On (07/03/16 11:31), Hauke Fath wrote:
On Sun, 6 Mar 2016 16:30:22 +0100, Jakub Hrozek wrote:
I haven't configured NIS myself for a very long time, but before logins start working, sssd must be able to retrieve user information. I presume "getent passwd -s sss $nisuser" doesn't return anything using this configuration?
Yes, it does:
# getent passwd -s sss wtestman wtestman:*:580:504:Walter A. Testman:/home/wtestman:/bin/tcsh # getent shadow -s sss wtestman # getent shadow -s nis wtestman wtestman:$TOPSECRET:10779:0:99999:7:::
That's correct. sssd does not provide shadow maps.
Therefore you will need to have nis for shadow in /etc/nsswitch.conf and then I cannot see a benefit of using sssd if you cannot get rid of nis. in nsswitch.conf.
#
The "identification" part of the setup appears to work.
If you want to start testing just identity w/o authentication, you can start with: auth_provider = none
Interesting enough, this doesn't make a difference. I suspect PAM plays a role here, but my PAM fu is not up to the challenge...
FTR, I got the
auth_provider = proxy proxy_pam_target = none
You set pam target to "none" What is a content of file /etc/pam.d/none ?
from https://fedorahosted.org/sssd/ticket/1339; I also followed the example in https://bugzilla.redhat.com/show_bug.cgi?id=578463, setting nsswitch.conf up like
BZ578463 is for winbind and you can see pam_winbind.so in /etc/pam.d/winbind
But I assume it should be handled by pam_unix.
BTW why do you need/want to use NIS. You can achieve the same with LDAP/FreeIPA ...
LS