getent shadow shouldn't work for non-root users, so that's OK. If you're getting an entry for both passwd and shadow as root, then NSS is working. I assume the password field in the 'getent shadow foo' contains the encrypted password?
I'd check to make sure your PAM configurations are the same, and also check your system logs - PAM may be complaining about something in there.
Try other programs - ssh, su (from a non-root account), etc..
By can't "log in" what do you mean? Console? ssh? ....
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Basically I'm just trying to ssh, since that's our main way we connect.
ssh -X user@localhost or ssh -X user@ipaddress
I have 2 RedHat 8 boxes with exact same setup, I even scp /etc/nss* from the one machine to the other. My other 4 boxes are SuSE 8.1/ some I can and some I can't login. I'm using the same user on all the boxes to test.
The files have the same permission set, owned by root, and are the same size even. I have no idea what to check next.
Thanks for any help,
Keith
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Try something other than SSH - IE console, or su ...
I'm not familiar with SuSE .. You hopefully have an /etc/pam.conf and perhaps an /etc/pam.d directory ... Make sure those are the same on the non-functioning SuSE servers as they are on the functioning ones...
If you like, I can log into the machines and take a peek around for you.. I"m not sure what else I can suggest via this forum ...
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Your right consol login worked. ssh was were the problem was. I bunted my head against that problem for hours, then I restarted sshd and everything worked. Go figure.
haveing somebody restart sshd if there is a problem logging into ssh might be a good faq item.
Keith
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I'm kind of stuck on this.
I have 5 linux machines, all running SuSE 8.1. I've setup libnss on all of them and there all pointing to the same MySQL server for authentication.
I run:
strace -e read=all -e write=all -x -o trace.out id foo
and can see the user on all of the machines, nscd is turned off. But on 2 of the machines I can login fine and on the other two I can never login.
Any ideas on what to check?
Keith
Hi!
First, let's use some raw commands to check (I should put this in the docs, huh):
getent passwd foo
getent shadow foo
Run both once as non-root, and once as root.
There may be a PAM configuration problem somewhere.. but the getent command will determine if at least NSS is working properly.
getent passwd and shadow work as root for this user but when I do it as a regular ser only getent passwd works, shadow dosen't pull up anything.
Keith
getent shadow shouldn't work for non-root users, so that's OK. If you're getting an entry for both passwd and shadow as root, then NSS is working. I assume the password field in the 'getent shadow foo' contains the encrypted password?
I'd check to make sure your PAM configurations are the same, and also check your system logs - PAM may be complaining about something in there.
Try other programs - ssh, su (from a non-root account), etc..
By can't "log in" what do you mean? Console? ssh? ....
Basically I'm just trying to ssh, since that's our main way we connect.
ssh -X user@localhost or ssh -X user@ipaddress
I have 2 RedHat 8 boxes with exact same setup, I even scp /etc/nss* from the one machine to the other. My other 4 boxes are SuSE 8.1/ some I can and some I can't login. I'm using the same user on all the boxes to test.
The files have the same permission set, owned by root, and are the same size even. I have no idea what to check next.
Thanks for any help,
Keith
Try something other than SSH - IE console, or su ...
I'm not familiar with SuSE .. You hopefully have an /etc/pam.conf and perhaps an /etc/pam.d directory ... Make sure those are the same on the non-functioning SuSE servers as they are on the functioning ones...
If you like, I can log into the machines and take a peek around for you.. I"m not sure what else I can suggest via this forum ...
This is the case too even on the system I can login too. weird.
Keith
Your right consol login worked. ssh was were the problem was. I bunted my head against that problem for hours, then I restarted sshd and everything worked. Go figure.
haveing somebody restart sshd if there is a problem logging into ssh might be a good faq item.
Keith
Daemons don't see changes to /etc/nsswitch.conf typically ... That's now mentioned in the online dox, but you're right, it needs to be a FAQ :-)