From owner-freebsd-stable@FreeBSD.ORG Wed Nov 22 15:08:59 2006 Return-Path: X-Original-To: freebsd-stable@freebsd.org Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id EB04B16A47C for ; Wed, 22 Nov 2006 15:08:58 +0000 (UTC) (envelope-from artem@aws-net.org.ua) Received: from saturn.interami.com (saturn.interami.com [193.41.48.130]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3338F43D55 for ; Wed, 22 Nov 2006 15:08:20 +0000 (GMT) (envelope-from artem@aws-net.org.ua) Received: from sigma.interami.com (sigma.interami.com [193.41.48.133]) by saturn.interami.com (8.13.1/8.13.1) with ESMTP id kAMF8cIt034868; Wed, 22 Nov 2006 17:08:38 +0200 (EET) (envelope-from artem@aws-net.org.ua) Received: from 217.12.197.82 (SquirrelMail authenticated user artem) by sigma.interami.com with HTTP; Wed, 22 Nov 2006 17:08:40 +0200 (EET) Message-ID: <64383.217.12.197.82.1164208120.squirrel@sigma.interami.com> In-Reply-To: References: Date: Wed, 22 Nov 2006 17:08:40 +0200 (EET) From: "Artyom Viklenko" To: "Mark Hennessy" User-Agent: SquirrelMail/1.4.8 MIME-Version: 1.0 Content-Type: text/plain;charset=utf-8 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal X-Antivirus: Dr.Web (R) for Mail Servers on saturn.interami.com host X-Antivirus-Code: 100000 Cc: freebsd-stable@freebsd.org Subject: Re: FreeBSD 6.x, NIS, local root password, and nsswitch.conf X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Nov 2006 15:08:59 -0000 > David Adam [zanchey@ucc.gu.uwa.edu.au] wrote: >>On Tue, 21 Nov 2006, Mark Hennessy wrote: >>> I have a new system that has FreeBSD 6.1 on it to replace a system with >>> FreeBSD 4.11 being put out of service. >>> >>> I want to keep to using local root passwords only, but export other >>> users' >>> logins over NIS. It acts presently as an NIS slave server. >>> >>> The NIS master server was upgraded a few months ago to FreeBSD 6.0 and >>> then 6.1. >>> >>> All other machines are running FreeBSD 4.11. >>> >>> A weird thing started to happen with the new machine. Only on this new >>> machine, the local root password doesn't work and only the root >>> password >>> of the NIS master server will work to attain root. Perhaps something >>> needs to be changed somewhere to make the local root password work >>> again? >>> >>> Here's the /etc/nsswitch.conf from the master server: >>> group: compat >>> group_compat: nis >>> hosts: files dns >>> networks: files >>> passwd: compat >>> passwd_compat: nis >>> shells: files >>> >>> Here's the /etc/nsswitch.conf from the slave server: >>> group: compat >>> group_compat: nis >>> hosts: files dns >>> networks: files >>> passwd: compat >>> passwd_compat: nis >>> shells: files >>> >>> They both appear to be set to defaults. >>> >>> I tried changing group and passwd to include 'files', I also tried >>> changing group_compat and passwd_compat to include 'files', but no >>> positive change. >> >>Mark, >> >>Careful here. >> >>The line needs to read 'files nis', not 'nis files' - if you used the >>latter, try switching it around so that the local /etc/passwd is checked >>for root logins before NIS is consulted. >> >>As I understand the man page, you want to change the >> {group,passwd}_compat >>lines, not the {group,passwd} lines themselves. >> >>> I couldn't find nsswitch.conf on any of the FreeBSD 4.11 servers. They >>> are served by NIS as clients and all of their local root passwords work >>> fine. >> >>>From nsswitch.conf(5): >> >>"The nsswitch.conf file format first appeared in FreeBSD 5.0. It was >>imported from the NetBSD Project, where it appeared first in NetBSD 1.4." >> >>The NIS section of the handbook contains no mention of nsswitch.conf(5), >>so I'm not actually sure that it's required for system authentication. >> >>David Adam >>zanchey@ucc.gu.uwa.edu.au >>_______________________________________________ >>freebsd-stable@freebsd.org mailing list >>http://lists.freebsd.org/mailman/listinfo/freebsd-stable >>To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" > > I'm a bit unsure about it myself. > I tried exactly what you suggested, putting files on the compat line and > before nis for both passwd and groups on the NIS slave server only, and no > go. Perhaps it is the master server that actually controls this? I don't > know. Any further advice would be greatly appreciated. > You can try this config: group: files nis hosts: files dns networks: files dns passwd: files nis shells: files just removes *compat* stuff works for me. :) -- Sincerely yours, Artyom Viklenko. ------------------------------------------------------- artem@aws-net.org.ua | http://www.aws-net.org.ua/~artem FreeBSD: The Power to Serve - http://www.freebsd.org