NIS - "Could not read ypservers map" during "make"

pll at lanminds.com pll at lanminds.com
Wed Jun 18 11:11:05 EDT 2003


>>>>> On Wed, 18 Jun 2003, "ken" == ken at flyingtoasters.net wrote:

  +> My copy of "Managing NFS and NIS", by Hal Stern, page 23, says
  +> that the NIS master should not include the "+::::::" entry in the
  +> /etc/passwd file.  On page 26, it states that NIS clients must
  +> have that entry.

  ken> Adding the "+" stuff to the passwd file does not make you a
  ken> client; executing ypbind (successfully) does.  The "+" stuff
  ken> makes the client _able_ to append NIS info to the passwd info;
  ken> you can certainly leave that off for thems who wish to restrict
  ken> access.

The '+' stuff only works if you've set 'passwd', 'shadow', and/or
'groups' to "compat" in /etc/nsswitch.conf/

YP *Master* servers do not need to be clients, but you must configure 
it's /etc/nsswitch.conf file appropriately so that it looks in the 
correct places for things.  Actually, now that I think of it, you 
might need to bind a master to itself so that it can read the 
'ypservers' map in order to distribute the NIS maps to the slave 
servers.  Though, for some reason, I thought the NIS makefile took 
care of that by basically doing a "for in `cat ypservers`"
(It's been a long time since I've set up a yp master server :)

  ken> if I were starting from scratch, and had to choose to learn
  ken> one of the above (NIS, NIS+, LDAP), I'd probably go with LDAP:
  ken> it's more flexible, and allows for all sorts of password
  ken> synchronization and the like.  Handy.  On top of that, its
  ken> failover (I'm doing it via round-robin DNS) makes NIS'
  ken> "failover" look like the joke it is.

While I agree with this sentiment in general, I think I'd rather use 
NIS.  Despite how insecure and flawed it is, I'm finding LDAP to be a 
huge beast.  LDAP is as flexible as the X Window system is.  It is 
all things to all people at all times under any given condition.  As 
a result, trying to understand how to do one thing with LDAP, is not 
overly difficult, but trying to do several things with LDAP gets very 
confusing very quickly.  My impression is that if you don't set up 
LDAP from the very beginning to do everything you want it to, 
changing it's configuration after the fact is going to be extremely 
painful.

At least with NIS, it's a known quantity, it does one thing and it 
does it adequately.  If you have the luxury of existing in an all 
UNIX environment, NIS is the way to go if you have to (though, both 
Derek and I can make a *really* strong case for a distributed, 
flat-file based environment built upon rsync and ssh to over come the 
major problems with NIS :)

So, Ben, does this philisophical discussion in anyway help you fix 
your computer ;)
-- 

Seeya,
Paul
--
Key fingerprint = 1660 FECC 5D21 D286 F853  E808 BB07 9239 53F1 28EE

	It may look like I'm just sitting here doing nothing,
   but I'm really actively waiting for all my problems to go away.

	 If you're not having fun, you're not doing it right!





More information about the gnhlug-discuss mailing list