Jim Davis wrote:
On Mon, 10 May 1999, David Lee wrote:
We understand that filer can do NIS, and that it can use its own shadow password file, but can use a Solaris/NIS/shadow combination? Network Appliance haven't yet been able to give us a definitive answer, nor a reference site we could contact.
Hmm. I guess I'm missing just what you are trying to do. We use netapps with Solaris 2.6 boxes, though just using a netgroup file for access. That will probably change to NIS if I ever get a round tuit.
You should probably test your NIS environment against the Netapp pretty thoroughly before you use NetApp NIS in production.
We had serious problems that I believe were all NIS related. Problems that all went away as soon as we disabled NIS and copied all our maps locally to the filers. During these NIS problems the filer would stop serving new NFS mounts and stop serving CIFS period. A reboot would (sometimes) result in a hung CIFS condition which required a halt -d. Sometimes a reboot wouldn't clear the problem(!?). In that case the cifsconfig file had to be moved aside, then reboot, then put it back, then reboot again - kind of a pain.
We found that the filer had serious problems whenever the ypserver went down - and it did not switchover to another ypserver correctly. If a network outage caused the ypserver that the filer was bound to disappear for more than 5-10 minutes the filer would never fully recover until rebooted. (late in the game i found that turning the nis.enable option off and then back on again appeared to clear the problem - but i never fully tested this before i gave up on NIS).
Also, we use netgroups extensively. We have a large netgroup file with many nested netgroups. I found that when the filer uses netgroups for authentication it uses "ypcat" to look at the netgroup file. If there is a nested netgroup it does another "ypcat" - on down the line. If you have netgroups that are nested 4 or 5 layers deep the filer ypcat's the entire file 4 or 5 times. Not good - on a loaded network the authentication time goes way up. Once we moved our netgroup file to local storage our mount time decreased significantly.
The impression i got from the escalation team is that a lot of code needs to be re-written in order to fix these problems. Also, i got the impression that it was only a problem when your NIS environment was fairly large (we have ~14000 passwords, ~15000 hosts, ~700 netgroups).
BTW, our problems were with DOT 5.1.2 (5.1.2P2 is the most stable OS we ran - but it still had problems) 5.2.1 was worse. I ran 5.2.1 for a total of 11 hours before reverting - the NIS problems were much worse. 5.1.2P2 with NIS off and files copied locally runs like a fine oiled machine.
As always, your results may vary - but it'll be a long time before I bother attempting to use NetApp NIS again. I have the files all copied locally and can't see any reason to go back.....
Graham