LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices



Reply
 
Search this Thread
Old 10-14-2007, 07:34 PM   #1
outerspace
LQ Newbie
 
Registered: Oct 2007
Posts: 5

Rep: Reputation: 0
NIS: NIS running but users not able to log in with NIS credentials


(Fedora Core 7 machines)

Ok, so I've got a network set up with the following:

A1 - NIS master server
A2 - NIS slave server

C1,C2,... - Various NIS client machines

This issue is that NIS clients cannot authenticate against the NIS database. In other words, logging in to a client box over ssh is unsuccessful, with the following in /var/log/secure (some data replaced by brackets <>):
Quote:
<TIME> localhost sshd[17625]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh rus= rhost=<IP_1> user=<USER_1>
<TIME> localhost sshd[17625]: Failed password for <USER_1> from <IP_1> port 1345 ssh2
So, it's a standard auth failure message, nothing special here.
However, `ypcat passwd |grep USER_1` returns a different password hash than `ypmatch USER_1 passwd`.

ypcat passwd |grep USER_1:
Quote:
USER_1:<PASSWORD HASH A>:503:504::/home/USER_1:/bin/bash
ypmatch USER_1 passwd:
Quote:
USER_1:<PASSWORD HASH B>:503:504::/home/USER_1:/bin/bash
Running yppasswd to change the password (or changing the local user's password on A1 (NIS master) and running `cd /var/yp && make`) changes the password hash for ypcat but ypmatch remains the same.

I think this might be a clue to something, but I can't find anything on the internet specifically about this condition, so I'm asking here. Any tips? If there's more information you need just ask. Thanks.
 
Old 10-15-2007, 12:11 PM   #2
cjcox
Member
 
Registered: Jun 2004
Posts: 305

Rep: Reputation: 42
Although, it doesn't seem possible that this is a soln, try killing off your nscd on your client nis box and see if that helps.
 
Old 10-15-2007, 11:16 PM   #3
Micro420
Senior Member
 
Registered: Aug 2003
Location: Berkeley, CA
Distribution: Mac OS X Leopard 10.6.2, Windows 2003 Server/Vista/7/XP/2000/NT/98, Ubuntux64, CentOS4.8/5.4
Posts: 2,986

Rep: Reputation: 45
Did you make sure to run ypinit -m to sync the database to the clients? Did you make sure /etc/nsswitch is in the right order?
 
Old 10-17-2007, 09:51 AM   #4
outerspace
LQ Newbie
 
Registered: Oct 2007
Posts: 5

Original Poster
Rep: Reputation: 0
Thanks for the replies.

cj: NSCD is not running. AFAIK it wasn't a requirement for NIS, just an improvement/optimization. Is it req now?

Quote:
Originally Posted by Micro420 View Post
Did you make sure to run ypinit -m to sync the database to the clients? Did you make sure /etc/nsswitch is in the right order?
nsswitch.conf is in the right order. [nisplus nis files]. Also tried with 'compat'

`ypinit -m`, from all pages I can find on the topic, is deprecated (which is surprising to me, I recall using it). `cd /var/yp && make` is preferred. At any rate, my Fedora Core 7 boxes don't even have the `ypinit` command (although the man page for it still exists).

Either way, the output of `ypcat passwd` *is* updated when the NIS db is rebuilt. If I change the user's password via yppasswd *or* update the user's password in the NIS master server's /etc/passwd file (and then run /var/yp && make) the password hash that `ypcat passwd` outputs IS the correct password hash.

But the password hash output by `ypmatch` stays the old password hash, and in fact is not getting updated at all. I believe (based on no evidence) that when I'm trying to log into a box via SSH, the old hash is being used instead of the new one, and I'm trying to figure out what to do next if this is the case.

Any other thoughts?
 
  


Reply

Tags
nis


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
NIS-Problem - search for NIS-Guru or SuSE Profesional krischeu MEPIS 0 06-16-2005 08:21 AM
How to log users access to a NIS server? blur Linux - Networking 1 04-26-2004 08:00 AM
How to setup a Solaris NIS client while with a Linux NIS server? ntcm Solaris / OpenSolaris 1 03-31-2004 07:10 AM
How to setup a Solaris NIS client while with a Linux NIS server? ntcm Linux - General 1 03-31-2004 07:10 AM
nis client machine can't log in using nis username preetam Linux - Networking 0 02-09-2004 05:40 PM


All times are GMT -5. The time now is 07:37 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration