SEO

This concerns NIS+ running on HP-UX 11.00 machines.

Three servers, "master", "rep1", "rep2" in the domain m.p.a.com. There seems
to be a long standing issue with NIS+, possibly going back to 2002.

Current situation:
I now have all NIS+ processes starting on all 3 machines (I hope). However,
most NIS+ commands, like niscat, hang with no response.
/var/adm/syslog/syslog.log (on "master"):
1) Sep 6 21:14:40 master nisd[11681]: NIS+ service started.
2) Sep 6 21:14:40 master nisd[11681]: _svcauth_des: no public key for
unix.rep1@m.p.a.com
3) Sep 6 21:15:24 master nisd[11695]: NIS+ service started.
4) Sep 6 21:15:24 master nisd[11695]: _svcauth_des: no public key for
unix.rep1@m.p.a.com
5) Sep 6 21:14:55 master nisd[11681]: _svcauth_des: no public key for
unix.rep1@m.p.a.com
6) Sep 6 21:16:20 master above message repeats 5781 times
7) Sep 6 21:15:24 master syslog: rpc.nisd: cannot set credential cache
size
8) Sep 6 21:16:20 master above message repeats 3 times
9) Sep 6 21:16:46 master nisd[11695]: _svcauth_des: no public key for
unix.master@m.p.a.com

My first concern is this: I have no idea what is in the NIS+ tables. I don't
think the tables were generated from flat test files, as I can't find any
appropriate files. I do know, for instance, that there are more accounts
than are listed in /etc/passwd. I really need the data in NIS+. Jeopardizing
my ability to get at the data is a last, desperate step.

What should I avoid doing in order to keep the data accessible at some
point? Will mucking with the credentials and keys (which seems to be the
issue) screw me up?

An additional piece of information: these servers were physically moved
about 2 months ago, and have new IP addresses. However, I configured a spare
port on each machine with the old IP addresses and have all 3 ports hooked
to an switch that is not connected to anything else. This was done in
attempt to get NIS+ working. Prior to doing this, niscat would time out with
a "can't contact the servers" message. Now it hangs and never times out. I
have noticed (netstat -i) there is a lot of traffic on these ports. A LOT of
traffic.

Also, there are sizeable log files on the two replicas. For instance:
rep1[root]# ls -l
-rw------- 1 root sys 78249985 Sep 6 11:11 rep1.log

The first line in this log file is from October 2002, the last line from
late December 2002. Doing a nislog is very painfull. It just keeps going and
going...........

How are these log files managed? Can I turn NIS+ down and just wack them? Or
are they part of the process of keeping everything in sync?

--

=================================
Douglas Caviness
greenbriar.gundogs@adelphia.net

Douglas Caviness <greenbriar.gundogs@adelphia.net> wrote:
> 1) Sep 6 21:14:40 master nisd[11681]: NIS+ service started.
> 2) Sep 6 21:14:40 master nisd[11681]: _svcauth_des: no public key for
> unix.rep1@m.p.a.com
> 3) Sep 6 21:15:24 master nisd[11695]: NIS+ service started.
> 4) Sep 6 21:15:24 master nisd[11695]: _svcauth_des: no public key for
> unix.rep1@m.p.a.com
> 5) Sep 6 21:14:55 master nisd[11681]: _svcauth_des: no public key for
> unix.rep1@m.p.a.com
> 6) Sep 6 21:16:20 master above message repeats 5781 times
> 7) Sep 6 21:15:24 master syslog: rpc.nisd: cannot set credential cache
> size
> 8) Sep 6 21:16:20 master above message repeats 3 times
> 9) Sep 6 21:16:46 master nisd[11695]: _svcauth_des: no public key for
> unix.master@m.p.a.com

I have no HP-UX system in hand to check with but if nisd there support
security level 0. If this was Solaris system I would try to start nisd
in security level 0 (nisd -s 0) and then try to dump the tables to
text files with niscat and nistbladm. And work on the master server only.

Sami

--
.signature: no such file or directory