Need Help ON NIS

phanidhar6039 · December 30, 2011, 8:48am

Hi,

I am new to NIS, In my company need to create a user with admin rights and the user was created but he is unable to login. below are the difference i am getting for me and him.

root@ abc]# getent passwd cric
cric:x:60215:20059:a:/home/cric:/bin/csh

[root@abc]# ypcat passwd | grep sam
sam:xxxxx:60220:20059: sam:/home/sam:/bin/cs

[root@abc]# getent passwd sam
sam:x:60220:20059:sam:/home/sam:/etc/refuse_login

[root@abc]# su - sam
You cant log in abc

The user is already added but not able to login. I tried changing the /etc/password for refuse_login to /bin/sh but still no use.

Any help would be great

Thanks,
Phani

bitlord · December 30, 2011, 9:41am

Hey,
Have you looked at the /etc/nsswitch.conf
Example of what you should see.

passwd:    files nis
group:       files nis

You may want to consider using sudo. That is what we use at my job. It is installed by default on RHEL. It will give select users admin/root power. This what you wanted right?

You might also want to switch to LDAP. We are making a move from NIS to LDAP.LDAP has more features and is more secure.

I hope this helps.

mark54g · December 30, 2011, 9:57am

To add to what bitlord said, you can actually use a "NIS" implementation in LDAP.

phanidhar6039 · January 8, 2012, 7:31am

bitlord:

Hey,
Have you looked at the /etc/nsswitch.conf
Example of what you should see.
passwd:    files nis
group:       files nis
You may want to consider using sudo. That is what we use at my job. It is installed by default on RHEL. It will give select users admin/root power. This what you wanted right?

You might also want to switch to LDAP. We are making a move from NIS to LDAP.LDAP has more features and is more secure.

I hope this helps.

Thanks for quick reply
But i have checked the files you specified and it specifies

passwd: compat nis
shadow: compat nis

The user is already in sudoers file in the NIS master server. Still havent got any luck.
Any help will be great

bitlord · January 9, 2012, 7:33am

If your using Sudo then you should have access to root. The fact that a superuser/root/admin account can't login to the server is a good thing as long as you can su to or become that user. Where I work we disable root remote login. You can only su to root or login at a console. This is also helpful for logging what the user actions.

Maybe what you need is to put the user in an admin group. For example the wheel group gives you sudo on a RHEL default build. Is your aim not to give all the admins sudo this could do it for you. For example the DBAs at work don't have sudo but they can do anything on the server in there area. There just in a privlaed group.

You can also look into RBAC. If you create a role that could be a superuser. This is used a lot in Solaris but you may be able to install this on RHEL. You don't usually use RBAC and sudo on the same box.

Your /etc/nsswitch.conf. If you are using compact you need more lines. So post your file so I can see it. I will look it up. I'm on a training trip right now so I don't have access to my server with NIS on it to compare to. The internet at this hotel sucks.

I hope this helps you

phanidhar6039 · January 15, 2012, 5:05pm

bitlord:

If your using Sudo then you should have access to root. The fact that a superuser/root/admin account can't login to the server is a good thing as long as you can su to or become that user. Where I work we disable root remote login. You can only su to root or login at a console. This is also helpful for logging what the user actions.

Maybe what you need is to put the user in an admin group. For example the wheel group gives you sudo on a RHEL default build. Is your aim not to give all the admins sudo this could do it for you. For example the DBAs at work don't have sudo but they can do anything on the server in there area. There just in a privlaed group.

You can also look into RBAC. If you create a role that could be a superuser. This is used a lot in Solaris but you may be able to install this on RHEL. You don't usually use RBAC and sudo on the same box.

Your /etc/nsswitch.conf. If you are using compact you need more lines. So post your file so I can see it. I will look it up. I'm on a training trip right now so I don't have access to my server with NIS on it to compare to. The internet at this hotel sucks.

I hope this helps you

Thanks for all the inputs, i got my issuse fixed. i added the user in the netgroup and now he got the access.