VMware Cloud Community
kbudd
Contributor
Contributor
‎04-03-2008 02:17 AM

ESX 3.5 with NIS: authentication failure

Hello,

i've set up an ESX Server 3.5 with NIS authentication.

(esxcfg-auth --enablemd5 --enableshadow --enablenis --nisdomain=DOMAIN --nisserver=SRV --disablecache --maxfailedlogins=0)

After reboot of the ESX host, i can access all user and groups of SRV via Vmware Infrastructure Client. Permissions are set, but i cant login vie VIC or ssh:

/var/log/messages

Apr 3 10:47:58 srv6 sshd(pam_unix)[2447]: check pass; user unknown

Apr 3 10:47:58 srv6 sshd(pam_unix)[2447]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=my.computer.local

and

Apr 3 10:50:44 srv6 vmware-authd(pam_unix)[1831]: check pass; user unknown

Apr 3 10:50:44 srv6 vmware-authd(pam_unix)[1831]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=

I tried enable and disable md5 and shadow, but i can't login.

yppasswd MYUSER from shell works fine.

Has anyone any ideas or docu? im helpless.

Thanks ahead

Cheers KEB

PS: Our NIS Server is an Suse Linux 9 ES Host. From other suse hosts authenticate works fine.

Tags (4)
Reply
0 Kudos
3 Replies
Texiwill
Leadership
Leadership
‎04-03-2008 11:19 AM

Hello,

Check to make sure the : is on the bottom of /etc/passwd, as well as /etc/nsswitch.conf.

If these are not setup properly NIS will not work.


Best regards,

Edward L. Haletky

VMware Communities User Moderator

====

Author of the book 'VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers', Copyright 2008 Pearson Education. As well as the Virtualization Wiki at http://www.astroarch.com/wiki/index.php/Virtualization

--
Edward L. Haletky
vExpert XIV: 2009-2023,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill
Reply
kbudd
Contributor
Contributor
‎04-06-2008 11:22 PM

Thanks,

I've added +::::: to /etc/passwd and /etc/shadow.

And i had to change /etc/nsswitch.conf.

passwd: compat

group: compat

Then it works!

Reply
0 Kudos
Texiwill
Leadership
Leadership
‎06-16-2008 09:38 AM

Hello,

I did a little research and this method seems to work the best on ESX v3.x, NIS Integration, using the +:::::: method for me led to interesting UID issues where they uid of the user could not be tracked back to an username.

The NIS Integration wiki article covers using pam_access to control which netgroups are allowed access and also lists some tests to ensure netgroups are working properly.


Best regards,

Edward L. Haletky

VMware Communities User Moderator

====

Author of the book 'VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers', Copyright 2008 Pearson Education. CIO Virtualization Blog: http://www.cio.com/blog/index/topic/168354

As well as the Virtualization Wiki at http://www.astroarch.com/wiki/index.php/Virtualization

--
Edward L. Haletky
vExpert XIV: 2009-2023,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill
Reply
0 Kudos