LISTSERV - SCIENTIFIC-LINUX-USERS Archives

SCIENTIFIC-LINUX-USERS Archives

August 2014

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-USERS Home
	SCIENTIFIC-LINUX-USERS August 2014

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: NIS Problems in Migrating to SL
From:	"Capehart, William J" <[log in to unmask]>
Reply To:	Capehart, William J
Date:	Fri, 1 Aug 2014 23:07:35 +0000
Content-Type:	text/plain
Parts/Attachments:	text/plain (168 lines)

The nsswitch, ypwich and ypmatch lines match 1:1,  There are only file and
nis for the passwd entry on this list.  Compat or nis+ isn¹t there.

Bill


On 8/1/14, 16:02 MDT, "Steve Rikli" <[log in to unmask]> wrote:

>If you believe you have the configs straight at this point, as initial
>troubleshooting steps e.g. I would compare the outputs of these commands
>on the working and non-working NIS client systems:
>
>   grep ^passwd: /etc/nsswitch.conf
>   ypwhich
>   ypmatch NISuser passwd
>
>Your logs indicate password failure, and assuming you're typing the
>same password correctly in both attempts, that implies the passwd map
>entry for NISuser isn't correctly in-place on your failing NIS client.
>
>We don't see "error retrieving information about user NISuser" or
>similar log message, which is an indicator the NIS passwd map is
>available on your NIS client, but not the password itself.  But we don't
>yet know why.
>
>Perhaps a "+" or "compat" situation in /etc/passwd and nsswitch.conf?
></speculation>
>
>Cheers,
>sr.
>
>
>On Fri, Aug 01, 2014 at 09:46:56PM +0000, Capehart, William J wrote:
>> 
>> I am using a login via ssh
>> 
>> 
>> Here is the secure log material for my test USR
>> 
>> Aug 1 21:26:20 <client> unix_chkpwd[6558]: password check failed for
>>user
>> (<NISuser>)
>> Aug 1 21:26:20 <client> sshd[6556]: pam_unix(sshd:auth): authentication
>> failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=<remote.host.name>
>> user=jtorres
>> Aug 1 21:26:22 <client> sshd[6556]: Failed password for <NISuser> from
>> <remote.host.up.address> port 65500 ssh2
>> 
>> 
>> From a fellow Mandriva box the same request meets as follows.
>> 
>> Aug 1 21:32:15 <client> sshd[7595]: Accepted password for <NISuser> from
>> <remote.host.up.address> port 54278 ssh2
>> 
>> 
>> Passwords should be hashed. I am not using keberos (or at least I
>>don???t
>> think it???s in the mix).
>> 
>> once again, despite what you see above the id command yield the correct
>> uid and gid information for the test user
>> 
>> Bill
>> 
>> 
>> On 8/1/14, 15:20 MDT, "Steven Timm" <[log in to unmask]> wrote:
>> 
>> >What login method is failing? Login from console? ssh? other?
>> >does /var/log/secure give you anything as far as error messages? It
>> >should. Is kerberos involved here or do you have hashed
>> >passwords in the NIS map?
>> >
>> >Steve Timm
>> >
>> >
>> >
>> >On Fri, 1 Aug 2014, Capehart, William J wrote:
>> >
>> >>Steve:
>> >>
>> >>Normally I do all the pieces normally but I followed your guidance:
>> >>
>> >>authconfig --enablenis ???nisserver=(server.name.goes.here)
>> >>???nisdomain=(mydomain) --update
>> >>
>> >>
>> >>As root, id on one of my test accounts worked.
>> >>As root, su on the same test account worked.
>> >>??nis?? has indeed been through the /etc/nsswitch.conf file all along.
>> >>
>> >>Bill
>> >>
>> >>
>> >>
>> >>On 8/1/14, 14:51 MDT, "Steven Timm" <[log in to unmask]> wrote:
>> >>
>> >>>did you go into the system setup utility and enable NIS
>>authentication?
>> >>>(or use authconfig from the command line). That's the best way
>> >>>to ensure that PAM is configured correctly to use NIS and that's
>>likely
>> >>>the problem.
>> >>>
>> >>>(does "id" on a yp user name work?)
>> >>>(does "su" to a yp user name work?)
>> >>>does "nis" appear in /etc/nsswitch.conf? (setup will do that).
>> >>>
>> >>>Steve Timm
>> >>>
>> >>>
>> >>>\On Fri, 1 Aug 2014, Capehart, William J wrote:
>> >>>
>> >>>>We are in the process of migrating to SL 6.5 from Mandriva and
>>things
>> >>>>have
>> >>>>been manageable until (of course) today.
>> >>>>
>> >>>>The NIS server is still under Mandriva (yp-serve is 2.22, ypbind is
>> >>>>1.29.91)
>> >>>>
>> >>>>On the client to be in SL 6.5 the ypbind is 1.20.4.
>> >>>>
>> >>>>NIS works on the fellow Mandriva machine clients but when used on
>>the
>> >>>>SL
>> >>>>machine
>> >>>>
>> >>>>The username and groups get carried over and match the uids
>> >>>>
>> >>>>ypcat gives the correct responses for the arguments passwd and
>>groups
>> >>>>
>> >>>>BUT
>> >>>>
>> >>>>I get permission denied errors when logging in. (That is sort of a
>> >>>>deal
>> >>>>breaker).
>> >>>>
>> >>>>Beyond this point is there any troubleshooting advise here?
>> >>>>
>> >>>>Thanks Much,
>> >>>>Bill
>> >>>>
>> >>>>
>> >>>>
>> >>>>
>> >>>>
>> >>>
>> >>>------------------------------------------------------------------
>> >>>Steven C. Timm, Ph.D (630) 840-8525
>> >>>[log in to unmask] http://home.fnal.gov/~timm/
>> >>>Fermilab Scientific Computing Division, Scientific Computing Services
>> >>>Quad.
>> >>>Grid and Cloud Services Dept., Associate Dept. Head for Cloud
>>Computing
>> >>
>> >>
>> >
>> >------------------------------------------------------------------
>> >Steven C. Timm, Ph.D (630) 840-8525
>> >[log in to unmask] http://home.fnal.gov/~timm/
>> >Fermilab Scientific Computing Division, Scientific Computing Services
>> >Quad.
>> >Grid and Cloud Services Dept., Associate Dept. Head for Cloud Computing
>> 
>> 
>>

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV