Is nis compatibility mode working in FC2 ?

Andre Brouty Andre.Brouty at enst-bretagne.fr
Wed Jun 9 15:26:48 UTC 2004


	Hello,

	I use nsswitch nis compat mode to limit some logins access with
	nis netgroup data base. It works fine in FC1.

	In FC2 rlogin fails immediatly, no passwd prompted. Telnet, ssh,
	console and gnome login fail too.

	Has anyone used nis compat mode in FC2 ?

	Below a session to show and test the problem.

	Thanks in advance for your help.

Andre Brouty

----------------------- begin session ------------------|------ comments ------
                                                         |
(1)pdisi-brouty> date;rlogin fc2                        |<- Time-stamping and
mar jun  8 14:47:36 CEST 2004                           |   login to FC2
Last login: Tue Jun  8 14:31:59 from pdisi              |
Kickstart-installed fedora core jeu jun  3 18:30:37 CEST 2004
(1)fc2-brouty> cat /etc/redhat-release                  |
Fedora Core release 2 (Tettnang)                        |<- FC2 (Fresh install)
(2)fc2-brouty> head -38 /etc/nsswitch.conf | tail       |
#passwd:    db files nisplus nis                        |
#shadow:    db files nisplus nis                        |
#group:     db files nisplus nis                        |
                                                         |
passwd:     files nis                                   |<- Standard nis usage
shadow:     files nis                                   |
group:      files nis                                   |
                                                         |
#hosts:     db files nisplus nis dns                    |
hosts:      files nis dns                               |
(3)fc2-brouty> grep brouty /etc/passwd                  |<- I am not a local user
(4)fc2-brouty> ypmatch brouty passwd | awk -F: '{print$1}'
brouty                                                  |<- I am a nis user
(5)fc2-brouty> id -n -u brouty                          |
brouty                                                  |<- nis works fine for
(6)fc2-brouty> id -n -u berre                           |   all users
berre                                                   |
(7)fc2-brouty> su                                       |
Password:                                               |<- Becoming root
[root at fc2 brouty]# tail -4 /var/log/messages            |<- Viewving log
Jun  8 14:47:38 fc2 pam_rhosts_auth[8767]: allowed to brouty at pdisi.enst-bretagne.fr as brouty
Jun  8 14:47:38 fc2 login(pam_unix)[8772]: session opened for user brouty by (uid=0)
Jun  8 14:47:38 fc2 login -- brouty[8772]: LOGIN ON pts/9 BY brouty FROM pdisi
Jun  8 14:48:56 fc2 su(pam_unix)[8875]: session opened for user root by brouty(uid=8000)
[root at fc2 brouty]# tail -2 /var/log/secure              | <- Viewing log
Jun  8 14:47:38 fc2 xinetd[2661]: START: login pid=8767 from=192.44.75.28
Jun  8 14:47:38 fc2 in.rlogind[8767]: pam_succeed_if: requirement "uid < 100" not met by user "brouty"
[root at fc2 brouty]# emacs /etc/nsswitch.conf             |
[root at fc2 brouty]# emacs /etc/passwd                    |<- Editing this files
[root at fc2 brouty]# emacs /etc/shadow                    |
[root at fc2 brouty]# emacs /etc/group                     |
[root at fc2 brouty]# head -40 /etc/nsswitch.conf | tail   |<- Result of editing
#group:     db files nisplus nis                        |
                                                         |
#passwd:     files nis                                  |
#shadow:     files nis                                  |
#group:      files nis                                  |
                                                         |
passwd:     compat                                      |<- Switching to compat
shadow:     compat                                      |   nis fonctionality, works
group:      compat                                      |   fine in FC1
                                                         |
[root at fc2 brouty]# tail -2 /etc/passwd /etc/shadow /etc/group
==> /etc/passwd <==                                     |
exim:x:93:93::/var/spool/exim:/sbin/nologin             |
+brouty::::::                                           |<- Adding nis database
                                                         |   access
==> /etc/shadow <==                                     |
exim:!!:12572:0:99999:7:::                              |
+brouty::::::::                                         |<- Adding nis database
                                                         |   access
==> /etc/group <==                                      |
exim:x:93:                                              |
+                                                       |<- Adding nis database
[root at fc2 brouty]# exit                                 |   access
exit                                                    |
(8)fc2-brouty> exit                                     |<- Exiting standard
logout                                                  |   nis session
rlogin: connection closed.                              |
(2)pdisi-brouty> date ; rlogin fc2                      |<- Time-stamping and
mar jun  8 14:55:56 CEST 2004                           |    connecting again
rlogin: connection closed.                              |<- It fails immediatly !!!
(3)pdisi-brouty> date ; ssh fc2 -l root                 |<- Connecting to root
mar jun  8 14:59:12 CEST 2004                           |
root at fc2's password:                                    |<- It works
Last login: Tue Jun  8 12:02:01 2004 from pdisi.enst-bretagne.fr
Kickstart-installed fedora core jeu jun  3 18:30:37 CEST 2004
[root at fc2 root]# tail -6 /var/log/messages              |<- Viewing log
Jun  8 14:47:38 fc2 login -- brouty[8772]: LOGIN ON pts/9 BY brouty FROM pdisi
Jun  8 14:48:56 fc2 su(pam_unix)[8875]: session opened for user root by brouty(uid=8000)
Jun  8 14:55:47 fc2 su(pam_unix)[8875]: session closed for user root
Jun  8 14:55:50 fc2 login(pam_unix)[8772]: session closed for user brouty
Jun  8 14:55:57 fc2 pam_rhosts_auth[9303]: allowed to brouty at pdisi.enst-bretagne.fr as brouty
Jun  8 14:59:27 fc2 sshd(pam_unix)[9488]: session opened for user root by (uid=0)
[root at fc2 root]# tail -6 /var/log/secure                |<- Viewing log
Jun  8 14:47:38 fc2 xinetd[2661]: START: login pid=8767 from=192.44.75.28
Jun  8 14:47:38 fc2 in.rlogind[8767]: pam_succeed_if: requirement "uid < 100" not met by user "brouty"
Jun  8 14:55:57 fc2 xinetd[2661]: START: login pid=9303 from=192.44.75.28
Jun  8 14:59:27 fc2 sshd[9488]: Accepted password for root from ::ffff:192.44.75.28 port 58144 ssh2
[root at fc2 root]# ypmatch brouty passwd | awk -F: '{print $1}'
brouty                                                  |<- Nis is running fine
[root at fc2 root]# id -u -n brouty                        |
brouty                                                  |<- Compat mode works for me
[root at fc2 root]# id -u -n berre                         |
id: berre: No such user                                 |<- Compat mode works fine here
[root at fc2 root]# exit                                   |<- Exiting
logout                                                  |
Connection to fc2 closed.                               |
--------------------------------- end session ----------|----------------------





More information about the fedora-list mailing list