System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

unable to set uid/gid after NIS Master server change

JP_ Lynch
Advisor

unable to set uid/gid after NIS Master server change

Replaced an aging AIX server who's role is the NIS master server. When users try to login to the HP/UX server which is an NIS Client they get "unable to set uid/gid". Any ideas on this one?
16 REPLIES
JP_ Lynch
Advisor

Re: unable to set uid/gid after NIS Master server change

Also, all other NIS client machines (Sun Solaris 9, 10, Red Hat Linux, Fedora) are all fine.
TTr
Honored Contributor

Re: unable to set uid/gid after NIS Master server change

This might be the password encryption method that the new NIS server is using. Check out these threads. It doesn't matter that the NIS server in these threads is a Linux server, md5 most like is wht is used on your aix master. Look at the penultimate response of the first url.

http://forums11.itrc.hp.com/service/forums/questionanswer.do?threadId=1244687

http://forums11.itrc.hp.com/service/forums/bizsupport/questionanswer.do?threadId=40773
JP_ Lynch
Advisor

Re: unable to set uid/gid after NIS Master server change

Not really sure where they are suggesting changing the MD5 to DES? On AIX NIS server or on HP/UX NIS client? If it is on HP, where would that be?
JP_ Lynch
Advisor

Re: unable to set uid/gid after NIS Master server change

Checked /etc/passwd and they definitely are not MD5 based on key length and start byte. When I am logged in as root and try to 'su' to any of the NIS users I get the following:

setgroups: Invalid argument
setgroups: Invalid argument
su: Unable to initialize group access list

here's /etc/group :

root::0:root
other::1:root,hpdb
bin::2:root,bin
sys::3:root,uucp
adm::4:root,adm
daemon::5:root,daemon
mail::6:root
lp::7:root,lp
tty::10:
nuucp::11:nuucp
users::20:root
nogroup:*:-2:
smbnull::101:
mysql::102:
build::50:adm,hpdb,root,swadmin
+:
Robert-Jan Goossens
Honored Contributor

Re: unable to set uid/gid after NIS Master server change

Hi,

Could you post the output of?

# ll /usr/bin/su
# ll -lad /usr

Robert-Jan
JP_ Lynch
Advisor

Re: unable to set uid/gid after NIS Master server change

# ll /usr/bin/su

-r-sr-xr-x 1 root bin 28672 Oct 4 2002 /usr/bin/su*

# ll -lad /usr
dr-xr-xr-x 23 bin bin 8192 Jan 14 16:13 /usr/
Robert-Jan Goossens
Honored Contributor

Re: unable to set uid/gid after NIS Master server change

# grep nogroup /etc/groups

http://www13.itrc.hp.com/service/cki/docDisplay.do?docLocale=en&docId=emr_na-c00928644-4

Title: getting setgroups: invalid argument when logging in as root
Document ID: emr_na-c00928644-4
JP_ Lynch
Advisor

Re: unable to set uid/gid after NIS Master server change

Unfortunately I don't have enough 'power' to view your link. Access denied, requires uber-support contract.
JP_ Lynch
Advisor

Re: unable to set uid/gid after NIS Master server change

on AIX 5.3L NIS Master:
nobody:!:4294967294:nobody,lpd

but there is no definition for:
nogroup (which has the -2 ID value).

So I have added the definition for nogroup to AIX NIS Master /etc/group taken from the HP/UX 11.11 server (NIS Client) side.

And that doesn't work.

TTr
Honored Contributor

Re: unable to set uid/gid after NIS Master server change

Back to the password encryption method. HP-UX uses DES. To find out what AIX is using, take a look at the password file that has the encrypted passwords in it. I have never used AIX so I don't know if it is one of /etc/passwd or /etc/shadow. If the encrypted password field starts with the characters $1$ then the AIX master is using MD5 and it needs to be changed to DES.
JP_ Lynch
Advisor

Re: unable to set uid/gid after NIS Master server change

Here's the results of:

ypcat passwd | grep swadmin yields

swadmin:m2AgackmvvXGI:17:1::/export/home/swadmin:/usr/bin/ksh

Where swadmin is an NIS user. This password does not seem to be MD5 based on the descriptions I've read about.
TTr
Honored Contributor

Re: unable to set uid/gid after NIS Master server change

It is a DES password.
Are you absolutely certain that you did not make any changes to the NIS clients? If so then the problem is on the master server. Can you su or login to a regular user on the NIS master? Can you type the ypcommands from a regular user shell?

On the other hand do the yp* commands work on the NIS client? As root and as a regular user. You may want to create a local regular user on the NIS client and su to it and try some things out.
JP_ Lynch
Advisor

Re: unable to set uid/gid after NIS Master server change

Q: /* Are you absolutely certain that you did not make any changes to the NIS clients? If so then the problem is on the master server. */
A: No change to the NIS clients. All other UNIX clients Sun Solaris 9, 10: RHeL 4,5: and Fedora 8 all working fine! HP/UX the only one not working.


Q:/* Can you su or login to a regular user on the NIS master? Can you type the ypcommands from a regular user shell? */
A: yes. Can login, can "su " can issue yp - commands on NIS master.

Q:/* On the other hand do the yp* commands work on the NIS client? As root and as a regular user. */

A: No. Here's the result of "yppasswd swadmin" command:

[160]hefty:/>yppasswd swadmin
Changing password for swadmin on NIS server
Old NIS password:*******
New password: *******
Re-enter new password: *******
Couldn't create client to YP master: RPC: Program not registered.


You may want to create a local regular user on the NIS client and su to it and try some things out.

// --> OK, I'll try this next.
JP_ Lynch
Advisor

Re: unable to set uid/gid after NIS Master server change

I'm going to research the nsswitch.conf
TTr
Honored Contributor

Re: unable to set uid/gid after NIS Master server change

Ensure that nsswitch.conf and /etc/resolv.conf are set accordingly. The RPC error is an indication that either the HP server does not know where to connect or the NIS master does not know the whereabouts of the HP server. Also ensure the permissions of /etc/nsswitch.conf and /etc/resolv.conf are readable by everybody.
JP_ Lynch
Advisor

Re: unable to set uid/gid after NIS Master server change

Solved, but not by any of the means on this thread (and I really an't explain why it now works).

I stopped and started the yppasswdd daemon on the NIS Master. Then went and issued yppasswd for an NIS user ID. The NIS pw change was successful.

Logged out and then back in. With the new NIS passwd and was successful. Something with restarting yppasswd on the AIX NIS master kicked all of this in. Strange.