NIS - "Could not read ypservers map" during "make"

ken at flyingtoasters.net ken at flyingtoasters.net
Wed Jun 18 09:22:36 EDT 2003 

> On Tue, 17 Jun 2003, at 5:45pm, ken at flyingtoasters.net wrote:
>>>  No.  My understanding is that ypbind is only run on NIS clients, no?
>>
>> No.  It's run on everything -- the server is, indeed, still a client
>
>   Okay, I'm definitely confused now.
>
>   Nothing I've seen anywhere says that NIS servers have to be NIS clients.
> Indeed, I've generally gotten the impression that, while it is quite
> possible to do that, it is also quite optional.

I didn't say it -had- to be a client; as a matter of fact, further down, I
said it didn't have to be.  HOWEVER, if you're getting a "can't bind to
domain", then I'm gonna bet on it.

>   References:
>
>   The Linux NIS-HOWTO, section 9.1, states "If you want to restrict access
> for users to your NIS server, you'll have to setup the NIS server as a
> client as well ...", which implies that such a configuration is optional.

See above.

>   My copy of "Managing NFS and NIS", by Hal Stern, page 23, says that the
> NIS master should not include the "+::::::" entry in the /etc/passwd file.
> On page 26, it states that NIS clients must have that entry.

Adding the "+" stuff to the passwd file does not make you a client;
executing ypbind (successfully) does.  The "+" stuff makes the client
_able_ to append NIS info to the passwd info; you can certainly leave that
off for thems who wish to restrict access.

>   I'm not saying you're wrong.  It is rather more likely I am
> misunderstanding something somewhere.  But I want to fix my understanding,
> as well as the computer.  :-)

NIS is confusing.  NIS+ is worse.  LDAP is even more fun.  My head still
aches with LDAP, and I even think I have it mostly under my belt.  But, as
Paul will attest, I still ask plenty o' newbie-central questions on the
OpenLDAP list.  Honestly, though: if I were starting from scratch, and had
to choose to learn one of the above (NIS, NIS+, LDAP), I'd probably go
with LDAP: it's more flexible, and allows for all sorts of password
synchronization and the like.  Handy.  On top of that, its failover (I'm
doing it via round-robin DNS) makes NIS' "failover" look like the joke it
is.

$.02 + S&H,

-Ken

More information about the gnhlug-discuss mailing list