From nobody@FreeBSD.org  Thu Apr 17 15:40:30 2008
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 8B3B1106566C
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 17 Apr 2008 15:40:30 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id 81E408FC1B
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 17 Apr 2008 15:40:30 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.2/8.14.2) with ESMTP id m3HFeHQO099643
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 17 Apr 2008 15:40:17 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.2/8.14.1/Submit) id m3HFeHAR099642;
	Thu, 17 Apr 2008 15:40:17 GMT
	(envelope-from nobody)
Message-Id: <200804171540.m3HFeHAR099642@www.freebsd.org>
Date: Thu, 17 Apr 2008 15:40:17 GMT
From: tom <zaphod@fsklaw.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: nsswitch in 7.0 is f*cked up
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         122858
>Category:       conf
>Synopsis:       [nsswitch.conf] nsswitch in 7.0 is f*cked up
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    gavin
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Apr 17 15:50:01 UTC 2008
>Closed-Date:    Thu Aug 28 17:36:56 UTC 2008
>Last-Modified:  Thu Aug 28 17:36:56 UTC 2008
>Originator:     tom
>Release:        FreeBSD 7.0 release
>Organization:
fsk
>Environment:
FreeBSD to-new.fsklaw.com 7.0-RELEASE FreeBSD 7.0-RELEASE #0: Wed Apr 16 14:22:33 PDT 2008     TMS3@to-new.fsklaw.com:/usr/obj/usr/src/sys/IPFAST  amd64
>Description:
Well you all seriously f'd up nsswitch huh?

I've used this nsswitch.conf file for YEARS for samba/ldap/login etc.

passwd: files ldap
shadow: files ldap
group: files ldap
hosts: files dns wins
####NEW###
networks: files dns
automount:  files ldap nisplus
aliases:    files ldap nisplus

Use this and samba-ldap works but you can't shell in or ftp or anything.

Use this:

group: cache files ldap[ unavail=continue notfound=continue ]
passwd: cache files ldap [ unavail=continue notfound=continue ]
#group_compat: nis
hosts: compat
networks: files
#passwd_compat: nis
shells: files
services: compat
services_compat: nis
protocols: files
rpc: files

And samba-ldap, ssh login and ftp login works, but the damned machine won't resolve DNS.

Desperately flailing about and doing this:

group: cache files ldap[ unavail=continue notfound=continue ]
passwd: cache files ldap [ unavail=continue notfound=continue ]
#group_compat: nis
hosts: compat dns
networks: files dns
#passwd_compat: nis
shells: files dns
services: compat dns
services_compat: nis dns
protocols: files dns
rpc: files dns 

does no good.

Only the default nsswitch.conf file actually does DNS, and the first one I posted will actually do DNS lookups.  I'd really like to be able to do all of these things with a single nsswitch.conf file.  PERHAPS when you guys make such SUBSTANTIAL CHANGES to such a necessary component, you could...oh I dunno...DOCUMENT IT SOMEWHERE!!!!!!!!!!!!!

I searched google for 6 hours yesterday to find something similar to the second nsswitch.conf file, which I still had to edit to make it work for samba-ldap/ssh/ftp login.  This is seriously ridiculous.  How the hell am I supposed to use 7.0 in a production environment?  I had fewer problems with 5.1 than I'm having with 7.0.

TMS III


>How-To-Repeat:
Hell, just use the nsswitch.conf files I posted.
>Fix:
Why I'm asking.

>Release-Note:
>Audit-Trail:

From: Kris Kennaway <kris@FreeBSD.org>
To: tom <zaphod@fsklaw.com>
Cc: freebsd-gnats-submit@FreeBSD.org
Subject: Re: amd64/122858: nsswitch in 7.0 is f*cked up
Date: Thu, 17 Apr 2008 16:57:02 +0000

 On Thu, Apr 17, 2008 at 03:40:17PM +0000, tom wrote:
 
 > >Synopsis:       nsswitch in 7.0 is f*cked up
 
 > >Description:
 > Well you all seriously f'd up nsswitch huh?
 
 Why do you think it's OK to be so rude in your bug report?  Fine,
 there might be a bug.  It was not put there maliciously, so don't be a
 jerk about it.  You're not encouraging anyone to want to help you.
 
 Kris

From: John Baldwin <jhb@freebsd.org>
To: freebsd-amd64@freebsd.org
Cc: tom <zaphod@fsklaw.com>, freebsd-gnats-submit@freebsd.org
Subject: Re: amd64/122858: nsswitch in 7.0 is f*cked up
Date: Fri, 18 Apr 2008 14:39:15 -0400

 On Thursday 17 April 2008 11:40:17 am tom wrote:
 > I've used this nsswitch.conf file for YEARS for samba/ldap/login etc.
 > 
 > passwd: files ldap
 > shadow: files ldap
 > group: files ldap
 > hosts: files dns wins
 > ####NEW###
 > networks: files dns
 > automount:  files ldap nisplus
 > aliases:    files ldap nisplus
 > 
 > Use this and samba-ldap works but you can't shell in or ftp or anything. 
 
 Did you look at the logs to see why you can't login to the box?  Can you login 
 on the console or can you not login in remotely?
 
 > Use this:
 > 
 > group: cache files ldap[ unavail=continue notfound=continue ]
 > passwd: cache files ldap [ unavail=continue notfound=continue ]
 > #group_compat: nis
 > hosts: compat
 > networks: files
 > #passwd_compat: nis
 > shells: files
 > services: compat
 > services_compat: nis
 > protocols: files
 > rpc: files
 > 
 > And samba-ldap, ssh login and ftp login works, but the damned machine won't 
 resolve DNS.
 
 If you read the nsswitch.conf(5) manpage, you will find that 'compat' is only 
 used for 'passwd' and 'group' to support the old NIS '+/-' entries in the 
 password and group files.  It is useless for other sources:
 
      compat  support `+/-' in the ``passwd'' and ``group'' databases.  If this
              is present, it must be the only source for that entry.
 
 So, having 'hosts: compat' would certainly break all the hostname resolution.
 
 > Desperately flailing about and doing this:
 > 
 > group: cache files ldap[ unavail=continue notfound=continue ]
 > passwd: cache files ldap [ unavail=continue notfound=continue ]
 > #group_compat: nis
 > hosts: compat dns
 > networks: files dns
 > #passwd_compat: nis
 > shells: files dns
 > services: compat dns
 > services_compat: nis dns
 > protocols: files dns
 > rpc: files dns 
 
 Don't use 'compat'.  You don't need it (you aren't running NIS).  I would try:
 
 group: cache files ldap[ blah blah ]
 passwd: cache files ldap[ blah blah ]
 hosts: files dns
 network: files dns
 automount: files ldap
 aliases: files ldap
 
 Some notes:  Do you really need 'network', 'automount', and 'aliases' entries?
 
 -- 
 John Baldwin
State-Changed-From-To: open->feedback 
State-Changed-By: kris 
State-Changed-When: Tue Apr 22 13:14:53 UTC 2008 
State-Changed-Why:  
Submitter has been asked for feedback 

http://www.freebsd.org/cgi/query-pr.cgi?pr=122858 
Responsible-Changed-From-To: freebsd-amd64->freebsd-net 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Mon May 5 01:40:11 UTC 2008 
Responsible-Changed-Why:  
Reclassify. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=122858 
State-Changed-From-To: feedback->closed 
State-Changed-By: gavin 
State-Changed-When: Thu Aug 28 17:33:46 UTC 2008 
State-Changed-Why:  
Feedfback timeout (~3 months).  Looks like it was a config error, but 
without feedback we'll never know. 


Responsible-Changed-From-To: freebsd-net->gavin 
Responsible-Changed-By: gavin 
Responsible-Changed-When: Thu Aug 28 17:33:46 UTC 2008 
Responsible-Changed-Why:  
Track 

http://www.freebsd.org/cgi/query-pr.cgi?pr=122858 
>Unformatted:
