Partial NIS+ woes
2007-12-25 10:19:00
I posted a problem about installing NIS+. I have 2 sub-domains, so I did not
know which one to choose as the root master.
Thanks to Dixon Ly and Kenneth Simpson and a very special thanks to Daniel J
Blander I have a better idea about how I can handle this. Please see my
original post and the complete responses I got (below).
Now I have another problem. Our current NIS master is a SunOS 4.1.3_U
machine. It does not have a shadow file, but does have a passwd and a
passwd.master (I could not find any documentation on this). I combined the
two files as passwd, copied this file over to the new machine (Solaris 2.5
which I'm trying to setup as the root master of NIS+) and ran the "pwconv"
command. This was after I ran nisserver -Y -r -v -d ucsf_library.edu.
I checked that it created a passwd and shadow file.
After that I populated using nispopulate -F -v -d ucsf_library.edu. -h athena
I then rebooted the machine. I tried logging in as root when it came back up,
but it would not let me in. I was able to login as myself. I finally had to
get in the cdrom way. What did I screw up?
Thanks a lot for you help,
Rasana
---------------------------------------------------------------------------
Hi!
I posted this once before but I did not get anything which helped me, so I'm
giving this another try.
I'm trying to setup NIS+ on a Solaris 2.5 machine with patches 103279-01 and
103093-02 (on Sparc 2). We already have NIS running on another machine, but
populating from NIS was giving errors, so I tried to populate using files.
UCSF has many subnets, of which we control 2 (library.ucsf.edu and
ckm.ucsf.edu). We have no access to anything else.
If I try and make a machine on the library.ucsf.edu subnet our root master,
and
nispopulate using:
nispopulate -F -v -d NIS+_Domain.edu. -h EFGH,
these are the errors I get:
Populating the NIS+ credential table for domain NIS+_Domain.edu.
from hosts table.
dumping hosts table...
loading credential table...
nisaddcred: domain of principal 'ABC.ckm.ucsf.edu.NIS+_Domain.edu.'
does not match destination domain 'NIS+_Domain.edu.'.
Should only add DES credential of principal in its home domain
nisaddcred: unable to create credential.
If I make a machine on ckm subnet the root master, I get the same error
messages with the sub-domain reversed.
My /etc/hosts is like this:
128.218.xx.yy ABC.ckm.ucsf.edu ABC
128.218.aa.bb DEF.library.ucsf.edu DEF
My /etc/netgroup is:
(DEF.library.ucsf.edu,,) (ABC.ckm.ucsf.edu,,) \
As an aside: each time I activate NIS+ (this machine is also our INN news
server) I get the following:
Jun 7 09:09:52 helena nnrpd[2743]: ? cant gethostbyaddr 128.218.cc.dd Error 0
128.218.cc.dd is our newsfeed.
So my question is this: if I make a machine on one subnet my root master, how
do I handle the other one?
PLEASE let me know if you need further clarification.
HELP!!
Thanks much!
Rasana
---------------------------------------------------------------------------
From: Dixon Ly <dly@csl.sri.com>
I don't use NIS+ myself, but isn't there something in the NIS+
docs that says you can't use periods to name your machines/users?
A period is reserved for domain naming hierachy or some such thing
(like abc.def.com is a different domain then 123.abc.def.com).
So you have ABC.ckm.ucsf.edu.NIS+_Domain.edu, which seems to say
you have a principal 'ABC' in the ABC.ckm.ucsf.edu.NIS+_Domain.edu
domain.
Like I said, I don't use NIS+, but I am pretty sure I recall reading
something about the naming convention in the Sun supplied docs.
-d
---------------------------------------------------------------------------
From: Kenneth Simpson <chaos@best.com>
>If I try and make a machine on the library.ucsf.edu subnet our root master,
>and nispopulate using:
>
>nispopulate -F -v -d NIS+_Domain.edu. -h EFGH,
>
My advice is to not to do it, i.e., if passing
-d NIS+_Domain.edu.
gives
ABC.ckm.ucsf.edu.NIS+_Domain.edu.
which is clearly wrong, then don't do it, i.e., loose the
-d NIS+_Domain.edu.
in the nispopulate command. Also, try using
nisaddent -r -f ....
to populate your tables if you have ASCII files.
>As an aside: each time I activate NIS+ (this machine is also our INN news
>server) I get the following:
>Jun 7 09:09:52 helena nnrpd[2743]: ? cant gethostbyaddr 128.218.cc.dd Error 0
If you have a DNS server, add
dns
to your nisswitch.conf file.
-- Ken
---------------------------------------------------------------------------
From: "Daniel J Blander - Sr. Systems Engineer for ACS" <Daniel.Blander@ACSacs.com>
It looks as if you have some domain issues running rampant here...
You have a primary domain for NIS+ that is NIS+_Domain.edu
and a DNS domain that you have listed in your hosts file
(rather than letting DNS resolve the domain) that is ckm.ucsf.edu.
NIS+ (as well as DNS) will treat every . as a breaking designation
for each domain. Because you have choosen to list your hosts with
their DNS subdomains, then they are put into the NIS+ hosts.org_dir
map with these subdomains appended onto the NIS+ root domain.
NIS+ wants the master server
to be precisely in the ROOT domain (NIS+_Domain.edu) and in no other
subdomain - a sub-domain root master would be in its own sub-domain...
so having the successive sub-domains listed in your host file is
nuking the install. In addition, since after you start your
NIS+ install your /etc/nsswitch.conf file changed to look up your
info from your NIS+ maps, and since they have started being populated
from this hosts file (it will do hosts last - after NIS+), it is
likely the name of your news server is totally mis-labeled and
can not be found by NIS+ because it now has the NIS+Domain.edu tacked
on the end....
If your intention is to have the hosts file list the full domains,
then you should create a seperate hosts file without the domain data
tagged on - unless they truely do reside in sub-domains...and then
load this stripped hosts file into your NIS+ maps instead of the
one you are trying to load.
If you want DNS running inside your organization and NIS+ simultaneously,
then strip the names completely, setup DNS correctly to handle resolving
the domains - instead of the hosts file, and then build your NIS+. Both
services can run simultaeously and a system can belong to both and have
different domains specified in each one (they run independently - unlike
old NIS).
Last possible scenario - in your hosts file, put the fully qualified names
as aliases - I.e. do as I said above - add the simple host name (with no
domain) but put it in your existing hosts file and put it first - before
the fully qualified name. This way when NIS+ reads in the info it will
use that name to set up the hosts.org_dir entry.
Hope this helps....
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The Official Applied Computer Solutions Home Page
and Tech Tip of the Week:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~ Rasana Atreya Voice: (415) 476-3623 ~
~ Programmer/Analyst and Red Sage Administrator Fax: (415) 476-4653 ~
~ Library & Ctr for Knowledge Mgnt, Univ. of California at San Francisco ~
~ 530 Parnassus Ave, Box 0840, San Francisco, CA 94143-0840 ~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Comments
Got something to say?
You must be logged in to post a comment.
