URN Logo
UNIX Resources » Linux » Linux Forum » Gentoo Help » Page.11 » problems with NIS client
announcement The content of this page is collected from Linux Forum, All copyrights and other associated rights are reserved by the original authors of the articles.
Resources
China Linux Forum(finished)
Linux Forum(finished)
FreeBSD China(finished)
linuxforum.com
  LinuxForum General Chat
  Linux Advocacy
  LinuxForum Polls
  Introductions
  Linux Kernel Support
  Patch Management
  Development Release
  Linux Programming
  Linux Security
  Linux Software
  Linux Hardware Problems
    Linux Video Problems
    Linux Sound Problems
  Linux Networking Support
  Linux Printing Support
  Linux Human Interface Devices Support
  Linux Data Storage Support
  Linux Applications Support
  Linux Installation Support
  Linux Laptops Support
  Linux Motherboard, Chipsets, CPU, Memory
  Miscellaneous
  Debian Linux Support
  Ubuntu Linux Support
  LiveCD Discussions
  Gentoo Linux Support
  Mandrake Linux Support
  Redhat / Fedora Linux Support
  Slackware Linux Support
  SuSE Linux Support
  CentOS Linux Support
  Linux Web Servers
  Linux DNS Servers
  Linux Database Servers
  Linux Email Servers
  Linux FTP Servers
  Linux Squid Proxy Server
  Linux Samba Help
  Linux cPanel Help
  Linux Ensim Help
  Linux Plesk Help
  Linux Webmin / Usermin Help
  Qmail Toaster Help
  Linux Games
  Windows Game Emulation
  Linux Discussions
  General Linux Discussions
  Red Hat Linux Discussions
  More Red Hat Linux Discussions
  Mandrake Linux Discussions
  Slackware Linux Discussions
  SuSE Linux Discussions
  Debian Discussions
  Samba Help
  Linux Security
  Linux Networking
  Gentoo Help
  Operating System Rant Forum
  Hardware Rants
   
problems with NIS client
Subject: problems with NIS client
Author: David Guzman    Posted: 2005-06-17 20:46:31    Length: 3,720 byte(s)
[Original] [Print] [Top]
Hi everyone,
I have a complicated problem, that keeps me working and reading docs for 3
days. The situation comes next. I am implementing a small network in our
lab, I have a NIS server running on FreeBSD. In my everyday machine (an
AMD64) I have installed Gentoo Stage 1. The NIS client configuration is
giving me headaches. I cannot login, I got the following message in
/var/log/pwdfail/current

Jun 17 17:04:23 [login(pam_unix)] authentication failure;
logname= uid=0 euid=0 tty=/dev/vc/3 ruser= rhost= user=david
Jun 17 17:04:25 [login] FAILED LOGIN 1 FROM /dev/vc/3 FOR david,
Authentication failure

login is reading in etc/pam.d/login, which comes next:

#%PAM-1.0

auth requisite /lib/security/pam_unix.so nullok
auth required /lib/security/pam_securetty.so
auth required /lib/security/pam_stack.so service=system-auth
auth required /lib/security/pam_nologin.so

account required /lib/security/pam_unix.so audit
account required /lib/security/pam_stack.so service=system-auth

password required /lib/security/pam_unix.so nis
password required /lib/security/pam_stack.so service=system-auth

session required /lib/security/pam_unix.so
session required /lib/security/pam_stack.so service=system-auth

I did some NIS tests on the Gentoo box and I could obtain the NIS maps:
# ypcat -k netgroup
net_adm (,netadm,ypnet.xxxx.cl)
devel (,david,ypnet.xxxx.cl) (,felipe,ypnet.xxxx.cl)
term_adm (,termadm,ypnet.xxxx.cl)

# ypcat -k netgroup.byuser
felipe.ypnet.xxxx.cl devel
david.ypnet.xxxx.cl devel
netadm.ypnet.xxxx.cl net_adm
termadm.ypnet.xxxx.cl term_adm

Even,
# ypcat passwd
david:*:1001:1001:User &:/home/david:/bin/sh

The /etc/passwd /etc/shadow and /etc/group have the corresponding netgroup
markers:
+@devel:::::: (in passwd and shadow)
+:*:: (in group)

In the FreeBSD NIS machine I got no login error messages, like password
failed or user unknown. I guess that the login process is not calling NIS,
I am only doing local authentication. Here I don't know maybe is a problem
with PAM (version 0.78-r2) or portmap (or both). Here are my current
configuration files:

--] /etc/yp.conf
ypserver bsdnis.xxxx.cl
domain ypnet.xxxx.cl broadcast

--] /etc/nsswitch.conf
passwd: compat nis
shadow: compat nis
group: compat nis
hosts: files dns
networks: files dns
services: db files nis
protocols: nis [NOTFOUND=return] db files
rpc: nis [NOTFOUND=return] db files
ethers: db files nis
netmasks: files
netgroup: nis files
bootparams: files
automount: files
aliases: files

As a test I started ypbind from command line with debug option enabled. I
got the following messages:

# ypbind -debug
parsing config file
Trying entry: ypserver bsdnis.xxxx.cl
parsed ypserver bsdnis.xxxx.cl
add_server() domain: ypnet.xxxx.cl, host: bsdnis.xxxx.cl, slot: 0
Trying entry: domain ypnet.xxxx.cl broadcast
parsed domain 'ypnet.xxxx.cl' broadcast
add_server() domain: ypnet.xxxx.cl, broadcast
[Welcome to ypbind-mt, version 1.17.2]

ping host 'bsdnis.xxxx.cl', domain 'ypnet.xxxx.cl'
Answer for domain 'ypnet.xxxx.cl' from server 'bsdnis.xxxx.cl'
Pinging all active server.
Pinging all active server.
......

Any comments will be appreciated.
Thanks

             David

[Original] [Print] [Top]
Subject: problems with NIS client
Author: Arthur Hagen    Posted: 2005-06-18 01:39:34    Length: 3,334 byte(s)
[Original] [Print] [Top]
David Guzman [david_aaron@softhome.net] wrote:
QUOTE
Hi everyone,
I have a complicated problem, that keeps me working and reading docs
for 3 days. The situation comes next. I am implementing a small
network in our lab, I have a NIS server running on FreeBSD. In my
everyday machine (an AMD64) I have installed Gentoo Stage 1. The NIS
client configuration is giving me headaches. I cannot login, I got
the following message in /var/log/pwdfail/current

Jun 17 17:04:23 [login(pam_unix)] authentication failure;
logname= uid=0 euid=0 tty=/dev/vc/3 ruser= rhost= user=david
Jun 17 17:04:25 [login] FAILED LOGIN 1 FROM /dev/vc/3 FOR david,
Authentication failure

[chop]

Even,
# ypcat passwd
david:*:1001:1001:User &:/home/david:/bin/sh

There's your problem.  You need to merge passwd and shadow on the yp
server.

I'm not sure what kind of NIS server you're running on the BSD side, but
in Linux you would do this by editing /var/yp/Makefile and set
MERGE_PASSWD=true before running make target.

After doing this, ypcat passwd from the client should show something
like:

david:Ye0s19VL15D1z:1001:1001:User &:/home/david:/bin/sh

Yes, that defeats shadow security.  No, there's no way around it while
still using NIS for authentication.  NIS+ can do better, though, but
unless you have a Sun box as the server, chances are you won't have
NIS+.

QUOTE
Here are my current configuration files:

--] /etc/yp.conf
ypserver bsdnis.xxxx.cl
domain ypnet.xxxx.cl broadcast

--] /etc/nsswitch.conf
passwd: compat nis
shadow: compat nis
group: compat nis

Remove "nis" from these -- it doesn't make sense to have both.

QUOTE
hosts: files dns
networks: files dns
services: db files nis
protocols: nis [NOTFOUND=return] db files
rpc: nis [NOTFOUND=return] db files
ethers: db files nis

Remove the db entries unless you really have /var/db entries.  Most
systems won't have them, and referencing services that aren't available
will slow things down.

QUOTE
automount: files

Not sharing this through NIS?  Then you either have to manually add an
auto.master/auto.home combination to the client, or use a local
directory (which you have to manually create first, and assign to the
UID of the NIS user).

Regards,
--
*Art

[Original] [Print] [Top]
Subject: problems with NIS client
Author: David Guzman    Posted: 2005-06-21 21:25:46    Length: 2,840 byte(s)
[Original] [Print] [Top]
Hi,

Thanks for your post, I put my hands on the FreeBSD server again, the
problem was just what you wrote, I had to disable the shadowing stuff on
the BSD and make the maps UNSECURED in order to make it compatible to
non-BSD machines.

QUOTE
Even,
# ypcat passwd
david:*:1001:1001:User &:/home/david:/bin/sh

There's your problem.  You need to merge passwd and shadow on the yp
server.
Now I got the password hash :-D


QUOTE
david:Ye0s19VL15D1z:1001:1001:User &:/home/david:/bin/sh


QUOTE
Remove "nis" from these -- it doesn't make sense to have both.

hosts: files dns
networks: files dns
services: db files nis
protocols: nis [NOTFOUND=return] db files
rpc: nis [NOTFOUND=return] db files
ethers: db files nis

Remove the db entries unless you really have /var/db entries.  Most
systems won't have them, and referencing services that aren't available
will slow things down.

I am happy with logging with NIS, but now I can't use internet, I got
always the 'host not found... check the name...' stuff. The same for
sending emails... then I think I messed up my nsswitch.conf file... Am I
right?? It is because I inserted nis in the other fields too (hosts,
networks, services)???

QUOTE
automount: files

Not sharing this through NIS?  Then you either have to manually add an
auto.master/auto.home combination to the client, or use a local
directory (which you have to manually create first, and assign to the
UID of the NIS user).
I did it manually, adjusting it with the UIDs and GIDs


Thanks again... now to solve the host resolv problem


                    David

QUOTE

Regards,


[Original] [Print] [Top]
Subject: problems with NIS client
Author: Arthur Hagen    Posted: 2005-06-21 21:48:18    Length: 1,588 byte(s)
[Original] [Print] [Top]
David Guzman [david_aaron@softhome.net] wrote:
QUOTE

I am happy with logging with NIS, but now I can't use internet, I got
always the 'host not found... check the name...' stuff. The same for
sending emails... then I think I messed up my nsswitch.conf file...
Am I right?? It is because I inserted nis in the other fields too
(hosts, networks, services)???

Networks and services shouldn't matter much, but hosts need a fallback
mechanism.  I suggest the following:

hosts:      files dns nis

In other words, try /etc/hosts first, since it's fastest, then try dns,
and finally try nis.  That way, anything you add to the shared hosts
file on the NIS server will get picked up, but only as a last resort.

Other than that, make sure that domainname returns your NIS domain and
dnsdomainname returns your dns domain.  Also, make sure you have valid
entries in /etc/resolv.conf -- normally one line for "domain dom.ain"
and one to three lines with "nameserver 12.34.56.78".  There should be
only one of "domain" or "search", and "search" should not be used unless
there's more than one entry.  SuSE gets this wrong in the automated
setup (although it usually works ok despite of this).

Regards,
--
*Art

[Original] [Print] [Top]
« Previous thread
sbp2 drive errors
Gentoo Help
Page. 11
Next thread »
Gentoo on USB-HDD
     

Copyright © 2007 UNIX Resources Network, All Rights Reserved.      About URN | Privacy & Legal | Help | Contact us
Powered by FreeBSD    webmaster: webmaster@unixresources.net
This page created on 2007-08-01 13:18:21, cost 0.041458129882812 ms.