From owner-freebsd-questions@FreeBSD.ORG Fri Feb 18 04:58:59 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7C40316A4CE for ; Fri, 18 Feb 2005 04:58:59 +0000 (GMT) Received: from nuumen.pair.com (nuumen.pair.com [209.68.1.119]) by mx1.FreeBSD.org (Postfix) with SMTP id F19CA43D2F for ; Fri, 18 Feb 2005 04:58:58 +0000 (GMT) (envelope-from thuppi@nuumen.pair.com) Received: (qmail 50644 invoked by uid 55300); 18 Feb 2005 04:58:58 -0000 Date: Thu, 17 Feb 2005 23:58:58 -0500 (EST) From: Tom Huppi X-X-Sender: thuppi@nuumen.pair.com To: freebsd-questions@freebsd.org In-Reply-To: Message-ID: References: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Subject: Re: NIS login - argh! X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Feb 2005 04:58:59 -0000 Follow-up: No clear resolution. I believe that _perhaps_ the problem is, in part, that the NIS server is not serving master.passwd even though it claims to be (i.e., 'ypwhich -x' shows it.) Anyone know if that map needs to be distributed in order for 5.3-ish NIS clients to work? *NOTE* to those fighting these issues (and seeing this via google or some such...): There seems to be some sort of a bug which is tickled by this kind of fooling around. It manifests itself by setting the user's account expire time to 1969! This kept me occupied for _hours_ when I couldn't even get that user's account to let me log in when I made things complety local and unplugged the stupid machine from the network! Try: # chpass {user} to see what I mean. I'm functional now only by turning off NIS in /etc/nsswitch.conf and maintaining a local password entry :( It is worth note, however, that the $1$xxx style (md5) password hash from the Linux side _does_ work and is _not_ a problem. Thanks, - Tom On Thu, 17 Feb 2005, Tom Huppi wrote: > > I've never had much trouble getting NIS to work before. Can > anyone make any debugging suggestions? ... > > My machine: 5.3-STABLE (makeworld update from 5.1 orig circa early > Jan 05.) > > NIS actually seems to be working fine... > > gila# ypcat -k passwd | grep tomh > tomh tomh:$1$hZ...UK/:1012:500:Tom Huppi:/home/tomh:/bin/tcsh > > Also: > > - /etc/shells exists and has /bin/tcsh > - /bin/tcsh exists > - no other 'tomh' user or 1012 uid in local passwd file > - home dir automounts fine when I cd to it. > > I've tried various things with /etc/nsswitch.conf, and the latest > is: > > ... > group: compat > group_compat: nis > ... > passwd: compat > passwd_compat: nis > ... > > while I adjust my passwd file with 'vipw' making the last line: > +::::::::: > which generates an /etc/password tail of: > +:*::::: > (I've tried this w/ and w/o the '*') > with /etc/groups similar. > > I also tried > passwd: files nis > passwd_compat: > with and without the trailing +::... to no avail. > > Always I get a 'login incorrect' message and nothing of any real > interest in the /var/log/messages. Is there somewhere else to > look for debug? I tried fooling with /etc/pam.d/passwd (to turn > on debugging) but it had no effect which I could see. I'm really > not sure if I'm even using pam or what? > > It is interesting to note that I can generate another hash for > another user locally with the same password and I get a different > hash (which also starts out $1$ meaning MD5 I guess.) In fact, I > never get the same hash even when I use the same password it > seems?! > > The NIS server is a FreeBSD box, but I don't have access to see > what exactly (though I know it to be 5.x) It serves many > Fedora-II boxes just fine, and they have 'files nis' in their > nsswich.conf. > > I've also tried adding an entry in my local passwd file which is > identical to what is served out with no joy. > > I'm at my wits end here. I've x-checked all of the problems I > could find referenced in google searches. I see some references > about a 'gradual migration' to pam (specifically in the > /etc/auth.conf file), but I don't know what stage that is in, and > what it entails. If any one has any tips, ideas, or suggestions, > I'd love to hear them. > > Thanks, > > - Tom > > > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" >