1

I've got an old Solaris 8 server as a client in a NIS domain. All users can login just fine except for one (user 'oracle'). It used to work but late last year "something" changed (I wasn't here at the time) and the user oracle can no longer login.

I can ssh to the server as oracle with rsa key, I can su to oracle from root, but anything involving password authentication fails for that single user. Logging on to other servers in the same NIS domain works so the password is certainly correct.

Any idea what's wrong? How to debug?

Edit: The user oracle isn't in /etc/passwd nor /etc/shadow. And /etc/nsswitch.conf has passwd files,nis. I also did "nscd -e passwd,no" to disable caching of passwd entries. "ypcat passwd" shows a record for oracle.

What else?

Thanks

MLu
  • 23,798
  • 5
  • 54
  • 81
  • 1
    Does the oracle user exist and have a password set locally? If you've got the server set up using 'files,nis' in that order, it will try the local passwd/shadow files firstk, and only use nis if the user isn't found there. – Jenny D Jun 20 '13 at 12:31
  • @JennyD no the user doesn't exist locally. See my edit above. – MLu Jun 21 '13 at 00:20

2 Answers2

1

If oracle's password contains a non 7 bit ascii character, the cause might be a locale mismatch. eg: ISO-8859-xx vs UTF-8.

jlliagre
  • 8,691
  • 16
  • 36
  • Hi, no the password is pure ASCII, letters, numbers, basic ASCII symbols. Nothing locale dependent :( – MLu Jun 22 '13 at 01:24
  • Okay. What message does the user get when trying to log in ? Anything logged in in the system logs ? Are netgroups configured ? Is logging in failing for both local and remote logins ? – jlliagre Jun 22 '13 at 06:51
  • Pretty standard messages: Jun 24 15:30:57 ... sshd[12791]: [ID 800047 auth.info] Failed none for oracle from 10.65.101.49 port 57808 ssh2 Jun 24 15:30:57 ... sshd[12791]: [ID 800047 auth.info] Failed publickey for oracle from 10.65.101.49 port 57808 ssh2 Jun 24 15:35:34 ... su: [ID 366847 auth.info] 'su oracle' succeeded for root on /dev/pts/14 Jun 24 15:36:44 ... su: [ID 810491 auth.crit] 'su oracle' failed for {normal user} on /dev/pts/14 – MLu Jun 24 '13 at 03:33
  • And yes it fails for both local and remote logins whenever password is required. Password-less works (ssh key, or su from root). Looks like the password is wrong but it's not, it works on other boxes. – MLu Jun 24 '13 at 03:41
0

Sorted. Problem was that the NIS password hash was in MD5 format ($1$xyz...) which isn't compatible with Solaris 8. We use a central password management and all password changes should default to DES hash but somehow someone managed to set the password as an MD5 hash.

~# ypmatch oracle passwd.adjunct.byname
oracle:$1$xyz...:::::::
MLu
  • 23,798
  • 5
  • 54
  • 81