Re: NFS + NIS madness
Well, at the end, the whole part of the I have no name seems related to the prompt. Which leaves me with a single problem: As logged in (NIS/YP) user, I see the GID as 500. As root, the same NFS mount shows GID as normal. Thanks, Hetz On Tue, Nov 29, 2011 at 8:53 AM, Yedidyah Bar-David linux...@didi.bardavid.org wrote: On Mon, Nov 28, 2011 at 11:35:33PM +0200, Hetz Ben Hamo wrote: Hi, As you can see, all of them (from root) works perfectly: [root@client ~]# ypcat passwd.byuid vic:$6$FcNMjbbl$8wGzWhtEK9P0.WdoqE78xI9VDzmaH1wTF.2vax9VERW3uiqhytNjXXzVccCjnWRxV7ApHL.JibC0Ar4spM6In1:500:500:Vicky the kitten!:/home/vic:/bin/bash [root@client ~]# ypmatch 500 passwd.byuid vic:$6$FcNMjbbl$8wGzWhtEK9P0.WdoqE78xI9VDzmaH1wTF.2vax9VERW3uiqhytNjXXzVccCjnWRxV7ApHL.JibC0Ar4spM6In1:500:500:Vicky the kitten!:/home/vic:/bin/bash [root@client ~]# getent passwd 500 vic:$6$FcNMjbbl$8wGzWhtEK9P0.WdoqE78xI9VDzmaH1wTF.2vax9VERW3uiqhytNjXXzVccCjnWRxV7ApHL.JibC0Ar4spM6In1:500:500:Vicky the kitten!:/home/vic:/bin/bash only when I do su - vic or login as vic, then it happens.. Can you try these as vic? It's been some time since I last debugged NIS, but IIRC there are mechanisms that try to prevent normal users from seeing some stuff, e.g. shadow passwords. Obviously you did not use shadow passwords, judging from the above. Perhaps the server replies to these only from low ports or something like that, don't remember. You can try to run the server with debugging/verbose/whatever and see if there is anything in its logs. -- Didi -- *חץ בן חמו חץ-ביז *השכרה ואירוח של שרתים פיזיים מעוניין להשתמש בשרותים שחסומים לגולש הישראלי? Hulu? NetFlix? Pandora? Google Voice? אם כן, היכנס לכאן http://vps.net.bz/?p=406. ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: NFS + NIS madness
On 12/04/2011 06:36 PM, Hetz Ben Hamo wrote: Well, at the end, the whole part of the I have no name seems related to the prompt. Which leaves me with a single problem: As logged in (NIS/YP) user, I see the GID as 500. As root, the same NFS mount shows GID as normal. Just to make sure. Did you run make -C /var/yp on the server? Shachar -- Shachar Shemesh Lingnu Open Source Consulting Ltd. http://www.lingnu.com ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: NFS + NIS madness
Hi, Thanks for your explanation. I did what you wrote before I got your email at least 20 times. I followed your email and re-checked everything. Everything works great until I actually login with the user. See this (doing it as root): # ypcat passwd vic:$6$FcNMjbbl$8wGzWhtEK9P0.WdoqE78xI9VDzmaH1wTF.2vax9VERW3uiqhytNjXXzVccCjnWRxV7ApHL.JibC0Ar4spM6In1:500:500:Vicky the kitten!:/home/vic:/bin/bash # ypmatch vic passwd vic:$6$FcNMjbbl$8wGzWhtEK9P0.WdoqE78xI9VDzmaH1wTF.2vax9VERW3uiqhytNjXXzVccCjnWRxV7ApHL.JibC0Ar4spM6In1:500:500:Vicky the kitten!:/home/vic:/bin/bash # ypcat hosts 10.0.0.150 spectrum server.example.com kuku 10.0.0.151 client 10.0.0.150 spectrum server.example.com kuku 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 10.0.0.150 spectrum server.example.com kuku 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 *(I probably messed up something there, nevermind..)* * * And then ... # su - vic id: cannot find name for user ID 500 id: cannot find name for user ID 500 [I have no name!@client ~]$ $ id uid=500 gid=500(vic) groups=500(vic) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 After disabling SELinux (Hate it!) it's a bit better: $ id uid=500 gid=500(vic) groups=500(vic) but still ... $ ls -la total 32 drwx-- 2 500 vic 4096 Nov 28 2011 . drwxr-xr-x 4 root root 4096 Nov 25 20:06 .. -rw--- 1 500 vic 343 Nov 28 2011 .bash_history -rw-r--r-- 1 500 vic18 May 26 2011 .bash_logout -rw-r--r-- 1 500 vic 176 May 26 2011 .bash_profile -rw-r--r-- 1 500 vic 124 May 26 2011 .bashrc -rw--- 1 500 vic 602 Nov 28 2011 .viminfo *[I have no name*!@client ~]$ I pasted online the configurations of the client: network - http://fpaste.org/SoLt/ yp.conf - http://fpaste.org/kfc6/ nsswitch.conf - http://fpaste.org/MXrw/ If you have any other ideas, I'll be happy to hear. Thank you, Hetz ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: NFS + NIS madness
You can run this 'ls -la' under strace and may be you'll see sometging of iterest. Valery. From: Hetz Ben Hamo het...@gmail.com To: Oron Peled o...@actcom.co.il Cc: linux-il@cs.huji.ac.il Sent: Monday, November 28, 2011 9:28 PM Subject: Re: NFS + NIS madness Hi, Thanks for your explanation. I did what you wrote before I got your email at least 20 times. I followed your email and re-checked everything. Everything works great until I actually login with the user. See this (doing it as root): # ypcat passwd vic:$6$FcNMjbbl$8wGzWhtEK9P0.WdoqE78xI9VDzmaH1wTF.2vax9VERW3uiqhytNjXXzVccCjnWRxV7ApHL.JibC0Ar4spM6In1:500:500:Vicky the kitten!:/home/vic:/bin/bash # ypmatch vic passwd vic:$6$FcNMjbbl$8wGzWhtEK9P0.WdoqE78xI9VDzmaH1wTF.2vax9VERW3uiqhytNjXXzVccCjnWRxV7ApHL.JibC0Ar4spM6In1:500:500:Vicky the kitten!:/home/vic:/bin/bash # ypcat hosts 10.0.0.150spectrum server.example.com kuku 10.0.0.151client 10.0.0.150spectrum server.example.com kuku 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 10.0.0.150spectrum server.example.com kuku 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 (I probably messed up something there, nevermind..) And then ... # su - vic id: cannot find name for user ID 500 id: cannot find name for user ID 500 [I have no name!@client ~]$ $ id uid=500 gid=500(vic) groups=500(vic) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 After disabling SELinux (Hate it!) it's a bit better: $ id uid=500 gid=500(vic) groups=500(vic) but still ... $ ls -la total 32 drwx-- 2 500 vic 4096 Nov 28 2011 . drwxr-xr-x 4 root root 4096 Nov 25 20:06 .. -rw--- 1 500 vic 343 Nov 28 2011 .bash_history -rw-r--r-- 1 500 vic 18 May 26 2011 .bash_logout -rw-r--r-- 1 500 vic 176 May 26 2011 .bash_profile -rw-r--r-- 1 500 vic 124 May 26 2011 .bashrc -rw--- 1 500 vic 602 Nov 28 2011 .viminfo [I have no name!@client ~]$ I pasted online the configurations of the client: network - http://fpaste.org/SoLt/ yp.conf - http://fpaste.org/kfc6/ nsswitch.conf - http://fpaste.org/MXrw/ If you have any other ideas, I'll be happy to hear. Thank you, Hetz ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: NFS + NIS madness
On Monday, 28 בNovember 2011 21:28:37 Hetz Ben Hamo wrote: ... # su - vic id: cannot find name for user ID 500 id: cannot find name for user ID 500 [I have no name!@client ~]$ $ id uid=500 gid=500(vic) groups=500(vic) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 ... but still ... $ ls -la total 32 drwx-- 2 500 vic 4096 Nov 28 2011 . drwxr-xr-x 4 root root 4096 Nov 25 20:06 .. -rw--- 1 500 vic 343 Nov 28 2011 .bash_history -rw-r--r-- 1 500 vic18 May 26 2011 .bash_logout -rw-r--r-- 1 500 vic 176 May 26 2011 .bash_profile -rw-r--r-- 1 500 vic 124 May 26 2011 .bashrc -rw--- 1 500 vic 602 Nov 28 2011 .viminfo *[I have no name*!@client ~]$ Interesting. Looks like name-uid translation works, but uid-name don't. Maybe (for some unknown reason) the reverse NIS map is not there. Let's debug it: 1. First at the NIS level -- The 'passwd' map is a shortcut to the 'passwd.byname' map, let's test the 'passwd.byuid' map: * Enumerate: ypcat passwd.byuid * Match: ypmatch 500 passwd.byuid 2. If 1. is OK, test at the NSS level: getent passwd 500 Both of these work? -- Oron Peled Voice: +972-4-8228492 o...@actcom.co.il http://users.actcom.co.il/~oron If it's there and you can see it, it's REAL If it's there and you can't see it, it's TRANSPARENT If it's not there and you can see it, it's VIRTUAL If it's not there and you can't see it, it's GONE! ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: NFS + NIS madness
Hi, As you can see, all of them (from root) works perfectly: [root@client ~]# ypcat passwd.byuid vic:$6$FcNMjbbl$8wGzWhtEK9P0.WdoqE78xI9VDzmaH1wTF.2vax9VERW3uiqhytNjXXzVccCjnWRxV7ApHL.JibC0Ar4spM6In1:500:500:Vicky the kitten!:/home/vic:/bin/bash [root@client ~]# ypmatch 500 passwd.byuid vic:$6$FcNMjbbl$8wGzWhtEK9P0.WdoqE78xI9VDzmaH1wTF.2vax9VERW3uiqhytNjXXzVccCjnWRxV7ApHL.JibC0Ar4spM6In1:500:500:Vicky the kitten!:/home/vic:/bin/bash [root@client ~]# getent passwd 500 vic:$6$FcNMjbbl$8wGzWhtEK9P0.WdoqE78xI9VDzmaH1wTF.2vax9VERW3uiqhytNjXXzVccCjnWRxV7ApHL.JibC0Ar4spM6In1:500:500:Vicky the kitten!:/home/vic:/bin/bash only when I do su - vic or login as vic, then it happens.. Thanks, Hetz On Mon, Nov 28, 2011 at 11:31 PM, Oron Peled o...@actcom.co.il wrote: ** On Monday, 28 בNovember 2011 21:28:37 Hetz Ben Hamo wrote: ... # su - vic id: cannot find name for user ID 500 id: cannot find name for user ID 500 [I have no name!@client ~]$ $ id uid=500 gid=500(vic) groups=500(vic) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 ... but still ... $ ls -la total 32 drwx-- 2 500 vic 4096 Nov 28 2011 . drwxr-xr-x 4 root root 4096 Nov 25 20:06 .. -rw--- 1 500 vic 343 Nov 28 2011 .bash_history -rw-r--r-- 1 500 vic 18 May 26 2011 .bash_logout -rw-r--r-- 1 500 vic 176 May 26 2011 .bash_profile -rw-r--r-- 1 500 vic 124 May 26 2011 .bashrc -rw--- 1 500 vic 602 Nov 28 2011 .viminfo *[I have no name*!@client ~]$ Interesting. Looks like name-uid translation works, but uid-name don't. Maybe (for some unknown reason) the reverse NIS map is not there. Let's debug it: 1. First at the NIS level -- The 'passwd' map is a shortcut to the 'passwd.byname' map, let's test the 'passwd.byuid' map: * Enumerate: ypcat passwd.byuid * Match: ypmatch 500 passwd.byuid 2. If 1. is OK, test at the NSS level: getent passwd 500 Both of these work? -- Oron Peled Voice: +972-4-8228492 o...@actcom.co.il http://users.actcom.co.il/~oron If it's there and you can see it, it's REAL If it's there and you can't see it, it's TRANSPARENT If it's not there and you can see it, it's VIRTUAL If it's not there and you can't see it, it's GONE! -- *חץ בן חמו חץ-ביז *השכרה ואירוח של שרתים פיזיים מעוניין להשתמש בשרותים שחסומים לגולש הישראלי? Hulu? NetFlix? Pandora? Google Voice? אם כן, היכנס לכאן http://vps.net.bz/?p=406. ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: NFS + NIS madness
On 11/28/2011 11:35 PM, Hetz Ben Hamo wrote: only when I do su - vic or login as vic, then it happens.. Maybe that's the problem... Check your login scripts .profile / .bashrc / .whatever # ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: NFS + NIS madness
2011/11/29 Dotan Shavit do...@shavitos.com ** On 11/28/2011 11:35 PM, Hetz Ben Hamo wrote: only when I do su - vic or login as vic, then it happens.. Maybe that's the problem... Check your login scripts .profile / .bashrc / .whatever Or PAM (/etc/pam.d) --Amos PS http://www.phrases.org.uk/meanings/abandon-hope-all-ye-who-enter-here.html. ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: NFS + NIS madness
On Mon, Nov 28, 2011 at 11:35:33PM +0200, Hetz Ben Hamo wrote: Hi, As you can see, all of them (from root) works perfectly: [root@client ~]# ypcat passwd.byuid vic:$6$FcNMjbbl$8wGzWhtEK9P0.WdoqE78xI9VDzmaH1wTF.2vax9VERW3uiqhytNjXXzVccCjnWRxV7ApHL.JibC0Ar4spM6In1:500:500:Vicky the kitten!:/home/vic:/bin/bash [root@client ~]# ypmatch 500 passwd.byuid vic:$6$FcNMjbbl$8wGzWhtEK9P0.WdoqE78xI9VDzmaH1wTF.2vax9VERW3uiqhytNjXXzVccCjnWRxV7ApHL.JibC0Ar4spM6In1:500:500:Vicky the kitten!:/home/vic:/bin/bash [root@client ~]# getent passwd 500 vic:$6$FcNMjbbl$8wGzWhtEK9P0.WdoqE78xI9VDzmaH1wTF.2vax9VERW3uiqhytNjXXzVccCjnWRxV7ApHL.JibC0Ar4spM6In1:500:500:Vicky the kitten!:/home/vic:/bin/bash only when I do su - vic or login as vic, then it happens.. Can you try these as vic? It's been some time since I last debugged NIS, but IIRC there are mechanisms that try to prevent normal users from seeing some stuff, e.g. shadow passwords. Obviously you did not use shadow passwords, judging from the above. Perhaps the server replies to these only from low ports or something like that, don't remember. You can try to run the server with debugging/verbose/whatever and see if there is anything in its logs. -- Didi ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: NFS + NIS madness
2011/11/27 Hetz Ben Hamo het...@gmail.com Hi, I have not had the pleasure of setting NFS + NIS for quite a long time (since 2000 approx), but now I need it for a client. I've set up a lab at home to test it before I deployed it. NFS mount works, no problems. However, with NIS when I login to the client, I see the files and everything, but the GID show for example as 500 instead of the actual test group. The user shows correctly. idmap etc works.. Any suggestions? Thanks, Hetz Did you tell your system to use groups from NIS in /etc/nsswitch.conf ? (might need to put 'nis' before 'compat' / 'files' if you want it to override a local equivalent value) -- Shimi ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: NFS + NIS madness
Hi, Doesn't help. Actually the problem is bigger.. See this: [root@client ~]# su - vic id: cannot find name for user ID 500 id: cannot find name for user ID 500 [I have no name!@client ~]$ pwd /home/vic /home/vic is from the NFS. doing ls -la shows me this: $ ls -la total 28 drwx--. 2 500 vic 4096 Nov 23 19:16 . drwxr-xr-x. 4 root root 4096 Nov 25 20:06 .. -rw---. 1 500 vic 264 Nov 23 19:52 .bash_history -rw-r--r--. 1 500 vic18 May 26 2011 .bash_logout -rw-r--r--. 1 500 vic 176 May 26 2011 .bash_profile -rw-r--r--. 1 500 vic 124 May 26 2011 .bashrc idmapd.conf is configured, nfs service is running, I'm going crazy :) Thanks, Hetz On Sun, Nov 27, 2011 at 12:07 PM, shimi linux...@shimi.net wrote: 2011/11/27 Hetz Ben Hamo het...@gmail.com Hi, I have not had the pleasure of setting NFS + NIS for quite a long time (since 2000 approx), but now I need it for a client. I've set up a lab at home to test it before I deployed it. NFS mount works, no problems. However, with NIS when I login to the client, I see the files and everything, but the GID show for example as 500 instead of the actual test group. The user shows correctly. idmap etc works.. Any suggestions? Thanks, Hetz Did you tell your system to use groups from NIS in /etc/nsswitch.conf ? (might need to put 'nis' before 'compat' / 'files' if you want it to override a local equivalent value) -- Shimi ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: NFS + NIS madness
sounds like an anonymous user mapping on the NFS server side. --guy Hetz Ben Hamo wrote: Hi, I have not had the pleasure of setting NFS + NIS for quite a long time (since 2000 approx), but now I need it for a client. I've set up a lab at home to test it before I deployed it. NFS mount works, no problems. However, with NIS when I login to the client, I see the files and everything, but the GID show for example as 500 instead of the actual test group. The user shows correctly. idmap etc works.. Any suggestions? Thanks, Hetz -- *חץ בן חמו חץ-ביז *השכרה ואירוח של שרתים פיזיים מעוניין להשתמש בשרותים שחסומים לגולש הישראלי? Hulu? NetFlix? Pandora? Google Voice? אם כן, היכנס לכאן http://vps.net.bz/?p=406. ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: NFS + NIS madness
On Sunday, 27 בNovember 2011 12:30:52 Hetz Ben Hamo wrote: Hi, Doesn't help. Actually the problem is bigger.. Isolate the problem in steps: 1. Check NIS as a directory service (without even using it in nsswitch). Here is a quick checklist -- no use trying a step if previous one failed: * Verify ypbind is running via ps(1) * Verify it successfully bound to the NIS domain via ypwhich(1): - Failed binding is #1 error in NIS - Verify domainname(1) match (server/client) - Verify client access correct server (/etc/yp.conf) - Modern (90's) NIS servers don't answer RPC broadcasts (security) so you must specify the server in the clients /etc/yp.conf - Modern (90's) NIS servers only answer subnets listed in their /var/yp/securenets -- have you added yours to this file? * Verify it returns correct information via ypcat(1), ypmatch(1): - Enumeration: ypcat passwd Modern NIS server enumerate users/groups with id's above specific threshold (e.g: 500 and above), so system users should not be listed. Maybe your NIS server start above 1000. - Lookup (e.g: your vic user): ypmatch vic passwd * If any of these does not work correctly, you need to fix NIS configuration -- don't try to debug nsswitch until all these tests are OK. 2. Only if all items in 1. passed OK, check its integration in NSS (name service switch): * Verify enumeration: - getent passwd * Verify lookup: - getent passwd vic * Or equivalently: - id vic * If previous items in 2. weren't OK, but items on 1. were OK, you have a problem in /etc/nsswitch.conf: - The simplest config is to have files nis in the lines of passwd, shadow and group - A compat line in those three lines serves a special form of files where special lines in these files can (selectively) include data from NIS. Examples: +oron # include only oron's record from NIS +@foobar # include everybody from netgroup (NOT group) foobar -badguy # Obviously + # Everybody (except badguy -- line order affect results) - This means that a passwd: files nis in /etc/nsswitch.conf is equivalent to passwd: compat with a '+' in the end of /etc/passwd. Hope it helps, -- Oron Peled Voice: +972-4-8228492 o...@actcom.co.il http://users.actcom.co.il/~oron When you say I wrote a program that crashed Windows, people just stare at you blankly and say Hey, I got those with the system, *for free* ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
NFS + NIS madness
Hi, I have not had the pleasure of setting NFS + NIS for quite a long time (since 2000 approx), but now I need it for a client. I've set up a lab at home to test it before I deployed it. NFS mount works, no problems. However, with NIS when I login to the client, I see the files and everything, but the GID show for example as 500 instead of the actual test group. The user shows correctly. idmap etc works.. Any suggestions? Thanks, Hetz -- *חץ בן חמו חץ-ביז *השכרה ואירוח של שרתים פיזיים מעוניין להשתמש בשרותים שחסומים לגולש הישראלי? Hulu? NetFlix? Pandora? Google Voice? אם כן, היכנס לכאן http://vps.net.bz/?p=406. ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il