CD42
	for <freebsd-stable@freebsd.org>; Wed, 22 Nov 2006 21:51:40 +0800 (WST)
Received: from panacea (localhost.localdomain [127.0.0.1])
	by panacea.prekas (Postfix) with ESMTP id 14A6D4CCFF
	for <freebsd-stable@freebsd.org>; Wed, 22 Nov 2006 21:51:40 +0800 (WST)
X-UWA-Client-IP: 130.95.13.9 (UWA)
Received: from mooneye.ucc.gu.uwa.edu.au (mooneye.ucc.gu.uwa.edu.au
	[130.95.13.9]) by panacea.extinput (Postfix) with ESMTP id 9144C4CD4D
	for <freebsd-stable@freebsd.org>; Wed, 22 Nov 2006 21:51:19 +0800 (WST)
Received: by mooneye.ucc.gu.uwa.edu.au (Postfix, from userid 801)
	id 83DFE36864; Wed, 22 Nov 2006 21:51:14 +0800 (WST)
Received: from mussel.ucc.gu.uwa.edu.au (mussel.ucc.gu.uwa.edu.au
	[130.95.13.18])
	by mooneye.ucc.gu.uwa.edu.au (Postfix) with ESMTP id 5F97B36861;
	Wed, 22 Nov 2006 21:51:14 +0800 (WST)
Received: from zanchey (helo=localhost)
	by mussel.ucc.gu.uwa.edu.au with local-esmtp (Exim 3.36 #1 (Debian))
	id 1GmsVO-0001HX-00; Wed, 22 Nov 2006 21:51:14 +0800
Date: Wed, 22 Nov 2006 21:51:14 +0800 (WST)
From: David Adam <zanchey@ucc.gu.uwa.edu.au>
To: Mark Hennessy <mark@cloud9.net>
In-Reply-To: <Pine.BSF.4.64.0611211220200.81287@earl-grey.cloud9.net>
Message-ID: <Pine.LNX.4.58.0611222028280.14631@mussel.ucc.gu.uwa.edu.au>
References: <Pine.BSF.4.64.0611211220200.81287@earl-grey.cloud9.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Anti-Virus: Kaspersky Anti-Virus for MailServers 5.5.10/RELEASE,
	bases: 22112006 #230065, status: clean
X-SpamTest-Info: Profile: Formal (737/061122)
X-SpamTest-Info: Profile: Detect Hard [UCS 2006-10-25]
X-SpamTest-Info: Profile: SysLog
X-SpamTest-Info: Profile: Marking Spam - Subject (UCS) [2006-10-25]
X-SpamTest-Status: Not detected
X-SpamTest-Version: SMTP-Filter Version 2.0.0 [0125], KAS/Release
Cc: freebsd-stable@freebsd.org
Subject: Re: FreeBSD 6.x, NIS, local root password, and nsswitch.conf
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: zanchey@ucc.gu.uwa.edu.au
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Nov 2006 13:51:51 -0000

On Tue, 21 Nov 2006, Mark Hennessy wrote:
> I have a new system that has FreeBSD 6.1 on it to replace a system with
> FreeBSD 4.11 being put out of service.
>
> I want to keep to using local root passwords only, but export other users'
> logins over NIS.  It acts presently as an NIS slave server.
>
> The NIS master server was upgraded a few months ago to FreeBSD 6.0 and
> then 6.1.
>
> All other machines are running FreeBSD 4.11.
>
> A weird thing started to happen with the new machine.  Only on this new
> machine, the local root password doesn't work and only the root password
> of the NIS master server will work to attain root.  Perhaps something
> needs to be changed somewhere to make the local root password work again?
>
> Here's the /etc/nsswitch.conf from the master server:
> group: compat
> group_compat: nis
> hosts: files dns
> networks: files
> passwd: compat
> passwd_compat: nis
> shells: files
>
> Here's the /etc/nsswitch.conf from the slave server:
> group: compat
> group_compat: nis
> hosts: files dns
> networks: files
> passwd: compat
> passwd_compat: nis
> shells: files
>
> They both appear to be set to defaults.
>
> I tried changing group and passwd to include 'files', I also tried
> changing group_compat and passwd_compat to include 'files', but no
> positive change.

Mark,

Careful here.

The line needs to read 'files nis', not 'nis files' - if you used the
latter, try switching it around so that the local /etc/passwd is checked
for root logins before NIS is consulted.

As I understand the man page, you want to change the {group,passwd}_compat
lines, not the {group,passwd} lines themselves.

> I couldn't find nsswitch.conf on any of the FreeBSD 4.11 servers.  They
> are served by NIS as clients and all of their local root passwords work
> fine.

>From nsswitch.conf(5):

"The nsswitch.conf file format first appeared in FreeBSD 5.0.  It was
imported from the NetBSD Project, where it appeared first in NetBSD 1.4."

The NIS section of the handbook contains no mention of nsswitch.conf(5),
so I'm not actually sure that it's required for system authentication.

David Adam
zanchey@ucc.gu.uwa.edu.au