hostname resolution problem...

JOURDON Pierre-Antoine pierre-antoine.jourdon at airbus.com
Thu Oct 24 01:26:21 EST 2002 

Hello,

I'm sorry for my bad english... I'll try to be as clear as possible.
I have a network with a NIS+ server (Solaris 2.6) and Sun clients (Solaris
2.6 & 8). I try to integrate linux clients (Red Hat 7.2). You can see the
procedure i used at the end of this email. Firstly, everything seems OK :
the nisplus users can login in and access their home directories via autofs.
But a problem appeared with hostname resolution... and some other things :


o The first case : there is "hosts: files nisplus" in /etc/nsswitch.conf
(/etc/hosts includes only localhost and the nisplus server)

Firstly, from the host "linux1" I do a telnet on "linux2" : this is OK for
the first login. But if I try another telnet to this host, the error message
is "telnet: linux2: System error. linux2: Resolver internal error" and
telnet exit with error code 1. With ssh, it's ok for the first connexion,
but it is necessary to specify the "-4" option after the first login
otherwise the message is "ssh: linux2: System error"...
If I run keyserv in debug mode, there is the following output :

[Welcome to the Keyserver, version 1.4.1]
key_prog_2 [Connect from: 127.0.0.1:760, call proc 4]
key_gen_svc()
        key=45011f4a10755e10
key_prog_2 [Connect from: 0.0.0.0:0, call proc 6]
local uid: 0
key_encrypt_pk_svc()
        uid=0
        remotename=unix@<nisplus_server>.<domainname>.
        remotekey=500ef6d563c1f4fde00050486b0422adc84483ce6298d210
        DES key=45011f4a10755e10
        result=KEY_NOSECRET

# here I try to telnet linux2 for the first time (success) :

key_prog_2 [Connect from: 127.0.0.1:770, call proc 4]
key_gen_svc()
        key=7a7a54327f582c76
key_prog_2 [Connect from: 0.0.0.0:0, call proc 6]
local uid: 0
key_encrypt_pk_svc()
        uid=0
        remotename=unix@<nisplus_server>.<domainname>.
        remotekey=500ef6d563c1f4fde00050486b0422adc84483ce6298d210
        DES key=7a7a54327f582c76
        result=KEY_NOSECRET
key_prog_2 [Connect from: 127.0.0.1:780, call proc 4]
key_gen_svc()
        key=1a1a0b1338372032
key_prog_2 [Connect from: 0.0.0.0:0, call proc 6]
local uid: 0
key_encrypt_pk_svc()
        uid=0
        remotename=unix@<nisplus_server>.<domainname>.
        remotekey=500ef6d563c1f4fde00050486b0422adc84483ce6298d210
        DES key=1a1a0b1338372032
        result=KEY_NOSECRET

# here I try to reconnect to the same host (error) :

key_prog_2 [Connect from: 127.0.0.1:1046, call proc 4]
key_gen_svc()
        key=0e32704f622c087f
key_prog_2 [Connect from: 0.0.0.0:0, call proc 6]
local uid: 28
key_encrypt_pk_svc()
        uid=28
        remotename=unix@<nisplus_server>.<domainname>.
        remotekey=500ef6d563c1f4fde00050486b0422adc84483ce6298d210
        DES key=0e32704f622c087f
        result=KEY_NOSECRET
key_prog_2 [Connect from: 127.0.0.1:1046, call proc 4]
key_gen_svc()
        key=106204612567236b
key_prog_2 [Connect from: 0.0.0.0:0, call proc 6]
local uid: 28
key_encrypt_pk_svc()
        uid=28
        remotename=unix@<nisplus_server>.<domainname>.
        remotekey=500ef6d563c1f4fde00050486b0422adc84483ce6298d210
        DES key=106204612567236b
        result=KEY_NOSECRET
key_prog_2 [Connect from: 127.0.0.1:1046, call proc 4]
key_gen_svc()
        key=163d52156e5b4537
key_prog_2 [Connect from: 0.0.0.0:0, call proc 6]
local uid: 28
key_encrypt_pk_svc()
        uid=28
        remotename=unix@<nisplus_server>.<domainname>.
        remotekey=500ef6d563c1f4fde00050486b0422adc84483ce6298d210
        DES key=163d52156e5b4537
        result=KEY_NOSECRET
key_prog_2 [Connect from: 127.0.0.1:1046, call proc 4]
key_gen_svc()
        key=2319192f702f0d5e
key_prog_2 [Connect from: 0.0.0.0:0, call proc 6]
local uid: 28
key_encrypt_pk_svc()
        uid=28
        remotename=unix@<nisplus_server>.<domainname>.
        remotekey=500ef6d563c1f4fde00050486b0422adc84483ce6298d210
        DES key=2319192f702f0d5e
        result=KEY_NOSECRET
key_prog_2 [Connect from: 127.0.0.1:807, call proc 4]
key_gen_svc()
        key=461651076d46150d
key_prog_2 [Connect from: 0.0.0.0:0, call proc 6]
local uid: 0
key_encrypt_pk_svc()
        uid=0
        remotename=unix@<nisplus_server>.<domainname>.
        remotekey=500ef6d563c1f4fde00050486b0422adc84483ce6298d210
        DES key=461651076d46150d
        result=KEY_NOSECRET
key_prog_2 [Connect from: 127.0.0.1:817, call proc 4]
key_gen_svc()
        key=45255d582a102562
key_prog_2 [Connect from: 0.0.0.0:0, call proc 6]
local uid: 0
key_encrypt_pk_svc()
        uid=0
        remotename=unix@<nisplus_server>.<domainname>.
        remotekey=500ef6d563c1f4fde00050486b0422adc84483ce6298d210
        DES key=45255d582a102562
        result=KEY_NOSECRET
key_prog_2 [Connect from: 127.0.0.1:827, call proc 4]
key_gen_svc()
        key=7a340b584319455d
key_prog_2 [Connect from: 0.0.0.0:0, call proc 6]
local uid: 0
key_encrypt_pk_svc()
        uid=0
        remotename=unix@<nisplus_server>.<domainname>.
        remotekey=500ef6d563c1f4fde00050486b0422adc84483ce6298d210
        DES key=7a340b584319455d
        result=KEY_NOSECRET



o The second case : there is "hosts: nisplus files" in /etc/nsswitch.conf

hostname resolution seems to work, but another problem appeared : I try to
install/configure the Sun Grid Engine (SGE) for linux
(http://wwws.sun.com/software/gridware/). In this case, when SGE is started,
keyserv exit with segfault ! The only way to make SGE working is to
configure /etc/nsswitch.conf like in the first case (hosts: files nisplus)


Is there a fix/idea to solve this problem ? Is the procedure below complete
?

Thanks,

Pierre-Antoine.



----------------------------------------------------------------------------
-----
For your information, this is the procedure i used to set up the nisplus
client :

o compile nis-utils-1.4.1
     ./configure && make && make install
o move redhat.rc ---> /etc/init.d/nisplus
o add "# chkconfig: 345 57 49" in /etc/init.d/nisplus
o exec "chkconfig --add nisplus"
o install autofs
o add /lib/security/pam_unix2.so (from suze distro)
o create links /lib/security/pam_unix2_acct.so -> /lib/security/pam_unix2.so
               /lib/security/pam_unix2_auth.so -> /lib/security/pam_unix2.so
               /lib/security/pam_unix2_passwd.so ->
/lib/security/pam_unix2.so
               /lib/security/pam_unix2_session.so ->
/lib/security/pam_unix2.so
o modify /etc/pam.d/system-auth :
     auth        sufficient    /lib/security/pam_unix2.so set_secrpc
     auth        sufficient    /lib/security/pam_unix.so likeauth nullok md5
shadow
     auth        required      /lib/security/pam_deny.so
     account     sufficient    /lib/security/pam_unix2.so set_secrpc
     account     sufficient    /lib/security/pam_unix.so
     account     required      /lib/security/pam_deny.so
     password    required      /lib/security/pam_cracklib.so retry=3
     password    sufficient    /lib/security/pam_unix2.so set_secrpc
     password    sufficient    /lib/security/pam_unix.so nullok use_authtok
md5 shadow
     password    required      /lib/security/pam_deny.so
     session     required      /lib/security/pam_unix.so
o add "NISDOMAIN=mydomain" in /etc/sysconfig/network
o add "YP_DOMAINNAME=mydomain" in /etc/defaultdomain
o activate time service in /etc/xinetd.d/time
o replace "nfs 2049/udp nfsd" by "nfs 2049/tcp nfsd" in /etc/services
o add the following lines in /etc/rpc :
     nisd          100300 nis
     nis_cachemgr  100301
     nis_callback  100302
     nispasswdd    100303 nispasswd
o add the following lines in /etc/rc.d/rc.sysinit after "set the hostname" :
     # set the NIS domain name
     if [ -n "$NISDOMAIN" ]; then
        action "Setting NIS domain name $NISDOMAIN: " domainname $NISDOMAIN
     else
        domainname ""
     fi
o add the following lines in /etc/rc.d/rc.sysinit after "reset the hostname"
:
     # Reset the NIS domain name.
     if [ -n "$NISDOMAIN" ]; then
        action "Resetting NIS domain name $NISDOMAIN: " domainname
$NISDOMAIN
     else
        domainname ""
     fi
o make a link /bin/ksh -> /bin/bash (there's also Sun clients on the
network. The users shell is ksh).
o add "/bin/ksh" in /etc/shells
o synchronize time between clients & server (ntpdate -s <nis+ server>)
o modify /etc/auto.master :
     /misc   file:/etc/auto.misc     --timeout=60
     /home   nisplus:auto_home       --timeout=300
o modify /etc/nsswitch.conf :
     passwd:     files nisplus
     shadow:     files nisplus
     group:      files nisplus
     hosts:      files [NOTFOUND=continue] nisplus
     bootparams: nisplus [NOTFOUND=return] files
     ethers:     nisplus [NOTFOUND=return] files
     netmasks:   nisplus [NOTFOUND=return] files
     networks:   nisplus [NOTFOUND=return] files
     protocols:  nisplus [NOTFOUND=return] files
     rpc:        nisplus [NOTFOUND=return] files
     services:   files nisplus
     netgroup:   nisplus
     publickey:  nisplus
     automount:  files nisplus
     aliases:    files nisplus
o add cred on server (nisaddcred -p unix.<client>@<domain> -P
<client>.<domain>. des)
o exec "keylogin -r" on linux client
o exec nisinit -c -H <nis+ server>

This e-mail is intended only for the above addressee. It may contain
privileged information. If you are not the addressee you must not copy,
distribute, disclose or use any of the information in it. If you have
received it in error please delete it and immediately notify the sender.
Security Notice: all e-mail, sent to or from this address, may be
accessed by someone other than the recipient, for system management and
security reasons. This access is controlled under Regulation of
Investigatory Powers Act 2000, Lawful Business Practises.

More information about the linux-nisplus mailing list