Fedora Linux Support Community & Resources Center
  #1  
Old 26th April 2006, 06:48 PM
prayatn Offline
Registered User
 
Join Date: Dec 2004
Posts: 19
nis user authentication issue

Hi,
I have trouble in authenticating NIS login. Here is the description of the problem.
$ ypcat password
shows the list of NIS accounts.
$ su - <nis_user>
This works fine and user becomes <nis_user>

But when I try to login using ssh <nis-user>@localhost.
It connects to the localhost and then display :
Connection to localhost closed

When I try to login using nis user on console, it shows the same behaviour i.e. it doesn't allow nis user to login.

I think during authentication time it fails. Some setting need to be done in /etc/pam.d/sshd and /etc/pam.d/login file.

I was browsing the issues. What kind of authentication needs to be setup for NIS?

I have another machine in same network which has FC2 and it works fine there.

Regards,
Basant.
Reply With Quote
  #2  
Old 26th April 2006, 08:27 PM
huw-l Offline
Registered User
 
Join Date: Apr 2004
Location: Cardiff, UK
Age: 37
Posts: 315
if you want to find out why ssh is failnig here is a handy way to debug it.

as root at the console of the machine you are having trouble with:

/etc/init.d/sshd stop
/usr/sbin/sshd -d

this runs sshd in debug mode so that it prints out lots of messages.

Try to ssh in from the remote machine and see what errors you get.
Reply With Quote
  #3  
Old 26th April 2006, 09:15 PM
prayatn Offline
Registered User
 
Join Date: Dec 2004
Posts: 19
Here is the sshd log. For personal reasons, I have changed the IP address and hostname and nis_user_name

debug1: sshd version OpenSSH_4.3p2

debug1: read PEM private key done: type RSA

debug1: private host key: #0 type 1 RSA

debug1: read PEM private key done: type DSA

debug1: private host key: #1 type 2 DSA

debug1: rexec_argv[0]='/usr/sbin/sshd'

debug1: rexec_argv[1]='-d'

debug1: Bind to port 22 on ::.

Server listening on :: port 22.

debug1: Bind to port 22 on 0.0.0.0.

Bind to port 22 on 0.0.0.0 failed: Address already in use.

debug1: Server will not fork when running in debugging mode.

debug1: rexec start in 4 out 4 newsock 4 pipe -1 sock 7

debug1: inetd sockets after dupping: 3, 3

Connection from 10.1.1.10 port 60739

debug1: Client protocol version 2.0; client software version OpenSSH_4.3

debug1: match: OpenSSH_4.3 pat OpenSSH*

debug1: Enabling compatibility mode for protocol 2.0

debug1: Local version string SSH-2.0-OpenSSH_4.3

debug1: permanently_set_uid: 74/74

debug1: list_hostkey_types: ssh-rsa,ssh-dss

debug1: SSH2_MSG_KEXINIT sent

debug1: SSH2_MSG_KEXINIT received

debug1: kex: client->server aes128-cbc hmac-md5 none

debug1: kex: server->client aes128-cbc hmac-md5 none

debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received

debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent

debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT

debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent

debug1: SSH2_MSG_NEWKEYS sent

debug1: expecting SSH2_MSG_NEWKEYS

debug1: SSH2_MSG_NEWKEYS received

debug1: KEX done

debug1: userauth-request for user nis_user_name service ssh-connection method none

debug1: attempt 0 failures 0

Failed none for nis_user_name from 10.1.1.10 port 60739 ssh2

debug1: userauth-request for user nis_user_name service ssh-connection method gssapi-with-mic

debug1: attempt 1 failures 1

debug1: PAM: initializing for "nis_user_name"

debug1: PAM: setting PAM_RHOST to "hostname.domainname"

debug1: PAM: setting PAM_TTY to "ssh"

debug1: Miscellaneous failure
No such file or directory


Failed gssapi-with-mic for nis_user_name from 10.1.1.10 port 60739 ssh2

debug1: userauth-request for user nis_user_name service ssh-connection method gssapi-with-mic

debug1: attempt 2 failures 2

Failed gssapi-with-mic for nis_user_name from 10.1.1.10 port 60739 ssh2

debug1: userauth-request for user nis_user_name service ssh-connection method publickey

debug1: attempt 3 failures 3

debug1: test whether pkalg/pkblob are acceptable

debug1: temporarily_use_uid: 140067/10 (e=0/0)

debug1: trying public key file /home/nis_user_name/.ssh/authorized_keys

debug1: matching key found: file /home/nis_user_name/.ssh/authorized_keys, line 1

Found matching DSA key: 7b:08:74:d9:82:52:dc:bc:d1:e3:83:88:ca:e9:74:90

debug1: restore_uid: 0/0

Postponed publickey for nis_user_name from 10.1.1.10 port 60739 ssh2

debug1: userauth-request for user nis_user_name service ssh-connection method publickey

debug1: attempt 4 failures 3

debug1: temporarily_use_uid: 140067/10 (e=0/0)

debug1: trying public key file /home/nis_user_name/.ssh/authorized_keys

debug1: matching key found: file /home/nis_user_name/.ssh/authorized_keys, line 1

Found matching DSA key: 7b:08:74:d9:82:52:dc:bc:d1:e3:83:88:ca:e9:74:90

debug1: restore_uid: 0/0

debug1: ssh_dss_verify: signature correct

debug1: do_pam_account: called

Accepted publickey for nis_user_name from 10.1.1.10 port 60739 ssh2

debug1: monitor_child_preauth: nis_user_name has been authenticated by privileged process

Accepted publickey for nis_user_name from 10.1.1.10 port 60739 ssh2

debug1: temporarily_use_uid: 140067/10 (e=0/10)

debug1: ssh_gssapi_storecreds: Not a GSSAPI mechanism

debug1: restore_uid: 0/10

PAM: pam_open_session(): Cannot make/remove an entry for the specified session

debug1: PAM: reinitializing credentials

debug1: permanently_set_uid: 140067/10

debug1: Entering interactive session for SSH2.

debug1: server_init_dispatch_20

debug1: server_input_channel_open: ctype session rchan 0 win 65536 max 16384

debug1: input_session_request

debug1: channel 0: new [server-session]

debug1: session_new: init

debug1: session_new: session 0

debug1: session_open: channel 0

debug1: session_open: session 0: link with channel 0

debug1: server_input_channel_open: confirm session

debug1: server_input_channel_req: channel 0 request x11-req reply 0

debug1: session_by_channel: session 0 channel 0

debug1: session_input_channel_req: session 0 req x11-req

debug1: server_input_channel_req: channel 0 request pty-req reply 0

debug1: session_by_channel: session 0 channel 0

debug1: session_input_channel_req: session 0 req pty-req

debug1: Allocating pty.

debug1: session_new: init

debug1: session_new: session 0

debug1: session_pty_req: session 0 alloc /dev/pts/8

debug1: server_input_channel_req: channel 0 request env reply 0

debug1: session_by_channel: session 0 channel 0

debug1: session_input_channel_req: session 0 req env

debug1: server_input_channel_req: channel 0 request shell reply 0

debug1: session_by_channel: session 0 channel 0

debug1: session_input_channel_req: session 0 req shell

debug1: PAM: setting PAM_TTY to "/dev/pts/8"

debug1: Setting controlling tty using TIOCSCTTY.

debug1: Received SIGCHLD.

debug1: session_by_pid: pid 2697

debug1: session_exit_message: session 0 channel 0 pid 2697

debug1: session_exit_message: release channel 0

debug1: session_by_tty: session 0 tty /dev/pts/8

debug1: session_pty_cleanup: session 0 release /dev/pts/8

debug1: session_by_channel: session 0 channel 0

debug1: session_close_by_channel: channel 0 child 0

debug1: session_close: session 0 pid 0

debug1: channel 0: free: server-session, nchannels 1

Connection closed by 10.1.1.10

debug1: do_cleanup

debug1: PAM: cleanup

Closing connection to 10.1.1.10

debug1: PAM: cleanup
Reply With Quote
  #4  
Old 27th April 2006, 10:47 PM
prayatn Offline
Registered User
 
Join Date: Dec 2004
Posts: 19
I solved the issue. In nsswitch.conf, passwd was looking into nisplus before nis. So after I removed the nisplus it worked. I think in FC2 or before nisplus was not available on client side so it was working fine in FC2.

Thanks,
Prayatn
Reply With Quote
Reply

Tags
authentication, nis, user

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
authentication issue taiku25 Servers & Networking 0 24th February 2009 03:18 PM
Fedora DS SSL Authentication issue???? ajeetraina Servers & Networking 0 19th November 2007 09:16 AM
Gedit issue regarding authentication ajamison Using Fedora 3 23rd July 2007 10:40 PM
Samba Authentication Issue FC2 Snump Servers & Networking 0 25th October 2004 01:42 AM


Current GMT-time: 17:48 (Friday, 31-10-2014)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive
logo

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.

Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

FedoraForum is Powered by RedHat
Bahamas Instagram Photos - Badger Travel Photos on Instagram - Alicia Travel Photos