Yes, they are both using shadow passwords. I am tempted to just let this
hang for two weeks until I get to the NIS machine and then do it from
scratch. If I just follow basic “muscle memory” on this I am a hoping
that if I "dance with you brung you” this may work? Is a SL to SL NIS
implementation giving anyone else misery? (That and the HTTPD server is
the only thing I have left to fix).
Bill
On 8/1/14, 16:14 MDT, "Gilbert E. Detillieux" <[log in to unmask]>
wrote:
>Do you have shadow passwords? Is there a difference in the way Mandriva
>handled those than how SL does? Are you generating a shadow.byname map,
>a passwd.adjunct.byname map, or both?
>
>The NIS code has some odd tweaks in it to implement shadow password
>support in ways that are backward-compatible with Solaris systems. I'm
>wondering if you're running into a problem with that?
>
>Gilbert
>
>On 01/08/2014 4:46 PM, Capehart, William J wrote:
>> I am using a login via ssh
>>
>>
>> Here is the secure log material for my test USR
>>
>> Aug 1 21:26:20 <client> unix_chkpwd[6558]: password check failed for
>>user
>> (<NISuser>)
>> Aug 1 21:26:20 <client> sshd[6556]: pam_unix(sshd:auth): authentication
>> failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=<remote.host.name>
>> user=jtorres
>> Aug 1 21:26:22 <client> sshd[6556]: Failed password for <NISuser> from
>> <remote.host.up.address> port 65500 ssh2
>>
>>
>> From a fellow Mandriva box the same request meets as follows.
>>
>> Aug 1 21:32:15 <client> sshd[7595]: Accepted password for <NISuser> from
>> <remote.host.up.address> port 54278 ssh2
>>
>>
>> Passwords should be hashed. I am not using keberos (or at least I don’t
>> think it’s in the mix).
>>
>> once again, despite what you see above the id command yield the correct
>> uid and gid information for the test user
>>
>> Bill
>>
>>
>> On 8/1/14, 15:20 MDT, "Steven Timm" <[log in to unmask]> wrote:
>>
>> >What login method is failing? Login from console? ssh? other?
>> >does /var/log/secure give you anything as far as error messages? It
>> >should. Is kerberos involved here or do you have hashed
>> >passwords in the NIS map?
>> >
>> >Steve Timm
>> >
>> >
>> >
>> >On Fri, 1 Aug 2014, Capehart, William J wrote:
>> >
>> >>Steve:
>> >>
>> >>Normally I do all the pieces normally but I followed your guidance:
>> >>
>> >>authconfig --enablenis ‹nisserver=(server.name.goes.here)
>> >>‹nisdomain=(mydomain) --update
>> >>
>> >>
>> >>As root, id on one of my test accounts worked.
>> >>As root, su on the same test account worked.
>> >>³nis² has indeed been through the /etc/nsswitch.conf file all along.
>> >>
>> >>Bill
>> >>
>> >>
>> >>
>> >>On 8/1/14, 14:51 MDT, "Steven Timm" <[log in to unmask]> wrote:
>> >>
>> >>>did you go into the system setup utility and enable NIS
>>authentication?
>> >>>(or use authconfig from the command line). That's the best way
>> >>>to ensure that PAM is configured correctly to use NIS and that's
>>likely
>> >>>the problem.
>> >>>
>> >>>(does "id" on a yp user name work?)
>> >>>(does "su" to a yp user name work?)
>> >>>does "nis" appear in /etc/nsswitch.conf? (setup will do that).
>> >>>
>> >>>Steve Timm
>> >>>
>> >>>
>> >>>\On Fri, 1 Aug 2014, Capehart, William J wrote:
>> >>>
>> >>>>We are in the process of migrating to SL 6.5 from Mandriva and
>>things
>> >>>>have
>> >>>>been manageable until (of course) today.
>> >>>>
>> >>>>The NIS server is still under Mandriva (yp-serve is 2.22, ypbind is
>> >>>>1.29.91)
>> >>>>
>> >>>>On the client to be in SL 6.5 the ypbind is 1.20.4.
>> >>>>
>> >>>>NIS works on the fellow Mandriva machine clients but when used on
>>the
>> >>>>SL
>> >>>>machine
>> >>>>
>> >>>>The username and groups get carried over and match the uids
>> >>>>
>> >>>>ypcat gives the correct responses for the arguments passwd and
>>groups
>> >>>>
>> >>>>BUT
>> >>>>
>> >>>>I get permission denied errors when logging in. (That is sort of a
>> >>>>deal
>> >>>>breaker).
>> >>>>
>> >>>>Beyond this point is there any troubleshooting advise here?
>> >>>>
>> >>>>Thanks Much,
>> >>>>Bill
>
>--
>Gilbert E. Detillieux E-mail: <[log in to unmask]>
>Dept. of Computer Science Web: http://www.cs.umanitoba.ca/~gedetil/
>University of Manitoba Phone: (204)474-8161
>Winnipeg MB CANADA R3T 2N2 Fax: (204)474-7609
|