Linux vs NetBSD NIS passwords - Printable Version +- PINE64 (https://forum.pine64.org) +-- Forum: General (https://forum.pine64.org/forumdisplay.php?fid=1) +--- Forum: General (https://forum.pine64.org/forumdisplay.php?fid=74) +--- Thread: Linux vs NetBSD NIS passwords (/showthread.php?tid=14348) |
RE: Linux vs NetBSD NIS passwords - Gribouille - 07-13-2021 (07-12-2021, 06:06 PM)KC9UDX Wrote: I checked the domainname and they all agree.Hello, You have to use an other account than 'root' to make 'su - test', because the password is not asked. An other test, use an other local account, as 'root' and make 'su - <the other account>', and after 'su - test'. If you haven't restricted the root's rights, this a good way to check the password. The network domain name and the network NIS domain name are two different things without link. We can suppose that if your hosts are in different network domains, depending of their configuration, it could be more tricky to access to the hosts. As you can access by 'SSH' to the host and with the extract of your logs, the NetworkManger seems innocent for me. A classic trap : the fonts ! Have you check that when your are physically on the host and when you type the password, in place of the login per example, the display is good ? It could be good in a graphical session but not in console mode. The console mode is the mode used when you make a 'SSH'. I always add the following packages :
RE: Linux vs NetBSD NIS passwords - KC9UDX - 07-13-2021 I can't SSH with a NIS user account. I'll have to check the locale, but I'm pretty sure they're all US Englisch. I would expect other things I type to be incorrect if the settings were incorrect. But I'll double-check this. RE: Linux vs NetBSD NIS passwords - KC9UDX - 07-13-2021 If I log in to a Debian client, via ssh as a valid user, 'validuser' uid 1007, and execute `su - test`, this results in the client's /var/log/auth.log: Code: Jul 13 16:28:30 client login[15622]: pam_unix(login:session): session opened for user validuser by (uid=0) Also, on the client, Code: $ env | grep LANG Thank you for your time with this. We are at the point I ended the last time I tried to determine this problem, at least a year ago (probably more). I don't know how NIS works on a low level. I can't help but think that for some reason the Linux computers are using the wrong cipher when sending the password to the NIS server. In one of those rare moments of actually finding something useful with a web search, I discovered this today;tThis is on the NIS server: Code: # $NetBSD: passwd.conf,v 1.3 2010/12/03 21:40:04 jmmv Exp $ The more familiar I get with NetBSD, the more things I discover that I didn't know. I had no idea there was an /etc/passwd.conf. I suspect 'ypcipher = old' is not what Linux is expecting. I'm not sure what to change it to. I'll probably start by trying 'sha1' and seeing what happens. That is not the answer. At least, 'ypcipher = sha1' doesn't net success. RE: Linux vs NetBSD NIS passwords - Gribouille - 07-14-2021 (07-13-2021, 04:00 PM)KC9UDX Wrote: Where you find your 'passwd.conf' ? I have not this file on my NIS server ... A NIS server use a Makefile, could you copy/send it, if nothing is confidential ? You know that with this method, the support is not easy, so if something goes wrong between NetBSD and Linux, maybe it's a silly problem. I haven't check the links, but it could be an idea in your situation. So I propose to check the fundamentals things :
My link for the search : https://duckduckgo.com/?q=linux+passwd+cypher&t=h_&ia=web RE: Linux vs NetBSD NIS passwords - KC9UDX - 07-14-2021 passwd.conf is in /etc/ I would say that the reason I didn't know about it, and the reason you don't have it is because it's new. But 2010 isn't new anymore. I will not have access to the server to try anything for about a week. Frankly, I should not play around with that server anymore; it is very fragile. I lost my /usr hard drive a while ago and the entire system is unstable since. The hardware doesn't always boot anymore, and when it does boot I have to hotplug/unplug some hard drives (so that they exist during boot but not before, as to not boot). The "funny" thing is that I have to run a great and difficult distance back and forth several times from the serial console to the CPU hardware during that process. I took my slave NIS / DNS /etc server offline to build a new one, to resolve these problems. But I have not had an opportunity to work on that. So I will probably leave this Linux issue until I get the new server running. I should also rebuild the old slave NIS etc server so that I can bifurcate server responsibilities so that I do not take out DNS and NFS in the process of working out NIS. Losing DNS, and NFS, (and also NIS to a lesser degree) proves to be very disruptive. I see that in the default Makefile.yp for NetBSD, there exists this comment: # In addition, by adding shadow to the list of rules we support # linux and solaris type shadow maps. This is either something new, or more likely, something I've forgotten (along with most everything else I used to know about setting up this NIS server) because I did have Solaris clients in the past with no issue. In any case, this is likely the key to my issue, assuming that I don't have that configured correctly. When I ran Solaris servers, I had a lot of books that explained these things in great detail. I should still have those books, somewhere. I should consult them, as NIS hasn't changed much in twenty years, and at least I might be able to refresh some knowledge. Thank you for the links. I will take a look at them. I did do the same search in DuckDuckGo last night and didn't find anything that I thought was useful, but perhaps you spotted something that I did not. RE: Linux vs NetBSD NIS passwords - KC9UDX - 08-04-2021 I finally got time to deal with this again. I don't know how I missed the following in the default Makefile.yp: Code: # Password maps in standard YP are insecure, because the pw_passwd So this turned out to be very simple. I built a new NIS master (not because I needed to for this problem, but because I am decommissioning the old one) with the line Code: INSECURE?= yes So probably the best solution would be to replace my two remaning linux clients with NetBSD. Unfortunately the one is restricted to using an old NVIDIA graphiccard which does not work in NetBSD, and the other needs to run Shotcut which I don't have time to see if I can get running in NetBSD. Fortunately at least for the foreseeable future, everyone but myself using the Linux machines is oblivious to NIS and ypcat. RE: Linux vs NetBSD NIS passwords - KC9UDX - 08-06-2021 I'm not one to "facepalm" much but this is a time where there probably isn't a better response. Systemd strikes again. LXDE will not work properly with NIS users, because it uses systemd to get some kind of variables from the user, which systemd can only find as a local user. Code: dbus-update-activation-environment: systemd --user not found, ignoring --systemd argument RE: Linux vs NetBSD NIS passwords - Gribouille - 08-18-2021 (08-06-2021, 02:48 PM)KC9UDX Wrote: I'm not one to "facepalm" much but this is a time where there probably isn't a better response. Systemd strikes again. LXDE will not work properly with NIS users, because it uses systemd to get some kind of variables from the user, which systemd can only find as a local user. Hello, I don't know if this the case here, but Ubuntu and Lightdm are not some good friends. It must be added « nscd ». RE: Linux vs NetBSD NIS passwords - KC9UDX - 08-18-2021 [quote pid="98956" dateline="1629281449"] Hello, I don't know if this the case here, but Ubuntu and Lightdm are not some good friends. It must be added « nscd ». [/quote] Debian (Raspberry Pi OS) but the situation may be the same (I'm not sure). So I'll look into that. Thank you. RE: Linux vs NetBSD NIS passwords - KC9UDX - 08-18-2021 Amazing! Took a lot of starting, restarting, and rebooting to get it to work, but it works! |