Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

How to disable NIS in Linux

1,751 views
Skip to first unread message

BBH

unread,
Nov 9, 2009, 5:34:48 PM11/9/09
to
Formerly, we have two computers A and B. A is set up as a NIS
server, while B is a client. Now, we want to switch A and B: A is a
client and B is a server.

First, I want to remove the NIS client in the B. However, after I
shutdown ypbind, use "setup" to remove the NIS authentication, it
didn't work. Say, when I use useradd to add a new account in B, it is
said "cannot create the account".

Could you give me some suggestions? Thanks you very much!

Chris Cox

unread,
Nov 9, 2009, 6:26:14 PM11/9/09
to

It's likely the evil nscd is the culprit. In general is may cause
more problems than it solves. It's designed to cache things like NIS
information data to prevent a myriad of constant lookups. But since
it remembers... it can get in the way when you actually make
a change.

See if the nscd process is running... try killing and then see
if you're able to do the rest.

Just a guess...


Nico Kadel-Garcia

unread,
Nov 9, 2009, 7:11:21 PM11/9/09
to
On Nov 9, 5:34 pm, BBH <jingquan...@gmail.com> wrote:
>     Formerly, we have two computers A and B. A is set up as a NIS
> server, while B is a client. Now, we want to switch A and B: A is a
> client and B is a server.

The normally correct way to do this is that A and B both look to A as
a server, and you switch to using B as a server for both systems. This
means that NIS is configured to only publish a range of addresses,
usually uid's from 500 on up, and lower uid's are not published.

>     First, I want to remove the NIS client in the B. However, after I
> shutdown ypbind, use "setup" to remove the NIS authentication, it
> didn't work. Say, when I use useradd to add a new account in B, it is
> said "cannot create the account".


Wait. Which "setup" command is this? Which Linux are you using? on
RHEL, it's system-config-authentication, or authconfig. (These
commands are linked in interesting ways to provide complex GUI's if
you're running an X server, and a text based interface if you're not.)

>    Could you give me some suggestions? Thanks you very much!

The command "ypwhich" will always inform you what your NIS server is
set to. The command "ypcat passwd" will inform you of what you're
publishing for the password file information, particularly usernames
and uid's. It's the existence of a previous account with the same
name, or of insufficient privileges on the NIS client, that normally
cause problems adding new user accounts.

NIS accounts should normally be added on the NIS server: the
information about this server is in /etc/yp.conf, and the selection of
password file, NIS, or LDAP for authenticaton is in /etc/
nsswitch.conf. Perhaps you could post the contents of those files so
we can give better hints?

BBH

unread,
Nov 9, 2009, 7:25:00 PM11/9/09
to
Thanks a lot!


1: Here is nsswitch.conf

-----------------------------------------------
passwd: files
shadow: files
group: files

#hosts: db files nisplus nis dns
hosts: files dns

bootparams: nisplus [NOTFOUND=return] files

ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files

netgroup: files

publickey: nisplus

automount: files
aliases: files nisplus

2: yp.conf
# /etc/yp.conf - ypbind configuration file
# Valid entries are
#
# domain NISDOMAIN server HOSTNAME
# Use server HOSTNAME for the domain NISDOMAIN.
#
# domain NISDOMAIN broadcast
# Use broadcast on the local net for domain NISDOMAIN
#
# domain NISDOMAIN slp
# Query local SLP server for ypserver supporting NISDOMAIN
#
# ypserver HOSTNAME
# Use server HOSTNAME for the local domain. The
# IP-address of server must be listed in /etc/hosts.
#
# broadcast
# If no server for the default domain is specified or
# none of them is rechable, try a broadcast call to
# find a server.
#
#domain tlab server 192.168.1.9

3: more /etc/sysconfig/network
NETWORKING_IPV6=yes
HOSTNAME=berkeley
NETWORKING=yes
NISDOMAIN=tlab

4: After I run useradd, I am told ""cannot create the directory".
However, in /etc/passwd, there are some accounts. But no such
directory in /home.

mytest1:!!:526:526::/home/mytest1:/bin/bash
mytest12:!!:527:527::/home/mytest12:/bin/bash
mytest4:!!:528:528::/home/mytest4:/bin/bash
mytest5:!!:529:529::/home/mytest5:/bin/bash
mytst:!!:530:530::/home/mytst:/bin/bash
mytest6:!!:531:531::/home/mytest6:/bin/bash
123:!!:532:532::/home/123:/bin/bash
1234:!!:533:533::/home/1234:/bin/bash


Nico Kadel-Garcia

unread,
Nov 9, 2009, 11:00:42 PM11/9/09
to

It looks you've disabled NIS. What does "ypwhich" say? And What
happens if you delete the account and attempt to re-add it? And is /
home perhaps NFS mounted, with root permissions disabled, which would
block "useradd" from creating accounts?

BBH

unread,
Nov 10, 2009, 1:04:44 PM11/10/09
to
Nico,

Thanks a lot first. /home is a folder in the local machine. I
tried both ypwhich and yptest. here is the output.

[root@berkeley etc]# ypwhich
ypwhich: Can't communicate with ypbind

[root@berkeley etc]# yptest
Test 1: domainname
Configured domainname is "tlab"

Test 2: ypbind
Can't communicate with ypbind

I also use "strace" to trace useradd, and it shows that useradd
sends a message to the NIS server instead of creating an account in
the local machine. Are there some commands that can be used to check
the NIS processes or daemons?

Thanks a lot!

0 new messages