er, i don't think solaris supports shadow passwords over NIS. neither does PAM, i believe.
NIS between platforms is pretty much a huge pain in the ass unless the NIS master is a solaris box. =jay On Wed, 24 Oct 2001, John Hunter wrote: > > I am using solaris 8 as an NIS passwd and group client of an RHL 7.1 > ypserver. All the linux clients are happy, but I cannot log into the > solaris box with any of the ypserv-ed users. > > My first hurdle has been to remove md5 since I have learned this is a > source of incompatibility. I ran the program authconfig on the linux > server to deselect md5 passwords and then changed the password of one > of the users so it would be encrypted with the normal UNIX crypt, then > rebuilt the yp databases. I don't think there is anyway to convert > existing passwords, but I have few enough users that I can change the > passwords. > > This appears to work, when I look at /etc/shadow, all the old md5 > password entries start with $1$ and the new password entries look more > like conventional unix crypt strings. > > But I still can't log in as a user on the solaris box. > > ypcat on the solaris box shows the correct user/password entries (the > same ones that the linux clients get) so it is clearly recognizing the > ypserver. The passwd and group entries in nsswitch.conf look like: > > passwd: files nisplus nis > group: files nisplus nis > > (Anybody know if RHL 7.1 ypserv runs NIS or NIS+? The man pages seem > to indicate NIS but it is not conclusive. > > Sample output of 'ypcat passwd' on the solaris client looks like: > ace:~> ypcat passwd > user1:$1$P/DDWAP$POqXzO/iahjwAJNQJUdJ:503:1000::/home/user1:/bin/tcsh > user2:Jhsw3Jhd4Isjd:501:1000::/home/user2:/bin/tcsh > > user1 was created with md5 enabled and user2 after I disabled it. > > ace:~> ypcat group > guests:!:1001:user1,user2 > members:!:1000: > > /home is NFS mounted from the ypserver. > > I am running out of hypotheses about why this is failing. One > remaining idea is that the presence of any md5 passwords is causing > solaris to reject authentication of any of the users. Another is that > shadow passwords are causing some problem. Something with PAM on the > solaris box? Is there a problem with the user id range? I think > solaris makes the user IDs quite high. > > Any suggestions about where to look for logs on servers or clients, or > is there a debug mode? Right now I am not finding any information > about attempted connections, successful or otherwise, on either server > or host. > > Thanks (again), > John Hunter > > >
