Can't update NIS+ credentials (chkey -p)
Mauricio Brigato
mauricio at bit.fmrp.usp.br
Wed Aug 28 04:31:57 EST 2002
---------- Forwarded message ----------
Date: Tue, 27 Aug 2002 15:29:44 -0300 (EST)
From: Mauricio Brigato <mauricio at bit.fmrp.usp.br>
To: Scott Croft <secroft at micron.com>
Subject: RE: su - <user-of-master> on box-nis+ got ok ! (fwd)
On my test box I've got a problem like that:
- when I try to change NIS+ passwd with nispasswd,
I can't do it. Before, I did do it, but now,
I don't know why can't make it.
So I tried a different way:
I made on root master a nisspasswd <user-of-linux>.
The nis told me to make a login with new passwd
and keylogin with old passwd. I did it, but
without success. I've got the message on client:
"rpc.nispasswd not running on <myserver-solaris-8> ?
I checked out my server: /usr/sbin/rpc.nisd -Y
was running ok.
Then I made a remote login (ssh), keylogin with old passwd, ok,
but when I made a chkey -p, I've got a error on that:
"chkey: Unable to decrypt secret key for unix.1001@<my.domain.>",
or be, I can't update my credentials on server.
So, I went to take a look at NIS+ server (solaris 8).
rpc.nisd was running with -Y option (compatibility mode),
cause I still have a NIS server running for while.
I killed it and restarted it whith -YBAv option for logging
the actions.
Despite that, with the same trials, I couldn't do that.
Do you know what's wrong with my NIS+ environment?
Thanks in advance.
Mauricio.
On 22 Aug 2002, Scott Croft wrote:
> Date: 22 Aug 2002 14:07:51 -0600
> From: Scott Croft <secroft at micron.com>
> To: Mauricio Brigato <mauricio at gordon.fmrp.usp.br>
> Subject: RE: su - <user-of-master> on box-nis+ got ok ! (fwd)
>
> I didn't see anything out of the ordinary. In the one e-mail I saw from
> you, it looks like you got a directory mounted and it was a permissions
> issue.
>
> What problems are you still seeing?
>
> Scott
>
>
> On Thu, 2002-08-22 at 14:04, Mauricio Brigato wrote:
> > This message uses a character set that is not supported by the Internet=
Service. To view the original message content, open the attached message=
=2E If the text doesn't display correctly, save the attachment to disk, and=
then open it using a viewer that can display the original character set. <=
<message.txt>>
> > ----
> >
>
> > Received: from mail-srv2.micron.com ([137.201.97.134]) by ntexchange01.=
micron.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.=
2653.13)
> > =09id Q6R616Q9; Thu, 22 Aug 2002 14:02:54 -0600
> > Received: from mail-srv2.micron.com (localhost [127.0.0.1])
> > =09by mail-srv2.micron.com (8.11.1/8.11.1) with ESMTP id g7MK2sA22863
> > =09for <secroft at ntexchange01>; Thu, 22 Aug 2002 14:02:54 -0600 (MDT)
> > Received: from jade.micron.com (jade.micron.com [137.201.240.22])
> > =09by mail-srv2.micron.com (8.11.1/8.11.1) with SMTP id g7MK2sv22853
> > =09for <secroft at micron.com>; Thu, 22 Aug 2002 14:02:54 -0600 (MDT)
> > Received: from gordon.fmrp.usp.br (gordon.fmrp.usp.br [143.107.223.151]=
)
> > =09by jade.micron.com (8.12.2/8.12.2) with SMTP id g7MK4SCt027258
> > =09for <secroft at micron.com>; Thu, 22 Aug 2002 14:04:29 -0600 (MDT)
> > Received: from gordon.fmrp.usp.br (gordon.fmrp.usp.br [143.107.223.151]=
)
> > =09by gordon.fmrp.usp.br (8.11.6+Sun/8.11.6) with ESMTP id g7MK4HQ03361
> > =09for <secroft at micron.com>; Thu, 22 Aug 2002 17:04:17 -0300 (EST)
> > Date: Thu, 22 Aug 2002 17:04:17 -0300 (EST)
> > From: Mauricio Brigato <mauricio at gordon.fmrp.usp.br>
> > X-X-Sender: <mauricio at gordon.fmrp.usp.br>
> > To: <secroft at micron.com>
> > Subject: RE: su - <user-of-master> on box-nis+ got ok ! (fwd)
> > Message-ID: <Pine.GSO.4.33.0208221702190.3242-100000 at gordon.fmrp.usp.br=
>
> > MIME-Version: 1.0
> > Content-Type: TEXT/PLAIN; charset=3DX-UNKNOWN
> > Content-Transfer-Encoding: QUOTED-PRINTABLE
> > X-MTFilter-%I%: jade
> > X-MTHubFilter-1.6: mail-srv2
> >
> > Sorry for asking it ...
> > But, did you see something about
> > the last conversation we had?
> > Did you receive the three files I sent?
> >
> > Thanks,
> >
> > -------------------------------------------------------------
> > Mauricio Brigato
> > Analista de Sistemas - Suporte BIT - BioInformatic Team
> > Funda=3DE7=3DE3o Hemocentro de Ribeir=3DE3o Preto
> > Fone: +55 16 3963-9300 Fax: +55 16 3963-9309
> > E-mail: mauricio at bit.fmrp.usp.br
> > Homepage: http://bit.fmrp.usp.br/
> > -------------------------------------------------------------
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > ---------- Forwarded message ----------
> > Date: Tue, 20 Aug 2002 12:06:26 -0300 (EST)
> > From: Mauricio Brigato <mauricio at bit.fmrp.usp.br>
> > To: Scott Croft <secroft at micron.com>
> > Cc: Mauricio Brigato <mauricio at gordon.fmrp.usp.br>,
> > Lista de discussao do nisplus <linux-nisplus at lists.samba.org>
> > Subject: RE: su - <user-of-master> on box-nis+ got ok !
> >
> >
> > On 20 Aug 2002, Scott Croft wrote:
> >
> > > Date: 20 Aug 2002 08:40:54 -0600
> > > From: Scott Croft <secroft at micron.com>
> > > To: Mauricio Brigato <mauricio at gordon.fmrp.usp.br>
> > > Cc: Lista de discussao do nisplus <linux-nisplus at lists.samba.org>
> > > Subject: RE: su - <user-of-master> on box-nis+ got ok !
> > >
> > > So on to another thing to look at. Have you done a keylogin on the
> > > client? i.e. has the secret key for root on the client been set? That
> > > should not affect another user logging in, but it is something to che=
ck.
> > Yes, I've done a keylogin on client (with root).
> >
> > >
> > > Please attach the following files so we all can look at them.
> > >
> > > nsswitch.conf
> > > /etc/pam.d/login
> > > /etc/pam.d/system-auth
> > >
> > I'll send them in next mail.
> >
> > Thank you.
> > Mauricio.
> >
> > > You may have a typo that you're not catching and we may see something=
to
> > > help you out.
> > >
> > > Scott
> > >
> > >
> > > On Tue, 2002-08-20 at 08:37, Mauricio Brigato wrote:
> > > > This message uses a character set that is not supported by the Inte=
rnet=3D
> > Service. To view the original message content, open the attached mes=
sage=3D
> > =3D2E If the text doesn't display correctly, save the attachment to dis=
k, and=3D
> > then open it using a viewer that can display the original character se=
t. <=3D
> > <message.txt>>
> > > > ----
> > > >
> > >
> > > > Received: from mail-srv2.micron.com ([137.201.97.134]) by ntexchang=
e01.=3D
> > micron.com with SMTP (Microsoft Exchange Internet Mail Service Version =
5.5.=3D
> > 2653.13)
> > > > =3D09id Q6R56PNB; Tue, 20 Aug 2002 08:36:20 -0600
> > > > Received: from mail-srv2.micron.com (localhost [127.0.0.1])
> > > > =3D09by mail-srv2.micron.com (8.11.1/8.11.1) with ESMTP id g7KEaLA2=
2273
> > > > =3D09for <secroft at ntexchange01>; Tue, 20 Aug 2002 08:36:21 -0600 (M=
DT)
> > > > Received: from jade.micron.com (jade.micron.com [137.201.240.22])
> > > > =3D09by mail-srv2.micron.com (8.11.1/8.11.1) with SMTP id g7KEaKv22=
263
> > > > =3D09for <secroft at micron.com>; Tue, 20 Aug 2002 08:36:20 -0600 (MDT=
)
> > > > Received: from gordon.fmrp.usp.br (gordon.fmrp.usp.br [143.107.223.=
151]=3D
> > )
> > > > =3D09by jade.micron.com (8.12.2/8.12.2) with SMTP id g7KEbtCt020718
> > > > =3D09for <secroft at micron.com>; Tue, 20 Aug 2002 08:37:56 -0600 (MDT=
)
> > > > Received: from gordon.fmrp.usp.br (gordon.fmrp.usp.br [143.107.223.=
151]=3D
> > )
> > > > =3D09by gordon.fmrp.usp.br (8.11.6+Sun/8.11.6) with ESMTP id g7KEbX=
Q21809=3D
> > ;
> > > > =3D09Tue, 20 Aug 2002 11:37:44 -0300 (EST)
> > > > Date: Tue, 20 Aug 2002 11:37:33 -0300 (EST)
> > > > From: Mauricio Brigato <mauricio at gordon.fmrp.usp.br>
> > > > X-X-Sender: <mauricio at gordon.fmrp.usp.br>
> > > > To: Scott Croft <secroft at micron.com>
> > > > cc: Mauricio Brigato <mauricio at gordon.fmrp.usp.br>,
> > > > Lista de discussao do nisplus <linux-nisplus at lists.samba.org>
> > > > Subject: RE: su - <user-of-master> on box-nis+ got ok !
> > > > In-Reply-To: <1029849548.2765.3.camel at secroft-lnx>
> > > > Message-ID: <Pine.GSO.4.33.0208201127080.21247-100000 at gordon.fmrp.u=
sp.b=3D
> > r>
> > > > MIME-Version: 1.0
> > > > Content-Type: TEXT/PLAIN; charset=3D3DX-UNKNOWN
> > > > Content-Transfer-Encoding: QUOTED-PRINTABLE
> > > > X-MTFilter-%I%: jade
> > > > X-MTHubFilter-1.6: mail-srv2
> > > >
> > > > Hi, thank you for your patience and helping.
> > > >
> > > > On 20 Aug 2002, Scott Croft wrote:
> > > >
> > > > > Date: 20 Aug 2002 07:19:08 -0600
> > > > > From: Scott Croft <secroft at micron.com>
> > > > > To: Mauricio Brigato <mauricio at gordon.fmrp.usp.br>
> > > > > Cc: Lista de discussao do nisplus <linux-nisplus at lists.samba.org>
> > > > > Subject: RE: su - <user-of-master> on box-nis+ got ok !
> > > > >
> > > > > Your root login should always be local. If you're authenticating =
then
> > > > > you're okay. Now it comes down to the users, which of course you =
are
> > > > > having issues with.
> > > > >
> > > > > Are you seeing any errors when you do the su - <username>? Please=
pas=3D
> > s
> > > > No errors I see.
> > > > Only that I think the root of a linux client
> > > > could never get through the login of a user
> > > > from the NIS+ server (a NIS domain too)! Am I wrong?
> > > >
> > > >
> > > > > them along. Is keyserv running?
> > > > Yes, my keyserv is running.
> > > >
> > > > > Are you mounting a /home partition when
> > > > > the system boots or is it just a directory under / ?
> > > > It's just a directory under /.
> > > > But I want mount it when the system boots.
> > > >
> > > > I did mount /home on my client /home. It was
> > > > a matter of rights on server.
> > > >
> > > >
> > > >
> > > > >
> > > > > We will get you up and running!
> > > > >
> > > > > Scott
> > > > >
> > > > > On Tue, 2002-08-20 at 07:02, Mauricio Brigato wrote:
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > I setup the client (RH 7.2) with everything you gave me.
> > > > > > But didn't do that with my server (Solaris 5.8). It was already
> > > > > > setup to NIS+.
> > > > > > The client is not in the admin group. I didn't defined it (it w=
as
> > > > > > another doubt of mine. Shall I have to create it??!!
> > > > > > It does authenticate it! I did niscat passwd.org_dir and
> > > > > > I saw encrypted passwords.
> > > > > >
> > > > > > But, I have a problem right here.
> > > > > > I login in the client with root, then
> > > > > > make a su - <user-of-Solaris-NIS+-server>
> > > > > > and I can get it, authenticate it, do niscat, keylogin,
> > > > > > etc. This root of client is WITH POWER of ROOT of ROOT
> > > > > > MASTER of my SOLARIS SERVER!
> > > > > > Do I have to remove the root client's credential from
> > > > > > NIS+ server? What's wrong with it?
> > > > > >
> > > > > >
> > > > > > ---------- Original Message -----------
> > > > > > From: secroft <secroft at micron.com>
> > > > > > To: "'Mauricio Brigato'" <mauricio at gordon.fmrp.usp.br>
> > > > > > Sent: Mon, 19 Aug 2002 14:41:42 -0600
> > > > > > Subject: RE: su - <user-of-master> on box-nis+ got ok !
> > > > > >
> > > > > > > If you setup the server with the information I gave you, ever=
y us=3D
> > er
> > > > > > > in the domain should be able to login to the client, your RH =
7.2 =3D
> > syst=3D3D
> > > > em.
> > > > > > > If you are still having issues, then you need to check the
> > > > > > > authentication of the client with the server. Is it in the ad=
min
> > > > > > > group? Does it authenticate? If you do a niscat passwd, do th=
e
> > > > > > > encrypted passwords show up, or do you see *NP*? If you see *=
NP*,
> > > > > > > the there is no authentication.
> > > > > > >
> > > > > > > Scott
> > > > > > >
> > > > > > > -----Original Message-----
> > > > > > > From: Mauricio Brigato [mailto:mauricio at gordon.fmrp.usp.br]
> > > > > > > Sent: Monday, August 19, 2002 2:38 PM
> > > > > > > To: Scott Croft
> > > > > > > Cc: Lista de discussao do nisplus
> > > > > > > Subject: Re: su - <user-of-master> on box-nis+ got ok !
> > > > > > >
> > > > > > > Sorry.
> > > > > > > I made a confusion about my passwords.
> > > > > > > But, what I wanted say is the following:
> > > > > > > - my NIS+ root master is a Solaris server;
> > > > > > > - my linux box is a Red Hat 7.2.
> > > > > > >
> > > > > > > I have a trouble: on my client, at a console,
> > > > > > > I can't login with a user defined in server.
> > > > > > >
> > > > > > > I have to create a specific user credential to that
> > > > > > > machine or it's just enough the user to be
> > > > > > > defined in my NIS+ domain then every user
> > > > > > > who has credential for domain may login in
> > > > > > > any client machine and authenticate to domain ?
> > > > > > >
> > > > > > > --------------------------------------
> > > > > > > Mauricio Brigato
> > > > > > > --------------------------------------
> > > > > > >
> > > > > > > ---------- Original Message -----------
> > > > > > > From: Scott Croft <secroft at micron.com>
> > > > > > > To: Mauricio Brigato <mauricio at gordon.fmrp.usp.br>
> > > > > > > Sent: 19 Aug 2002 09:48:59 -0600
> > > > > > > Subject: Re: su - <user-of-master> on box-nis+ got ok !
> > > > > > >
> > > > > > > > I'm not quite sure what you are having issues with? What do=
you=3D
> > mea=3D3D
> > > > n
> > > > > > > > by the user of the NIS+ root master? If your system is usin=
g NI=3D
> > S+,
> > > > > > > > any user in the domain should be able to log into the syste=
m.
> > > > > > > >
> > > > > > > > Scott
> > > > > > > >
> > > > > > > > On Fri, 2002-08-16 at 09:45, Mauricio Brigato wrote:
> > > > > > > > > I have a trouble.
> > > > > > > > > From a NIS+ box I've got the user of a NIS+ root master.
> > > > > > > > > But I shouldn't get it.
> > > > > > > > > What's wrong?
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > Mauricio Brigato
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > mauricio at bit.fmrp.usp.br
> > > > > > > > --
> > > > > > > > Scott Croft
> > > > > > > > Unix Services
> > > > > > > > Micron Technology, Inc.
> > > > > > > > (208) 368-1586
> > > > > > > > secroft at micron.com
> > > > > > > ------- End of Original Message -------
> > > > > > >
> > > > > > > mauricio at bit.fmrp.usp.br
> > > > > > ------- End of Original Message -------
> > > > > >
> > > > > >
> > > > > > mauricio at bit.fmrp.usp.br
> > > > > --
> > > > > Scott Croft
> > > > > Unix Services
> > > > > Micron Technology, Inc.
> > > > > (208) 368-1586
> > > > > secroft at micron.com
> > > > >
> > > > >
> > > > >
> > > >
> > > > -------------------------------------------------------------
> > > > Mauricio Brigato
> > > > Analista de Sistemas - Suporte BIT - BioInformatic Team
> > > > Funda=3D3DE7=3D3DE3o Hemocentro de Ribeir=3D3DE3o Preto
> > > > Fone: +55 16 3963-9300 Fax: +55 16 3963-9309
> > > > E-mail: mauricio at bit.fmrp.usp.br
> > > > Homepage: http://bit.fmrp.usp.br/
> > > > -------------------------------------------------------------
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > --
> > > Scott Croft
> > > Unix Services
> > > Micron Technology, Inc.
> > > (208) 368-1586
> > > secroft at micron.com
> > >
> > >
> >
> > -------------------------------------------------------------
> > Mauricio Brigato
> > Analista de Sistemas - Suporte BIT - BioInformatic Team
> > Funda=3DE7=3DE3o Hemocentro de Ribeir=3DE3o Preto
> > Fone: +55 16 3963-9300 Fax: +55 16 3963-9309
> > E-mail: mauricio at bit.fmrp.usp.br
> > Homepage: http://bit.fmrp.usp.br/
> > -------------------------------------------------------------
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> --
> Scott Croft
> Unix Services
> Micron Technology, Inc.
> (208) 368-1586
> secroft at micron.com
>
>
-------------------------------------------------------------
Mauricio Brigato
Analista de Sistemas - Suporte BIT - BioInformatic Team
Funda=E7=E3o Hemocentro de Ribeir=E3o Preto
Fone: +55 16 3963-9300 Fax: +55 16 3963-9309
E-mail: mauricio at bit.fmrp.usp.br
Homepage: http://bit.fmrp.usp.br/
-------------------------------------------------------------
More information about the linux-nisplus
mailing list