[Techtalk] NIS: Solaris 8 server, RH 8 client -- authentication not working
Malcolm Tredinnick
malcolm at commsecure.com.au
Fri Oct 25 08:31:21 EST 2002
On Thu, Oct 24, 2002 at 04:07:15PM -0400, caitlynmaire at earthlink.net wrote:
> OK, I'm doing something simple and stupid wrong, but... I can't get
> NIS authentication to work on RH 8. I'll admit I've only done NIS on
> Solaris (with Irix clients), so this is all new to me. Oh, and yeah,
> I read the HOWTO and did everything suggested.
The HOWTO (if it's the NIS HOWTO you pulled off the web) is actually a
bit out of date and, while not saying anything that is strictly false,
parts of it are unnecessary.
> -shadow passwords are off (yuck!)
Not necessary (if you want to remove the "yuck"). I help administer a
medium-size NIS system at work and shadow passwords are on everywhere.
> -NIS client is binding to the NIS server -- no errors there at bootup
> -nis is in the appropriate places in the /etc/nsswitch.conf file (can provide the text if anyone wants to see it)
> -/etc/yp.conf file:
>
> #
> domain <MYDOMAIN> server <nisserver fqdn>
>
> -+:::::: added to /etc/passwd file
>
> -/etc/pam.d/login file <needs to be tightened up later>
>
> #%PAM-1.0
> auth requisite /lib/security/pam_unix.so
> auth required /lib/security/pam_securetty.so
> auth required /lib/security/pam_nologin.so
> account required /lib/security/pam_unix.so
> password required /lib/security/pam_pwcheck.so nullok
> password required /lib/security/pam_unix.so nullok use_first_pass use_authtok
> session required /lib/security/pam_unix.so
> session required /lib/security/pam_limits.so
> session optional /lib/security/pam_console.so
>
> If I try to do a ypcat hosts or ypcat passwd it tells me it can't bind
> to the server it seemed to bind to fine at boot time. I don't get it.
There is a way to get the server to report debugging messages as well
(via syslog). I'll ferret that out.
> I'm not even worrying about automounting home directories yet. The
> necessary home directories for testing exist. I first want to get my
> Linux box talking to my Solaris box.
I'll have a poke around a bit later (once I've waded through the morning
email and attended to the work that seems to have accumulated overnight)
and compare various files.
However, just as a data point, I did get NIS working on a
Red Hat 8.0 machine yesterday without any trouble, so there's nothing
magical that needs doing with respect to earlier Red Hat versions (there
_was_ a subtle breakage when talking between Red Hat 7.0 servers and 7.3
clients, just to prove it doesn't always go smoothly).
Malcolm
--
"Very funny, Scotty. Now beam down my clothes."
More information about the Techtalk
mailing list