NIS and automount authentication issue

If it doesn't fit in another category, ask it here.
Post Reply
luvdablus
Posts: 3
Joined: 2014/04/10 17:32:08

NIS and automount authentication issue

Post by luvdablus » 2014/04/10 18:12:35

Hello All,
This is going to be long winded, but necessary to get my point across, so apologies in advance.
I installed and configured CentOS 5.5 as my new NIS (Not my decision) master server, no slaves yet. A couple of caveats follow:
1. I created the maps from the passwd, shadow and my automount auto.sw file.
2. The home directories are shared to "/sw/userid" coming from a remote server that runs Solaris 10
Okay, The server is running and to test I set up a client also running CentOS. Since I did not include root in the maps, it authenticates locally because i read that root in an nis map is generally a no-no... I did open it up so root can directly login in case any issues. So, if I try to login as myself I get the following error from my /var/log/secure log:
Apr 10 13:53:33 ftwnis01-new sshd[5688]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.10.10.10 user=myself
Apr 10 13:53:35 ftwnis01-new sshd[5688]: Failed password for myself from 10.10.10.10 port 42859 ssh2
If I login as root and "su - myself" I can become myself and the automount creates my home directory with all my files there as expected.
It almost seems like it is trying to read the local shadow file where my id was taken out to use NIS maps. I'm attaching my nsswitch.conf :
--------------------------------------------------------------------------
passwd: files nis
shadow: files nis
group: files nis

#hosts: db files nisplus nis dns
hosts: files nis dns

# Example - obey only what nisplus tells us...
#services: nisplus [NOTFOUND=return] files
#networks: nisplus [NOTFOUND=return] files
#protocols: nisplus [NOTFOUND=return] files
#rpc: nisplus [NOTFOUND=return] files
#ethers: nisplus [NOTFOUND=return] files
#netmasks: nisplus [NOTFOUND=return] files

bootparams: nisplus [NOTFOUND=return] files

ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files

netgroup: files nis

publickey: nisplus

automount: files nis
aliases: files nisplus

sudoers: files ldap
--------------------------------------------------------------------------
Any help, hints or a vacation to Europe would be appreciated. I've been trying to fix this for over a week and my brain is fried.
Please let me know if I've left out pertinent information and I will get on the forum ASAP.

Thanks to everyone in advance,
Luvdablus

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: NIS and automount authentication issue

Post by TrevorH » 2014/04/10 18:45:13

Never used NIS so I cannot help with that but CentOS 5.5 is more than 2.5 years old and there have been numerous bugfixes and enhancements to it since then. Some are definitely related to security and need applying, others may help to fix any bugs that stop things working as they should. Your first step therefore should be to run `yum update` and get your system to 5.10 and reboot and try again.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

luvdablus
Posts: 3
Joined: 2014/04/10 17:32:08

Re: NIS and automount authentication issue

Post by luvdablus » 2014/04/11 14:59:20

Thanks for taking the time to look at my "cry for help"!
As per your advice I updated to CentOS 5.10, reset up everything the same and unfortunately I am getting the exact error.
I wonder if the passwd file in linux vs Solaris has different characters causing the perm denied... Hmmm... More to come.

Thank you TrevorH!
If I fix it I will post as stated above :-)

Cheers!

luvdablus
Posts: 3
Joined: 2014/04/10 17:32:08

Re: NIS and automount authentication issue - SOLVED

Post by luvdablus » 2014/04/11 15:49:22

Hello All,

I have solved the problem. The only thing that I didn't check was if there were any differences between the "Linux" and "Solaris" passwd files.
And the answer was YES! See example below with culprit characters highlighted in red:

xfs:x:43:43:X Font Server:/etc/X11/fs:/sbin/nologin
Linux
xfs:*:43:43:X Font Server:/etc/X11/fs:/sbin/nologin
Solaris

Once I changed the " * " to a " x " ran a make and viola! It works. Two weeks of wrestling with NIS. I'm ready to retire!

I hope this can help others with the same issue.

I have the NIS blues...

Cheers

Post Reply