0

We had a NIS master server disaster and an outdated backup for it, but some slaves. I've been put in charge without any NIS knowledge so far except a few basics.

I've dumped every map via ypcat from an old slave, set up a SLES11 machine, added these files to /var/yp/ypfiles, pointed yast2 nis_server at it and set up the entire machinery, including two new machines as slaves - also SLES11.

I then took an older machine, pointed that at my new NIS-Server and tried auth. Once I found out you had to activate shadow passwords for some reasons - and the old maps were like 10+ years old without shadow passwords, auth worked so far.

However, netgroup did not work on another machine. ypcat netgroup gave me an empty line, ypcat netgroup.byhost no line at all, same for .byuser.

I've added +:::::: to the end of the empty /etc/netgroup without any difference. I've run make in /var/yp - no chance.

/etc/nsswitch from the server:

passwd:         compat
group:          compat nis

hosts:          files mdns4_minimal [NOTFOUND=return] dns
networks:       files dns

services:       files nis
protocols:      files
rpc:            files
ethers:         files
netmasks:       files
netgroup:       nis
publickey:      files

bootparams:     files
automount:      files
aliases:        files nis
shadow:         compat

/etc/nsswitch.conf from the test NIS client:

passwd:     files nis
shadow:     files nis
group:      files nis

hosts:      files nis dns

bootparams: files
ethers:     files
netmasks:   files
networks:   files
protocols:  files
rpc:        files
services:   files
netgroup:   files nis
publickey:  files
automount:  files
aliases:    files

So yeah, why does ypcat netgroup not return anything on the new server, but everything via an old slave?

1 Answers1

0

Okay, apparently SLES11 uses two source folders to generate its data. Partly the one you specifiy during the yast setup, and partly the ones in /etc. netgroup, along with other files, are being pulled from /etc. Files like passwd, group and shadow are not.

Thus the confusion of the empty netgroup. That's why adding +:::::: to /etc/netgroup had no effect, either.

To correct this behaviour, edit in /var/yp/Makefile

YPSRCDIR = /etc

to

YPSRCDIR = /foo/your/ypfiles)

Note: YPPWDDIR gets its source dir from some scripting. Copying that line to YPSRCDIR might be a cleaner solution.

Also, this solution is a bit dirty alltogether, since it is a restore from a broken NIS master without backup, only from ypcat slaveserver dumps and everything placed into a single folder on a different OS than before... I had to reconstruct the netgroup file entirely, using a far outdated version of it from a previous spontaneous copy of it I had made ages ago. Took me a few days due to the sheer length, even though Notepad++ helped me alot there.

Moral of the story: Proper Backups and checks on them are really REALLY important.