Bug 28967

Summary: NIS password database not referenced correctly by login/su/sshd etc.
Product: Mageia Reporter: Stephen Usher <steve>
Component: RPM PackagesAssignee: Base system maintainers <basesystem>
Status: NEW --- QA Contact:
Severity: major    
Priority: Normal CC: ouaurelien, tmb
Version: 8   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: glibc-2.32-15.mga8.src.rpm CVE:
Status comment:
Attachments: nsswitch.conf

Description Stephen Usher 2021-05-26 14:09:51 CEST 
Description of problem:

When a system is set up for YP/NIS authentication (ypbind + nsswitch.conf) login, sshd, su etc. do not read the user details correctly.

su, for example, gives:

# su - steve
su: user steve does not exist or the user entry does not contain all the required fields


Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. Set up the system to use NIS authentication.
2. Try to su to a NIS user.
3.
Comment 1 Stephen Usher 2021-05-26 14:10:32 CEST 
Created attachment 12723 [details]
nsswitch.conf
Comment 2 Aurelien Oudelet 2021-05-26 18:12:15 CEST 
Hi, thanks reporting this.

Have you tried to reboot the client system after applying such modification?
Is the NIS server reachable from a ping command?

Does DNS correctly advertised on network?

Have you tried to open TCP/UDP ports in Shorewall firewall for NIS?

Many questions...

CC: (none) => ouaurelien

Comment 3 Stephen Usher 2021-05-27 10:04:58 CEST 
The system has been rebooted and the NIS system is currently servicing about 100 machines on our network. The YP/NIS servers are Solaris boxes running Solaris 10.

The firewall is off.

The history with this is that the machine was running Mageia 7 and I upgraded it to Mageia 8 and the NIS logins stopped working so, assuming an incorrect upgrade, I did a full re-install and found the same issue.

Interestingly, even though login/su etc. can't use the passwd map finger(1) can.

All the YP/NIS maps are working, automounter is correctly picking up the automount map and is able to use the data.

I've tried adding "compat" to the end of the passwd and group entries in nsswitch.conf and it make no difference.
Comment 4 Stephen Usher 2021-05-27 15:18:51 CEST 
I've done some more investigation.

It seems the issue is with nscd.

If I disable nscd and nscd.socket then authentication works.

Unfortunately, as discovered in Mageia 7, nscd is required for some of the systemd services to properly interact with YP/NIS.
Comment 5 Stephen Usher 2021-05-28 16:29:28 CEST 
After enabling the log file entry in /etc/nscd.conf and then re-enabling nscd.socket and nscd using systemctl and starting the services allowed the system to work normally.

The only line in /etc/ncsd.conf changes was the one specifying the log file and a single # was removed from the beginning of the line.

I have no idea why this would make any difference whatsoever.
Comment 6 Aurelien Oudelet 2021-06-12 21:45:51 CEST 
$ urpmf /etc/nsswitch.conf
glibc:/etc/nsswitch.conf
systemd:/usr/share/factory/etc/nsswitch.conf

Unsure to assign.
But let's try from glibc.

CC: (none) => tmb
Assignee: bugsquad => basesystem
Source RPM: (none) => glibc-2.32-15.mga8.src.rpm

Comment 7 Stephen Usher 2021-06-14 10:54:15 CEST 
It looks like it's in nscd rather than the kernel.

If nscd is not running then things work. Merely changing something in /etc/nscd.conf which shouldn't have done anything allowed it to start working, so it could be the configuration file parsing part of nscd, or that's merely changing memory that something else is misusing. It's hard to tell.