Date: Fri, 18 Apr 2008 19:10:05 GMT From: John Baldwin <jhb@freebsd.org> To: freebsd-amd64@FreeBSD.org Subject: Re: amd64/122858: nsswitch in 7.0 is f*cked up Message-ID: <200804181910.m3IJA5w8068494@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR amd64/122858; it has been noted by GNATS.
From: John Baldwin <jhb@freebsd.org>
To: freebsd-amd64@freebsd.org
Cc: tom <zaphod@fsklaw.com>, freebsd-gnats-submit@freebsd.org
Subject: Re: amd64/122858: nsswitch in 7.0 is f*cked up
Date: Fri, 18 Apr 2008 14:39:15 -0400
On Thursday 17 April 2008 11:40:17 am tom wrote:
> I've used this nsswitch.conf file for YEARS for samba/ldap/login etc.
>
> passwd: files ldap
> shadow: files ldap
> group: files ldap
> hosts: files dns wins
> ####NEW###
> networks: files dns
> automount: files ldap nisplus
> aliases: files ldap nisplus
>
> Use this and samba-ldap works but you can't shell in or ftp or anything.
Did you look at the logs to see why you can't login to the box? Can you login
on the console or can you not login in remotely?
> Use this:
>
> group: cache files ldap[ unavail=continue notfound=continue ]
> passwd: cache files ldap [ unavail=continue notfound=continue ]
> #group_compat: nis
> hosts: compat
> networks: files
> #passwd_compat: nis
> shells: files
> services: compat
> services_compat: nis
> protocols: files
> rpc: files
>
> And samba-ldap, ssh login and ftp login works, but the damned machine won't
resolve DNS.
If you read the nsswitch.conf(5) manpage, you will find that 'compat' is only
used for 'passwd' and 'group' to support the old NIS '+/-' entries in the
password and group files. It is useless for other sources:
compat support `+/-' in the ``passwd'' and ``group'' databases. If this
is present, it must be the only source for that entry.
So, having 'hosts: compat' would certainly break all the hostname resolution.
> Desperately flailing about and doing this:
>
> group: cache files ldap[ unavail=continue notfound=continue ]
> passwd: cache files ldap [ unavail=continue notfound=continue ]
> #group_compat: nis
> hosts: compat dns
> networks: files dns
> #passwd_compat: nis
> shells: files dns
> services: compat dns
> services_compat: nis dns
> protocols: files dns
> rpc: files dns
Don't use 'compat'. You don't need it (you aren't running NIS). I would try:
group: cache files ldap[ blah blah ]
passwd: cache files ldap[ blah blah ]
hosts: files dns
network: files dns
automount: files ldap
aliases: files ldap
Some notes: Do you really need 'network', 'automount', and 'aliases' entries?
--
John Baldwin
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200804181910.m3IJA5w8068494>