Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

AD to NIS password synchronisation using SSOD not working

16 views
Skip to first unread message

Boardy

unread,
Apr 28, 2011, 7:30:11 PM4/28/11
to
Hi All

Due to an upgrade to Windows Server 2008 R2 Active Directory I was
forced to migrate my SSOD and NIS services from an older unsupported
Solaris server to a more recent (yet still elderly) Solaris 9 system.


I have tested the NIS functionality on the new Master server and I am
confident that NIS is 100% working as intended.


That is to say that I can update the source passwd file and make the
NIS maps (which are then pushed to the slave servers). Password
updates via yppasswd work flawlessly too.


My problem is that password updates from the SSOD process do not
work.


It looks to me that the SSOD does not update the source passwd file
but then goes on to remake the NIS maps and push them out to the
slave
servers.


I have trussed the process and the output shows that the SSOD process
does not open the source passwd file read-write, rather it opens it
read-only.


1233/1: open("/var/yp/etc/passwd", O_RDONLY) = 2
1366/1: open("/var/yp/etc/passwd", O_RDONLY) = 2
1368/1: open("/var/yp/etc/passwd", O_RDONLY) = 2
2359/1: open("/var/yp/etc/passwd", O_RDONLY) = 2
2493/1: open("/var/yp/etc/passwd", O_RDONLY) = 2
2677/1: open("/var/yp/etc/passwd", O_RDONLY) = 2


This looks like a bug to me but one which renders this particular
binary rather pointless.


If I look at the files themselves it is clear that the passwd file is
unchanged but the NIS maps are.


root@master # ls -l /var/yp/etc/passwd
-rwxrwxrwx 1 root other 40001 Apr 29 08:53 /var/yp/etc/
passwd
root@master # ls -l /var/yp/`domainname`/*passwd*
-rw------- 1 root other 4096 Apr 29 09:58 /var/yp/
meridianenergy.co.nz/passwd.byname.dir
-rw------- 1 root other 117760 Apr 29 09:58 /var/yp/
meridianenergy.co.nz/passwd.byname.pag
-rw------- 1 root other 4096 Apr 29 09:58 /var/yp/
meridianenergy.co.nz/passwd.byuid.dir
-rw------- 1 root other 121856 Apr 29 09:58 /var/yp/
meridianenergy.co.nz/passwd.byuid.pag


The ypxfer log from the slave shows that the updated maps are also
pushed out.


root@slave # tail ypxfr.log
Fri Apr 29 08:54:07: Transferred map passwd.byname from wlgux9 (2
entries).
Fri Apr 29 08:54:07: Transferred map passwd.byuid from wlgux9 (2
entries).
Fri Apr 29 09:32:01: Transferred map passwd.byname from wlgux9 (2
entries).
Fri Apr 29 09:32:01: Transferred map passwd.byuid from wlgux9 (2
entries).
Fri Apr 29 09:50:47: Transferred map passwd.byname from wlgux9 (2
entries).
Fri Apr 29 09:50:47: Transferred map passwd.byuid from wlgux9 (2
entries).
Fri Apr 29 09:56:14: Transferred map passwd.byname from wlgux9 (2
entries).
Fri Apr 29 09:56:15: Transferred map passwd.byuid from wlgux9 (2
entries).
Fri Apr 29 09:59:48: Transferred map passwd.byname from wlgux9 (2
entries).
Fri Apr 29 09:59:48: Transferred map passwd.byuid from wlgux9 (2
entries).


Here is my sso.conf file


root@master # egrep -v "^$|^#" /etc/sso.conf
ENCRYPT_KEY=<encrypt key >
PORT_NUMBER=6677
SYNC_USERS=all,-root
SYNC_HOSTS=(AD1) (AD2) (AD3) (AD4) (AD5)
USE_SHADOW=0
FILE_PATH=/var/yp/etc/passwd
USE_NIS=1
NIS_UPDATE_PATH=/var/yp/Makefile
TEMP_FILE_PATH=/var/yp/etc
CASE_IGNORE_NAME=1
IGNORE_PROPAGATION_ERRORS=1
SYNC_RETRIES=3
SYNC_DELAY=30


Any ideas what I'm doing or is going wrong?


Cheers

0 new messages