Network authentication using NIS fails

ra014620,

This post may help you with your /etc/hosts file problem.

http://www.sjaensch.org/2011/mac-os-x-lion-speed-up-hostname-lookup

After upgrading, I opened the NIS service using the Directory Utility and checked this box.

After that NIS authentication started working like before, except for the hostname lookup problem.

-Ben

Thanks for the tip about the hosts file. My problem isn't slow lookups. The resolver now always looks at DNS first. 10.6 would follow the domain search order specified under the Search Policy in the Directory Utility, which has the local domain first.

I checked this box too on my system after the upgrade but NIS authentication still not working. After that, the yellow button alert in the log in window disappeared but that's all.

I too thave that box checked -- on two different machines in two different labs. NIS logins don't work, and my /var/log/opendirectoryd.log files are filled with:

2011-08-18 15:11:13.051 EDT - failed to get YP map list

What are your NIS servers running off? Linux? FreeBSD? Other Macs? If you have working NIS, please let us know some more particulars about your NIS server setup -- that would be very helpful!

Thanks

Our NIS master is on Solaris 10 (x86). I too am seeing the same error message as you in opendirectoryd.log

Using a network ID, I cannot login on the console but I can get in via SSH and FTP.

Here's another funny thing. I used the Directory Editor and added a hostname to the /Local/Default node and all of a sudden NIS hostname resolution is now working. At least I have a way to override DNS entries, just not with the /etc/hosts file like before.

After reading many posts on this site, i suspect that the NIS authentication and the /etc/hosts lookup problems may be due to the fact that, during the upgrade, the BSD package is not installed or is not properly installed. BSD does not appear in "Services" nor in "Search Path" of the Directory Utility. I read that it is possible to extract the package from the Lion Installer app. BSD.pkg can be unpacked from InstallESD.dmg.

It would sure be nice if Mac OS used plain text configuration files, not hidden away somewhere where even experienced UNIX admins have to hunt. That way, we could just check the contents of /etc/nsswitch.conf to see what order the various repositories would be checked for this stuff.

I think it's great that Mac OS is based on UNIX and tham Apple are making this info part of their marketing, but it's not enough to talk the talk: they have to walk the walk too.

While I'm at it, Apple, can we PLEASE have the option to have input focus follows mouse and no auto-raise? Is it really too much to ask?

My services List has:

Active Directory

LDAPv3

NIS

Search Policy has this:

/Local/Default

/BSD/mydomain.com

/NIS/mydomain.com

/Active Directory/AM/All Domains

I also located the BSD.pkg and installed it but made no difference.

You wrote earlier and i quote:

"After upgrading, I opened the NIS service using the Directory Utility and checked this box.

After that NIS authentication started working like before, except for the hostname lookup problem"

Installing BSD.pkg did not fix the hostname lookup problem but you don't have, like everybody else contribuing to this post, the NIS authentication problem. So we don't know yet if the installation of BSD.pkg can fix the NIS authentication problem. I may be wrong but we won't know before someone tries it. I'm out of the office today so I will try that next monday.

Did you try to add BSD to the services after installing BSD.pkg?

Installing BSD.pkg did not solve the NIS authentication problem. Strike two!

ra014620,

Did you try adding the following line to your /etc/resolv.conf file:

order hosts, bind

Just tried it. Made no difference.

Finally got back around to looking at this. Reenabled NIS from Directory Utiltiy and things are working. FYI, our NIS server is running FreeBSD 7.2 release.

Looks like Lion does not like the broadcast mechanism of NIS or considers that it is not secure. I did not specified any servers for the NIS service configuration of the Open Directory utility. The broadcast mechanism was used instead to find an NIS server.

This is what I do on my Linux boxes and this is also what I was doing under Snow Leopard on the Mac. It did not seem to be a problem under Lion since ypwhich and ypcat were running correctly, but it was a problem for the NIS authentication. Now that I added the IP addresses of all my NIS servers in the NIS service configuration, the NIS authentification works correctly. I can loggin locally and by ssh using an NIS account.

Don't use the names of the NIS servers but the IP addresses instead. Looks like dns lookup for host name does not work when ypbind starts at boot time. I had this problem and I had to boot the system in single-user mode to edit the server list and replace the names by the adresses.

Hi All --

Any updates/resolution on this issue?

@dcharland: From my Lion box, my NIS servers had always been configured/specified with IP address and not hostname, so for me at least, the problem persists. If you have things working, can you please provide some more explicit instructions?