Mccalma1
asked on
Need help with a Linux user login problem
Hi,
I am setting up a server and testing NIS from a client computer. The server is Redhat Enterprise and the client computer is Ubuntu.
I have a local user (Mark) and an NIS user (Tim) setup on the client computer. When the client computer boots up, I can select Mark or Tim to login to the client computer. Mark logs in locally without issues, but Tim looks like it is going to and then takes me back to the login screen. If I enter the wrong password, then it tells me that so it's not an authentication issue.
If I login as Mark, open a Terminal and switch user to Tim, then Tim can login.
What is causing the Tim account to only be able to login via the Terminal?
Thanks,
Mark
I am setting up a server and testing NIS from a client computer. The server is Redhat Enterprise and the client computer is Ubuntu.
I have a local user (Mark) and an NIS user (Tim) setup on the client computer. When the client computer boots up, I can select Mark or Tim to login to the client computer. Mark logs in locally without issues, but Tim looks like it is going to and then takes me back to the login screen. If I enter the wrong password, then it tells me that so it's not an authentication issue.
If I login as Mark, open a Terminal and switch user to Tim, then Tim can login.
What is causing the Tim account to only be able to login via the Terminal?
Thanks,
Mark
ASKER
I'm getting answers when I perform an nslookup from the client (see below). I don't understand why nslookup works with main (server hostname), but "dig -q main" doesn't give an answer. Also, where is the timeout settting/config file that you are referring to?
root@ubuntu:/etc# nslookup
> main.simnet.net
Server: 137.244.226.231
Address: 137.244.226.231#53
Name: main.simnet.net
Address: 137.244.226.231
> main
Server: 137.244.226.231
Address: 137.244.226.231#53
Name: main.simnet.net
Address: 137.244.226.231
> 137.244.226.231
Server: 137.244.226.231
Address: 137.244.226.231#53
231.226.244.137.in-addr.ar
> fallback
Server: 137.244.226.231
Address: 137.244.226.231#53
Name: fallback.simnet.net
Address: 137.244.226.232
> 137.244.226.232
Server: 137.244.226.231
Address: 137.244.226.231#53
232.226.244.137.in-addr.ar
> exit
root@ubuntu:/etc# dig -x 137.244.226.231
; <<>> DiG 9.8.1-P1 <<>> -x 137.244.226.231
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40348
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;231.226.244.137.in-addr.a
;; ANSWER SECTION:
231.226.244.137.in-addr.ar
;; AUTHORITY SECTION:
226.244.137.in-addr.arpa. 604800 IN NS main.simnet.net.
;; ADDITIONAL SECTION:
main.simnet.net. 38400 IN A 137.244.226.231
;; Query time: 1 msec
;; SERVER: 137.244.226.231#53(137.244
;; WHEN: Fri May 17 14:10:21 2013
;; MSG SIZE rcvd: 105
root@ubuntu:/etc# dig -q main.simnet.net
; <<>> DiG 9.8.1-P1 <<>> -q main.simnet.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14563
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;main.simnet.net. IN A
;; ANSWER SECTION:
main.simnet.net. 38400 IN A 137.244.226.231
;; AUTHORITY SECTION:
simnet.net. 38400 IN NS main.simnet.net.
;; Query time: 2 msec
;; SERVER: 137.244.226.231#53(137.244
;; WHEN: Fri May 17 14:10:32 2013
;; MSG SIZE rcvd: 63
root@ubuntu:/etc# dig -q main
; <<>> DiG 9.8.1-P1 <<>> -q main
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 61737
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;main. IN A
;; Query time: 3 msec
;; SERVER: 137.244.226.231#53(137.244
;; WHEN: Fri May 17 14:10:38 2013
;; MSG SIZE rcvd: 22
root@ubuntu:/etc# nslookup
> main.simnet.net
Server: 137.244.226.231
Address: 137.244.226.231#53
Name: main.simnet.net
Address: 137.244.226.231
> main
Server: 137.244.226.231
Address: 137.244.226.231#53
Name: main.simnet.net
Address: 137.244.226.231
> 137.244.226.231
Server: 137.244.226.231
Address: 137.244.226.231#53
231.226.244.137.in-addr.ar
> fallback
Server: 137.244.226.231
Address: 137.244.226.231#53
Name: fallback.simnet.net
Address: 137.244.226.232
> 137.244.226.232
Server: 137.244.226.231
Address: 137.244.226.231#53
232.226.244.137.in-addr.ar
> exit
root@ubuntu:/etc# dig -x 137.244.226.231
; <<>> DiG 9.8.1-P1 <<>> -x 137.244.226.231
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40348
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;231.226.244.137.in-addr.a
;; ANSWER SECTION:
231.226.244.137.in-addr.ar
;; AUTHORITY SECTION:
226.244.137.in-addr.arpa. 604800 IN NS main.simnet.net.
;; ADDITIONAL SECTION:
main.simnet.net. 38400 IN A 137.244.226.231
;; Query time: 1 msec
;; SERVER: 137.244.226.231#53(137.244
;; WHEN: Fri May 17 14:10:21 2013
;; MSG SIZE rcvd: 105
root@ubuntu:/etc# dig -q main.simnet.net
; <<>> DiG 9.8.1-P1 <<>> -q main.simnet.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14563
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;main.simnet.net. IN A
;; ANSWER SECTION:
main.simnet.net. 38400 IN A 137.244.226.231
;; AUTHORITY SECTION:
simnet.net. 38400 IN NS main.simnet.net.
;; Query time: 2 msec
;; SERVER: 137.244.226.231#53(137.244
;; WHEN: Fri May 17 14:10:32 2013
;; MSG SIZE rcvd: 63
root@ubuntu:/etc# dig -q main
; <<>> DiG 9.8.1-P1 <<>> -q main
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 61737
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;main. IN A
;; Query time: 3 msec
;; SERVER: 137.244.226.231#53(137.244
;; WHEN: Fri May 17 14:10:38 2013
;; MSG SIZE rcvd: 22
nslookup also consults the /etc/hosts - its a name lookup call.
- uses gethostbyname ()
dig only resolves using DNS. (It's a DNS query tool ).
- uses DNS query packets.
30 seconds is hardcoded in the pam layer afaict.
But to be honest 30 seconds is a pretty long time,
The network transaction should be done within a second or so.
So try to find out the network issue...
it can be a lot of things, auto config not working correctly packet loss, missing enties for reverse lookup's (PTR) in DNS. servers running low on resources, disk too full...
server process to be started from xinetd in stead of running as daemon..?
- uses gethostbyname ()
dig only resolves using DNS. (It's a DNS query tool ).
- uses DNS query packets.
30 seconds is hardcoded in the pam layer afaict.
But to be honest 30 seconds is a pretty long time,
The network transaction should be done within a second or so.
So try to find out the network issue...
it can be a lot of things, auto config not working correctly packet loss, missing enties for reverse lookup's (PTR) in DNS. servers running low on resources, disk too full...
server process to be started from xinetd in stead of running as daemon..?
ASKER
Thanks for the info regarding dig and nslookup, good stuff!!!
The server's hostname is "Main", the domain is simnet.net and the IP address is 137.244.226.231. NS lookup and dig appear to output good forward and reverse answers (reference my previous comment).
I can ping the server with no lost packets. My NFS mounts work as expected. If I'm in a terminal while logged in as a local user; I can "su" to to the NIS user without any issues. There is no hang up, it's immediate. I'm not convinced I have a network issue. I'm suspecting something is setup wrong in a config file, but have no idea where to look. Keep in mind that this server and client machine have never been in production. I'm setting it all up from scratch for my customer. Also, this is my first time setting up a server so I wouldn't be suprised if I setup the NIS user incorrectly on either the server or the client. I utilized webmin to setup the users and it seemed easy and straight forward.
I took a video of what it looks like when I try to login from the GUI. It's 67MB, so I'm not sure I will be able to upload it, but I'll try.
The server's hostname is "Main", the domain is simnet.net and the IP address is 137.244.226.231. NS lookup and dig appear to output good forward and reverse answers (reference my previous comment).
I can ping the server with no lost packets. My NFS mounts work as expected. If I'm in a terminal while logged in as a local user; I can "su" to to the NIS user without any issues. There is no hang up, it's immediate. I'm not convinced I have a network issue. I'm suspecting something is setup wrong in a config file, but have no idea where to look. Keep in mind that this server and client machine have never been in production. I'm setting it all up from scratch for my customer. Also, this is my first time setting up a server so I wouldn't be suprised if I setup the NIS user incorrectly on either the server or the client. I utilized webmin to setup the users and it seemed easy and straight forward.
I took a video of what it looks like when I try to login from the GUI. It's 67MB, so I'm not sure I will be able to upload it, but I'll try.
what's in the /etc/nsswitch.conf file?
ASKER
Client:
passwd: nis compat
group: nis compat
shadow: nis compat
hosts: files dns
networks: files
protocols: files
services: files
ethers: files
rpc: files
netgroup: nis
Server:
passwd: files
shadow: files
group: files
hosts: files dns
passwd: nis compat
group: nis compat
shadow: nis compat
hosts: files dns
networks: files
protocols: files
services: files
ethers: files
rpc: files
netgroup: nis
Server:
passwd: files
shadow: files
group: files
hosts: files dns
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
It looks like your + shift over to the right. Anyway, I do have that in my passwd and group file. I just figured out what the problem was. The Xwindows files such as .Xauthority did't getting created in the Tim User account. I copied the files from Mark to Tim and now the Tim account can login. Thank you for your help! This was driving me crazy.
Are all settings done corectly, forward DNS lookup, reverse lookup is important too as a hostname is requested for logging purposes.