NIS login - argh!

Tom Huppi thuppi at
Fri Feb 18 04:58:59 GMT 2005


No clear resolution.  I believe that _perhaps_ the problem is, in
part, that the NIS server is not serving master.passwd even though
it claims to be (i.e., 'ypwhich -x' shows it.)  Anyone know if
that map needs to be distributed in order for 5.3-ish NIS clients
to work?

*NOTE* to those fighting these issues (and seeing this via google
or some such...):  There seems to be some sort of a bug which is
tickled by this kind of fooling around.  It manifests itself by
setting the user's account expire time to 1969!  This kept me
occupied for _hours_ when I couldn't even get that user's account
to let me log in when I made things complety local and unplugged
the stupid machine from the network!

Try:  # chpass {user}  to see what I mean.

I'm functional now only by turning off NIS in /etc/nsswitch.conf
and maintaining a local password entry :( It is worth note,
however, that the $1$xxx style (md5) password hash from the Linux
side _does_ work and is _not_ a problem.


 - Tom

On Thu, 17 Feb 2005, Tom Huppi wrote:

> I've never had much trouble getting NIS to work before.  Can
> anyone make any debugging suggestions? ...
> My machine: 5.3-STABLE (makeworld update from 5.1 orig circa early
> Jan 05.)
> NIS actually seems to be working fine...
> gila# ypcat -k passwd | grep tomh
> tomh tomh:$1$hZ...UK/:1012:500:Tom Huppi:/home/tomh:/bin/tcsh
> Also:
>  - /etc/shells exists and has /bin/tcsh
>  - /bin/tcsh exists
>  - no other 'tomh' user or 1012 uid in local passwd file
>  - home dir automounts fine when I cd to it.
> I've tried various things with /etc/nsswitch.conf, and the latest
> is:
>  ...
>  group: compat
>  group_compat: nis
>  ...
>  passwd: compat
>  passwd_compat: nis
>  ...
> while I adjust my passwd file with 'vipw' making the last line:
>   +:::::::::
> which generates an /etc/password tail of:
>   +:*:::::
> (I've tried this w/ and w/o the '*')
> with /etc/groups similar.
> I also tried
>   passwd: files nis
>   passwd_compat:
> with and without the trailing +::... to no avail.
> Always I get a 'login incorrect' message and nothing of any real
> interest in the /var/log/messages.  Is there somewhere else to
> look for debug?  I tried fooling with /etc/pam.d/passwd (to turn
> on debugging) but it had no effect which I could see.  I'm really
> not sure if I'm even using pam or what?
> It is interesting to note that I can generate another hash for
> another user locally with the same password and I get a different
> hash (which also starts out $1$ meaning MD5 I guess.)  In fact, I
> never get the same hash even when I use the same password it
> seems?!
> The NIS server is a FreeBSD box, but I don't have access to see
> what exactly (though I know it to be 5.x)  It serves many
> Fedora-II boxes just fine, and they have 'files nis' in their
> nsswich.conf.
> I've also tried adding an entry in my local passwd file which is
> identical to what is served out with no joy.
> I'm at my wits end here.  I've x-checked all of the problems I
> could find referenced in google searches.  I see some references
> about a 'gradual migration' to pam (specifically in the
> /etc/auth.conf file), but I don't know what stage that is in, and
> what it entails.  If any one has any tips, ideas, or suggestions,
> I'd love to hear them.
> Thanks,
>  - Tom
> _______________________________________________
> freebsd-questions at mailing list
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at"

More information about the freebsd-questions mailing list