Results 1 to 3 of 3

Thread: No login for NIS user

  1. #1
    Join Date
    Feb 2010
    Location
    Germany
    Posts
    4,843

    Default No login for NIS user

    Picking up today's post by gianfrus
    Hi,

    I'm experiencing the same problem with openSUSE Leap 15.3 as NIS client. Trying to autenticate as a NIS user, for example using su - <user>, fails with error:
    Code:
    su: user <user> does not exist or the user entry does not contain all the required fields
    nevertheless the NIS client utilities (ypcat, ypwhich, ypmatch ... etc.) works normally.
    I was figured that could be a PAM related problem and this forum thread confirmed it to me. However the proposed solution, although good, is somewhat "quick and dirty": it could be a not complete or final solution to the problem and the manual modification of a file under /etc/pam.d could be overwritten by other configuration scripts/utility, in particular pam-config.

    I compared the content of /etc/pam.d between an installation of openSUSE 13.2 (where NIS authentication works) and openSUSE Leap 15.3 (where it doesn't work).

    In openSUSE 13.2 grep nis /etc/pam.d/* gives:
    Code:
         /etc/pam.d/common-account:account    required    pam_unix.so    nis try_first_pass 
    /etc/pam.d/common-account-pc:account    required    pam_unix.so    nis try_first_pass 
    /etc/pam.d/common-auth:# traditional Unix authentication mechanisms.
    /etc/pam.d/common-auth:auth    required    pam_unix.so    nis try_first_pass 
    /etc/pam.d/common-auth.pam-config-backup:# traditional Unix authentication mechanisms.
    /etc/pam.d/common-auth-pc:# traditional Unix authentication mechanisms.
    /etc/pam.d/common-auth-pc:auth    required    pam_unix.so    nis try_first_pass 
    /etc/pam.d/common-password:password    required    pam_unix.so    use_authtok nullok shadow nis try_first_pass 
    /etc/pam.d/common-password-pc:password    required    pam_unix.so    use_authtok nullok shadow nis try_first_pass 
    /etc/pam.d/common-session:session    required    pam_unix.so    nis try_first_pass 
    /etc/pam.d/common-session-pc:session    required    pam_unix.so    nis try_first_pass
    whilst in openSUSE Leap 15.3:
    Code:
         /etc/pam.d/common-auth:# traditional Unix authentication mechanisms.
    /etc/pam.d/common-auth.pam-config-backup:# traditional Unix authentication mechanisms.
    /etc/pam.d/common-auth-pc:# traditional Unix authentication mechanisms.
    so, in openSUSE Leap 15.3 PAM there is no track of NIS, but giving a look at pam-config man page one could find that it's possible to give the command:
    Code:
    pam-config -a --unix-nis
    that makes the configurations in /etc/pam.d almost identical and now the NIS authentication works.

    I think that this have to be reported as a bug in the latest versions of the openSUSE distribution. Where could this bug be located? Perhaps in one of the following:

    • the YaST NIS-client module;
    • some post-install script in the NIS-client related packages;
    • the PAM default configuration maker script.


    Bye.

  2. #2
    Join Date
    Feb 2010
    Location
    Germany
    Posts
    4,843

    Question Re: No login for NIS user

    @gianfrus:

    Are you following the openSUSE NIS Client documentation?

    Also, there's the documentation related to the management of PAM – <https://doc.opensuse.org/documentati...y/cha-pam.html>

  3. #3
    Join Date
    Jun 2015
    Location
    Rome, Italy
    Posts
    6

    Default Re: No login for NIS user

    @docurtisfra:

    I'm pretty sure of having followed the correct procedure. The YaST NIS-client configuration is very simple and I've done it many times in the past.

    However, I'am thinking to try an experiment on a second installation on a VM.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •