The nsswitch, ypwich and ypmatch lines match 1:1, There are only file and nis for the passwd entry on this list. Compat or nis+ isnšt there. Bill On 8/1/14, 16:02 MDT, "Steve Rikli" <[log in to unmask]> wrote: >If you believe you have the configs straight at this point, as initial >troubleshooting steps e.g. I would compare the outputs of these commands >on the working and non-working NIS client systems: > > grep ^passwd: /etc/nsswitch.conf > ypwhich > ypmatch NISuser passwd > >Your logs indicate password failure, and assuming you're typing the >same password correctly in both attempts, that implies the passwd map >entry for NISuser isn't correctly in-place on your failing NIS client. > >We don't see "error retrieving information about user NISuser" or >similar log message, which is an indicator the NIS passwd map is >available on your NIS client, but not the password itself. But we don't >yet know why. > >Perhaps a "+" or "compat" situation in /etc/passwd and nsswitch.conf? ></speculation> > >Cheers, >sr. > > >On Fri, Aug 01, 2014 at 09:46:56PM +0000, Capehart, William J wrote: >> >> I am using a login via ssh >> >> >> Here is the secure log material for my test USR >> >> Aug 1 21:26:20 <client> unix_chkpwd[6558]: password check failed for >>user >> (<NISuser>) >> Aug 1 21:26:20 <client> sshd[6556]: pam_unix(sshd:auth): authentication >> failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=<remote.host.name> >> user=jtorres >> Aug 1 21:26:22 <client> sshd[6556]: Failed password for <NISuser> from >> <remote.host.up.address> port 65500 ssh2 >> >> >> From a fellow Mandriva box the same request meets as follows. >> >> Aug 1 21:32:15 <client> sshd[7595]: Accepted password for <NISuser> from >> <remote.host.up.address> port 54278 ssh2 >> >> >> Passwords should be hashed. I am not using keberos (or at least I >>don???t >> think it???s in the mix). >> >> once again, despite what you see above the id command yield the correct >> uid and gid information for the test user >> >> Bill >> >> >> On 8/1/14, 15:20 MDT, "Steven Timm" <[log in to unmask]> wrote: >> >> >What login method is failing? Login from console? ssh? other? >> >does /var/log/secure give you anything as far as error messages? It >> >should. Is kerberos involved here or do you have hashed >> >passwords in the NIS map? >> > >> >Steve Timm >> > >> > >> > >> >On Fri, 1 Aug 2014, Capehart, William J wrote: >> > >> >>Steve: >> >> >> >>Normally I do all the pieces normally but I followed your guidance: >> >> >> >>authconfig --enablenis ???nisserver=(server.name.goes.here) >> >>???nisdomain=(mydomain) --update >> >> >> >> >> >>As root, id on one of my test accounts worked. >> >>As root, su on the same test account worked. >> >>??nis?? has indeed been through the /etc/nsswitch.conf file all along. >> >> >> >>Bill >> >> >> >> >> >> >> >>On 8/1/14, 14:51 MDT, "Steven Timm" <[log in to unmask]> wrote: >> >> >> >>>did you go into the system setup utility and enable NIS >>authentication? >> >>>(or use authconfig from the command line). That's the best way >> >>>to ensure that PAM is configured correctly to use NIS and that's >>likely >> >>>the problem. >> >>> >> >>>(does "id" on a yp user name work?) >> >>>(does "su" to a yp user name work?) >> >>>does "nis" appear in /etc/nsswitch.conf? (setup will do that). >> >>> >> >>>Steve Timm >> >>> >> >>> >> >>>\On Fri, 1 Aug 2014, Capehart, William J wrote: >> >>> >> >>>>We are in the process of migrating to SL 6.5 from Mandriva and >>things >> >>>>have >> >>>>been manageable until (of course) today. >> >>>> >> >>>>The NIS server is still under Mandriva (yp-serve is 2.22, ypbind is >> >>>>1.29.91) >> >>>> >> >>>>On the client to be in SL 6.5 the ypbind is 1.20.4. >> >>>> >> >>>>NIS works on the fellow Mandriva machine clients but when used on >>the >> >>>>SL >> >>>>machine >> >>>> >> >>>>The username and groups get carried over and match the uids >> >>>> >> >>>>ypcat gives the correct responses for the arguments passwd and >>groups >> >>>> >> >>>>BUT >> >>>> >> >>>>I get permission denied errors when logging in. (That is sort of a >> >>>>deal >> >>>>breaker). >> >>>> >> >>>>Beyond this point is there any troubleshooting advise here? >> >>>> >> >>>>Thanks Much, >> >>>>Bill >> >>>> >> >>>> >> >>>> >> >>>> >> >>>> >> >>> >> >>>------------------------------------------------------------------ >> >>>Steven C. Timm, Ph.D (630) 840-8525 >> >>>[log in to unmask] http://home.fnal.gov/~timm/ >> >>>Fermilab Scientific Computing Division, Scientific Computing Services >> >>>Quad. >> >>>Grid and Cloud Services Dept., Associate Dept. Head for Cloud >>Computing >> >> >> >> >> > >> >------------------------------------------------------------------ >> >Steven C. Timm, Ph.D (630) 840-8525 >> >[log in to unmask] http://home.fnal.gov/~timm/ >> >Fermilab Scientific Computing Division, Scientific Computing Services >> >Quad. >> >Grid and Cloud Services Dept., Associate Dept. Head for Cloud Computing >> >> >>