"ypcat" and "ypmatch username passwd" don't agree after change on server

Question

I'm trying to use NIS for authentication on a st of machines. I had to change one of the user ID numbers for a user account on the NIS server (I changed the userid for username from 500 to 509 to avoid a conflict with a local user account with id 500 on the clients). The problem is that it has not updated properly on the client.

In particular, if I do "ypcat passwd | grep username", I get the up-to-date info:

username:*hidden*:509:509:User Name:/home/username:/bin/bash

But if I do, "ypmatch username passwd", it says:

username:*hidden*:500:500:User Name:/home/username:/bin/bash

This means that when the user logs onto one of the clients, it has the wrong userid, which causes all sorts of problems. I've done "cd /var/yp; make" on the server, and "service ypbind restart" on the client, but that hasn't fixed the problem. Does anybody know what would be causing this and how I can somehow force a refresh on the client? (I'm running Fedora 8 on both client and server).

Answer 1

OK, I found the problem, I also had to restart the NIS service on the server to get it to refresh everything ("service ypserv restart")

Answer 2

hmm, you're not supposed to have to restart the ypserver to have updates take effect; the make in /var/yp ought to do the trick. you might want to check the Makefile in /var/yp to be sure it's triggering on the right conditions (namely, passwd.by* should check the timestamp on /etc/passwd in some fashion, versus its current table. the process used to go through a passwd.time rule on the NIS server i ran, back in the dark ages). killing and restarting your nis server can have funky effects on (particularly non-linux) clients, so be careful doing it willy-nilly.

Answer 3

Encountered same problem - RHEL 5.5. Change (any) source map, then run make. ypcat shows the changed info, ypmatch does not. Anything that needs to actually --use-- the new map fails. As per last post, restarting ypserv makes all OK. After days of testing, running strace, etc. I found that ypserv has a "file handle cache" controlled by the "file:" entry in /etc/ypserv.conf --- the default value is 30. Change this to 0 and everything works following the make.

Shouldn't have to do this --- Per the manpage for ypserv.conf...

"There was one big change between ypserv 1.1 and ypserv 1.2. Since version 1.2, the file handles are cached. This means you have to call makedbm always with the -c option if you create new maps. Make sure, you are using the new /var/yp/Makefile from ypserv 1.2 or later, or add the -c flag to makedbm in the Makefile. If you don't do that, ypserv will continue to use the old maps, and not the updated one."

The makefile DOES use "makedbm -c", but still ypserv uses the old (cached) map.

Answer: Don't cache the file handles, e.g. set "files: 0" in ypserv.conf