Subject: | |
From: | |
Reply To: | Gilbert E. Detillieux |
Date: | Fri, 1 Aug 2014 17:14:14 -0500 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Do you have shadow passwords? Is there a difference in the way Mandriva
handled those than how SL does? Are you generating a shadow.byname map,
a passwd.adjunct.byname map, or both?
The NIS code has some odd tweaks in it to implement shadow password
support in ways that are backward-compatible with Solaris systems. I'm
wondering if you're running into a problem with that?
Gilbert
On 01/08/2014 4:46 PM, Capehart, William J wrote:
> I am using a login via ssh
>
>
> Here is the secure log material for my test USR
>
> Aug 1 21:26:20 <client> unix_chkpwd[6558]: password check failed for user
> (<NISuser>)
> Aug 1 21:26:20 <client> sshd[6556]: pam_unix(sshd:auth): authentication
> failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=<remote.host.name>
> user=jtorres
> Aug 1 21:26:22 <client> sshd[6556]: Failed password for <NISuser> from
> <remote.host.up.address> port 65500 ssh2
>
>
> From a fellow Mandriva box the same request meets as follows.
>
> Aug 1 21:32:15 <client> sshd[7595]: Accepted password for <NISuser> from
> <remote.host.up.address> port 54278 ssh2
>
>
> Passwords should be hashed. I am not using keberos (or at least I don’t
> think it’s in the mix).
>
> once again, despite what you see above the id command yield the correct
> uid and gid information for the test user
>
> Bill
>
>
> On 8/1/14, 15:20 MDT, "Steven Timm" <[log in to unmask]> wrote:
>
> >What login method is failing? Login from console? ssh? other?
> >does /var/log/secure give you anything as far as error messages? It
> >should. Is kerberos involved here or do you have hashed
> >passwords in the NIS map?
> >
> >Steve Timm
> >
> >
> >
> >On Fri, 1 Aug 2014, Capehart, William J wrote:
> >
> >>Steve:
> >>
> >>Normally I do all the pieces normally but I followed your guidance:
> >>
> >>authconfig --enablenis ‹nisserver=(server.name.goes.here)
> >>‹nisdomain=(mydomain) --update
> >>
> >>
> >>As root, id on one of my test accounts worked.
> >>As root, su on the same test account worked.
> >>³nis² has indeed been through the /etc/nsswitch.conf file all along.
> >>
> >>Bill
> >>
> >>
> >>
> >>On 8/1/14, 14:51 MDT, "Steven Timm" <[log in to unmask]> wrote:
> >>
> >>>did you go into the system setup utility and enable NIS authentication?
> >>>(or use authconfig from the command line). That's the best way
> >>>to ensure that PAM is configured correctly to use NIS and that's likely
> >>>the problem.
> >>>
> >>>(does "id" on a yp user name work?)
> >>>(does "su" to a yp user name work?)
> >>>does "nis" appear in /etc/nsswitch.conf? (setup will do that).
> >>>
> >>>Steve Timm
> >>>
> >>>
> >>>\On Fri, 1 Aug 2014, Capehart, William J wrote:
> >>>
> >>>>We are in the process of migrating to SL 6.5 from Mandriva and things
> >>>>have
> >>>>been manageable until (of course) today.
> >>>>
> >>>>The NIS server is still under Mandriva (yp-serve is 2.22, ypbind is
> >>>>1.29.91)
> >>>>
> >>>>On the client to be in SL 6.5 the ypbind is 1.20.4.
> >>>>
> >>>>NIS works on the fellow Mandriva machine clients but when used on the
> >>>>SL
> >>>>machine
> >>>>
> >>>>The username and groups get carried over and match the uids
> >>>>
> >>>>ypcat gives the correct responses for the arguments passwd and groups
> >>>>
> >>>>BUT
> >>>>
> >>>>I get permission denied errors when logging in. (That is sort of a
> >>>>deal
> >>>>breaker).
> >>>>
> >>>>Beyond this point is there any troubleshooting advise here?
> >>>>
> >>>>Thanks Much,
> >>>>Bill
--
Gilbert E. Detillieux E-mail: <[log in to unmask]>
Dept. of Computer Science Web: http://www.cs.umanitoba.ca/~gedetil/
University of Manitoba Phone: (204)474-8161
Winnipeg MB CANADA R3T 2N2 Fax: (204)474-7609
|
|
|