David Adam [EMAIL PROTECTED] wrote:
On Wed, 22 Nov 2006, Mark Hennessy wrote:
David Adam [EMAIL PROTECTED] wrote:
>On Tue, 21 Nov 2006, Mark Hennessy wrote:
>> I have a new system that has FreeBSD 6.1 on it to replace a system
with
>> FreeBSD 4.11 being put out of service.
>>
>> I want to keep to using local root passwords only, but export other
users'
>> logins over NIS. It acts presently as an NIS slave server.
>>
>> The NIS master server was upgraded a few months ago to FreeBSD 6.0
and
>> then 6.1.
>>
>> All other machines are running FreeBSD 4.11.
>>
>> A weird thing started to happen with the new machine. Only on this
new
>> machine, the local root password doesn't work and only the root
password
>> of the NIS master server will work to attain root. Perhaps
something
>> needs to be changed somewhere to make the local root password work
again?
<snip>
>>
>> I tried changing group and passwd to include 'files', I also tried
>> changing group_compat and passwd_compat to include 'files', but no
>> positive change.
>
>Mark,
>
>Careful here.
>
>The line needs to read 'files nis', not 'nis files' - if you used the
>latter, try switching it around so that the local /etc/passwd is
checked
>for root logins before NIS is consulted.
>
>As I understand the man page, you want to change the
{group,passwd}_compat
>lines, not the {group,passwd} lines themselves.
>
>> I couldn't find nsswitch.conf on any of the FreeBSD 4.11 servers.
They
>> are served by NIS as clients and all of their local root passwords
work
>> fine.
>
>>From nsswitch.conf(5):
>
>"The nsswitch.conf file format first appeared in FreeBSD 5.0. It was
>imported from the NetBSD Project, where it appeared first in NetBSD
1.4."
>
>The NIS section of the handbook contains no mention of
nsswitch.conf(5),
>so I'm not actually sure that it's required for system authentication.
>
I'm a bit unsure about it myself.
I tried exactly what you suggested, putting files on the compat line
and
before nis for both passwd and groups on the NIS slave server only, and
no
go. Perhaps it is the master server that actually controls this? I
don't
know. Any further advice would be greatly appreciated.
Just to clarify - you're running a single NIS master, and you're having
this problem on a new NIS client? Or is it a NIS slave server as well? I
don't think that this should affect things, but I just wanted to clear up
the nomenclature.
Hmm, odd. I don't know if you have to restart any services to pick up
changes in nsswitch.conf, but I doubt it.
However, re-reading the manpage reminded me that nsswitch doesn't actually
control authentication in many cases - PAM handles this, on Linux at any
rate.
Someone (quite possibly me) has kicked the cable out of my FreeBSD box, so
I can't check this at the moment, but you may well need to edit something
in /etc/pam.d. In particular, if you have NIS as sufficient, it'll take
precedence over pam_unix (i.e., files).
Cheers,
David Adam
[EMAIL PROTECTED]
The machine in question having the problem with its root password being
clobbered by NIS is an NIS Slave Server running FreeBSD 6.1, the other
machines that aren't having this problem are clients running FreeBSD 4.11,
and the NIS Master Server is running FreeBSD 6.1.
The pam config for login and su don't appear to be pointing specifically
to NIS for anything, just system.
--
Mark P. Hennessy
_______________________________________________
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
