Summary: Problems with NIS+

From: Bushman, Kevin (Bushman@comswsys.tinkernet.af.mil)
Date: Tue Oct 25 1994 - 02:13:39 CDT


Hello all,

I know that this summary is long overdue but I said in the interim summary
that I posted about 2 or 3 weeks ago that I was waiting on Sun to help with
my problem. Well, to make a long story short, I finally got the answer and
my system is fixed (it will be shortly, as soon as I get all of the pathches
installed).

To recap the problem, here is the interim summary that I posted:
(The real solution follows.)

 ------------------------------------ ORIGINAL SUMMARY
 -------------------------------------

My original question read:
Setup:
We are using a 690 as our NIS+ Server with several SS-10s and IPXs. They
are all running
Solaris 2.2 and all patches that I know about are installed, including
101022.

Problem:
Logging in. I can log in on some machines, but on others I cannot. I have
checked to make sure
that there is no local accont on the machines that I cannot log in on and
this is not the case.
Other users on my system don't seem to be having any problems at all no
matter which machine
they are using. This problem is just with certain accounts. Even on a
given machine, while I
cannot log in, somebody else can, even though neither of the accounts are on
the local machine.
This tells me that the machine must be using the NIS+ Server. Are my
assumptions correct or
am I overlooking something? Also, I have even tried reloading the client
software on the
offending machines to make sure that it is installed correctly with no
apparent change in the
operation.

I received only two responses. I was hoping for more as this was the first
question that I have
posted and didn't think that it would be that hard to find an answer. I
figured that it was probably
something that I was overlooking.

Anyway, I want to address the two responses that I did receive to possibly
explain why their
solutions did not fix my problem. Maybe further explanation will help
someone find an answer
for me.

First, Gene Loriot at Kodak suggested using ping to check to see what was
being communicated
when one of these loggins occurs. That seemed normal, so I checked with
niscat on the passwd
table on the NIS+ server. Sure enough, the account was there as it had to
be because I could
use the account from another machine. Also, the credentials were correct.
 I checked that by
using niscat on the credentials table on the NIS+ server.

Second, perryh (email account name, real name not given) suggested using
ypwhich on all
machines to see if the failures would correlate with the server bindings.
 Because we are using
NIS+, not NIS, ypwhich will not (and did not) work because ypbind is not
running. (ypbind is
used on NIS, not NIS+.)

So where do I go from here? I called SunSoft Technical for help. I
explained the problem to
them, and well, they are still working on it. I am not trying to say
anything bad about SunSoft
here. I wouldn't do that. They are wonderful people and have helped me on
several occasions.
I am just trying to find an answer to my problem and I thought all you
esteemed Sun Mangers
deserved me to be honest with you and tell you everything that I know about
my problem.

Basically though, what they told me is that they have never heard of this
problem before, and it
would take research to see what is really wrong with my systems. They did
tell me though that I
did not have the current version of the patches on my systems. I am in the
process of ftp'ing
those and will apply them once I get them. But what I do not understand from
this though is why
does some machines work okay while others don't (they all have the same
patches applied so
they are all basically the same configuration)?

Since it has been a couple of days since I asked the original question, I
thought that an update
posting on my problem would be prudent.

More to come as I get answers.

 ------------------------------------ NEW SUMMARY
 -------------------------------------

After I sent that posting in I received responses from the following
individuals:

SolTech Systems Corporation
1180 Sam Rittenberg Blvd.
Suite 310
Charleston, SC 29407
email: dave.brewer@soltech.com
URL: http://www.soltech.com

Mike Bennett
JumpStart Coordinator/Systems Manager
DST13
British Telecommunications
Martlesham Heath
Ipswich
Suffolk
England
IP4 3SP
mikebe@pass.bt.co.uk

Leslie Dreyer Kalra
AT&T
Allentown, PA
lbd@mhcnet.att.com

Tommy J Hill
thill@mmts.eds.com

perryh@pluto.rain.com (Perry Hutchison)

Susan M. Wilson
Computer Sciences Corp
CSC/PL/XPP Bldg 497
3550 Aberdeen Ave SE
Kirtland AFB, NM 87117-5776
e-mail wilsons@gurgle.plk.af.mil

I want to especially thank Mike Bennett from Suffolk, England, for his
input. He sent me detailed steps (all 5 pages of them) on how to fix my
problem. Unfortunately, the problem was not with the credentials tables as
so many have suggested.

So what was the problem? Well, after being passed to three different tech
reps at Sun, I finally got an answer. The guru that finally solved my
problem at Sun was Dan Villa. It seems that there is a problem with the
password aging with 2.2. I was told that there was a temporary patch
released for this but it is no longer available. While I was talking to him
on the phone, he just happened to remember that temporary patch and
suggested that I try turning off any password aging to see if that would
help. I tried it on a couple of accounts and it solved the problems for
those accounts so I continued with the rest of the accounts on my system.
 It seems that when the password expires on an account, the interface to
NIS+ is not, well, perfect, and it mucks up the system.

Moral of this story? Unless you can get the patch from somebody, don't use
password aging with 2.2 if you are running NIS+. For my system this won't
be a problem because we have decided to upgrade to 2.3 sometime in the next
couple of months.

Thanks to everyone who tried to help,

Kevin W. Bushman, TSgt, USAF
ACIMS System Administrator
Tinker AFB, OK 73145
Phone: 405-734-5625
E-Mail: bushman@comswsys.tinkernet.af.mil



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:09:13 CDT