NIS+ client on Redhat 9
Scott Mewett
mewett at cisco.com
Fri May 16 06:40:46 EST 2003
What's your /etc/nsswitch.conf look like?
Scott
On Thu, 2003-05-15 at 13:37, wlwalker at datasync.com wrote:
> Thank you for your patience with me. Doug was quite right in that I didn't have pam_unix2.so on my system. So, I installed it, and changed my /etc/pam.d/login from his suggestions:
>
> $ more login
> #%PAM-1.0
> auth required pam_securetty.so
> #auth required pam_stack.so service=system-auth
> auth requisite /root/installed_sw/pam_unix2-1.16/src/pam_unix2.so set_secrpc
> auth required pam_nologin.so
> #account required pam_stack.so service=system-auth
> #password required pam_stack.so service=system-auth
> #session required pam_stack.so service=system-auth
> session optional pam_console.so
>
> When I try to telnet to the client, I get a "login incorrect" error with a NIS+ domain account, and a "user account has expired, connection closed by local host" error with an account that is local to the system.
>
> As root, when I try to su - <nis domain account>, I get: su: user wendy does not exist. When I niscat passwd.org_dir | grep wendy, I get back the normal info: wendy:<encrypted password>: user description: home directory : shell (I did put a link to where Sun expects csh):expiration:::::::
>
> >>I suggest running the tests with su so that debugging is easier. You will need to edit pam.d/su in a similar fashion as login.
>
> I'm sorry but I don't know how to do that. I am new to Linux. I usually work on Solaris and not with pam. My su file looks like this:
>
> $ more su
> #%PAM-1.0
> auth sufficient /lib/security/$ISA/pam_rootok.so
> # Uncomment the following line to implicitly trust users in the "wheel" group.
> #auth sufficient /lib/security/$ISA/pam_wheel.so trust use_uid
> # Uncomment the following line to require a user to be in the "wheel" group.
> #auth required /lib/security/$ISA/pam_wheel.so use_uid
> auth required /lib/security/$ISA/pam_stack.so service=system-auth
> account required /lib/security/$ISA/pam_stack.so service=system-auth
> password required /lib/security/$ISA/pam_stack.so service=system-auth
> session required /lib/security/$ISA/pam_stack.so service=system-auth
> session optional /lib/security/$ISA/pam_xauth.so
>
> The rpcinfo -p from the NIS+ master is:
>
> rpcinfo -p <linux box>
> program vers proto port service
> 100000 2 tcp 111 rpcbind
> 100000 2 udp 111 rpcbind
> 100024 1 udp 32768 status
> 100024 1 tcp 32768 status
> 391002 2 tcp 32769
> 100029 1 udp 760 keyserv
> 100029 2 udp 760 keyserv
>
> Thank you,
> Wendy
>
>
>
>
>
>
More information about the linux-nisplus
mailing list