Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1401046
Summary: | No users visible, if passwd, group entrees in /etc/nsswitch.conf changed from files to compat | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Mota Kardeh <mkardeh> | ||||
Component: | glibc | Assignee: | Florian Weimer <fweimer> | ||||
Status: | CLOSED DUPLICATE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
Severity: | medium | Docs Contact: | |||||
Priority: | unspecified | ||||||
Version: | 25 | CC: | arjun.is, codonell, dj, fdanapfe, fweimer, jakub, law, mfabian, mkardeh, pfrankli, siddhesh | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | x86_64 | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | If docs needed, set a value | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2017-03-07 16:02:41 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Mota Kardeh
2016-12-02 15:52:41 UTC
(In reply to Mota Kardeh from comment #0) > After change the following lines in /etc/nsswitch.conf from files to compat : > passwd: compat sss > shadow: files sss > group: compat sss Please provide your full /etc/nsswitch.conf. > It would be great to help, could you please take a look? Where did you get the instructions regarding how to change /etc/nsswitch.conf? Created attachment 1256858 [details]
/etc/nsswitch.conf of fedora25
(In reply to Carlos O'Donell from comment #1) > (In reply to Mota Kardeh from comment #0) > > After change the following lines in /etc/nsswitch.conf from files to compat : > > passwd: compat sss > > shadow: files sss > > group: compat sss > > Please provide your full /etc/nsswitch.conf. The only difference in /etc/nsswitch.conf are the lines as I mentioned above: --------------------------------------------- passwd: compat sss shadow: files sss group: compat sss --------------------------------------------- I attached the /etc/nsswitch.conf of fedora25 to the bug. > > > It would be great to help, could you please take a look? > > Where did you get the instructions regarding how to change > /etc/nsswitch.conf? Our SAP colleague has changed the mentioned lines in the /etc/nsswitch.conf for some testing in NIS env. We had a similar issues before, please check the Bug 193226 and Bug 192072. https://bugzilla.redhat.com/show_bug.cgi?id=193226 https://bugzilla.redhat.com/show_bug.cgi?id=192072 Thanks and best regards, Mota (In reply to Mota Kardeh from comment #3) > (In reply to Carlos O'Donell from comment #1) > > (In reply to Mota Kardeh from comment #0) > > > After change the following lines in /etc/nsswitch.conf from files to compat : > > > passwd: compat sss > > > shadow: files sss > > > group: compat sss > > > > Please provide your full /etc/nsswitch.conf. > > The only difference in /etc/nsswitch.conf are the lines as I mentioned above: > > --------------------------------------------- > passwd: compat sss > shadow: files sss > group: compat sss > --------------------------------------------- > > I attached the /etc/nsswitch.conf of fedora25 to the bug. OK. > Our SAP colleague has changed the mentioned lines in the /etc/nsswitch.conf > for some testing in NIS env. Have you gone through basic validation that the NIS environment works? Is it actually a NIS+ environment? The 'compat' NSS service will fetch data from NIS by default, which is how you have it configured. > We had a similar issues before, please check the Bug 193226 and Bug 192072. > https://bugzilla.redhat.com/show_bug.cgi?id=193226 > https://bugzilla.redhat.com/show_bug.cgi?id=192072 Do you see your problems at boot, before NIS comes up, or after boot also? (In reply to Carlos O'Donell from comment #4) > (In reply to Mota Kardeh from comment #3) > > (In reply to Carlos O'Donell from comment #1) > > > (In reply to Mota Kardeh from comment #0) > > > > After change the following lines in /etc/nsswitch.conf from files to compat : > > > > passwd: compat sss > > > > shadow: files sss > > > > group: compat sss > > > > > > Please provide your full /etc/nsswitch.conf. > > > > The only difference in /etc/nsswitch.conf are the lines as I mentioned above: > > > > --------------------------------------------- > > passwd: compat sss > > shadow: files sss > > group: compat sss > > --------------------------------------------- > > > > I attached the /etc/nsswitch.conf of fedora25 to the bug. > > OK. > > > Our SAP colleague has changed the mentioned lines in the /etc/nsswitch.conf > > for some testing in NIS env. > > Have you gone through basic validation that the NIS environment works? Is it > actually a NIS+ environment? I see in the '/etc/nsswitch.conf': publickey: nisplus aliases: files nisplus Should I change something in the /etc/nsswitch.conf, if you are in opinion, this is a nisplus environment? > > The 'compat' NSS service will fetch data from NIS by default, which is how > you have it configured. > > > We had a similar issues before, please check the Bug 193226 and Bug 192072. > > https://bugzilla.redhat.com/show_bug.cgi?id=193226 > > https://bugzilla.redhat.com/show_bug.cgi?id=192072 > > Do you see your problems at boot, before NIS comes up, or after boot also? I see the problem immediately after change the mentioned lines, don't need to reboot. (In reply to Mota Kardeh from comment #5) > > Do you see your problems at boot, before NIS comes up, or after boot also? > > I see the problem immediately after change the mentioned lines, don't need > to reboot. When you change the NSS passwd service database to use `compat` that _immediately_ starts requesting results from NIS. If you don't have a NIS service setup then you will have no users visible. Did you configure NIS on this system? (In reply to Carlos O'Donell from comment #6) > (In reply to Mota Kardeh from comment #5) > > > Do you see your problems at boot, before NIS comes up, or after boot also? > > > > I see the problem immediately after change the mentioned lines, don't need > > to reboot. > > When you change the NSS passwd service database to use `compat` that > _immediately_ starts requesting results from NIS. If you don't have a NIS > service setup then you will have no users visible. > > Did you configure NIS on this system? Yes, we have implemented a shell script and during run the script on the system, NIS is configured. But I mean changing the lines passwd and group from to "compat" should be nevertheless take care, that the users to be found in the system. Again, I run the same steps on Fedora24, and didn't get any issue there. Thanks and best regards, Mota (In reply to Mota Kardeh from comment #7) > > Did you configure NIS on this system? > > Yes, we have implemented a shell script and during run the script on the > system, NIS is configured. > > But I mean changing the lines passwd and group from to "compat" should be > nevertheless take care, that the users to be found in the system. That depends to some degree on the kind of data supplied by the NIS user. Could you capture NIS packets in some way (perhaps using “strace -s 8000” or “tcpdump -s 0”) when running “getent passwd root”? This data can contain confidential information, so feel free to send it directly to me by email. (In reply to Florian Weimer from comment #9) > (In reply to Mota Kardeh from comment #7) > > > Did you configure NIS on this system? > > > > Yes, we have implemented a shell script and during run the script on the > > system, NIS is configured. > > > > But I mean changing the lines passwd and group from to "compat" should be > > nevertheless take care, that the users to be found in the system. > > That depends to some degree on the kind of data supplied by the NIS user. > > Could you capture NIS packets in some way (perhaps using “strace -s 8000” or > “tcpdump -s 0”) when running “getent passwd root”? This data can contain > confidential information, so feel free to send it directly to me by email. Florian, thanks for that. I sent you a couple of minutes ago "strace" output by mail. "tcpdump -s 0", is doesn't work, when I change the mentioned lines in /etc/nsswitch.conf to compat sss, and I get the following output: [root@localhost ~]# tcpdump -s 0 -x >/home/mota/tcpdump.txt tcpdump: Couldn't find user 'tcpdump' Thanks and best regards, Mota Hi Florian, good news and very interesting result: I installed nss_nis package on the Fedora25 system: [root@localhost etc]# rpm -qa | grep nss_nis nss_nis-2.24-4.fc25.x86_64 and then afterwards I changed the mentioned lines under /etc/nsswitch from 'files' to 'compat' and run the "getent passwd root": [root@localhost etc]# getent passwd root root:x:0:0:root:/root:/bin/bash It works !:-) *** This bug has been marked as a duplicate of bug 1400538 *** |