LISTSERV - SCIENTIFIC-LINUX-USERS Archives

Yes, they are both using shadow passwords.  I am tempted to just let this
hang for two weeks until I get to the NIS machine and then do it from
scratch.  If I just follow basic “muscle memory” on this I am a hoping
that if I "dance with you brung you” this may work?  Is a SL to SL NIS
implementation giving anyone else misery?  (That and the HTTPD server is
the only thing I have left to fix).

Bill


On 8/1/14, 16:14 MDT, "Gilbert E. Detillieux" <[log in to unmask]>
wrote:

>Do you have shadow passwords?  Is there a difference in the way Mandriva
>handled those than how SL does?  Are you generating a shadow.byname map,
>a passwd.adjunct.byname map, or both?
>
>The NIS code has some odd tweaks in it to implement shadow password
>support in ways that are backward-compatible with Solaris systems.  I'm
>wondering if you're running into a problem with that?
>
>Gilbert
>
>On 01/08/2014 4:46 PM, Capehart, William J wrote:
>> I am using a login via ssh
>>
>>
>> Here is the secure log material for my test USR
>>
>> Aug 1 21:26:20 <client> unix_chkpwd[6558]: password check failed for
>>user
>> (<NISuser>)
>> Aug 1 21:26:20 <client> sshd[6556]: pam_unix(sshd:auth): authentication
>> failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=<remote.host.name>
>> user=jtorres
>> Aug 1 21:26:22 <client> sshd[6556]: Failed password for <NISuser> from
>> <remote.host.up.address> port 65500 ssh2
>>
>>
>>  From a fellow Mandriva box the same request meets as follows.
>>
>> Aug 1 21:32:15 <client> sshd[7595]: Accepted password for <NISuser> from
>> <remote.host.up.address> port 54278 ssh2
>>
>>
>> Passwords should be hashed. I am not using keberos (or at least I don’t
>> think it’s in the mix).
>>
>> once again, despite what you see above the id command yield the correct
>> uid and gid information for the test user
>>
>> Bill
>>
>>
>> On 8/1/14, 15:20 MDT, "Steven Timm" <[log in to unmask]> wrote:
>>
>>  >What login method is failing? Login from console? ssh? other?
>>  >does /var/log/secure give you anything as far as error messages? It
>>  >should. Is kerberos involved here or do you have hashed
>>  >passwords in the NIS map?
>>  >
>>  >Steve Timm
>>  >
>>  >
>>  >
>>  >On Fri, 1 Aug 2014, Capehart, William J wrote:
>>  >
>>  >>Steve:
>>  >>
>>  >>Normally I do all the pieces normally but I followed your guidance:
>>  >>
>>  >>authconfig --enablenis ‹nisserver=(server.name.goes.here)
>>  >>‹nisdomain=(mydomain) --update
>>  >>
>>  >>
>>  >>As root, id on one of my test accounts worked.
>>  >>As root, su on the same test account worked.
>>  >>³nis² has indeed been through the /etc/nsswitch.conf file all along.
>>  >>
>>  >>Bill
>>  >>
>>  >>
>>  >>
>>  >>On 8/1/14, 14:51 MDT, "Steven Timm" <[log in to unmask]> wrote:
>>  >>
>>  >>>did you go into the system setup utility and enable NIS
>>authentication?
>>  >>>(or use authconfig from the command line). That's the best way
>>  >>>to ensure that PAM is configured correctly to use NIS and that's
>>likely
>>  >>>the problem.
>>  >>>
>>  >>>(does "id" on a yp user name work?)
>>  >>>(does "su" to a yp user name work?)
>>  >>>does "nis" appear in /etc/nsswitch.conf? (setup will do that).
>>  >>>
>>  >>>Steve Timm
>>  >>>
>>  >>>
>>  >>>\On Fri, 1 Aug 2014, Capehart, William J wrote:
>>  >>>
>>  >>>>We are in the process of migrating to SL 6.5 from Mandriva and
>>things
>>  >>>>have
>>  >>>>been manageable until (of course) today.
>>  >>>>
>>  >>>>The NIS server is still under Mandriva (yp-serve is 2.22, ypbind is
>>  >>>>1.29.91)
>>  >>>>
>>  >>>>On the client to be in SL 6.5 the ypbind is 1.20.4.
>>  >>>>
>>  >>>>NIS works on the fellow Mandriva machine clients but when used on
>>the
>>  >>>>SL
>>  >>>>machine
>>  >>>>
>>  >>>>The username and groups get carried over and match the uids
>>  >>>>
>>  >>>>ypcat gives the correct responses for the arguments passwd and
>>groups
>>  >>>>
>>  >>>>BUT
>>  >>>>
>>  >>>>I get permission denied errors when logging in. (That is sort of a
>>  >>>>deal
>>  >>>>breaker).
>>  >>>>
>>  >>>>Beyond this point is there any troubleshooting advise here?
>>  >>>>
>>  >>>>Thanks Much,
>>  >>>>Bill
>
>-- 
>Gilbert E. Detillieux		E-mail:	<[log in to unmask]>
>Dept. of Computer Science	Web:	http://www.cs.umanitoba.ca/~gedetil/
>University of Manitoba		Phone:	(204)474-8161
>Winnipeg MB CANADA  R3T 2N2	Fax:	(204)474-7609