Hello,

I have setup an NIS Server on Red Hat Linux along with a dozen or so clients which are all working fine. Any attempts to login with a nis user from one particular client though, does not work.

From that client
- "ypmatch nisuser passwd" returns a valid result.
- "getent passwd" returns a list of local user and nis users.

However,
- "getent passwd nisuser" does not return anything.

I thought this might be due to a misconfiguration in my /etc/nsswitch.conf file. However, it is identical to other client machines that are working. Contents of the nsswitch.conf are (i've excluded all comments)

passwd: files nis
shadow: files nis
group: files nis
hosts: files dns nis
bootparams: files
ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files
netgroup: files
publickey: files
automount: files
aliases: files

I'm stuck! Any help would be greatly appreciated!

Cheers,
Garth

Hate to have to say this (since this is 2010) - but use LDAP and ditch NIS.

But if you're determined to use NIS, check you're passwd file - don't you need like a + entry or something at the end there?

Can you provide output from "authconfig --test" - or better yet check this between a working and the broken client and show any differences?

Sorry if I'm a little fuzzy, it's been a long time since I've managed a NIS server (just to rub it in there - I can't help it :P).

- Arch

Thanks for the response Arch. Without digressing too much, suffice to say I need to get nis working for this client pc.

If i run an authconfig --test between the client that doesn't work and another client on the same kernel, the results are identical.

For this particular implementation of nis I do not believe a + is needed. I could be wrong. However, I'm not sure if the absence of a + would explain why things work on all clients except for one.

- Garth

getent passwd | grep nisuser shows the nis user whereas getent passwd nisuser doesn't?

Other tools (`id`) on nisuser also fail?

Um, are you running nscd and does behaviour change if you stop it?

Not sure what else to suggest... Usually if getent passwd is good, nsswitch and everything else is fine.

- Arch

Hi Arch,

thats right. "getent passwd | grep nisuser" returns the username in question. "getent passwd nisuser" doesnt.

id nisuser returns "no such user"

the good news is, after restarting nscd, everything now works as expected. I am assuming the restart cleared the daemons cache.

Thanks for the tip, much appreciated!

- Garth

I know this is a very old thread, but restarting nscd helped fix the same problem for me! (Yes, I'm maintaining an ancient environment.)

Also, below is to help others searching. Everything worked on both my NIS servers, but not clients. Clients were previously functional before domain was split and renamed.

[client]# su - <nisuser>
su: user <nisuser> does not exist

[client]# id <nisuser>
id: <nisuser>: No such user

[client]# yptest -u <nisuser>
(works)

[client]# ypcat passwd | grep <nisuser>
(valid results)

[client]# getent passwd <nisuser>
(no results)

[otherhost]> ssh <nisuser>@client
(rejected pw)
/var/log/messages on client contains:
<date> <host> sshd[<pid>]: Invalid user <nisuser> from <otherhost>
<date> <host> sshd[<pid>]: error: PAM: User not known to the underlying authentication module for illegal user <nisuser> from <nis master>