LinuxQuestions.org - Big Problem with nis: can't log in!

- Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)

- - Big Problem with nis: can't log in! (https://www.linuxquestions.org/questions/linux-networking-3/big-problem-with-nis-cant-log-in-330771/)

Big Problem with nis: can't log in!

Hi!

I have a really big and strange problem. I set up a new server with Suse 9.2 prof.. The server is also a NIS-Server and NIS ist working. I copied the entrys in passwd and group from the old to the new server and I can log in to every machine (being IRIX, HPUX, AIX, Solaris, other Linuxes).

But if I create a new account I can't log in to it! I don't get any error message, it's just ignored! Logging in local to the server ist no problem, ypcat passwd shows the right entry and everything looks fine.

Please help me, I really don't know what to do any more. :-(

Greeting, rot

Not a suse user so don't know what the useradd/adduser script does; but for NIS after a user is added to the server it is necessary to cd /var/yp and make (as root) to generate new passwd/shadow files.

why dont you try pushing the data from old server to the new one and then sync them

I did a make in /var/yp, the correct entry is shown by "ypcat passwd"! But nevertheless I can't login to new accounts, also if I create the account manualy.

can u provide some tit-bits of your file configuration. Hope it wuld help in getting the problem fixed

@bramhastra: The problem is, that I need a new account. The old accounts transfered to the new server work fine. Of course I can create the new account on the old server, but should I always do so? This is not really a solution, only a workaround...
And what are "tit-bits". Sorry, but I'm not very often writing to forums where I need so speak english.

well what i meant is that if you could provide some information about the configuration file if wuld give us some help sorting the problem

Ok, I try to provide everything that could be important...

My /etc/ypserv.conf

Code:

dns: no



# The following, when uncommented,  will give you shadow like passwords.

# Note that it will not work if you have slave NIS servers in your

# network that do not run the same server as you.



# Host                      : Map              : Security  : Passwd_mangle

#

192.168.98.                  : * : * :none

192.168.99.                  : * : * :none

192.168.100.                  : * : * : none

my /var/yp/Makefile (extracts, not the whole file)

Code:

#

# Makefile for the NIS databases



# Set the following variable to "-b" to have NIS servers use the domain

# name resolver for hosts not in the current domain. This is only needed,

# if you have SunOS slave YP server, which gets here maps from this

# server. The NYS YP server will ignore the YP_INTERDOMAIN key.

#B=-b

B=



# If we have only one server, we don't have to push the maps to the

# slave servers (NOPUSH=true). If you have slave servers, change this

# to "NOPUSH=false" and put all hostnames of your slave servers in the file

# /var/yp/ypservers.

NOPUSH=true



# We do not put password entries with lower UIDs (the root and system

# entries) in the NIS password database, for security. MINUID is the

# lowest uid that will be included in the password maps. If you

# create shadow maps, the UserID for a shadow entry is taken from

# the passwd file. If no entry is found, this shadow entry is

# ignored.

# MINGID is the lowest gid that will be included in the group maps.

MINUID=0

MINGID=0



# Should we merge the passwd file with the shadow file ?

# MERGE_PASSWD=true|false

MERGE_PASSWD=true



# Should we merge the group file with the gshadow file ?

# We don't support /etc/gshadow anymore, so we don't can merge it.

# MERGE_GROUP=true|false

MERGE_GROUP=false



# These are commands which this Makefile needs to properly rebuild the

# NIS databases. Don't change these unless you have a good reason.

AWK = /usr/bin/gawk

MAKE = /usr/bin/gmake

UMASK = umask 066



#

# These are the source directories for the NIS files; normally

# that is /etc but you may want to move the source for the password

# and group files to (for example) /var/yp/ypfiles. The directory

# for passwd, group and shadow is defined by YPPWDDIR, the rest is

# taken from YPSRCDIR.

#

YPSRCDIR = /etc

YPPWDDIR = $(shell . /etc/sysconfig/ypserv; echo $$YPPWD_SRCDIR)

YPBINDIR = /usr/lib/yp

YPSBINDIR = /usr/sbin

YPDIR = /var/yp

YPMAPDIR = $(YPDIR)/$(DOMAIN)



# These are the files from which the NIS databases are built. You may edit

# these to taste in the event that you wish to keep your NIS source files

# seperate from your NIS server's actual configuration files.

#

GROUP      = $(YPPWDDIR)/group

PASSWD      = $(YPPWDDIR)/passwd

SHADOW      = $(YPPWDDIR)/shadow

GSHADOW    = $(YPPWDDIR)/gshadow

ADJUNCT    = $(YPPWDDIR)/passwd.adjunct

#ALIASES    = $(YPSRCDIR)/aliases  # aliases could be in /etc or /etc/mail

ALIASES    = /etc/aliases

ETHERS      = $(YPSRCDIR)/ethers    # ethernet addresses (for rarpd)

BOOTPARAMS  = $(YPSRCDIR)/bootparams # for booting Sun boxes (bootparamd)

HOSTS      = $(YPSRCDIR)/hosts

NETWORKS    = $(YPSRCDIR)/networks

PRINTCAP    = $(YPSRCDIR)/printcap

PROTOCOLS  = $(YPSRCDIR)/protocols

PUBLICKEYS  = $(YPSRCDIR)/publickey

RPC        = $(YPSRCDIR)/rpc

SERVICES    = $(YPSRCDIR)/services

NETGROUP    = $(YPSRCDIR)/netgroup

NETID      = $(YPSRCDIR)/netid

AMD_HOME    = $(YPSRCDIR)/amd.home

AUTO_MASTER = $(YPSRCDIR)/auto.master

AUTO_HOME  = $(YPSRCDIR)/auto.home

AUTO_LOCAL  = $(YPSRCDIR)/auto.local

TIMEZONE    = $(YPSRCDIR)/timezone

LOCALE      = $(YPSRCDIR)/locale

NETMASKS    = $(YPSRCDIR)/netmasks



YPSERVERS = $(YPDIR)/ypservers  # List of all NIS servers for a domain



target: Makefile

        @test ! -d $(LOCALDOMAIN) && mkdir $(LOCALDOMAIN) ; \

        cd $(LOCALDOMAIN)  ; \

        $(NOPUSH) || $(MAKE) -f ../Makefile ypservers; \

        $(MAKE) -f ../Makefile all



# If you don't want some of these maps built, feel free to comment

# them out from this list.



#all:  passwd group hosts rpc services netid protocols netgrp mail \

#      shadow publickey # networks ethers bootparams printcap \

        # amd.home auto.master auto.home auto.local passwd.adjunct \

        # timezone locale netmasks

all: group passwd shadow netgroup





########################################################################

#                                                                      #

#  DON'T EDIT ANYTHING BELOW IF YOU DON'T KNOW WHAT YOU ARE DOING !!!  #

#                                                                      #

########################################################################

...

ypcat output from my Linuxbox (old user ist working, new one not):

old:HpU44GMT/9PEI:530:30:old user:/home/users/old:/bin/tcsh
new:9q/a8KNHXbfMY:515:30:new user:/home/users/new:/bin/tcsh

/etc/passwd on server

old:x:530:30:old user:/home/users/old:/bin/tcsh
new:x:515:30:new user:/home/users/new:/bin/tcsh

/etc/shadow on server

old:HpU44GMT/9PEI:12451:0:10000::::
new:9q/a8KNHXbfMY:10000:0:10000::::

I think, that are the important things, if I missed something, just ask for it.
:newbie:

make nopush as false and then use the command ypinit -m to trace the result

Also have you checked for the value NISSERVER=

Mmh, nopush=false is only needed, if I have slave servers, but I don't have any.

Where should the value NISSERVER= be found?

What I simply can't understand: Why are the old entrys working, while the new accounts don't?

well it is contended in /etc/inet/nis.conf file

ok now tell me one thing are the old one and new one both connected. Do they have the same domain name or different

have you checked out this

Ok, the file /etc/inet/nis.conf doesn't exist on Suse? At least I can't find it...

The new server is connected to the same domain etc, and everything ist working fine. At least until I tried to create a new account. I get the error message:

old@aldea~:su - new
Password:
su: incorrect password

But the password I typed is correct, I tried several times and it is not very complex. ;) This happens on every workstation, on the server everything is fine.

Perhaps something with the encoding of the password from the new account or somethin like that? :confused:

this seems to be a authentication problem.
What you say is local login working fine on server but the remote login does not work. have you checked nsswitch and krb file

Yes, that's correct. But also old nis accounts work on remote machines. nsswitch is ok (else the old accounts wouldn't work, too).
krb is not really in use and I don't know how to work with that. configs are all standard-suse and should not be the problem, should they?