Picking up today’s post by gianfrus –
Hi,
I’m experiencing the same problem with openSUSE Leap 15.3 as NIS client. Trying to autenticate as a NIS user, for example using su - <user>, fails with error:
su: user <user> does not exist or the user entry does not contain all the required fields
nevertheless the NIS client utilities (ypcat, ypwhich, ypmatch … etc.) works normally.
I was figured that could be a PAM related problem and this forum thread confirmed it to me. However the proposed solution, although good, is somewhat “quick and dirty”: it could be a not complete or final solution to the problem and the manual modification of a file under /etc/pam.d could be overwritten by other configuration scripts/utility, in particular pam-config.
I compared the content of /etc/pam.d between an installation of openSUSE 13.2 (where NIS authentication works) and openSUSE Leap 15.3 (where it doesn’t work).
In openSUSE 13.2 grep nis /etc/pam.d/* gives:
/etc/pam.d/common-account:account required pam_unix.so **nis** try_first_pass
/etc/pam.d/common-account-pc:account required pam_unix.so nis try_first_pass
/etc/pam.d/common-auth:# traditional Unix authentication mechanisms.
/etc/pam.d/common-auth:auth required pam_unix.so nis try_first_pass
/etc/pam.d/common-auth.pam-config-backup:# traditional Unix authentication mechanisms.
/etc/pam.d/common-auth-pc:# traditional Unix authentication mechanisms.
/etc/pam.d/common-auth-pc:auth required pam_unix.so nis try_first_pass
/etc/pam.d/common-password:password required pam_unix.so use_authtok nullok shadow nis try_first_pass
/etc/pam.d/common-password-pc:password required pam_unix.so use_authtok nullok shadow nis try_first_pass
/etc/pam.d/common-session:session required pam_unix.so nis try_first_pass
/etc/pam.d/common-session-pc:session required pam_unix.so nis try_first_pass
whilst in openSUSE Leap 15.3:
/etc/pam.d/common-auth:# traditional Unix authentication mecha**nis**ms.
/etc/pam.d/common-auth.pam-config-backup:# traditional Unix authentication mechanisms.
/etc/pam.d/common-auth-pc:# traditional Unix authentication mechanisms.
so, in openSUSE Leap 15.3 PAM there is no track of NIS, but giving a look at pam-config man page one could find that it’s possible to give the command:
**pam-config -a --unix-nis**
that makes the configurations in /etc/pam.d almost identical and now the NIS authentication works.
I think that this have to be reported as a bug in the latest versions of the openSUSE distribution. Where could this bug be located? Perhaps in one of the following:
- the YaST NIS-client module;
- some post-install script in the NIS-client related packages;
- the PAM default configuration maker script.
Bye.