Login problems for some users

John Aasen john.aasen at alcatel.no
Thu Sep 26 16:20:48 EST 2002 

Thanks for all hints and help!

I have now solved the problem. It turned out to be a wrong argument in the 
nisaddcred stage. Instead of writing
#nisaddcred -p unix.<uid>@<domain> -P <username>.<domain>. des
our sysadmin wrote
#nisaddcred -p unix.<uname>@<domain> -P <username>.<domain>. des

After removing the credentials and doing it correctly the new users were able 
to login on the Linux boxes. (They were initially unable to login on the 
Solaris machine, probably because of some caching in those boxes. I have to 
check that they are able to login Solaris later...)

It seems weird that they were able to login to Solaris when the nisaddcred 
stage was wrong though, but thats really off-topic on this list.

On Thursday 26 September 2002 01:38, Bob Edwards wrote:
> John Aasen wrote:
> > Hi,
> >
> > We have a mixed Solaris/linux environment which basically has run fine
> > for over a year. But we have now got a problem with some new users. They
> > are added to the nis+ tables with nisaddcred the same way as before, but
> > they are unable to login on a Linux machine (RedHat 7.3 nisplus client).
> > They login fine on Solaris machines.
> >
> > /var/log/secure says authentication failure.
> > I've tried nisping -f on the Linux machines without any help.
> > I've tried keylogout / keylogin on a Linux machine, but keylogin fails
> > with the message:
> > Can't find unix.<pid>@<domainnames>'s secret key.
> >
> > Anyone got an idea on how to solve this problem?
> >
> > John
>
> I don't think that I have seen a response to this one yet.
>
> So, just to confirm, these users can log onto Solaris NIS+ clients but not
> onto _any_ Linux NIS+, or only a few? Can anyone else log onto the suspect
> Linux NIS+ clients? What happens if you run "nisdefaults" on these clients?
They could log into all Solaris clients we tried and none of the Linux 
clients. Other users could log into the Linux boxes. I didn't try 
"nisdefaults".

>
> Where you say "Can't find unix.<pid>@<domainnames>'s secret key", should
> that pid really be the users uid? Is it correct?
YES!

>
> Cheers,
>
> Bob Edwards.

-- 
John Aasen			john.aasen at alcatel.no
Alcatel  Norway			Tel: +47 22 63 83 09
Norkrets - Electronics Design	Fax: +47 22 63 81 80

More information about the linux-nisplus mailing list