You mentioned you're using shadow passwd in your reply to Gilbert in
this thread -- what does that look like in each nsswitch.conf ?  I'd
expect it to be "files nis" as well, but it's a good thing to check.

Gilbert's other questions about shadow.byname et al NIS maps are also
good to check.  You can see all the NIS maps provided by the NIS server
with 'ypwhich -m'.

sr.


On Fri, Aug 01, 2014 at 11:07:35PM +0000, Capehart, William J wrote:
> The nsswitch, ypwich and ypmatch lines match 1:1,  There are only file and
> nis for the passwd entry on this list.  Compat or nis+ isn?t there.
> 
> Bill
> 
> 
> On 8/1/14, 16:02 MDT, "Steve Rikli" <[log in to unmask]> wrote:
> 
> >If you believe you have the configs straight at this point, as initial
> >troubleshooting steps e.g. I would compare the outputs of these commands
> >on the working and non-working NIS client systems:
> >
> >   grep ^passwd: /etc/nsswitch.conf
> >   ypwhich
> >   ypmatch NISuser passwd
> >
> >Your logs indicate password failure, and assuming you're typing the
> >same password correctly in both attempts, that implies the passwd map
> >entry for NISuser isn't correctly in-place on your failing NIS client.
> >
> >We don't see "error retrieving information about user NISuser" or
> >similar log message, which is an indicator the NIS passwd map is
> >available on your NIS client, but not the password itself.  But we don't
> >yet know why.
> >
> >Perhaps a "+" or "compat" situation in /etc/passwd and nsswitch.conf?
> ></speculation>
> >
> >Cheers,
> >sr.
> >
> >
> >On Fri, Aug 01, 2014 at 09:46:56PM +0000, Capehart, William J wrote:
> >> 
> >> I am using a login via ssh
> >> 
> >> 
> >> Here is the secure log material for my test USR
> >> 
> >> Aug 1 21:26:20 <client> unix_chkpwd[6558]: password check failed for
> >>user
> >> (<NISuser>)
> >> Aug 1 21:26:20 <client> sshd[6556]: pam_unix(sshd:auth): authentication
> >> failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=<remote.host.name>
> >> user=jtorres
> >> Aug 1 21:26:22 <client> sshd[6556]: Failed password for <NISuser> from
> >> <remote.host.up.address> port 65500 ssh2
> >> 
> >> 
> >> From a fellow Mandriva box the same request meets as follows.
> >> 
> >> Aug 1 21:32:15 <client> sshd[7595]: Accepted password for <NISuser> from
> >> <remote.host.up.address> port 54278 ssh2
> >> 
> >> 
> >> Passwords should be hashed. I am not using keberos (or at least I
> >>don???t
> >> think it???s in the mix).
> >> 
> >> once again, despite what you see above the id command yield the correct
> >> uid and gid information for the test user
> >> 
> >> Bill
> >> 
> >> 
> >> On 8/1/14, 15:20 MDT, "Steven Timm" <[log in to unmask]> wrote:
> >> 
> >> >What login method is failing? Login from console? ssh? other?
> >> >does /var/log/secure give you anything as far as error messages? It
> >> >should. Is kerberos involved here or do you have hashed
> >> >passwords in the NIS map?
> >> >
> >> >Steve Timm
> >> >
> >> >
> >> >
> >> >On Fri, 1 Aug 2014, Capehart, William J wrote:
> >> >
> >> >>Steve:
> >> >>
> >> >>Normally I do all the pieces normally but I followed your guidance:
> >> >>
> >> >>authconfig --enablenis ???nisserver=(server.name.goes.here)
> >> >>???nisdomain=(mydomain) --update
> >> >>
> >> >>
> >> >>As root, id on one of my test accounts worked.
> >> >>As root, su on the same test account worked.
> >> >>??nis?? has indeed been through the /etc/nsswitch.conf file all along.
> >> >>
> >> >>Bill
> >> >>
> >> >>
> >> >>
> >> >>On 8/1/14, 14:51 MDT, "Steven Timm" <[log in to unmask]> wrote:
> >> >>
> >> >>>did you go into the system setup utility and enable NIS
> >>authentication?
> >> >>>(or use authconfig from the command line). That's the best way
> >> >>>to ensure that PAM is configured correctly to use NIS and that's
> >>likely
> >> >>>the problem.
> >> >>>
> >> >>>(does "id" on a yp user name work?)
> >> >>>(does "su" to a yp user name work?)
> >> >>>does "nis" appear in /etc/nsswitch.conf? (setup will do that).
> >> >>>
> >> >>>Steve Timm
> >> >>>
> >> >>>
> >> >>>\On Fri, 1 Aug 2014, Capehart, William J wrote:
> >> >>>
> >> >>>>We are in the process of migrating to SL 6.5 from Mandriva and
> >>things
> >> >>>>have
> >> >>>>been manageable until (of course) today.
> >> >>>>
> >> >>>>The NIS server is still under Mandriva (yp-serve is 2.22, ypbind is
> >> >>>>1.29.91)
> >> >>>>
> >> >>>>On the client to be in SL 6.5 the ypbind is 1.20.4.
> >> >>>>
> >> >>>>NIS works on the fellow Mandriva machine clients but when used on
> >>the
> >> >>>>SL
> >> >>>>machine
> >> >>>>
> >> >>>>The username and groups get carried over and match the uids
> >> >>>>
> >> >>>>ypcat gives the correct responses for the arguments passwd and
> >>groups
> >> >>>>
> >> >>>>BUT
> >> >>>>
> >> >>>>I get permission denied errors when logging in. (That is sort of a
> >> >>>>deal
> >> >>>>breaker).
> >> >>>>
> >> >>>>Beyond this point is there any troubleshooting advise here?
> >> >>>>
> >> >>>>Thanks Much,
> >> >>>>Bill
> >> >>>>
> >> >>>>
> >> >>>>
> >> >>>>
> >> >>>>
> >> >>>
> >> >>>------------------------------------------------------------------
> >> >>>Steven C. Timm, Ph.D (630) 840-8525
> >> >>>[log in to unmask] http://home.fnal.gov/~timm/
> >> >>>Fermilab Scientific Computing Division, Scientific Computing Services
> >> >>>Quad.
> >> >>>Grid and Cloud Services Dept., Associate Dept. Head for Cloud
> >>Computing
> >> >>
> >> >>
> >> >
> >> >------------------------------------------------------------------
> >> >Steven C. Timm, Ph.D (630) 840-8525
> >> >[log in to unmask] http://home.fnal.gov/~timm/
> >> >Fermilab Scientific Computing Division, Scientific Computing Services
> >> >Quad.
> >> >Grid and Cloud Services Dept., Associate Dept. Head for Cloud Computing
> >> 
> >> 
> >>