Thanks so much for the input, Sumit. I still can't login, but I think I'm getting
closer to the root cause. I now see that with my configuration I wasn't really using
SSSD yet, as resolution was being done by 'compat' -- which would itself query
NIS.
As you suggested, I replaced 'compat' with 'files' in nsswitch.conf, and
bumped the sss priority.
But now I believe my problem lies with 'proxy_pam_target': I had set it to
'none' following my initial reading of the configuration posted in
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahoste...
(apparently, the only other attempt at doing SSSD+NIS described online). But, as also
stated there, 'none' is no real keyword and PAM was looking for an /etc/pam.d/none
target.
Correct me if I'm wrong, but I think I'll need to create a PAM target that calls
something like
auth required pam_nis.so
... only that Ubuntu doesn't ship a pam_nis.so and I may have to compile one myself.
Is there any other way to get a NIS authentication from SSSD? My NIS server provides all
the required info -- user info + hashed password -- in the passwd database (see the getent
result above), so it seems possible.
Thanks once more.