Formerly, we have two computers A and B. A is set up as a NIS
server, while B is a client. Now, we want to switch A and B: A is a
client and B is a server.
First, I want to remove the NIS client in the B. However, after I
shutdown ypbind, use "setup" to remove the NIS authentication, it
didn't work. Say, when I use useradd to add a new account in B, it is
said "cannot create the account".
Could you give me some suggestions? Thanks you very much!
|
|
0
|
|
|
|
Reply
|
 jingquan.li (1)
|
11/9/2009 10:34:48 PM |
|
On Mon, 2009-11-09 at 14:34 -0800, BBH wrote:
> Formerly, we have two computers A and B. A is set up as a NIS
> server, while B is a client. Now, we want to switch A and B: A is a
> client and B is a server.
>
> First, I want to remove the NIS client in the B. However, after I
> shutdown ypbind, use "setup" to remove the NIS authentication, it
> didn't work. Say, when I use useradd to add a new account in B, it is
> said "cannot create the account".
>
> Could you give me some suggestions? Thanks you very much!
It's likely the evil nscd is the culprit. In general is may cause
more problems than it solves. It's designed to cache things like NIS
information data to prevent a myriad of constant lookups. But since
it remembers... it can get in the way when you actually make
a change.
See if the nscd process is running... try killing and then see
if you're able to do the rest.
Just a guess...
|
|
|
0
|
|
|
|
Reply
|
 Chris
|
11/9/2009 11:26:14 PM
|
|
On Nov 9, 5:34=A0pm, BBH <jingquan...@gmail.com> wrote:
> =A0 =A0 Formerly, we have two computers A and B. A is set up as a NIS
> server, while B is a client. Now, we want to switch A and B: A is a
> client and B is a server.
The normally correct way to do this is that A and B both look to A as
a server, and you switch to using B as a server for both systems. This
means that NIS is configured to only publish a range of addresses,
usually uid's from 500 on up, and lower uid's are not published.
> =A0 =A0 First, I want to remove the NIS client in the B. However, after I
> shutdown ypbind, use "setup" to remove the NIS authentication, it
> didn't work. Say, when I use useradd to add a new account in B, it is
> said "cannot create the account".
Wait. Which "setup" command is this? Which Linux are you using? on
RHEL, it's system-config-authentication, or authconfig. (These
commands are linked in interesting ways to provide complex GUI's if
you're running an X server, and a text based interface if you're not.)
> =A0 =A0Could you give me some suggestions? Thanks you very much!
The command "ypwhich" will always inform you what your NIS server is
set to. The command "ypcat passwd" will inform you of what you're
publishing for the password file information, particularly usernames
and uid's. It's the existence of a previous account with the same
name, or of insufficient privileges on the NIS client, that normally
cause problems adding new user accounts.
NIS accounts should normally be added on the NIS server: the
information about this server is in /etc/yp.conf, and the selection of
password file, NIS, or LDAP for authenticaton is in /etc/
nsswitch.conf. Perhaps you could post the contents of those files so
we can give better hints?
|
|
|
0
|
|
|
|
Reply
|
Nico
|
11/10/2009 12:11:21 AM
|
|
Thanks a lot!
1: Here is nsswitch.conf
-----------------------------------------------
passwd: files
shadow: files
group: files
#hosts: db files nisplus nis dns
hosts: files dns
bootparams: nisplus [NOTFOUND=return] files
ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files
netgroup: files
publickey: nisplus
automount: files
aliases: files nisplus
2: yp.conf
# /etc/yp.conf - ypbind configuration file
# Valid entries are
#
# domain NISDOMAIN server HOSTNAME
# Use server HOSTNAME for the domain NISDOMAIN.
#
# domain NISDOMAIN broadcast
# Use broadcast on the local net for domain NISDOMAIN
#
# domain NISDOMAIN slp
# Query local SLP server for ypserver supporting NISDOMAIN
#
# ypserver HOSTNAME
# Use server HOSTNAME for the local domain. The
# IP-address of server must be listed in /etc/hosts.
#
# broadcast
# If no server for the default domain is specified or
# none of them is rechable, try a broadcast call to
# find a server.
#
#domain tlab server 192.168.1.9
3: more /etc/sysconfig/network
NETWORKING_IPV6=yes
HOSTNAME=berkeley
NETWORKING=yes
NISDOMAIN=tlab
4: After I run useradd, I am told ""cannot create the directory".
However, in /etc/passwd, there are some accounts. But no such
directory in /home.
mytest1:!!:526:526::/home/mytest1:/bin/bash
mytest12:!!:527:527::/home/mytest12:/bin/bash
mytest4:!!:528:528::/home/mytest4:/bin/bash
mytest5:!!:529:529::/home/mytest5:/bin/bash
mytst:!!:530:530::/home/mytst:/bin/bash
mytest6:!!:531:531::/home/mytest6:/bin/bash
123:!!:532:532::/home/123:/bin/bash
1234:!!:533:533::/home/1234:/bin/bash
|
|
|
0
|
|
|
|
Reply
|
BBH
|
11/10/2009 12:25:00 AM
|
|
On Nov 9, 7:25=A0pm, BBH <jingquan...@gmail.com> wrote:
> Thanks a lot!
>
> 1: Here is =A0nsswitch.conf
>
> -----------------------------------------------
> passwd: =A0 =A0 files
> shadow: =A0 =A0 files
> group: =A0 =A0 =A0files
>
> #hosts: =A0 =A0 db files nisplus nis dns
> hosts: =A0 =A0 =A0files dns
>
> bootparams: nisplus [NOTFOUND=3Dreturn] files
>
> ethers: =A0 =A0 files
> netmasks: =A0 files
> networks: =A0 files
> protocols: =A0files
> rpc: =A0 =A0 =A0 =A0files
> services: =A0 files
>
> netgroup: =A0 files
>
> publickey: =A0nisplus
>
> automount: =A0files
> aliases: =A0 =A0files nisplus
>
> 2: yp.conf
> # /etc/yp.conf - ypbind configuration file
> # Valid entries are
> #
> # domain NISDOMAIN server HOSTNAME
> # =A0 =A0 =A0 Use server HOSTNAME for the domain NISDOMAIN.
> #
> # domain NISDOMAIN broadcast
> # =A0 =A0 =A0 Use =A0broadcast =A0on =A0the local net for domain NISDOMAI=
N
> #
> # domain NISDOMAIN slp
> # =A0 =A0 =A0 Query local SLP server for ypserver supporting NISDOMAIN
> #
> # ypserver HOSTNAME
> # =A0 =A0 =A0 Use server HOSTNAME for the =A0local =A0domain. =A0The
> # =A0 =A0 =A0 IP-address of server must be listed in /etc/hosts.
> #
> # broadcast
> # =A0 =A0 =A0 If no server for the default domain is specified or
> # =A0 =A0 =A0 none of them is rechable, try a broadcast call to
> # =A0 =A0 =A0 find a server.
> #
> #domain tlab server 192.168.1.9
>
> 3: more /etc/sysconfig/network
> NETWORKING_IPV6=3Dyes
> HOSTNAME=3Dberkeley
> NETWORKING=3Dyes
> NISDOMAIN=3Dtlab
>
> 4: After I run useradd, I am told ""cannot create the directory".
> However, in /etc/passwd, there are some accounts. But no such
> directory in /home.
>
> mytest1:!!:526:526::/home/mytest1:/bin/bash
> mytest12:!!:527:527::/home/mytest12:/bin/bash
> mytest4:!!:528:528::/home/mytest4:/bin/bash
> mytest5:!!:529:529::/home/mytest5:/bin/bash
> mytst:!!:530:530::/home/mytst:/bin/bash
> mytest6:!!:531:531::/home/mytest6:/bin/bash
> 123:!!:532:532::/home/123:/bin/bash
> 1234:!!:533:533::/home/1234:/bin/bash
It looks you've disabled NIS. What does "ypwhich" say? And What
happens if you delete the account and attempt to re-add it? And is /
home perhaps NFS mounted, with root permissions disabled, which would
block "useradd" from creating accounts?
|
|
|
0
|
|
|
|
Reply
|
Nico
|
11/10/2009 4:00:42 AM
|
|
Nico,
Thanks a lot first. /home is a folder in the local machine. I
tried both ypwhich and yptest. here is the output.
[root@berkeley etc]# ypwhich
ypwhich: Can't communicate with ypbind
[root@berkeley etc]# yptest
Test 1: domainname
Configured domainname is "tlab"
Test 2: ypbind
Can't communicate with ypbind
I also use "strace" to trace useradd, and it shows that useradd
sends a message to the NIS server instead of creating an account in
the local machine. Are there some commands that can be used to check
the NIS processes or daemons?
Thanks a lot!
|
|
|
0
|
|
|
|
Reply
|
BBH
|
11/10/2009 6:04:44 PM
|
|
|
5 Replies
2725 Views
(page loaded in 1.756 seconds)
|
Search |
Post Question |
Groups |
Stream |
About |
Register
72 articles. 
0 followers. 