"ypcat" and "ypmatch username passwd" don't agree after change on server

linux nis

13,454

Solution 1

John O pointed me in the right direction.

He is right. If you set "files: 0" in /etc/ypserv.conf, you can get ypserv to not cache files. If you have to restart ypserv after each make, this is the problem.

The real solution is to look in /var/log/messages for this error:

ypserv[]: refused connect from 127.0.0.1 to procedure ypproc_clear (,;0)

makedbm -c means: send YPPROC_CLEAR to the local ypserv. The error message in the log means that CLEAR message is getting denied. You need to add 127.0.0.1 to /var/yp/securenets.

Solution 2

Encountered same problem - RHEL 5.5. Change (any) source map, then run make. ypcat shows the changed info, ypmatch does not. Anything that needs to actually --use-- the new map fails. As per last post, restarting ypserv makes all OK. After days of testing, running strace, etc. I found that ypserv has a "file handle cache" controlled by the "file:" entry in /etc/ypserv.conf --- the default value is 30. Change this to 0 and everything works following the make.

Shouldn't have to do this --- Per the manpage for ypserv.conf...

"There was one big change between ypserv 1.1 and ypserv 1.2. Since version 1.2, the file handles are cached. This means you have to call makedbm always with the -c option if you create new maps. Make sure, you are using the new /var/yp/Makefile from ypserv 1.2 or later, or add the -c flag to makedbm in the Makefile. If you don't do that, ypserv will continue to use the old maps, and not the updated one."

The makefile DOES use "makedbm -c", but still ypserv uses the old (cached) map.

Answer: Don't cache the file handles, e.g. set "files: 0" in ypserv.conf

Solution 3

OK, I found the problem, I also had to restart the NIS service on the server to get it to refresh everything ("service ypserv restart")

13,454

Author by

Lorin Hochstein

Software engineer, often doing operations stuff. Once upon a time I was an academic. I work on the Delivery Engineering team at Netflix.

Updated on June 09, 2022

Comments

Lorin Hochstein about 2 years
I'm trying to use NIS for authentication on a st of machines. I had to change one of the user ID numbers for a user account on the NIS server (I changed the userid for username from 500 to 509 to avoid a conflict with a local user account with id 500 on the clients). The problem is that it has not updated properly on the client.

In particular, if I do ypcat passwd | grep username, I get the up-to-date info:
```
username:*hidden*:509:509:User Name:/home/username:/bin/bash
```
But if I do, ypmatch username passwd, it says:
```
username:*hidden*:500:500:User Name:/home/username:/bin/bash
```
This means that when the user logs onto one of the clients, it has the wrong userid, which causes all sorts of problems. I've done "cd /var/yp; make" on the server, and "service ypbind restart" on the client, but that hasn't fixed the problem. Does anybody know what would be causing this and how I can somehow force a refresh on the client? (I'm running Fedora 8 on both client and server).
Bradley Kreider over 11 years

check out my answer. Your answer was a godsend, but I figured out why makedbm -c doesn't work.
David Gardner almost 11 years

+1 You are a star -- I'd been wondering why restarting ypserv was required on some of our machines and not others.