From Bugzilla Helper: User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; T312461) Description of problem: unable to rlogin, rsh, ssh, and telnet into the machine with NIS users. Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: 1. try to ssh, rlogin, rsh, or telnet into the machine. 2. 3. Actual Results: it asks for username and password again. Expected Results: A NIS user should have been able telnet, rsh, ssh, and rlogin into the box. Additional info: /var/log/messages shows: Apr 29 15:56:24 reddog sshd(pam_unix)[1351]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=ballad user=smaster Apr 29 15:56:33 reddog pam_rhosts_auth[1352]: denied to smaster@ballad as smaster: access not allowed Apr 29 15:56:36 reddog rlogin(pam_unix)[1352]: authentication failure; logname= uid=0 euid=0 tty=rlogin ruser=smaster rhost=ballad user=smaster Apr 29 15:56:38 reddog in.rlogind[1352]: PAM authentication failed for in.rlogind Apr 29 15:56:42 reddog login(pam_unix)[1353]: authentication failure; logname= uid=0 euid=0 tty=pts/1 ruser= rhost=ballad user=smaster Apr 29 15:56:44 reddog login[1353]: FAILED LOGIN 1 FROM ballad FOR smaster, Authentication failure Apr 29 15:56:46 reddog login(pam_unix)[1353]: auth could not identify password for [smaster] Apr 29 15:56:55 reddog pam_rhosts_auth[1354]: denied to smaster@ballad as smaster: access not allowed Apr 29 15:56:57 reddog rlogin(pam_unix)[1354]: authentication failure; logname= uid=0 euid=0 tty=rlogin ruser=smaster rhost=ballad user=smaster Apr 29 15:57:00 reddog in.rlogind[1354]: PAM authentication failed for in.rlogind Apr 29 15:57:44 reddog login(pam_unix)[1355]: auth could not identify password for [smaster] Apr 29 15:57:44 reddog login[1355]: FAILED LOGIN 1 FROM ballad FOR smaster, Authentication failure Apr 29 15:57:46 reddog login(pam_unix)[1355]: auth could not identify password for [smaster] Apr 29 15:57:52 reddog login(pam_unix)[1362]: authentication failure; logname= uid=0 euid=0 tty=pts/1 r user= rhost=ballad user=smaster Apr 29 15:57:55 reddog login[1362]: FAILED LOGIN 1 FROM ballad FOR smaster, Authentication failure # telnet reddog Trying 127.0.0.1... Connected to reddog. Escape character is '^]'. Red Hat Linux release 7.2 (Enigma) Kernel 2.4.7-10smp on an i686 login: smaster Password: Login incorrect login: smaster Password: Login incorrect login: Password: Login incorrect Connection closed by foreign host. # rsh reddog Password: Password: Login incorrect login: Password: Login incorrect rlogin: connection closed. # rlogin reddog Password: Password: Login incorrect login: Password: Login incorrect rlogin: connection closed.
You need to enable nis in /etc/nsswitch.conf
/etc/nsswitch.conf is as follows. passwd: files nis shadow: files nis group: files nis hosts: files nis dns bootparams: files ethers: files netmasks: files networks: files protocols: files nis rpc: files services: files nis netgroup: files nis #publickey: nisplus automount: aliases: files
Was NIS configured with authconfig or manually? Is the ypbind service enabled and running (/sbin/chkconfig ypbind on; /sbin/service ypbind restart)? What do "domainname" and "ypwhich" print? Is the client system able to see the contents of the server's passwd map (ypcat -k passwd)?
Additionally, was the system configured with a firewall? The default firewalling options block all UDP traffic, which stops all RPC-based services (like NIS) from working.
the system was not configured with a firewall, or atleast not in the installation process, but is there a way to check that post install? ypcat -k password works correctly If I am logged in as root on the console, I can su - jlevy for example and I will become the user and be in his homedir, we mount homedir from the fstab file instead of using automounter. Both are correct: # ypwhich ballad # domainname mtview.reasoning.com # cat yp.conf domain mtview.reasoning.com server 199.108.177.67 I removed some stuff from the listing, but left the important stuff # chkconfig --list netfs 0:off 1:off 2:off 3:on 4:on 5:on 6:off network 0:off 1:off 2:on 3:on 4:on 5:on 6:off random 0:off 1:off 2:on 3:on 4:on 5:on 6:off ipchains 0:off 1:off 2:off 3:off 4:off 5:on 6:off iptables 0:off 1:off 2:off 3:off 4:off 5:on 6:off portmap 0:off 1:off 2:off 3:on 4:on 5:on 6:off xinetd 0:off 1:off 2:off 3:on 4:on 5:on 6:off autofs 0:off 1:off 2:off 3:off 4:off 5:off 6:off nfs 0:off 1:off 2:off 3:off 4:off 5:off 6:off nfslock 0:off 1:off 2:off 3:on 4:on 5:on 6:off identd 0:off 1:off 2:off 3:off 4:off 5:off 6:off ypbind 0:off 1:off 2:off 3:on 4:on 5:on 6:off sshd 0:off 1:off 2:on 3:on 4:on 5:on 6:off rstatd 0:off 1:off 2:off 3:off 4:off 5:off 6:off rusersd 0:off 1:off 2:off 3:off 4:off 5:off 6:off vncserver 0:off 1:off 2:off 3:off 4:off 5:off 6:off xinetd based services: rexec: on rlogin: on rsh: on ntalk: on talk: on telnet: on
Does the second field of the user's entry in the NIS password table list the crypted password ( ypmatch smaster passwd | cut -f2 -d: ), or is there something else in the field? You can check your firewall settings by running "ipchains -L" (or "iptables -L", if your firewall was configured to use iptables instead of ipchains).
ypmatch smaster passwd does show the 2nd field encrypted passwd
Please double-check that the crypted field is correct. Run: python -c 'import crypt;print crypt.crypt("PASSWORD","SALT")' substituting the user's password for PASSWORD, and the value obtained from ypcat for SALT, and comparing the output to the value of the field. It should match exactly.
ok, it matches exactly
Have the PAM configuration files been modified from their defaults at all? Are NIS users able to log in at the system console?
no, the PAM stuff is from the default install. NIS users are not able to login in at console either. the only way in is ssh -l root <servername> from an other machine. But if Im logged in console as root, and su - jlevy which is a NIS user, I do get logged in as the user, with his environment, and his homedir.
Does the user's password have more than eight characters in it? If so, has the errata from http://www.redhat.com/support/errata/RHBA-2001-149.html (which itself updates http://www.redhat.com/support/errata/RHBA-2001-127.html) been applied?
well, that solved the problem! thanks, and I thought we were going to discover a bug. Now, how does a person normally get notified, receive, and update there machines with errata fixes?
Notifications for all errata go to redhat-watch-list, which you can subscribe to at https://listman.redhat.com/mailman/listinfo/redhat-watch-list; errata are also available via Red Hat Network (which you can sign up to use by running 'rhn_register') and the main web site at http://www.redhat.com/errata/. *** This bug has been marked as a duplicate of 54443 ***
I have followed above all steps. but I am not able to login with my user