netbsd-users: Trouble serving NIS to Solaris 8.0 from NetBSD 1.5

Subject: Trouble serving NIS to Solaris 8.0 from NetBSD 1.5
To: NetBSD Users Mailing List <netbsd-users@netbsd.org>
From: Brian Chase <bdc@world.std.com>
List: netbsd-users
Date: 01/25/2001 17:40:32
The setup is fairly simple.  I've got a NetBSD/i386 1.5 box running as an
NIS server.  It's serving (or supposed to be) several Solaris x86 8.0
boxes.  As a test case, I took a NetBSD/arm32 1.4.2 system of mine and got
it operate properly as an NIS client of the forementioned server.  The
Solaris 8.0 boxes aren't quite as happy.  They do recognise the NIS
server.  I can `ypcat' the maps, and the uid/gid to user name and group
mappings are working properly.  Also, as root I can 'su -' to any of the
NIS served users, and it works without fault.  However, I can log into the
Solaris boxes as an NIS served user.

All I can eek out from the Solaris syslog is the following terse error:

   Jan 25 16:03:26 combat.ind.iproperty.com login: [ID 427203 auth.debug]
     pam_authenticate: error Authentication failed

On the NetBSD side of things, when I run ypserv with the '-l -d' options,
I get the following:

   Jan 25 16:00:00 ypserver newsyslog[4875]: logfile turned over
   Jan 25 16:00:00 ypserver syslogd: restart
   Jan 25 16:00:07 ypserver ypserv[4866]: domain_nonack_2: request from
     ypserver.domain.com, domain domain.com, served TRUE
   Jan 25 16:01:08 ypserver ypserv[4866]: domain_nonack_2: request from
     ypserver.domain.com, domain domain.com, served TRUE
   Jan 25 16:01:33 ypserver ypserv[4866]: all_2: request from
     ypserver.domain.com, secure FALSE, domain domain.com, map
     passwd.byname
   Jan 25 16:01:42 ypserver ypserv[4866]: all_2: request from
     client.domain.com, secure FALSE, domain domain.com, map passwd.byname
   Jan 25 16:02:09 ypserver ypserv[4866]: domain_nonack_2: request from
     ypserver.domain.com, domain domain.com, served TRUE
   Jan 25 16:03:10 ypserver ypserv[4866]: domain_nonack_2: request from
     ypserver.domain.com, domain domain.com, served TRUE
   Jan 25 16:03:10 ypserver ypserv[4866]: domain_2: request from
     client.domain.com, domain domain.com, served TRUE
   Jan 25 16:03:15 ypserver ypserv[4866]: match_2: request from
     client.domain.com, secure FALSE, domain domain.com, map
     passwd.byname, key bdc
   Jan 25 16:03:15 ypserver ypserv[4866]: match_2: request from
     client.domain.com, secure FALSE, domain domain.com, map
     passwd.byname, key bdc
   Jan 25 16:04:12 ypserver ypserv[4866]: domain_nonack_2: request from
     ypserver.domain.com, domain domain.com, served TRUE

There appears to be some sort of authentication problem, but I don't know
what precisely it is.

BTW, ypcat on the both the NetBSD and Solaris clients returns the passwd
map with '*' in the encrypted password field.  It just seems to do the
right thing and somehow gets the passwords under NetBSD.  I'm not sure how
to convince Solaris to do the same.

-brian.