I thought I'd ask one more time to see if anyone has any information on making SuSE Linux work with a standard NIS server before I give up and go back to FreeBSD...
-----Original Message----- From: Glen Campbell [mailto:glen@broadpool.com] Sent: Friday, July 26, 2002 11:10 AM To: suse-security@suse.com Subject: [suse-security] FreeBSD NIS Server + SuSE Linux Client
I hope this is the correct list for this question. Since it has to do with login and authentication, I thought "security" was the closest match I could find. I've been browsing the SuSE list archives for a week (along with everything else I could find on Google) with no success. I'm seriously losing my hair over this.
I have recently installed SuSE Linux 8.0 on two separate machines. My other machines at home are both running FreeBSD (4.6-STABLE). They are the NIS master and slave servers, respectively.
I have used YAST2 to initiate an "NIS Client" on the Linux boxes. Ypbind and ypwhich are both running successfully and returning proper information. I can "finger" all of the NIS users and I can ypcat passwd, master.passwd, etc. However, I cannot login with an NIS user. I have turned "debug" on in security/pam_unix2.conf, and here is the
Jul 26 09:44:25 horace sshd[1449]: pam_unix2: pam_sm_authenticate() called Jul 26 09:44:25 horace sshd[1449]: pam_unix2: username=[glen] Jul 26 09:44:25 horace sshd[1449]: pam_unix2: wrong password, return PAM_AUTH_ERR Jul 26 09:44:25 horace sshd[1449]: Failed password for glen from ::1 port 32772 ssh2
In this case, it's from sshd, but I get the same results from login and kdm as well.
Here's what "ypcat passwd" returns (just a sample):
stephen:*:1013:1001:Stephen XXXX:/home/stephen:/bin/tcsh tpecot:*:1016:1001:XXXX Pecot:/home/tpecot:/bin/tcsh
Here's what "ypcat master.passwd.byname" returns (again, a sample):
stephen:$1$z2wACRkf$camGYsMF6OTjTL41gNSCX0:1013:1001::0:0:Stephen XXXX:/home/stephen:/bin/tcsh tpecot:$1$P3lvmuTE$RRuEzWjhxwwmMOwv0DzvN.:1016:1001::0:0:XXXX Pecot:/home/tpecot:/bin/tcsh
(1) it has been suggested that the MD5 encryption used in the FreeBSD password file is causing the problem. However, I have been able to cut a password from the BSD password file into the Linux password file and it worked just fine (for a local user). I don't think that's the problem.
(2) The BSD password file has "*" in the second field, which indicates the password is stored in master.passwd. SuSE Linux uses an "x" in the second field to indicate that the password is stored in /etc/shadow. Could this be the source of the conflict? If so, how do I configure SuSE to recognize the "*" instead of the "x"?
(3) Beyond this, I'm at a total loss. I really have no idea how to debug or fix this. I hate to have to set the Linux box as a standalone machine because it does not support NIS.
Thanks in advance for your help,
Glen Campbell
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here