1745904 Members
4281 Online
108723 Solutions
New Discussion юеВ

NIS Problems on RHEL WS4

 
NPI
Occasional Advisor

NIS Problems on RHEL WS4

Hello,
We have a server running RHEL_WS4 that is configured as a NIS Slave. The problem on this server is that if ypbind is running, but the NIS master isn't reachable (for example when I get down the network interface on the slave), root can't login.
If ypbind is down the problem doesn't appear and root is free to login.


the order in the nsswitch.conf is
passwd: files nis
shadow: files nis
group: files nis


Moreover I've seen that if I put an incorrect password for root, it gives "incorrect login", while when we put the right password, we have a "timeout".


I think it's a pam problem...

Thanks for any help,
Filippo
6 REPLIES 6
Steven E. Protter
Exalted Contributor

Re: NIS Problems on RHEL WS4

Shalom,

Seems like a NIS configuration files. Check the conf files and try setting yppasswd on a user on the NIS slave.

Check the results of ypmake on the server.

Make sure basic ping and NIS_DOMAIN connectivity exists.

Check for local users in /etc/passwd that conflict with the NIS master.

You do not need to make pam.d changes to make NIS work.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
NPI
Occasional Advisor

Re: NIS Problems on RHEL WS4

I've another clue:

if in /etc/nsswitch.conf I delete the "nis" entry for "group" and "hosts", id est:

passwd: files nis
shadow: files nis
group: files

hosts: files dns


root can login even if the NIS MASTER is unreachable.


I'm not understanding...

Filippo
Craig Gilmore
Trusted Contributor

Re: NIS Problems on RHEL WS4

This is a Slave server, so it is probably bound to the master server.

With ypbind running, the login for root times out. Where is the meta escape character in the /etc/passwd file? It should be at the end, after all the local users. It sounds like the +:0:0:... entry is at the beginning of the /etc/passwd file, causing the NIS maps to be checked first. Make sure that the escape is after the root user.

Your further test of removing the nis reference for group also points to basic configuration problems.

Re: NIS Problems on RHEL WS4

Unless you are setting "passwd: compat" in /etc/nsswitch.conf, you should not need the "the +:0:0:... entry" in /etc/passwd at all.

I have seen issues with nscd and NIS. You might try stopping the nscd and see if the problem goes away.

- Alex
NPI
Occasional Advisor

Re: NIS Problems on RHEL WS4

we don't use compat in the nsswitch.conf file and we have nscd disabled at boot.
George Liu_4
Trusted Contributor

Re: NIS Problems on RHEL WS4

For RHEL4, there could be several things to prevent NIS working normally. You may check the following,

1. instead of edit the files manually, you may run system-config-authentication to config the authentication to use NIS

2. SELinux thing. You may disable SELinux to see it blocks the YP connection

3. IPTABLES, TC wrapper

4. In Pam, system-auth is notoriously causing problems.

5. Make sure yp database excludes root (uid 0). Default ypserv configuration should be good (>500)