I am using solaris 8 as an NIS passwd and group client of an RHL 7.1 ypserver. All the linux clients are happy, but I cannot log into the solaris box with any of the ypserv-ed users.
My first hurdle has been to remove md5 since I have learned this is a source of incompatibility. I ran the program authconfig on the linux server to deselect md5 passwords and then changed the password of one of the users so it would be encrypted with the normal UNIX crypt, then rebuilt the yp databases. I don't think there is anyway to convert existing passwords, but I have few enough users that I can change the passwords. This appears to work, when I look at /etc/shadow, all the old md5 password entries start with $1$ and the new password entries look more like conventional unix crypt strings. But I still can't log in as a user on the solaris box. ypcat on the solaris box shows the correct user/password entries (the same ones that the linux clients get) so it is clearly recognizing the ypserver. The passwd and group entries in nsswitch.conf look like: passwd: files nisplus nis group: files nisplus nis (Anybody know if RHL 7.1 ypserv runs NIS or NIS+? The man pages seem to indicate NIS but it is not conclusive. Sample output of 'ypcat passwd' on the solaris client looks like: ace:~> ypcat passwd user1:$1$P/DDWAP$POqXzO/iahjwAJNQJUdJ:503:1000::/home/user1:/bin/tcsh user2:Jhsw3Jhd4Isjd:501:1000::/home/user2:/bin/tcsh user1 was created with md5 enabled and user2 after I disabled it. ace:~> ypcat group guests:!:1001:user1,user2 members:!:1000: /home is NFS mounted from the ypserver. I am running out of hypotheses about why this is failing. One remaining idea is that the presence of any md5 passwords is causing solaris to reject authentication of any of the users. Another is that shadow passwords are causing some problem. Something with PAM on the solaris box? Is there a problem with the user id range? I think solaris makes the user IDs quite high. Any suggestions about where to look for logs on servers or clients, or is there a debug mode? Right now I am not finding any information about attempted connections, successful or otherwise, on either server or host. Thanks (again), John Hunter
