System Administration

NIS Users can't login, prompt shows tftp

 
SOLVED
Go to solution
Bob Hoyle
Advisor

NIS Users can't login, prompt shows tftp

Our administrator was using sam to set up a printer. He says that he didn't do much but what happens now on affected computer is:

1. root user can log in OK
2. Other users that log in (NIS authentication on another Workstation) get TFTP prompt instead of csh prompt.
3. rlogins from other computers to affected machine get same TFTP prompt
4. Locally-created user that doesn't use NIS off of remote computer work properly.

Help!

-- Bob
12 REPLIES 12
Larry Reinhart
Advisor
Solution

Re: NIS Users can't login, prompt shows tftp

Hi Bob,

Check you nis maps to see if they are corrupt, especially the password map. Use ypcat passwd. I've seen this happen before when maps get pushed.

Have a great HP day!
Larry
A. Clay Stephenson
Acclaimed Contributor

Re: NIS Users can't login, prompt shows tftp

The first thing that I would do is a ypcat passwd to see if the passwd map is really clobbered. Look at all the entries carefully. Next, I would examine /etc/inetd.conf to make sure that the rlogin (and probably telnet entries are ok). If both telnet and rlogin are behaving badly then almost certainly you have a bad passwd map.
If it ain't broke, I can fix that.
Bob Hoyle
Advisor

Re: NIS Users can't login, prompt shows tftp

Will look into this. Thanks a bunch.
Bob Hoyle
Advisor

Re: NIS Users can't login, prompt shows tftp

We noticed that on the affected system (running 10.20, BTW) /etc/passwd has the following entry at the end:
+::-2:0:::tftp:*:510:1:Trivial FTP user:/usr/tftpdir:false

The /etc/passwd file on our other systems (running 11.00 or 11.11) show only:
++::-2:0:::

When we edit the /etc/passwd file on the affected system so that it looks like our other systems, it goes back to looking like the first version. There must be some daemon somewhere re-setting it back.
Larry Reinhart
Advisor

Re: NIS Users can't login, prompt shows tftp

Hi again Bob,

Curious. A few weird questions:
1. Do you have any cron jobs that push out a password file?
2. Do you have some security program watching the passwd file?
3. When you fixed the file how long till it was changed? (i.e. can you see any pattern to the change?)
4. If you delete those two entries and put them back in does it happen again?
5. Do you have some unprintable character in the passwd file? (Do a cat -v /etc/passwd | more and pay close attention to those lines)

Have a happy HP day!
Larry
A. Clay Stephenson
Acclaimed Contributor

Re: NIS Users can't login, prompt shows tftp

You've found the problem but rather than suspecting a daemon I would look for a malicious user. Make sure that the passwd file has 644 permissions and is owned by root.
If it ain't broke, I can fix that.
Bob Hoyle
Advisor

Re: NIS Users can't login, prompt shows tftp

Sorry, we were trying to edit the passwd file too quickly and didn't notice that it said "read-only" so once changed with "chmod" and edited and saved properly, we seem to be back in business.

Now, for the big points, how did this entry end up like this at the end of the passwd file in the first place?
Bob Hoyle
Advisor

Re: NIS Users can't login, prompt shows tftp

In other words, there are no malicious users here only stupid ones!
S.K. Chan
Honored Contributor

Re: NIS Users can't login, prompt shows tftp

In addition to others ..
It's a good practice to run password checker after everytime a password file is modified just to make sure the syntax is correct.
# man pwck
for details.