Do you have shadow passwords? Is there a difference in the way Mandriva
handled those than how SL does? Are you generating a shadow.byname map,
a passwd.adjunct.byname map, or both?
The NIS code has some odd tweaks in it to implement shadow password
support in ways that are backward-compatible with Solaris systems. I'm
wondering if you're running into a problem with that?
Gilbert
On 01/08/2014 4:46 PM, Capehart, William J wrote:
I am using a login via ssh
Here is the secure log material for my test USR
Aug 1 21:26:20 <client> unix_chkpwd[6558]: password check failed for user
(<NISuser>)
Aug 1 21:26:20 <client> sshd[6556]: pam_unix(sshd:auth): authentication
failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=<remote.host.name>
user=jtorres
Aug 1 21:26:22 <client> sshd[6556]: Failed password for <NISuser> from
<remote.host.up.address> port 65500 ssh2
From a fellow Mandriva box the same request meets as follows.
Aug 1 21:32:15 <client> sshd[7595]: Accepted password for <NISuser> from
<remote.host.up.address> port 54278 ssh2
Passwords should be hashed. I am not using keberos (or at least I don’t
think it’s in the mix).
once again, despite what you see above the id command yield the correct
uid and gid information for the test user
Bill
On 8/1/14, 15:20 MDT, "Steven Timm" <t...@fnal.gov> wrote:
>What login method is failing? Login from console? ssh? other?
>does /var/log/secure give you anything as far as error messages? It
>should. Is kerberos involved here or do you have hashed
>passwords in the NIS map?
>
>Steve Timm
>
>
>
>On Fri, 1 Aug 2014, Capehart, William J wrote:
>
>>Steve:
>>
>>Normally I do all the pieces normally but I followed your guidance:
>>
>>authconfig --enablenis ‹nisserver=(server.name.goes.here)
>>‹nisdomain=(mydomain) --update
>>
>>
>>As root, id on one of my test accounts worked.
>>As root, su on the same test account worked.
>>³nis² has indeed been through the /etc/nsswitch.conf file all along.
>>
>>Bill
>>
>>
>>
>>On 8/1/14, 14:51 MDT, "Steven Timm" <t...@fnal.gov> wrote:
>>
>>>did you go into the system setup utility and enable NIS authentication?
>>>(or use authconfig from the command line). That's the best way
>>>to ensure that PAM is configured correctly to use NIS and that's likely
>>>the problem.
>>>
>>>(does "id" on a yp user name work?)
>>>(does "su" to a yp user name work?)
>>>does "nis" appear in /etc/nsswitch.conf? (setup will do that).
>>>
>>>Steve Timm
>>>
>>>
>>>\On Fri, 1 Aug 2014, Capehart, William J wrote:
>>>
>>>>We are in the process of migrating to SL 6.5 from Mandriva and things
>>>>have
>>>>been manageable until (of course) today.
>>>>
>>>>The NIS server is still under Mandriva (yp-serve is 2.22, ypbind is
>>>>1.29.91)
>>>>
>>>>On the client to be in SL 6.5 the ypbind is 1.20.4.
>>>>
>>>>NIS works on the fellow Mandriva machine clients but when used on the
>>>>SL
>>>>machine
>>>>
>>>>The username and groups get carried over and match the uids
>>>>
>>>>ypcat gives the correct responses for the arguments passwd and groups
>>>>
>>>>BUT
>>>>
>>>>I get permission denied errors when logging in. (That is sort of a
>>>>deal
>>>>breaker).
>>>>
>>>>Beyond this point is there any troubleshooting advise here?
>>>>
>>>>Thanks Much,
>>>>Bill
--
Gilbert E. Detillieux E-mail: <gede...@cs.umanitoba.ca>
Dept. of Computer Science Web: http://www.cs.umanitoba.ca/~gedetil/
University of Manitoba Phone: (204)474-8161
Winnipeg MB CANADA R3T 2N2 Fax: (204)474-7609
