“ypcat”和“ypmatch username passwd”在服务器上更改后不同意

时间:2022-06-25 08:35:52

I'm trying to use NIS for authentication on a st of machines. I had to change one of the user ID numbers for a user account on the NIS server (I changed the userid for username from 500 to 509 to avoid a conflict with a local user account with id 500 on the clients). The problem is that it has not updated properly on the client.

我正在尝试使用NIS进行身份验证。我必须在NIS服务器上更改用户帐户的一个用户ID号(我将用户名的用户名从500更改为509,以避免与客户端上ID为500的本地用户帐户冲突)。问题是它没有在客户端上正确更新。

In particular, if I do ypcat passwd | grep username, I get the up-to-date info:

特别是,如果我做ypcat passwd | grep用户名,我得到最新的信息:

username:*hidden*:509:509:User Name:/home/username:/bin/bash

But if I do, ypmatch username passwd, it says:

但如果我这样做,ypmatch用户名密码,它说:

username:*hidden*:500:500:User Name:/home/username:/bin/bash

This means that when the user logs onto one of the clients, it has the wrong userid, which causes all sorts of problems. I've done "cd /var/yp; make" on the server, and "service ypbind restart" on the client, but that hasn't fixed the problem. Does anybody know what would be causing this and how I can somehow force a refresh on the client? (I'm running Fedora 8 on both client and server).

这意味着当用户登录到其中一个客户端时,它具有错误的用户标识,这会导致各种问题。我在服务器上完成了“cd / var / yp; make”,在客户端上完成了“service ypbind restart”,但这并没有解决问题。有谁知道会导致这种情况以及如何以某种方式强制刷新客户端? (我在客户端和服务器上运行Fedora 8)。

5 个解决方案

#1


6  

John O pointed me in the right direction.

约翰奥指出了我正确的方向。

He is right. If you set "files: 0" in /etc/ypserv.conf, you can get ypserv to not cache files. If you have to restart ypserv after each make, this is the problem.

他是对的。如果在/etc/ypserv.conf中设置“files:0”,则可以使ypserv不缓存文件。如果你必须在每次make后重启ypserv,这就是问题所在。

The real solution is to look in /var/log/messages for this error:

真正的解决方案是在/ var / log / messages中查找此错误:

ypserv[]: refused connect from 127.0.0.1 to procedure ypproc_clear (,;0)

makedbm -c means: send YPPROC_CLEAR to the local ypserv. The error message in the log means that CLEAR message is getting denied. You need to add 127.0.0.1 to /var/yp/securenets.

makedbm -c表示:将YPPROC_CLEAR发送到本地ypserv。日志中的错误消息表示CLEAR消息被拒绝。您需要将127.0.0.1添加到/ var / yp / securenets。

#2


2  

Encountered same problem - RHEL 5.5. Change (any) source map, then run make. ypcat shows the changed info, ypmatch does not. Anything that needs to actually --use-- the new map fails. As per last post, restarting ypserv makes all OK. After days of testing, running strace, etc. I found that ypserv has a "file handle cache" controlled by the "file:" entry in /etc/ypserv.conf --- the default value is 30. Change this to 0 and everything works following the make.

遇到同样的问题 - RHEL 5.5。更改(任何)源地图,然后运行make。 ypcat显示更改的信息,ypmatch没有。任何需要实际使用的东西 - 新地图都会失败。根据上一篇文章,重启ypserv使一切正常。经过几天的测试,运行strace等,我发现ypserv有一个“文件句柄缓存”,由/etc/ypserv.conf中的“file:”条目控制---默认值为30.将此更改为0并且一切都在制作之后。

Shouldn't have to do this --- Per the manpage for ypserv.conf...

不应该这样做 - 根据ypserv.conf的联机帮助页...

"There was one big change between ypserv 1.1 and ypserv 1.2. Since version 1.2, the file handles are cached. This means you have to call makedbm always with the -c option if you create new maps. Make sure, you are using the new /var/yp/Makefile from ypserv 1.2 or later, or add the -c flag to makedbm in the Makefile. If you don't do that, ypserv will continue to use the old maps, and not the updated one."

“ypserv 1.1和ypserv 1.2之间有一个很大的变化。从版本1.2开始,文件句柄被缓存。这意味着如果你创建新的地图,你必须使用-c选项调用makedbm。确保你正在使用新的来自ypserv 1.2或更高版本的/ var / yp / Makefile,或者在Makefile中将-c标志添加到makedbm。如果你不这样做,ypserv将继续使用旧的地图,而不是更新的地图。“

The makefile DOES use "makedbm -c", but still ypserv uses the old (cached) map.

makefile使用“makedbm -c”,但ypserv仍使用旧的(缓存)映射。

Answer: Don't cache the file handles, e.g. set "files: 0" in ypserv.conf

答:不要缓存文件句柄,例如在ypserv.conf中设置“files:0”

#3


1  

OK, I found the problem, I also had to restart the NIS service on the server to get it to refresh everything ("service ypserv restart")

好的,我发现了问题,我还必须重新启动服务器上的NIS服务才能让它刷新一切(“service ypserv restart”)

#4


0  

hmm, you're not supposed to have to restart the ypserver to have updates take effect; the make in /var/yp ought to do the trick. you might want to check the Makefile in /var/yp to be sure it's triggering on the right conditions (namely, passwd.by* should check the timestamp on /etc/passwd in some fashion, versus its current table. the process used to go through a passwd.time rule on the NIS server i ran, back in the dark ages). killing and restarting your nis server can have funky effects on (particularly non-linux) clients, so be careful doing it willy-nilly.

嗯,你不应该重新启动ypserver让更新生效; / var / yp中的make应该可以解决问题。你可能想检查/ var / yp中的Makefile以确保它在正确的条件下触发(即,passwd.by *应该以某种方式检查/ etc / passwd上的时间戳,而不是当前的表。在我运行的NIS服务器上查看passwd.time规则,回到黑暗时代。杀死并重新启动你的nis服务器可以对(特别是非Linux)客户端产生时髦的影响,所以要小心这样做吧。

#5


0  

it is because of the nscd daemon. set the time to live value to 60 in /etc/nscd.conf for passwd session. It will work

这是因为nscd守护进程。在/etc/nscd.conf中为passwd会话将生存时间值设置为60。它会工作

#1


6  

John O pointed me in the right direction.

约翰奥指出了我正确的方向。

He is right. If you set "files: 0" in /etc/ypserv.conf, you can get ypserv to not cache files. If you have to restart ypserv after each make, this is the problem.

他是对的。如果在/etc/ypserv.conf中设置“files:0”,则可以使ypserv不缓存文件。如果你必须在每次make后重启ypserv,这就是问题所在。

The real solution is to look in /var/log/messages for this error:

真正的解决方案是在/ var / log / messages中查找此错误:

ypserv[]: refused connect from 127.0.0.1 to procedure ypproc_clear (,;0)

makedbm -c means: send YPPROC_CLEAR to the local ypserv. The error message in the log means that CLEAR message is getting denied. You need to add 127.0.0.1 to /var/yp/securenets.

makedbm -c表示:将YPPROC_CLEAR发送到本地ypserv。日志中的错误消息表示CLEAR消息被拒绝。您需要将127.0.0.1添加到/ var / yp / securenets。

#2


2  

Encountered same problem - RHEL 5.5. Change (any) source map, then run make. ypcat shows the changed info, ypmatch does not. Anything that needs to actually --use-- the new map fails. As per last post, restarting ypserv makes all OK. After days of testing, running strace, etc. I found that ypserv has a "file handle cache" controlled by the "file:" entry in /etc/ypserv.conf --- the default value is 30. Change this to 0 and everything works following the make.

遇到同样的问题 - RHEL 5.5。更改(任何)源地图,然后运行make。 ypcat显示更改的信息,ypmatch没有。任何需要实际使用的东西 - 新地图都会失败。根据上一篇文章,重启ypserv使一切正常。经过几天的测试,运行strace等,我发现ypserv有一个“文件句柄缓存”,由/etc/ypserv.conf中的“file:”条目控制---默认值为30.将此更改为0并且一切都在制作之后。

Shouldn't have to do this --- Per the manpage for ypserv.conf...

不应该这样做 - 根据ypserv.conf的联机帮助页...

"There was one big change between ypserv 1.1 and ypserv 1.2. Since version 1.2, the file handles are cached. This means you have to call makedbm always with the -c option if you create new maps. Make sure, you are using the new /var/yp/Makefile from ypserv 1.2 or later, or add the -c flag to makedbm in the Makefile. If you don't do that, ypserv will continue to use the old maps, and not the updated one."

“ypserv 1.1和ypserv 1.2之间有一个很大的变化。从版本1.2开始,文件句柄被缓存。这意味着如果你创建新的地图,你必须使用-c选项调用makedbm。确保你正在使用新的来自ypserv 1.2或更高版本的/ var / yp / Makefile,或者在Makefile中将-c标志添加到makedbm。如果你不这样做,ypserv将继续使用旧的地图,而不是更新的地图。“

The makefile DOES use "makedbm -c", but still ypserv uses the old (cached) map.

makefile使用“makedbm -c”,但ypserv仍使用旧的(缓存)映射。

Answer: Don't cache the file handles, e.g. set "files: 0" in ypserv.conf

答:不要缓存文件句柄,例如在ypserv.conf中设置“files:0”

#3


1  

OK, I found the problem, I also had to restart the NIS service on the server to get it to refresh everything ("service ypserv restart")

好的,我发现了问题,我还必须重新启动服务器上的NIS服务才能让它刷新一切(“service ypserv restart”)

#4


0  

hmm, you're not supposed to have to restart the ypserver to have updates take effect; the make in /var/yp ought to do the trick. you might want to check the Makefile in /var/yp to be sure it's triggering on the right conditions (namely, passwd.by* should check the timestamp on /etc/passwd in some fashion, versus its current table. the process used to go through a passwd.time rule on the NIS server i ran, back in the dark ages). killing and restarting your nis server can have funky effects on (particularly non-linux) clients, so be careful doing it willy-nilly.

嗯,你不应该重新启动ypserver让更新生效; / var / yp中的make应该可以解决问题。你可能想检查/ var / yp中的Makefile以确保它在正确的条件下触发(即,passwd.by *应该以某种方式检查/ etc / passwd上的时间戳,而不是当前的表。在我运行的NIS服务器上查看passwd.time规则,回到黑暗时代。杀死并重新启动你的nis服务器可以对(特别是非Linux)客户端产生时髦的影响,所以要小心这样做吧。

#5


0  

it is because of the nscd daemon. set the time to live value to 60 in /etc/nscd.conf for passwd session. It will work

这是因为nscd守护进程。在/etc/nscd.conf中为passwd会话将生存时间值设置为60。它会工作