Red Hat Bugzilla – Bug 846080
NIS user causes gdm autologin to fail, user isn't valid yet?
Last modified: 2015-07-22 02:44:37 EDT
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:14.0) Gecko/20100101 Firefox/14.0.1
I set up autologin using an NIS user on one of our lab machines. X intermittently stopped coming up.
Saw the symptoms of Bug 629328. The X spinner cursor shows, but nothing else starts, and "/var/log/gdm/:0-slave.log" ends with 26 pairs of the following lines (same pid in all lines)
gdm-simple-slave: GLib-GObject-WARNING: invalid (NULL) pointer instance
gdm-simple-slave: GLib-GObject-CRITICAL: g_signal_handlers_disconnect_matched: assertion `G_TYPE_CHECK_INSTANCE (instance)' failed
During debugging, I added an init.d script that runs well after ypbind finishes (about 6 seconds), and I noticed commands involving the user were failing. For some reason, NIS isn't starting fast enough for ids to be valid? Implications are pretty severe, that NIS ids can't take part in autologin or any init.d scripts, without some arbitrary sleeps involved.
Setting NIS domain: domain is '....' [ OK ]
Starting NIS service: [ OK ]
Binding NIS service: .....[ OK ]
Enabling Bluetooth devices:
Starting sshd: [ OK ]
Starting xinetd: [ OK ]
Starting ntpd: [ OK ]
Starting postgresql service: [ OK ]
chown: invalid user: `lab'
Starting logjunk: [FAILED]
Steps to Reproduce:
Set up an NIS client machine
Verified NIS user 'lab' could log in normally to gnome.
Put this in /etc/gdm/custom.conf:
It may fail more reliably if I hit escape during boot, for the non-quiet mode where individual services log their startup.
Sometimes X doesn't start at all. Other times it will finally start after a delay of 30-60s.
Autologin works with NIS user, and NIS users are available immediately after NIS service script finishes
For a few seconds after service should be valid,
ypwhich: Can't communicate with ypbind
Looking at the ypbind service script,
echo -n $"Binding NIS service: "
# the following fixes problems with the init scripts continuing
# even when we are really not bound yet to a server, and then things
# that need NIS fail.
while [ $SECONDS -lt $timeout ]; do
if /usr/sbin/rpcinfo -p | LC_ALL=C fgrep -q ypbind
if [ $firsttime -eq 1 ]; then
# reset timeout
/usr/bin/ypwhich > /dev/null 2>&1
if [ $retval -eq 0 ]; then
echo -n "."
This is looping for only timeout=10 seconds. For whatever reason, it needs 18 seconds on this system/network. Note the ability to reset the timeout to NISTIMEOUT, which defaults to 45, but only if rpcinfo finds ypbind.
I'll attach two patches folks can play with. The first alternative just bumps the timer. The second alternative brings back the control loop from ypbind-1.19-11.el5 (but I didn't check why it was replaced.)
Created attachment 602864 [details]
Increase timer for checking rpc availability of ypbind
Option 1, increased the timer in the service
Created attachment 602870 [details]
el5's way of checking rpc availability of ypbind
Option 2, use the simpler loop logic from el5's ypbind
Thanks for reporting. Do I understand correctly, that increasing timer as you suggest in comment #3 (not using $NISTIMEOUT) fixes your issue?
Yes. Either patch will fix things. I think the second patch is better, since it makes things use only a single timer value, which is already configurable.
Created attachment 603304 [details]
use configured value and check even if it is zero
Then it seems you hit the same issue as mentioned in Fedora:
If we used a solution from comment #4, rpcinfo wouldn't be executed at all if NISTIMEOUT=0, which is not correct. We still want to check if binding was successful in that case, so I'd propose something like the patch attached. Can you check if it works for you?
Works for me. I'm all for using the same code as the other branch. Thanks.
Sorry, the reproducer above is not correct, this one could be better:
1. configure ypbind
2. #> service rpcbind stop
3. #> service ypbind restart
service ypbind restart takes 10s
service ypbind restart takes 45s (or whatever is defined in $NISTIMEOUT either in /etc/sysconfig/network or in /etc/sysconfig/ypbind.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.