Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: Ben Golding
Ben Golding Author
User level: Level 1
20 points

Network authentication using NIS fails

In our office we have a Linux server which we have been authenticating against using NIS for some years (certainly using 10.5 and 10.6). Since installing 10.7, we can no longer authenticate so logins fail.


When I use Directory Utility, it seems to be able to contact the NIS server and can list out the various maps that it can see there (eg, hosts, mounts, passwd). Using dscl, I can navigate to /NIS/object-craft.com.au/Users/bgg and my user details are all listed there correctly. This makes me believe that the NIS connection between my machine and the server is working correctly. Further to this, the automounts served from the server work perfectly.


The problem only seems to occur when I try logging in. There's a yellow alert next to the username on the login panel saying that only some network accounts are accessible.


When I try to login, in /var/log/opendirectoryd.log sees lines like:


2011-07-22 19:56:23.449 EST - failed to get YP map list


This appears to come from the file /System/Library/OpenDirectory/Modules/nis.bundle/Contents/MacOS/nis. That leads me to think that OpenDirectory isn't being updated correctly with the NIS server's address. I don't know what the mechanism is that makes that work. I've tried using odutil but that hasn't proved very useful.


Does anyone know how to get this working? I'm really stumped.


Thanks,


Ben.

Posted on Jul 23, 2011 4:06 AM

Reply
66 replies
User profile for user: RichTeer
RichTeer
User level: Level 1
0 points

Feb 3, 2012 4:51 PM in response to RichTeer

My wife just upgraded her MacBook Pro to the official release of 10.7.3, and I can confirm that (finally!) NIS authentication using MD5 hashes works!


However, and I have to say that I'm rather disappointed by this, current encryption methods like AES-256 and especially AES-512 are NOT supported (to be fair, they don't work on 10.6.x either). This strikes me as particularly stupid given that 10.7.x uses AES-512 for local password hashes.


For me at least, this means that updating my iMac to Lion is now back on the negotiating table.

Reply
User profile for user: asimperson
asimperson
User level: Level 1
0 points

Apr 12, 2012 6:54 PM in response to Ben Golding

I am still having issues with NIS authentication on Lion even after upgrading to 10.7.3. Generally, when I try to log in as a network user I get the spinning wheel and it sits there for around 10 minutes before timing out.


When I try this from a terminal window using su, I notice that in secure.log I get a PAM authentication failure before I even type my password in.


I can do "ypcat passwd" and see all the users fine, so it seems like a problem with authentication. When I remove the domain from the authenticaton chain, then the system responds normally to local logins.


Any ideas would be appreciated. Things worked fine with 10.6.

Reply
User profile for user: hcaley
hcaley
User level: Level 1
12 points

Jun 18, 2012 1:27 PM in response to Ben Golding

I am not able to get NIS to work automatically with Mac OSX 10.7.4 at all. /etc/defaultdoman is set, the domain and servers are set up in the Directory Utility and they show up in /private/var/yp/binding/domain.ypservers.


NIS servers are RedHat 6.0.


I can do it manually; if I run


ypbind -ypsetme -insecure


and run


ypset hostname


it works fine. I'm assuming that it's the insecure flag that is necessary, but I don't see any place to set it.

Reply

Network authentication using NIS fails

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up