NIS failed for one user on one NIS client - strange problem resolved
First let me say, I inherited this shop. NIS is working fine... and has for years with one exception...
One user named jpeters (not really ... just made that up) couldn't ssh into the network but she only had problems ssh'ing into one server named frodo (nis client). Other users were / are able to ssh into frodo so I know the daemon is running. (I saw the other thread that sounds exactly like my problem - but the solution didn't make sense because I don't have any other domains. Oh and I do *not* have sldap running anywhere.)
When jpeters ssh'd into frodo it failed: "permission denied."
Jpeters can, however, ssh into all the other NIS client servers. On the problem box, frodo, if I:
# ypmatch jpeters passwd
frodo returns the info stored on the NIS Master (gandalf). I verified this from several other servers too. All are pointing to the NIS master.
Then I discover that jpeters also has a local user account on frodo. I deleted (userdel) her from the local users on frodo.
While this *did* successfully remove her record from frodo's local /etc/passwd file it didn't remover her from the /etc/group
Question 1: Shouldn't userdel have removed her group entry?
So I then used vi to manually remover her from frodo's /etc/group
But, still, she couldn't ssh into frodo and I'm tempted to tell her to STOP trying to ssh into frodo ..., but then I noticed that, unlike the users that are successful at ssh'ing into frodo, user jpeters belonged to several groups including "wheel." So I changed this in the /etc/groups on the NIS master server so she no longer belongs to the wheel group.
She still could't ssh into frodo though.
I then ssh'd into frodo as root. and as root I su'd to jpeters:
# su - jpeters
# yppasswd
but now something is different - I'm jpeters now and I when I entered jpeters password to authenticate the password request change, NIS *did* recognized her password!
I then changed the password and the changes were successful. jpeters can now ssh from all the servers including frodo.
Question 2: Do you think that taking jpeters out of the wheel group resolved the problem? Or did I just forget to make or restart or rebind something...
In trying to troubleshoot this problem I've learned a great deal but I'm also confused because as I said, NIS is working yet many of the things that people in the forum said to check aren't there for example:
# ypcat ypservers
returns nothing
Question 3) how can this work if ypcat servers returns nothing?
Question 4) why does my passwd file on the nis server contain encrypted password for some users? Most have x in the password field but a few have gobbledgook. All the users that I have personally added appear this way. What am I doing wrong? And how do I fix it?
TIA
|