RE: Help diagnosing NIS breakage ?

From: Robin P. Blanchard <Robin.Blanchard_at_gactr.uga.edu>
Date: Wed, 9 Jul 2003 08:31:03 -0400
Hey John --

Interesting new development...
As I was beginning to setup a shell account for whomever to use to help in
diagnosing this:

# whoami 
root
# id robin
id: robin: no such user
# su - fbsd5
$ whoami
fbsd5
$ id robin
uid=20292(robin) gid=30028(NSS) groups=30028(NSS), 30000(gactr), 30026(ITS)

!?!?!

This is a 'broken' test box with sources as of late yesterday afternoon. If
you'd like you can ssh in as fbsd5 with passwd fbsd5devel.

Still plugging away....



> -----Original Message-----
> From: John De Boskey [mailto:jwd_at_bsdwins.com] 
> Sent: Wednesday, July 09, 2003 8:22 AM
> To: Robin P. Blanchard
> Cc: Jacques A. Vidrine
> Subject: Re: Help diagnosing NIS breakage ?
> 
> 
> ----- Robin P. Blanchard's Original Message -----
> > Given the lack of response on this, I fortunately was able to 
> > 'downgrade' back to sources dated 08 june 2003. Low and behold, NIS 
> > users again work.
> 
> Can you build with a testbox new sources (binary search) 
> until you can locate the cutover point between where it works 
> and where it doesn't?
> 
> > There is undoubtedly something awry in the the latest sources, as I 
> > can systematically recreate a 'broken' system. I will 
> gladly provide 
> > shell access to developers who wish to look into this. It would be 
> > nice to be able to stay current on -CURRENT (heh).
> 
> You are not being ignored. I started writing a small test 
> program to help trace down your problem and immediately ran 
> into an errno return problem. 
> 
> The following program shows the 1st basic problem (remove all 
> NIS usage from your box). Run with a valid user and no error 
> is produced. Run with an invalid user and an invalid error is 
> produced.
> 
> #include <sys/types.h>
> #include <pwd.h>
> #include <errno.h>
> #include <stdio.h>
> 
> int
> main(int argc, char **argv)
> {
>    struct passwd *pw;
>    char *nam;
> 
>    nam = argc == 2 ? argv[1] : "nobody";
> 
>    pw = getpwnam(nam);
>    if (!pw)
>       perror("getpwnam");
> 
>    return(0);
> }
> 
> 
> If you want to see this debugged faster, something I 
> recommend you do is rebuild with debug libraries and trace 
> the get* functions to see where they are failing. 
> 
> Please file a PR so this problem is not lost since it is 
> nolonger a pressure point for you.
> 
> Thanks,
> John
> 
> > Thanks.
> > 
> > > 
> > > > ----- Robin P. Blanchard's Original Message -----
> > > > > 
> > > > > Still pulling my hair out on this one...Updated to latest
> > > > kern/world
> > > > > this morning and NIS users are no longer working.
> > > > 
> > > > What -`date` version were you running where things 
> worked before 
> > > > you did the 1st upgrade?
> > > > 
> > > > Can you provide the contents of your /etc/group, 
> /etc/passwd (just 
> > > > the last two lines of each), and /etc/nsswitch.conf files?
> > > > 
> > > > Your demonstration below indicates that NIS is 
> correctly setup and 
> > > > running, but that it is not correctly configured in for system 
> > > > usage.
> > > > 
> > > > While I realize it doesn't help you, I am running the 
> latest NIS 
> > > > code in a cluster and it works fine (FreeBSD 4.8 
> server, various 
> > > > clients).
> > > 
> > > OK... Nsswitch.conf exists on neither machine here. I setup a
> > > test nsswitch.conf on the broken NIS box to use NIS but it 
> > > didn't help at all.
> > > 
> > > 1)
> > > On FreeBSD 5.1-CURRENT #0: Tue Jun 17 10:28:52 EDT 2003:
> > > # ypcat passwd |fgrep robin
> > > robin:OeIS3xdIRAiQs:20292:30028::/home/robin:/bin/bash
> > > # finger robin
> > > Login: robin                            Name: 
> > > Directory: /home/robin                  Shell: /bin/bash
> > > Never logged in.
> > > No Mail.
> > > No Plan.
> > > # id robin
> > > uid=20292(robin) gid=30028(NSS) groups=30028(NSS), 
> > > 30000(gactr), 30026(ITS) # tail -2 /etc/passwd 
> > > nobody:*:65534:65534:Unprivileged user:/nonexistent:/sbin/nologin
> > > +:*:::::
> > > # tail -2 /etc/passwd
> > > nobody:*:65534:65534:Unprivileged user:/nonexistent:/sbin/nologin
> > > +:*:::::
> > > # tail -2 /etc/group
> > > nobody:*:65534:
> > > +:*:0:
> > > 
> > > 
> > > 2)
> > > On FreeBSD 5.1-CURRENT #0: Mon Jul  7 11:33:56 EDT 2003
> > > # ypcat passwd |fgrep robin
> > > robin:OeIS3xdIRAiQs:20292:30028::/home/robin:/bin/bash
> > > # finger robin
> > > Login: robin                            Name: 
> > > Directory: /home/robin                  Shell: /bin/bash
> > > Last login Mon Jul  7 07:47 (EDT) on ttyp0 from 10.2.2.10
> > > No Mail.
> > > No Plan.
> > > # id robin
> > > id: robin: no such user
> > > # tail -2 /etc/passwd 
> > > nobody:*:65534:65534:Unprivileged user:/nonexistent:/sbin/nologin
> > > +:*:::::
> > > #
> > > # tail -2 /etc/group
> > > nobody:*:65534:
> > > +:*:0:
> > > 
> > > And here's something else interesting on this 'broken' NIS box:
> > > 
> > > # ls -ald .
> > > drwx--x--x  4 20292  NSS  4.0K Jun 13 13:34 ./
> > > 
> > > So (via NIS) GID translation is working but not UID 
> translation....
> > > 
> > > Look forward to getting this solved...
> > > 
> > > 
> > > > 
> > > > -john
> > > > 
> > > > > Demonstration:
> > > > > 
> > > > > # ypcat passwd |fgrep robin 
> > > > > robin:OeIS3xdIRAiQs:20292:30028::/home/robin:/bin/bash
> > > > > # ypcat group |fgrep robin
> > > > > 
> > > > 
> > > 
> gactr::30000:holmesr,wrighta,prestonh,reagind,gankol,cafieroj,cahoon
> > > b,
> > > > > pettigr
> > > > > m,brantlek,thumat,dosterc,nate,robin,charles
> > > > > ITS::30026:dosterc,nate,robin,charles
> > > > > NSS::30028:dosterc,nate,robin,charles,test
> > > > > # ps ax |fgrep ypbind
> > > > > 79910  ??  Ss     0:00.03 ypbind
> > > > > # ypwhich
> > > > > GCDC2.gc.nat
> > > > > # finger robin
> > > > > Login: robin                            Name: 
> > > > > Directory: /home/robin                  Shell: /bin/bash
> > > > > Last login Mon Jul  7 07:47 (EDT) on ttyp0 from 10.2.2.10 No 
> > > > > Mail. No Plan.
> > > > > 
> > > > > So NIS is 'working'...But:
> > > > > # id robin
> > > > > id: robin: no such user
> > > > > 
> > > > > And as a result, he (I) cannot login.
> > > > > 
> > > > > # su - robin ; tail -1 /var/log/auth.log
> > > > > 
> > > > > su: Sorry
> > > > > Jul  7 13:59:29 ftp su: pam_acct_mgmt: error in service module
> > > > > 
> > > > > There's a truss and a ktrace (of the id command) 
> available at: 
> > > > > ftp://ftp.gactr.uga.edu/incoming/id.tar.gz
> > > > > 
> > > > > Thanks in advance.
> > > > 
> > > 
> 
> -- 
> --
> As said by Napolean Bonaparte:
> "Never ascribe to malice, that which is adequately explained 
> by incompetence"
> 
> After being embraced by MS:
> 
> "When accused of malice, always hide behind incompetence".
>
Received on Wed Jul 09 2003 - 03:31:05 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:14 UTC