doc:appunti:linux:sa:nis
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
doc:appunti:linux:sa:nis [2013/01/09 12:04] – [Directory home su NFS] niccolo | doc:appunti:linux:sa:nis [2020/12/16 15:43] – [NIS users unable to poweroff/reboot or manage printers] niccolo | ||
---|---|---|---|
Line 82: | Line 82: | ||
</ | </ | ||
- | Per fare in modo che **ypinit** riesca a generare i database necessari bisogna | + | Per fare in modo che **ypinit** riesca a generare i database necessari bisogna |
- | * group | + | ^ group | Inizialmente vuoto. |
- | * hosts | + | ^ hosts | Contiene almeno una riga per 127.0.0.1 localhost. |
- | | + | ^ netgroup |
- | | + | ^ passwd |
- | | + | ^ protocols |
- | * rpc | + | ^ rpc | Copiato da ''/ |
- | | + | ^ services |
- | | + | ^ shadow |
Dopo aver modificato il contenuto di tali file bisogno aggiornare lo stato del server NIS: | Dopo aver modificato il contenuto di tali file bisogno aggiornare lo stato del server NIS: | ||
Line 104: | Line 104: | ||
Si installa il pacchetto **nis**. Chiunque voglia essere NIS client (eventualmente anche il NIS server stesso) deve impostare **'' | Si installa il pacchetto **nis**. Chiunque voglia essere NIS client (eventualmente anche il NIS server stesso) deve impostare **'' | ||
- | Per integrare gli utenti e i gruppi NIS in quelli standard unix si deve modificare **''/ | + | ===== Name Service Switch ===== |
- | <file> | + | La **GNU C Library** fornisce i servizi ad esempio per avere l' |
- | +:::::: | + | |
- | </file> | + | |
- | Analogamente | + | === Integrazione |
- | <file> | + | Per integrare gli utenti e i gruppi NIS in quelli standard unix si devono modificare i file **''/ |
- | +:::::::: | + | |
- | </file> | + | < |
+ | < | ||
+ | < | ||
+ | |||
+ | Verificare nel file **/ | ||
+ | |||
+ | === Integrazione in modalità " | ||
+ | |||
+ | In alternativa si può indicare in **/ | ||
< | < | ||
- | +::: | + | passwd: files systemd nis |
+ | group: files systemd nis | ||
+ | shadow: files nis | ||
</ | </ | ||
+ | |||
+ | :!: **ATTENZIONE**: | ||
+ | |||
+ | ===== Ricerca del server NIS ===== | ||
La ricerca del NIS server avviene tramite richieste broadcast sulla rete locale. Per evitarle (potrebbero fallire per regole di firewall) si dichiarano esplicitamente i server in **''/ | La ricerca del NIS server avviene tramite richieste broadcast sulla rete locale. Per evitarle (potrebbero fallire per regole di firewall) si dichiarano esplicitamente i server in **''/ | ||
Line 130: | Line 142: | ||
Un altro motivo per cui la **richiesta broadcast potrebbe fallire** è se il server NIS è **multihomed** (ha più di una interfaccia di rete), vedi la nota sopra riguardo '' | Un altro motivo per cui la **richiesta broadcast potrebbe fallire** è se il server NIS è **multihomed** (ha più di una interfaccia di rete), vedi la nota sopra riguardo '' | ||
- | L' | + | L' |
====== NIS slave server ====== | ====== NIS slave server ====== | ||
Line 188: | Line 200: | ||
@{HOMEDIRS}=/ | @{HOMEDIRS}=/ | ||
</ | </ | ||
+ | |||
+ | ====== Login Time Too Long in Ubuntu 18.04 ====== | ||
+ | |||
+ | After installing an **Ubuntu 18.04 as a NIS client** with home directories mounted over NFS, we noticed very long times required to complete the login. Even on the tty1 console, there was a **wait time of about 25 seconds** after typing the passowrd, before to get the command line prompt. | ||
+ | |||
+ | The only apparent error message found in the **syslog** was: | ||
+ | |||
+ | < | ||
+ | systemd-logind[2133]: | ||
+ | </ | ||
+ | |||
+ | A nice solution was to **install the nscd package**. The complete story was a bit more complicated, | ||
+ | |||
+ | * **[[https:// | ||
+ | * **[[https:// | ||
+ | |||
+ | One user pointed out that the bug affects also what is reported in **/ | ||
+ | |||
+ | < | ||
+ | IPAddressDeny=any | ||
+ | </ | ||
+ | |||
+ | ====== NIS users unable to poweroff/ | ||
+ | |||
+ | We experienced a problem with an **Ubuntu 20.04** Focal Fossa used as **NIS client**: some tasks were inhibited because the user - despite it was **logged-in locally** on the physical machine - it was considered **non interactive** one. | ||
+ | |||
+ | One symptom can be the following error message when you issue the **reboot** command into a terminal session: | ||
+ | |||
+ | < | ||
+ | Failed to set wall message, ignoring: Interactive authentication required. | ||
+ | Failed to power off system via logind: Interactive authentication required. | ||
+ | Failed to open initctl fifo: Permission denied | ||
+ | Failed to talk to init daemon. | ||
+ | </ | ||
+ | |||
+ | Using the command **systemctl reboot -i** does not work either, producing the following error: | ||
+ | </ | ||
+ | |||
+ | < | ||
+ | ==== AUTHENTICATING FOR org.freedesktop.login1.reboot-multiple-sessions === | ||
+ | Authentication is required for rebooting the system while other users are logged in. | ||
+ | </ | ||
+ | |||
+ | Choosing to reboot or poweroff from the various **desktop applets** produces instead just a **session close**. | ||
+ | |||
+ | |||
+ | It turned out that the **[[https:// | ||
+ | |||
+ | One solution is to create a file on the NIS client, name **/ | ||
+ | |||
+ | < | ||
+ | [Allow Printer administration for NIS users] | ||
+ | Identity=unix-group: | ||
+ | Action=org.opensuse.cupspkhelper.mechanism.* | ||
+ | ResultAny=yes | ||
+ | |||
+ | [Allow halt power-off and reboot for NIS users] | ||
+ | Identity=unix-group: | ||
+ | Action=org.freedesktop.login1.halt*; | ||
+ | ResultAny=yes | ||
+ | </ | ||
+ | |||
+ | To make the new policy effective, issue the command: | ||
+ | |||
+ | < | ||
+ | systemctl restart polkit.service | ||
+ | </ | ||
+ | |||
+ | The syntax of the file is explained into the **[[https:// | ||
+ | |||
+ | First of all usint the **Identity** option we select the users interested into that policy. For managing printers we required the user to belong to the **lpadmin** and **adm** groups. The first group is the standard Debian group to manage printers, whereas the **adm** group is an arbitrary group assigned to some users by the NIS server (see the page **[[https:// | ||
+ | |||
+ | For the **Action** part we had to discover the name of the printer management and the poweroff/ | ||
+ | |||
+ | < | ||
+ | pkaction | grep cupspkhelper | ||
+ | org.opensuse.cupspkhelper.mechanism.all-edit | ||
+ | org.opensuse.cupspkhelper.mechanism.class-edit | ||
+ | org.opensuse.cupspkhelper.mechanism.devices-get | ||
+ | org.opensuse.cupspkhelper.mechanism.job-edit | ||
+ | org.opensuse.cupspkhelper.mechanism.job-not-owned-edit | ||
+ | org.opensuse.cupspkhelper.mechanism.printer-enable | ||
+ | org.opensuse.cupspkhelper.mechanism.printer-local-edit | ||
+ | org.opensuse.cupspkhelper.mechanism.printer-remote-edit | ||
+ | org.opensuse.cupspkhelper.mechanism.printer-set-default | ||
+ | org.opensuse.cupspkhelper.mechanism.printeraddremove | ||
+ | org.opensuse.cupspkhelper.mechanism.server-settings | ||
+ | </ | ||
+ | |||
+ | For the reboot/ | ||
+ | |||
+ | < | ||
+ | org.freedesktop.login1.halt | ||
+ | org.freedesktop.login1.hibernate | ||
+ | org.freedesktop.login1.power-off | ||
+ | org.freedesktop.login1.reboot | ||
+ | org.freedesktop.login1.suspend | ||
+ | </ | ||
+ | |||
+ | each of them have some sub-actions: | ||
+ | |||
+ | < | ||
+ | pkaction | grep org.freedesktop.login1.power-off | ||
+ | org.freedesktop.login1.power-off | ||
+ | org.freedesktop.login1.power-off-ignore-inhibit | ||
+ | org.freedesktop.login1.power-off-multiple-sessions | ||
+ | </ | ||
+ | |||
+ | Finally the problem-solving option is **ResultAny**, | ||
+ | |||
+ | < | ||
+ | ResultAny=no | ||
+ | ResultInactive=no | ||
+ | ResultActive=yes | ||
+ | </ |
doc/appunti/linux/sa/nis.txt · Last modified: 2020/12/16 16:27 by niccolo