[Sequanux-ml] Problème NIS "I have no name!"
Renaud de Colombel
renaud68fr at free.fr
Lun 2 Jan 19:22:08 CET 2006
Bonjour,
j'ai configuré un serveur NIS + NFS sur une Debian Sarge afin d'héberger
le répertoire /home des clients d'une salle info.
Sur le client, en root, je fais un yptest : tout va bien sauf la clé
nobody qui n'est pas dans la table passwd.byname.
Par contre, dés que je me loggue en tant qu'utilisateur sur le poste6,
j'ai un prompt :
I have no name!@poste6:~$
Pourtant, un "getent passwd renaud" donne :
renaud:x:1000:1000:de Colombel Renaud:/home/renaud:/bin/bash
et un "getent passwd 1000" donne la même chose.
Evidement, les /etc/passwd, shadow et group du poste6 ne contiennent pas
d'entrées pour cet utilisateur, mais c'est le but de NIS (ne plus avoir
à enregistrer les utilisateurs et les mots de passe sur tous les clients).
J'ai réalisé la même instalation 3 fois. Une fois sur Mandriva
2006, serveur d'abord puis postes ensuite (avec l'option Methode de
connexion : NIS), une autre fois en installant les postes et le serveur
indépendamment puis en les configurant pour être serrveur et clients
NIS+NFS puis une fois sous Debian (pour les clients et le serveur, après
les avoir installés en postes indépendants). Seule la première opération
n'a pas posé ce problème. Je pensais donc que c'était le fait de changer
le mode d'identification des comptes sur le client après une
installation normale qui amenait ce problème. Cependant, aujourd'hui,
j'ai rebranché le serveur dans la salle info et les clients sous
Mandriva ne parviennent plus à avoir l'identité des comptes présents sur
le serveur.
Je joins les fichiers de conf pour ceux qui désireraient se pencher sur
le problème.
FICHIERS DE CONF DU SERVEUR :
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
cat /etc/nsswitch.conf
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.
passwd: compat
group: compat
shadow: compat
hosts: files dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
cat /etc/default/nis
#
# /etc/defaults/nis Configuration settings for the NIS daemons.
#
# Are we a NIS server and if so what kind (values: false, slave, master)
NISSERVER=master
# Are we a NIS client (i.e. start ypbind?)
NISCLIENT=false
# Location of the master NIS password file (for yppasswdd).
# If you change this make sure it matches with /var/yp/Makefile.
YPPWDDIR=/etc
# Do we allow the user to use ypchsh and/or ypchfn ? The YPCHANGEOK
# fields are passed with -e to yppasswdd, see it's manpage.
# Possible values: "chsh", "chfn", "chsh,chfn"
YPCHANGEOK=chsh
# NIS master server. If this is configured on a slave server then ypinit
# will be run each time NIS is started.
NISMASTER=
# Additional options to be given to ypserv when it is started.
YPSERVARGS=
# Additional options to be given to ypbind when it is started.
YPBINDARGS=
# Additional options to be given to yppasswdd when it is started. Note
# that if -p is set then the YPPWDDIR above should be empty.
YPPASSWDDARGS=
# Additional options to be given to ypxfrd when it is started.
YPXFRDARGS=
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
cat /etc/ypserv.conf
#
# ypserv.conf In this file you can set certain options for the NIS server,
# and you can deny or restrict access to certain maps based
# on the originating host.
#
# See ypserv.conf(5) for a description of the syntax.
#
dns:no
# The following, when uncommented, will give you shadow like passwords.
# Note that it will not work if you have slave NIS servers in your
# network that do not run the same server as you.
# Host : Domain : Map : Security
#
# * : * : passwd.byname : port/mangle
# * : * : passwd.byuid : port/mangle
* : * : passwd.byname : port
* : * : passwd.byuid : port
# This is the default - restrict access to the shadow password file,
# allow access to all others.
* : * : shadow.byname : port
* : * : passwd.adjunct.byname : port
* : * : * : none
255.0.0.0 127.0.0.0
255.255.255.0 192.168.0.0
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
cat /var/yp/Makefile
#
# Makefile for the NIS databases
#
# This Makefile should only be run on the NIS master server of a domain.
# All updated maps will be pushed to all NIS slave servers listed in the
# /var/yp/ypservers file. Please make sure that the hostnames of all
# NIS servers in your domain are listed in /var/yp/ypservers.
#
# This Makefile can be modified to support more NIS maps if desired.
#
# Set the following variable to "-b" to have NIS servers use the domain
# name resolver for hosts not in the current domain. This is only needed,
# if you have SunOS slave YP server, which gets here maps from this
# server. The NYS YP server will ignore the YP_INTERDOMAIN key.
#B=-b
#B=
# If we have only one server, we don't have to push the maps to the
# slave servers (NOPUSH=true). If you have slave servers, change this
# to "NOPUSH=false" and put all hostnames of your slave servers in the file
# /var/yp/ypservers.
NOPUSH=true
# Specify any additional arguments to be supplied when invoking yppush.
# For example, the -port option may be used to allow operation with port
# based firewalls.
YPPUSHARGS=
# We do not put password entries with lower UIDs (the root and system
# entries) in the NIS password database, for security. MINUID is the
# lowest uid that will be included in the password maps. If you
# create shadow maps, the UserID for a shadow entry is taken from
# the passwd file. If no entry is found, this shadow entry is
# ignored.
# MINGID is the lowest gid that will be included in the group maps.
MINUID = 1000
MINGID = 1000
# Don't export this uid/guid (nfsnobody).
# Set to 0 if you want to
NFSNOBODYUID=65534
NFSNOBODYGID=65534
# Should we merge the passwd file with the shadow file ?
# MERGE_PASSWD=true|false
MERGE_PASSWD=false
# Should we merge the group file with the gshadow file ?
# MERGE_GROUP=true|false
MERGE_GROUP=false
# These are commands which this Makefile needs to properly rebuild the
# NIS databases. Don't change these unless you have a good reason.
AWK = /usr/bin/awk
MAKE = /usr/bin/make
UMASK = umask 066
#
# These are the source directories for the NIS files; normally
# that is /etc but you may want to move the source for the password
# and group files to (for example) /var/yp/ypfiles. The directory
# for passwd, group and shadow is defined by YPPWDDIR, the rest is
# taken from YPSRCDIR.
#
YPSRCDIR = /etc
YPPWDDIR = /etc
YPBINDIR = /usr/lib/yp
YPSBINDIR = /usr/sbin
YPDIR = /var/yp
YPMAPDIR = $(YPDIR)/$(DOMAIN)
# These are the files from which the NIS databases are built. You may edit
# these to taste in the event that you wish to keep your NIS source files
# seperate from your NIS server's actual configuration files.
#
GROUP = $(YPPWDDIR)/group
PASSWD = $(YPPWDDIR)/passwd
SHADOW = $(YPPWDDIR)/shadow
GSHADOW = $(YPPWDDIR)/gshadow
ADJUNCT = $(YPPWDDIR)/passwd.adjunct
#ALIASES = $(YPSRCDIR)/aliases # aliases could be in /etc or /etc/mail
ALIASES = /etc/aliases
ETHERS = $(YPSRCDIR)/ethers # ethernet addresses (for rarpd)
BOOTPARAMS = $(YPSRCDIR)/bootparams # for booting Sun boxes (bootparamd)
HOSTS = $(YPSRCDIR)/hosts
NETWORKS = $(YPSRCDIR)/networks
PRINTCAP = $(YPSRCDIR)/printcap
PROTOCOLS = $(YPSRCDIR)/protocols
PUBLICKEYS = $(YPSRCDIR)/publickey
RPC = $(YPSRCDIR)/rpc
SERVICES = $(YPSRCDIR)/services
NETGROUP = $(YPSRCDIR)/netgroup
NETID = $(YPSRCDIR)/netid
AMD_HOME = $(YPSRCDIR)/amd.home
AUTO_MASTER = $(YPSRCDIR)/auto.master
AUTO_HOME = $(YPSRCDIR)/auto.home
AUTO_LOCAL = $(YPSRCDIR)/auto.local
TIMEZONE = $(YPSRCDIR)/timezone
LOCALE = $(YPSRCDIR)/locale
NETMASKS = $(YPSRCDIR)/netmasks
YPSERVERS = $(YPDIR)/ypservers # List of all NIS servers for a domain
target: Makefile
@test ! -d $(LOCALDOMAIN) && mkdir $(LOCALDOMAIN) ; \
cd $(LOCALDOMAIN) ; \
$(NOPUSH) || $(MAKE) -f ../Makefile ypservers; \
$(MAKE) -f ../Makefile all
# If you don't want some of these maps built, feel free to comment
# them out from this list.
all: passwd group shadow
#ALL = passwd group hosts rpc services netid protocols netgrp
#ALL += publickey mail ethers bootparams printcap
#ALL += amd.home auto.master auto.home auto.local
#ALL += timezone locale networks netmasks
# Autodetect /etc/shadow if it's there
ifneq ($(wildcard $(SHADOW)),)
ALL += shadow
endif
# Autodetect /etc/passwd.adjunct if it's there
ifneq ($(wildcard $(ADJUNCT)),)
ALL += passwd.adjunct
endif
all: rpc
########################################################################
# #
# DON'T EDIT ANYTHING BELOW IF YOU DON'T KNOW WHAT YOU ARE DOING !!! #
# #
########################################################################
Pour la suite, je n'ai rien changé
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
cat /etc/hosts
127.0.0.1 localhost.localdomain localhost
192.168.0.4 clio.ecole clio
192.168.0.5 poste6.ecole poste6
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
cat /etc/exports
# /etc/exports: the access control list for filesystems which may be
exported
# to NFS clients. See exports(5).
/home/ *(rw)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
FICHIERS DE CONF DU POSTE CLIENT
cat /etc/fstab
# /etc/fstab: static file system information.
#
# <file system> <mount point> <type> <options> <dump> <pass>
proc /proc proc defaults 0 0
/dev/hda2 / ext3 defaults,errors=remount-ro 0 1
/dev/hda3 none swap sw 0 0
/dev/hdc /media/cdrom0 iso9660 ro,user,noauto 0 0
/dev/fd0 /media/floppy0 auto rw,user,noauto 0 0
clio:/home /home nfs defaults 0 0
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
cat /etc/yp.conf
#
# yp.conf Configuration file for the ypbind process. You can define
# NIS servers manually here if they can't be found by
# broadcasting on the local net (which is the default).
#
# See the manual page of ypbind for the syntax of this file.
#
# IMPORTANT: For the "ypserver", use IP addresses, or make sure that
# the host is in /etc/hosts. This file is only interpreted
# once, and if DNS isn't reachable yet the ypserver cannot
# be resolved and ypbind won't ever bind to the server.
domain ecole server clio
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
cat /etc/nsswitch.conf
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.
passwd: nis files
group: nis files
shadow: nis files
hosts: nis files dns
networks: nis files
protocols: db files nis
services: db files nis
ethers: db files nis
rpc: db files nis
netgroup: nis
Là j'ajoute que j'ai essayé files en premier et nis en deuxième ou
l'inverse : ça ne change rien.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Si quelqu'un trouve d'où vient le problème, il aura en récompense
toute ma considération et des remerciements sincères !! ;-)
Renaud
PS : je me suis servi des documents suivants pour la conf. :
http://www.lyre-mit-edu.lkams.kernel.org/~powell/debian-howto/nis.html
et
http://www.funix.org/fr/linux/nis.htm
Plus d'informations sur la liste de diffusion Sequanux-ml