nobody user/group with NIS/NFS

Question

Software overview

Machine A(NIS server): CentOS 6.2

Machine B:(NFS server) CentoS 6.2

Client machines: OpenSuse 12.3, CentOS 6.4 and CentOS 5.6

Introduction and setup

Machine A is an NIS server which serves a group of client machines. Home directories, as defined by the NIS mapping, come from an NFS server (machine B) are mounted automatically on login.

Machine B is an NFS server which authenticates using NIS.

When I log in to a client machine I can read/write to my home directory and all files therein are

alex users

in terms of permission. The same is true when I log into the NFS server.

HOWEVER when I log into the NIS server, my home directory mounts, I can write files to it, but all files appear as

nobody nobody

for permission. Despite this whoami yeilds alex

Test: Creating files on the NIS server in the /home/alex directory

If I create a file in my home directory while logged in to the NIS server

touch /home/alex/testfile 
ls -l testfile # on server

-rw-r--r--. 1 nobody nobody 0 Mar 19 14:21 testfile

but if I run ls -l on a client machine I get

ls -l testfile # on client machine
-rw-r--r--. 1 alex users 0 Mar 19 14:21 testfile

So clearly the file is being created as the correct user and permissions are being respected on the NIS server. Other than displaying my files as nobody nobody everything appears fine, but I'm worried this may be a symptom of something more serious.

Test: ypcat commands

When logged in to the NIS server I can run

ypcat passwd

and get output.

However ypcat shadow yields

 No such map shadow. Reason: Internal NIS error

But I would have thought this was because I have

MERGE_PASSWD=true

Set in my /var/yp/Makefile

Unwanted password redundancy

As a final weird twist - for some users, they're able to log in via NIS using old passwords which should no longer work. I have no idea how this would happen because there's only a single entry per user in the /etc/passwd and /etc/shadow? This may be an unrelated issue, or may provide useful information.

are you sure that you run rpc.idmapd on the servers? – kofemann Mar 20 '14 at 14:39 — kofemann, Mar 20 '14 at 14:39
rpc.idmapd is running everywhere – Alex Mar 20 '14 at 18:21 — Alex, Mar 20 '14 at 18:21

score 1 · Accepted Answer · answered Mar 26 '14 at 18:36

1

I guess that you are mounting nfsv3 on client machines and nfsv4 on Machine B (nis server)

If you are using autofs to mount home directories add the -nfsvers=3 option at Machine B

answered Mar 26 '14 at 18:36

Gustavo Berman

271
1
4

score 1 · Answer 2 · answered Mar 27 '14 at 15:59

Gustavo's answer was basically correct, but I thought I'd add some detail her rather than as a comment

I'm mounted as nsf4 everywhere, but for some reason nsf4 isn't working on the NIS server.

Adding defaultvers=3,nfsvers=3 to the mountline in auto.master followed by service such that my auto.master file looks like this

#
# Sample auto.master file
# This is an automounter map and it has the following format
# key [ -mount-options-separated-by-comma ] location
# For details of the format look at autofs(5).
#
/misc   /etc/auto.misc
#
# NOTE: mounts done from a hosts map will be mounted with the
#       "nosuid" and "nodev" options unless the "suid" and "dev"
#       options are explicitly given.
#
/net    -hosts
#
# Include central master map if it can be found using
# nsswitch sources.
#
# Note that if there are entries for /net or /misc (as
# above) in the included master map any keys that are the
# same will not be seen as the first read key seen takes
# precedence.
#
+auto.master
/home   yp:auto.home    -rw,hard,bg,rsize=32768,wsize=32768,defaultvers=3,nfsvers=3

Followed by an autofs restart

service autofs restart

Got things up and running.

One random issue - I'd physically logged in to the machine in our data center but not logged out, so the administrator user /home directory failed to be remounted even after a restart, which caused some confusion.

nobody user/group with NIS/NFS

2 Answers2