From owner-freebsd-amd64@FreeBSD.ORG Fri Apr 18 19:05:22 2008 Return-Path: Delivered-To: freebsd-amd64@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2E10E1065675; Fri, 18 Apr 2008 19:05:22 +0000 (UTC) (envelope-from jhb@freebsd.org) Received: from elvis.mu.org (elvis.mu.org [192.203.228.196]) by mx1.freebsd.org (Postfix) with ESMTP id 0E1998FC1F; Fri, 18 Apr 2008 19:05:22 +0000 (UTC) (envelope-from jhb@freebsd.org) Received: from server.baldwin.cx (unknown [208.65.91.234]) by elvis.mu.org (Postfix) with ESMTP id 8F89C1A4D8B; Fri, 18 Apr 2008 12:05:21 -0700 (PDT) Received: from localhost.corp.yahoo.com (john@localhost [127.0.0.1]) (authenticated bits=0) by server.baldwin.cx (8.14.2/8.14.2) with ESMTP id m3IJ4lQN068097; Fri, 18 Apr 2008 15:05:10 -0400 (EDT) (envelope-from jhb@freebsd.org) From: John Baldwin To: freebsd-amd64@freebsd.org Date: Fri, 18 Apr 2008 14:39:15 -0400 User-Agent: KMail/1.9.7 References: <200804171540.m3HFeHAR099642@www.freebsd.org> In-Reply-To: <200804171540.m3HFeHAR099642@www.freebsd.org> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-15" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200804181439.16055.jhb@freebsd.org> X-Greylist: Sender succeeded SMTP AUTH authentication, not delayed by milter-greylist-2.0.2 (server.baldwin.cx [127.0.0.1]); Fri, 18 Apr 2008 15:05:10 -0400 (EDT) X-Virus-Scanned: ClamAV 0.91.2/6831/Fri Apr 18 12:09:18 2008 on server.baldwin.cx X-Virus-Status: Clean X-Spam-Status: No, score=-4.3 required=4.2 tests=ALL_TRUSTED,AWL,BAYES_00, DISGUISE_PORN autolearn=ham version=3.1.3 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on server.baldwin.cx Cc: tom , freebsd-gnats-submit@freebsd.org Subject: Re: amd64/122858: nsswitch in 7.0 is f*cked up X-BeenThere: freebsd-amd64@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting FreeBSD to the AMD64 platform List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Apr 2008 19:05:22 -0000 On Thursday 17 April 2008 11:40:17 am tom wrote: > I've used this nsswitch.conf file for YEARS for samba/ldap/login etc. > > passwd: files ldap > shadow: files ldap > group: files ldap > hosts: files dns wins > ####NEW### > networks: files dns > automount: files ldap nisplus > aliases: files ldap nisplus > > Use this and samba-ldap works but you can't shell in or ftp or anything. Did you look at the logs to see why you can't login to the box? Can you login on the console or can you not login in remotely? > Use this: > > group: cache files ldap[ unavail=continue notfound=continue ] > passwd: cache files ldap [ unavail=continue notfound=continue ] > #group_compat: nis > hosts: compat > networks: files > #passwd_compat: nis > shells: files > services: compat > services_compat: nis > protocols: files > rpc: files > > And samba-ldap, ssh login and ftp login works, but the damned machine won't resolve DNS. If you read the nsswitch.conf(5) manpage, you will find that 'compat' is only used for 'passwd' and 'group' to support the old NIS '+/-' entries in the password and group files. It is useless for other sources: compat support `+/-' in the ``passwd'' and ``group'' databases. If this is present, it must be the only source for that entry. So, having 'hosts: compat' would certainly break all the hostname resolution. > Desperately flailing about and doing this: > > group: cache files ldap[ unavail=continue notfound=continue ] > passwd: cache files ldap [ unavail=continue notfound=continue ] > #group_compat: nis > hosts: compat dns > networks: files dns > #passwd_compat: nis > shells: files dns > services: compat dns > services_compat: nis dns > protocols: files dns > rpc: files dns Don't use 'compat'. You don't need it (you aren't running NIS). I would try: group: cache files ldap[ blah blah ] passwd: cache files ldap[ blah blah ] hosts: files dns network: files dns automount: files ldap aliases: files ldap Some notes: Do you really need 'network', 'automount', and 'aliases' entries? -- John Baldwin