Re: FreeBSD 6.x, NIS, local root password, and nsswitch.conf
David Adam [EMAIL PROTECTED] wrote:
On Tue, 21 Nov 2006, Mark Hennessy wrote:
I have a new system that has FreeBSD 6.1 on it to replace a system with
FreeBSD 4.11 being put out of service.
I want to keep to using local root passwords only, but export other users'
logins over NIS. It acts presently as an NIS slave server.
The NIS master server was upgraded a few months ago to FreeBSD 6.0 and
then 6.1.
All other machines are running FreeBSD 4.11.
A weird thing started to happen with the new machine. Only on this new
machine, the local root password doesn't work and only the root password
of the NIS master server will work to attain root. Perhaps something
needs to be changed somewhere to make the local root password work again?
Here's the /etc/nsswitch.conf from the master server:
group: compat
group_compat: nis
hosts: files dns
networks: files
passwd: compat
passwd_compat: nis
shells: files
Here's the /etc/nsswitch.conf from the slave server:
group: compat
group_compat: nis
hosts: files dns
networks: files
passwd: compat
passwd_compat: nis
shells: files
They both appear to be set to defaults.
I tried changing group and passwd to include 'files', I also tried
changing group_compat and passwd_compat to include 'files', but no
positive change.
Mark,
Careful here.
The line needs to read 'files nis', not 'nis files' - if you used the
latter, try switching it around so that the local /etc/passwd is checked
for root logins before NIS is consulted.
As I understand the man page, you want to change the {group,passwd}_compat
lines, not the {group,passwd} lines themselves.
I couldn't find nsswitch.conf on any of the FreeBSD 4.11 servers. They
are served by NIS as clients and all of their local root passwords work
fine.
From nsswitch.conf(5):
The nsswitch.conf file format first appeared in FreeBSD 5.0. It was
imported from the NetBSD Project, where it appeared first in NetBSD 1.4.
The NIS section of the handbook contains no mention of nsswitch.conf(5),
so I'm not actually sure that it's required for system authentication.
David Adam
[EMAIL PROTECTED]
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to [EMAIL PROTECTED]
I'm a bit unsure about it myself.
I tried exactly what you suggested, putting files on the compat line and
before nis for both passwd and groups on the NIS slave server only, and no
go. Perhaps it is the master server that actually controls this? I don't
know. Any further advice would be greatly appreciated.
--
Mark P. Hennessy
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD 6.x, NIS, local root password, and nsswitch.conf
David Adam [EMAIL PROTECTED] wrote:
On Wed, 22 Nov 2006, Mark Hennessy wrote:
David Adam [EMAIL PROTECTED] wrote:
On Tue, 21 Nov 2006, Mark Hennessy wrote:
I have a new system that has FreeBSD 6.1 on it to replace a system
with
FreeBSD 4.11 being put out of service.
I want to keep to using local root passwords only, but export other
users'
logins over NIS. It acts presently as an NIS slave server.
The NIS master server was upgraded a few months ago to FreeBSD 6.0
and
then 6.1.
All other machines are running FreeBSD 4.11.
A weird thing started to happen with the new machine. Only on this
new
machine, the local root password doesn't work and only the root
password
of the NIS master server will work to attain root. Perhaps
something
needs to be changed somewhere to make the local root password work
again?
snip
I tried changing group and passwd to include 'files', I also tried
changing group_compat and passwd_compat to include 'files', but no
positive change.
Mark,
Careful here.
The line needs to read 'files nis', not 'nis files' - if you used the
latter, try switching it around so that the local /etc/passwd is
checked
for root logins before NIS is consulted.
As I understand the man page, you want to change the
{group,passwd}_compat
lines, not the {group,passwd} lines themselves.
I couldn't find nsswitch.conf on any of the FreeBSD 4.11 servers.
They
are served by NIS as clients and all of their local root passwords
work
fine.
From nsswitch.conf(5):
The nsswitch.conf file format first appeared in FreeBSD 5.0. It was
imported from the NetBSD Project, where it appeared first in NetBSD
1.4.
The NIS section of the handbook contains no mention of
nsswitch.conf(5),
so I'm not actually sure that it's required for system authentication.
I'm a bit unsure about it myself.
I tried exactly what you suggested, putting files on the compat line
and
before nis for both passwd and groups on the NIS slave server only, and
no
go. Perhaps it is the master server that actually controls this? I
don't
know. Any further advice would be greatly appreciated.
Just to clarify - you're running a single NIS master, and you're having
this problem on a new NIS client? Or is it a NIS slave server as well? I
don't think that this should affect things, but I just wanted to clear up
the nomenclature.
Hmm, odd. I don't know if you have to restart any services to pick up
changes in nsswitch.conf, but I doubt it.
However, re-reading the manpage reminded me that nsswitch doesn't actually
control authentication in many cases - PAM handles this, on Linux at any
rate.
Someone (quite possibly me) has kicked the cable out of my FreeBSD box, so
I can't check this at the moment, but you may well need to edit something
in /etc/pam.d. In particular, if you have NIS as sufficient, it'll take
precedence over pam_unix (i.e., files).
Cheers,
David Adam
[EMAIL PROTECTED]
The machine in question having the problem with its root password being
clobbered by NIS is an NIS Slave Server running FreeBSD 6.1, the other
machines that aren't having this problem are clients running FreeBSD 4.11,
and the NIS Master Server is running FreeBSD 6.1.
The pam config for login and su don't appear to be pointing specifically
to NIS for anything, just system.
--
Mark P. Hennessy
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to [EMAIL PROTECTED]
Compiling Linuxthreads
I'm trying to compile Linuxthreads from ports on my FreeBSD 4.8 system here, and for some reason I keep getting this: You can use an experimental patch to reduce the number of condition variable triggered context switches by defining WITH_CONDWAIT_PATCH Some unsafe calls to exit() can be detected by defining LINUXTHREADS_DETECT_UNSAFE_EXIT, see files/README.FreeBSD for more info. === Extracting for linuxthreads-2.2.3_10 Checksum OK for glibc-linuxthreads-2.2.3.tar.gz. === Patching for linuxthreads-2.2.3_10 === Applying FreeBSD patches for linuxthreads-2.2.3_10 === Configuring for linuxthreads-2.2.3_10 === Building for linuxthreads-2.2.3_10 Warning: Object directory not changed from original /usr/ports/devel/linuxthreads/work/linuxthreads-2.2.3_10/libgcc_r echo '#include i386/xm-i386.h' config.h echo '#include xm-freebsd.h' config.h echo '#include gansidecl.h'tconfig.h echo '#include i386/xm-i386.h' tconfig.h echo '#include i386/i386.h'tm.h echo '#include i386/att.h' tm.h echo '#include freebsd.h' tm.h echo '#include i386/freebsd.h' tm.h echo '#include i386/perform.h' tm.h make: don't know how to make libgcc1.c. Stop *** Error code 2 Stop in /usr/ports/devel/linuxthreads. I know that Linux binary compatibility is installed, as well as /usr/src/gnu (installed that today, machine was upgraded to 4.8 a couple of months ago) Any ideas on where I should look next? -- Mark P. Hennessy [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
FreeBSD 5.0 and MySQL on NFS-mounted partition (NetApp)
From mysql compiled from ports: Can't lock file (errno: 45) I just rebuilt mysql 3.23.55 on FreeBSD 5.0, and I am trying to start mysqld with my databases, and all of a sudden I'm getting this error. I was wondering if anyone has seen this and might know where I should start looking? Additionally, it appears that this error only comes up when the DATADIR for MySQL is set to a directory on an NFS-mounted drive. I have also asked one of the MySQL lists, and they suggested looking at rpc.lockd, but would that be needed if no writes were being made? -- Mark P. Hennessy [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-stable in the body of the message
pam_listfile for use with FreeBSD
Has anyone set up pam_listfile for use with FreeBSD successfully? I am trying to get it working so I can prevent users listed in a flatfile from gaining access. I was wondering what steps might need to be taken to find and build it with FreeBSD 4.x. If this question is too nebulous for this list, any advice on who to ask next would be appreciated. -- Mark P. Hennessy [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-stable in the body of the message
Problem with poppassd
I am having a consistent problem with poppassd, and I'm not sure what the cause or resolution of that problem is. I was wondering if anyone had any ideas I could try to fix it. I get messages like those listed below, but not every instance of the running of poppassd fails. Oct 31 09:46:38 host poppassd[96878]: can't open slave pty: (/dev/ttyph) Permission denied Oct 31 09:50:25 host poppassd[97321]: can't open slave pty: (/dev/ttypj) Permission denied Oct 31 09:54:29 host poppassd[97804]: can't open slave pty: (/dev/ttypl) Permission denied Oct 31 10:30:12 host poppassd[3690]: can't open slave pty: (/dev/ttypn) Permission denied Oct 31 12:34:44 host poppassd[19076]: can't open slave pty: (/dev/ttypt) Permission denied Oct 31 14:24:55 host poppassd[32502]: can't open slave pty: (/dev/ttypc) Permission denied -- Mark P. Hennessy [EMAIL PROTECTED] Cloud 9 InternetWhite Plains, NY +1 914 696-4000 / 800 356-5683 http://www.cloud9.net To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-stable in the body of the message
