No login for NIS user

English Install/Boot/Login
1

Picking up today’s post by gianfrus

Hi,

I’m experiencing the same problem with openSUSE Leap 15.3 as NIS client. Trying to autenticate as a NIS user, for example using su - <user>, fails with error:

su: user <user> does not exist or the user entry does not contain all the required fields

nevertheless the NIS client utilities (ypcat, ypwhich, ypmatch … etc.) works normally.
I was figured that could be a PAM related problem and this forum thread confirmed it to me. However the proposed solution, although good, is somewhat “quick and dirty”: it could be a not complete or final solution to the problem and the manual modification of a file under /etc/pam.d could be overwritten by other configuration scripts/utility, in particular pam-config.

I compared the content of /etc/pam.d between an installation of openSUSE 13.2 (where NIS authentication works) and openSUSE Leap 15.3 (where it doesn’t work).

In openSUSE 13.2 grep nis /etc/pam.d/* gives:

 /etc/pam.d/common-account:account    required    pam_unix.so    **nis** try_first_pass

/etc/pam.d/common-account-pc:account required pam_unix.so nis try_first_pass
/etc/pam.d/common-auth:# traditional Unix authentication mechanisms.
/etc/pam.d/common-auth:auth required pam_unix.so nis try_first_pass
/etc/pam.d/common-auth.pam-config-backup:# traditional Unix authentication mechanisms.
/etc/pam.d/common-auth-pc:# traditional Unix authentication mechanisms.
/etc/pam.d/common-auth-pc:auth required pam_unix.so nis try_first_pass
/etc/pam.d/common-password:password required pam_unix.so use_authtok nullok shadow nis try_first_pass
/etc/pam.d/common-password-pc:password required pam_unix.so use_authtok nullok shadow nis try_first_pass
/etc/pam.d/common-session:session required pam_unix.so nis try_first_pass
/etc/pam.d/common-session-pc:session required pam_unix.so nis try_first_pass

whilst in openSUSE Leap 15.3:

 /etc/pam.d/common-auth:# traditional Unix authentication mecha**nis**ms.

/etc/pam.d/common-auth.pam-config-backup:# traditional Unix authentication mechanisms.
/etc/pam.d/common-auth-pc:# traditional Unix authentication mechanisms.

so, in openSUSE Leap 15.3 PAM there is no track of NIS, but giving a look at pam-config man page one could find that it’s possible to give the command:

**pam-config -a --unix-nis**

that makes the configurations in /etc/pam.d almost identical and now the NIS authentication works.

I think that this have to be reported as a bug in the latest versions of the openSUSE distribution. Where could this bug be located? Perhaps in one of the following:

  • the YaST NIS-client module;
  • some post-install script in the NIS-client related packages;
  • the PAM default configuration maker script.

Bye.

2

@gianfrus:

Are you following the openSUSE NIS Client documentation?

Also, there’s the documentation related to the management of PAM – <https://doc.opensuse.org/documentation/leap/security/html/book-security/cha-pam.html>

3

@docurtisfra:

I’m pretty sure of having followed the correct procedure. The YaST NIS-client configuration is very simple and I’ve done it many times in the past.

However, I’am thinking to try an experiment on a second installation on a VM.

4

After some time I can confirm the existence of the problem, even with OpenSUSE 15.4:
after configured the NIS client through YaST the ypcat and the other yp* commands seems to work correctly, but any attempt to login as a NIS user doesn’t work. For example ‘su - user’ results in the error:

su: user <user> does not exist or the user entry does not contain all the required fields

It’s necessary to reboot the host (the NIS client) to get NIS authentication fully working. Perhaps there is some PAM stuff that needs to be reloaded, but it’s not clear what.

5

Then, an openSUSE Bug Report is needed – <https://bugzilla.opensuse.org/>
Same login credentials as those you’re using to access this Forum.

1 Like