Date: Thu, 17 Feb 2005 23:58:58 -0500 (EST) From: Tom Huppi <thuppi@huppi.com> To: freebsd-questions@freebsd.org Subject: Re: NIS login - argh! Message-ID: <Pine.BSF.4.58.0502172346420.47068@nuumen.pair.com> In-Reply-To: <Pine.BSF.4.58.0502170744500.27109@nuumen.pair.com> References: <Pine.BSF.4.58.0502170744500.27109@nuumen.pair.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Follow-up:
No clear resolution. I believe that _perhaps_ the problem is, in
part, that the NIS server is not serving master.passwd even though
it claims to be (i.e., 'ypwhich -x' shows it.) Anyone know if
that map needs to be distributed in order for 5.3-ish NIS clients
to work?
*NOTE* to those fighting these issues (and seeing this via google
or some such...): There seems to be some sort of a bug which is
tickled by this kind of fooling around. It manifests itself by
setting the user's account expire time to 1969! This kept me
occupied for _hours_ when I couldn't even get that user's account
to let me log in when I made things complety local and unplugged
the stupid machine from the network!
Try: # chpass {user} to see what I mean.
I'm functional now only by turning off NIS in /etc/nsswitch.conf
and maintaining a local password entry :( It is worth note,
however, that the $1$xxx style (md5) password hash from the Linux
side _does_ work and is _not_ a problem.
Thanks,
- Tom
On Thu, 17 Feb 2005, Tom Huppi wrote:
>
> I've never had much trouble getting NIS to work before. Can
> anyone make any debugging suggestions? ...
>
> My machine: 5.3-STABLE (makeworld update from 5.1 orig circa early
> Jan 05.)
>
> NIS actually seems to be working fine...
>
> gila# ypcat -k passwd | grep tomh
> tomh tomh:$1$hZ...UK/:1012:500:Tom Huppi:/home/tomh:/bin/tcsh
>
> Also:
>
> - /etc/shells exists and has /bin/tcsh
> - /bin/tcsh exists
> - no other 'tomh' user or 1012 uid in local passwd file
> - home dir automounts fine when I cd to it.
>
> I've tried various things with /etc/nsswitch.conf, and the latest
> is:
>
> ...
> group: compat
> group_compat: nis
> ...
> passwd: compat
> passwd_compat: nis
> ...
>
> while I adjust my passwd file with 'vipw' making the last line:
> +:::::::::
> which generates an /etc/password tail of:
> +:*:::::
> (I've tried this w/ and w/o the '*')
> with /etc/groups similar.
>
> I also tried
> passwd: files nis
> passwd_compat:
> with and without the trailing +::... to no avail.
>
> Always I get a 'login incorrect' message and nothing of any real
> interest in the /var/log/messages. Is there somewhere else to
> look for debug? I tried fooling with /etc/pam.d/passwd (to turn
> on debugging) but it had no effect which I could see. I'm really
> not sure if I'm even using pam or what?
>
> It is interesting to note that I can generate another hash for
> another user locally with the same password and I get a different
> hash (which also starts out $1$ meaning MD5 I guess.) In fact, I
> never get the same hash even when I use the same password it
> seems?!
>
> The NIS server is a FreeBSD box, but I don't have access to see
> what exactly (though I know it to be 5.x) It serves many
> Fedora-II boxes just fine, and they have 'files nis' in their
> nsswich.conf.
>
> I've also tried adding an entry in my local passwd file which is
> identical to what is served out with no joy.
>
> I'm at my wits end here. I've x-checked all of the problems I
> could find referenced in google searches. I see some references
> about a 'gradual migration' to pam (specifically in the
> /etc/auth.conf file), but I don't know what stage that is in, and
> what it entails. If any one has any tips, ideas, or suggestions,
> I'd love to hear them.
>
> Thanks,
>
> - Tom
>
>
>
>
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.58.0502172346420.47068>