NIS+ issues - HP UX

This is a discussion on NIS+ issues - HP UX ; This concerns NIS+ running on HP-UX 11.00 machines. Three servers, "master", "rep1", "rep2" in the domain m.p.a.com. There seems to be a long standing issue with NIS+, possibly going back to 2002. Current situation: I now have all NIS+ processes ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: NIS+ issues

  1. NIS+ issues

    This concerns NIS+ running on HP-UX 11.00 machines.

    Three servers, "master", "rep1", "rep2" in the domain m.p.a.com. There seems
    to be a long standing issue with NIS+, possibly going back to 2002.

    Current situation:
    I now have all NIS+ processes starting on all 3 machines (I hope). However,
    most NIS+ commands, like niscat, hang with no response.
    /var/adm/syslog/syslog.log (on "master"):
    1) Sep 6 21:14:40 master nisd[11681]: NIS+ service started.
    2) Sep 6 21:14:40 master nisd[11681]: _svcauth_des: no public key for
    unix.rep1@m.p.a.com
    3) Sep 6 21:15:24 master nisd[11695]: NIS+ service started.
    4) Sep 6 21:15:24 master nisd[11695]: _svcauth_des: no public key for
    unix.rep1@m.p.a.com
    5) Sep 6 21:14:55 master nisd[11681]: _svcauth_des: no public key for
    unix.rep1@m.p.a.com
    6) Sep 6 21:16:20 master above message repeats 5781 times
    7) Sep 6 21:15:24 master syslog: rpc.nisd: cannot set credential cache
    size
    8) Sep 6 21:16:20 master above message repeats 3 times
    9) Sep 6 21:16:46 master nisd[11695]: _svcauth_des: no public key for
    unix.master@m.p.a.com

    My first concern is this: I have no idea what is in the NIS+ tables. I don't
    think the tables were generated from flat test files, as I can't find any
    appropriate files. I do know, for instance, that there are more accounts
    than are listed in /etc/passwd. I really need the data in NIS+. Jeopardizing
    my ability to get at the data is a last, desperate step.

    What should I avoid doing in order to keep the data accessible at some
    point? Will mucking with the credentials and keys (which seems to be the
    issue) screw me up?

    An additional piece of information: these servers were physically moved
    about 2 months ago, and have new IP addresses. However, I configured a spare
    port on each machine with the old IP addresses and have all 3 ports hooked
    to an switch that is not connected to anything else. This was done in
    attempt to get NIS+ working. Prior to doing this, niscat would time out with
    a "can't contact the servers" message. Now it hangs and never times out. I
    have noticed (netstat -i) there is a lot of traffic on these ports. A LOT of
    traffic.

    Also, there are sizeable log files on the two replicas. For instance:
    rep1[root]# ls -l
    -rw------- 1 root sys 78249985 Sep 6 11:11 rep1.log

    The first line in this log file is from October 2002, the last line from
    late December 2002. Doing a nislog is very painfull. It just keeps going and
    going...........

    How are these log files managed? Can I turn NIS+ down and just wack them? Or
    are they part of the process of keeping everything in sync?

    --

    =================================
    Douglas Caviness
    greenbriar.gundogs@adelphia.net



  2. Re: NIS+ issues

    Douglas Caviness wrote:
    > 1) Sep 6 21:14:40 master nisd[11681]: NIS+ service started.
    > 2) Sep 6 21:14:40 master nisd[11681]: _svcauth_des: no public key for
    > unix.rep1@m.p.a.com
    > 3) Sep 6 21:15:24 master nisd[11695]: NIS+ service started.
    > 4) Sep 6 21:15:24 master nisd[11695]: _svcauth_des: no public key for
    > unix.rep1@m.p.a.com
    > 5) Sep 6 21:14:55 master nisd[11681]: _svcauth_des: no public key for
    > unix.rep1@m.p.a.com
    > 6) Sep 6 21:16:20 master above message repeats 5781 times
    > 7) Sep 6 21:15:24 master syslog: rpc.nisd: cannot set credential cache
    > size
    > 8) Sep 6 21:16:20 master above message repeats 3 times
    > 9) Sep 6 21:16:46 master nisd[11695]: _svcauth_des: no public key for
    > unix.master@m.p.a.com


    I have no HP-UX system in hand to check with but if nisd there support
    security level 0. If this was Solaris system I would try to start nisd
    in security level 0 (nisd -s 0) and then try to dump the tables to
    text files with niscat and nistbladm. And work on the master server only.

    Sami

    --
    .signature: no such file or directory

+ Reply to Thread