Mmmm, you know John, this is probably a good time to get starting with LDAP for authentication. From Sun's perspective (not, really mine per say), LDAP is the next evolution of yellow pages. There is a great book on this that i recently aquired from thorsten called "Solaris and LDAP Naming Services: Deploying LDAP in the Enterprise" by Tom Bialaski and Michael Haines. It's one of those Sun Blueprints books. Since you seam to be overhauling everything, it's at least worth the investigation, don't you think?
cheers, sach On Wed, 24 Oct 2001, John Hunter wrote: > > I am using solaris 8 as an NIS passwd and group client of an RHL 7.1 > ypserver. All the linux clients are happy, but I cannot log into the > solaris box with any of the ypserv-ed users. > > My first hurdle has been to remove md5 since I have learned this is a > source of incompatibility. I ran the program authconfig on the linux > server to deselect md5 passwords and then changed the password of one > of the users so it would be encrypted with the normal UNIX crypt, then > rebuilt the yp databases. I don't think there is anyway to convert > existing passwords, but I have few enough users that I can change the > passwords. > > This appears to work, when I look at /etc/shadow, all the old md5 > password entries start with $1$ and the new password entries look more > like conventional unix crypt strings. > > But I still can't log in as a user on the solaris box. > > ypcat on the solaris box shows the correct user/password entries (the > same ones that the linux clients get) so it is clearly recognizing the > ypserver. The passwd and group entries in nsswitch.conf look like: > > passwd: files nisplus nis > group: files nisplus nis > > (Anybody know if RHL 7.1 ypserv runs NIS or NIS+? The man pages seem > to indicate NIS but it is not conclusive. > > Sample output of 'ypcat passwd' on the solaris client looks like: > ace:~> ypcat passwd > user1:$1$P/DDWAP$POqXzO/iahjwAJNQJUdJ:503:1000::/home/user1:/bin/tcsh > user2:Jhsw3Jhd4Isjd:501:1000::/home/user2:/bin/tcsh > > user1 was created with md5 enabled and user2 after I disabled it. > > ace:~> ypcat group > guests:!:1001:user1,user2 > members:!:1000: > > /home is NFS mounted from the ypserver. > > I am running out of hypotheses about why this is failing. One > remaining idea is that the presence of any md5 passwords is causing > solaris to reject authentication of any of the users. Another is that > shadow passwords are causing some problem. Something with PAM on the > solaris box? Is there a problem with the user id range? I think > solaris makes the user IDs quite high. > > Any suggestions about where to look for logs on servers or clients, or > is there a debug mode? Right now I am not finding any information > about attempted connections, successful or otherwise, on either server > or host. > > Thanks (again), > John Hunter > > > -- /* Sach Jobb [EMAIL PROTECTED] %s/windows/linux/g */ "As far as i'm concerned the two biggest hassles in the world revolve around DNS and girlfriends." -- (name undisclosed to protect the innocent)
