Network authentication using NIS fails

Exact same issue here...

Do you have a work-around?

Some more background on our setup:

* NIS servers are actually FreeBSD 7.1 machines. Our Linux machines are all Ubuntu (currently 11.04). After considerable struggling getting our Macs (10.5 and 10.6) to properly authenticate against Ubuntu-based NIS servers (the issue boiled down to the particulars of the passwd hash encryption), we opted to run the NISes on FreeBSD VMs which worked fine with all our clients.

Ben, what Linux distro(s) are you using?

I've just installed Lion and have exactly the same issue. My NIS server is running Solaris and has been working just fine for almost a year with Snow Leopard.

Once Lion had completed its installation, there was a message at the login window to the effect of Network Logins were unavailable. So I tail -f'ed /var/log/opendirectoryd.log while su'ing to my network user and it has numerous "failed to get YP map list".

Like Ben, I can successfully dump the contents of NIS tables using ypcat and ypmatch, so the bits of wet string are basically OK. What actually isn't OK is the authentication bit!

To be blunt, and I'm keeping this at PG13, this is absolutely fscking useless, and a show-stopper for me. How the h e l l this bug got past QA is beyond me. I was going to hold off from the 10.7.0 "upgrade" until 10.7.1 was released, but iCal and Address Book constantly (and I mean, constantly!) crashing forced my hand.

Thoroughly disgusted, I'm going back to Snow Leopard until Apple fixes this huge bug.

Yes -- it is shocking and I have no idea how something this basic can fail QA. Perhaps the NIS server should run off the Lion box? But of course, there is no documentation to that effect, and for extra chuckles any configuration that used to work with Snow Leopard is not guaranteed to be applicable/work with Lion. Apple, I salute you!

I don't even know where exactly it has failed either (does Apple want me to set things up with a specific authentication/encryption algorithm?), which is the nature of the beast and the opaqueness of Apple upgrades. I haven't seen any mention of NIS changes in any Apple Release Notes. Obviously, someone, somewhere in Jobsworld changed it.

I can also confirm that I now have two personal tales of the same experience in two different research labs/groups. In my own case with authenticating to NIS servers on FreeBSD machines, and a separate case with NIS running off CentOS boxes. In all cases it worked perfectly with Snow Leopard.

In our case, it means no Lion upgrades for any other machines in our group.

I too have a service call open with Apple on this bug, which has been escalated to engineering. They had me run some info-gather script and email in the results, which I did. I've not heard back from them in a while; I think I'll ping them soon for an update. (The engineer I was talking with is aware of this thread.)

In the meantime, my iMac is back on Snow Leopard (re-installed from scratch, another wasted day, sigh) and happily authenticating my NIS users.

Has anyone heard anything more on this. 10.7.1 did not fix it, and I now have a completely useless machine.

Nothing new from my end. And yes, 10.7.1 didn't fix this (nor did I see any mention of it in the release notes).

hmm, maybe this has something to do with NIS not working?

Apple has removed NFS support in Lion:

http://www.appleinsider.com/articles/11/03/24/inside_mac_os_x_10_7_lion_apple_dr ops_ftp_adds_webdav_file_sharing_for_ios.html

Umm, what does FTP have to do with NFS? (Answer: nothing).

Apple haven't dropped support for NFS in Lion, in fact the Lion white paper specifically mentions that NFS v4 is now supported. Also, NIS and NFS are two completely different beasts.

Back on track, no joy with 10.7.1 here either. I think I'll ping my support contact in the next day or so for an update.

I have to say, speaking as a UNIX programmer, I'm not very impressed with the Lion QA team's regression testing (let alone the design team's numerous violations of the principle of least surprise and removal of ZFS). Correct operation needs to come before bling, guys!

Hi guys!

I have the same problem after upgrading to Lion.

Ypwhich returns the name of one of my NIS servers (Linux boxes) and I can see the content of the maps using ypcat. I can't successfully log in on this computer when i su or when i ssh from another computer using a network account. The only difference with you guys is that I don't get any error messages in /var/log/opendirectory.log even after running "odutil set log default". With "odutil set log warning", I get this message:

Node: /NIS/imi, Module: nis - ODQueryCreateWithNode failed with error 'Connection failed' (2100)

I got rid of the yellow button alert in the login window after checking option "Allow network users to log in at login windows" in Users & Groups options and checking "Use NIS domain for authentication" in the NIS Configuration of the Directory Utility.

Updating to Lion 10.7.1 didn't help at all.

A possibly related issue: Since upgrading to 10.7 I cannot resolve hostnames found in NIS.

It also stopped searching the local /etc/hosts file first. So I can't override hostnames found in DNS.

However, authenticating NIS users and mounting NFS filesystems is still working.

ra014620,

After upgrading to Lion, did you do any modifications to have NIS authentication to work? When you search on the Internet, you find that everyone that upgrade from Snow Leopard to Lion has lost NIS authentication functionality. So i'm really surprised that it works on your system.

If you have a workaround, this is the best place to post it!