“ypcat” 和“ypmatch用户名密码” 服务器更改后不同意
我正在尝试使用 NIS 在许多机器上进行身份验证。 我必须更改 NIS 服务器上用户帐户的用户 ID 号之一(我将 username 的 userid 从 500 更改为 509,以避免与 NIS 服务器上 ID 为 500 的本地用户帐户发生冲突。客户)。 问题是客户端没有正确更新。
特别是,如果我这样做 ypcat passwd | grep username,我得到最新信息:
username:*hidden*:509:509:User Name:/home/username:/bin/bash
但是如果我这样做,ypmatch username passwd,它说:
username:*hidden*:500:500:User Name:/home/username:/bin/bash
这意味着当用户登录到其中一个客户端时,它有错误的用户 ID,这会导致各种问题。 我已经在服务器上完成了“cd /var/yp; make”,并在客户端上完成了“service ypbind restart”,但这并没有解决问题。 有谁知道什么会导致这种情况以及我如何以某种方式强制客户端刷新? (我在客户端和服务器上运行 Fedora 8)。
I'm trying to use NIS for authentication on a st of machines. I had to change one of the user ID numbers for a user account on the NIS server (I changed the userid for username from 500 to 509 to avoid a conflict with a local user account with id 500 on the clients). The problem is that it has not updated properly on the client.
In particular, if I do ypcat passwd | grep username, I get the up-to-date info:
username:*hidden*:509:509:User Name:/home/username:/bin/bash
But if I do, ypmatch username passwd, it says:
username:*hidden*:500:500:User Name:/home/username:/bin/bash
This means that when the user logs onto one of the clients, it has the wrong userid, which causes all sorts of problems. I've done "cd /var/yp; make" on the server, and "service ypbind restart" on the client, but that hasn't fixed the problem. Does anybody know what would be causing this and how I can somehow force a refresh on the client? (I'm running Fedora 8 on both client and server).
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(5)
遇到同样的问题 - RHEL 5.5。 更改(任何)源映射,然后运行 make。 ypcat 显示更改的信息,ypmatch 不显示。 任何需要实际使用新地图的操作都会失败。 根据上一篇文章,重新启动 ypserv 就可以了。 经过几天的测试、运行 strace 等,我发现 ypserv 有一个由 /etc/ypserv.conf 中的“file:”条目控制的“文件句柄缓存”——默认值为 30。将其更改为 0 并一切都按照制作进行。
不应该这样做 --- 根据 ypserv.conf 的手册页...
“ypserv 1.1 和 ypserv 1.2 之间有一个很大的变化。从版本 1.2 开始,文件句柄被缓存。这意味着您必须调用 makedbm如果您创建新映射,请始终使用 -c 选项。请确保您使用的是 ypserv 1.2 或更高版本中的新 /var/yp/Makefile,或者如果您不这样做,则将 -c 标志添加到 makedbm 中。也就是说,ypserv 将继续使用旧地图,而不是更新后的地图。”
makefile确实使用“makedbm -c”,但 ypserv 仍然使用旧的(缓存的)映射。
答案:不要缓存文件句柄,例如在 ypserv.conf 中设置“files: 0”
Encountered same problem - RHEL 5.5. Change (any) source map, then run make. ypcat shows the changed info, ypmatch does not. Anything that needs to actually --use-- the new map fails. As per last post, restarting ypserv makes all OK. After days of testing, running strace, etc. I found that ypserv has a "file handle cache" controlled by the "file:" entry in /etc/ypserv.conf --- the default value is 30. Change this to 0 and everything works following the make.
Shouldn't have to do this --- Per the manpage for ypserv.conf...
"There was one big change between ypserv 1.1 and ypserv 1.2. Since version 1.2, the file handles are cached. This means you have to call makedbm always with the -c option if you create new maps. Make sure, you are using the new /var/yp/Makefile from ypserv 1.2 or later, or add the -c flag to makedbm in the Makefile. If you don't do that, ypserv will continue to use the old maps, and not the updated one."
The makefile DOES use "makedbm -c", but still ypserv uses the old (cached) map.
Answer: Don't cache the file handles, e.g. set "files: 0" in ypserv.conf
约翰·O 为我指明了正确的方向。
他是对的。 如果您在 /etc/ypserv.conf 中设置“files: 0”,则可以让 ypserv 不缓存文件。 如果每次 make 后都必须重新启动 ypserv,这就是问题所在。
真正的解决方案是在 /var/log/messages 中查找此错误:
makedbm -c 意思是:将 YPPROC_CLEAR 发送到本地 ypserv。 日志中的错误消息意味着 CLEAR 消息被拒绝。 您需要将 127.0.0.1 添加到 /var/yp/securenets。
John O pointed me in the right direction.
He is right. If you set "files: 0" in /etc/ypserv.conf, you can get ypserv to not cache files. If you have to restart ypserv after each make, this is the problem.
The real solution is to look in /var/log/messages for this error:
makedbm -c means: send YPPROC_CLEAR to the local ypserv. The error message in the log means that CLEAR message is getting denied. You need to add 127.0.0.1 to /var/yp/securenets.
好的,我发现了问题,我还必须重新启动服务器上的 NIS 服务以使其刷新所有内容(
“service ypserv restart”)OK, I found the problem, I also had to restart the NIS service on the server to get it to refresh everything (
"service ypserv restart")嗯,您不必重新启动 ypserver 即可使更新生效; /var/yp 中的 make 应该可以解决问题。 您可能需要检查 /var/yp 中的 Makefile 以确保它在正确的条件下触发(即 passwd.by* 应该以某种方式检查 /etc/passwd 上的时间戳,而不是其当前表。该过程用于在我运行的 NIS 服务器上执行 passwd.time 规则(早在黑暗时代)。 终止并重新启动 nis 服务器可能会对(尤其是非 Linux)客户端产生奇怪的影响,因此无论愿意与否,都要小心。
hmm, you're not supposed to have to restart the ypserver to have updates take effect; the make in /var/yp ought to do the trick. you might want to check the Makefile in /var/yp to be sure it's triggering on the right conditions (namely, passwd.by* should check the timestamp on /etc/passwd in some fashion, versus its current table. the process used to go through a passwd.time rule on the NIS server i ran, back in the dark ages). killing and restarting your nis server can have funky effects on (particularly non-linux) clients, so be careful doing it willy-nilly.
这是因为 nscd 守护进程。
在 /etc/nscd.conf 中将 passwd 会话的生存时间值设置为 60。 会起作用的
it is because of the nscd daemon.
set the time to live value to 60 in /etc/nscd.conf for passwd session. It will work