I have a problem with Solaris 10 and netgroups with IPA.<div> </div><div>I am able to login to the Solaris 10 server with IPA users as long as I am not using netgroups. As soon as I add a netgroup I can no longer authenticate. </div> <div> </div><div>I have updated nsswitch.conf:</div><div>#passwd: files ldappasswd: compatpasswd_compat: files ldap group: files ldap And then added the netgroup to /etc/passwd:+@MYHOST:x:::::<div> </div><div>And used pwconv to get the netgroup into /etc/shadow:</div><div>+@MYHOST:x:15765::::::</div><div> </div><div>I am able to see the user in getent (and none of the users I want restricted show up, only the user I want which is great):</div> <div>-bash-3.2# getent passwd testusertestuser:x:3713:3713:Test User:/export/home/testuser:/bin/bash I am also able to su to testuser as root:-bash-3.2# su - testuserOracle Corporation SunOS 5.10 Generic Patch January 2005 -bash-3.2$ iduid=3713(testuser) gid=3713(testgroup) I cannot su to the user from another user, it appears to be the password that is the problem. I can successfully change passwords using kpasswd from the Solaris 10 host. I've enabled Pam debugging:</div><div class="gmail_quote"><div lang="EN-US" link="blue" vlink="purple"> Mar 1 12:54:04 MYHOST sshd[3928]: [ID 228857 auth.debug] PAM[3928]: pam_start(sshd-kbdint,testuser,80a98a8:80c8b18) - debug = 1 Mar 1 12:54:04 MYHOST sshd[3928]: [ID 224148 auth.debug] PAM[3928]: pam_set_item(80c8b18:service) Mar 1 12:54:04 MYHOST sshd[3928]: [ID 224148 auth.debug] PAM[3928]: pam_set_item(80c8b18:user) Mar 1 12:54:04 MYHOST sshd[3928]: [ID 224148 auth.debug] PAM[3928]: pam_set_item(80c8b18:conv) Mar 1 12:54:04 MYHOST sshd[3928]: [ID 224148 auth.debug] PAM[3928]: pam_set_item(80c8b18:rhost) Mar 1 12:54:04 MYHOST sshd[3928]: [ID 224148 auth.debug] PAM[3928]: pam_set_item(80c8b18:tty) Mar 1 12:54:04 MYHOST sshd[3928]: [ID 122435 auth.debug] PAM[3928]: pam_authenticate(80c8b18, 1) Mar 1 12:54:04 MYHOST sshd[3928]: [ID 746646 auth.debug] PAM[3928]: load_modules(80c8b18, pam_sm_authenticate)=/usr/lib/security/pam_authtok_get.so.1 Mar 1 12:54:04 MYHOST sshd[3928]: [ID 586621 auth.debug] PAM[3928]: load_function: successful load of pam_sm_authenticate Mar 1 12:54:04 MYHOST sshd[3928]: [ID 746646 auth.debug] PAM[3928]: load_modules(80c8b18, pam_sm_authenticate)=/usr/lib/security/pam_dhkeys.so.1 Mar 1 12:54:04 MYHOST sshd[3928]: [ID 586621 auth.debug] PAM[3928]: load_function: successful load of pam_sm_authenticate Mar 1 12:54:04 MYHOST sshd[3928]: [ID 746646 auth.debug] PAM[3928]: load_modules(80c8b18, pam_sm_authenticate)=/usr/lib/security/pam_unix_cred.so.1 Mar 1 12:54:04 MYHOST sshd[3928]: [ID 586621 auth.debug] PAM[3928]: load_function: successful load of pam_sm_authenticate Mar 1 12:54:04 MYHOST sshd[3928]: [ID 746646 auth.debug] PAM[3928]: load_modules(80c8b18, pam_sm_authenticate)=/usr/lib/security/pam_unix_auth.so.1 Mar 1 12:54:04 MYHOST sshd[3928]: [ID 586621 auth.debug] PAM[3928]: load_function: successful load of pam_sm_authenticate Mar 1 12:54:04 MYHOST sshd[3928]: [ID 746646 auth.debug] PAM[3928]: load_modules(80c8b18, pam_sm_authenticate)=/usr/lib/security/pam_ldap.so.1 Mar 1 12:54:04 MYHOST sshd[3928]: [ID 586621 auth.debug] PAM[3928]: load_function: successful load of pam_sm_authenticate Mar 1 12:54:04 MYHOST sshd[3928]: [ID 425581 auth.debug] PAM[3928]: pam_get_user(80c8b18, 80c8b18, NULL) Mar 1 12:54:07 MYHOST sshd[3928]: [ID 224148 auth.debug] PAM[3928]: pam_set_item(80c8b18:authtok) Mar 1 12:54:07 MYHOST last message repeated 1 time Mar 1 12:54:07 MYHOST sshd[3928]: [ID 117705 auth.debug] PAM[3928]: pam_authenticate(80c8b18, 1): error Authentication failed Mar 1 12:54:08 MYHOST sshd[3928]: [ID 224148 auth.debug] PAM[3928]: pam_set_item(80c8b18:authtok) Mar 1 12:54:08 MYHOST sshd[3928]: [ID 800047 <a href="http://auth.info" target="_blank">auth.info</a>] Keyboard-interactive (PAM) userauth failed[9] while authenticating: Authentication failed Mar 1 12:54:08 MYHOST sshd[3928]: [ID 800047 auth.notice] Failed keyboard-interactive for testuser from <a href="tel:30.241.208.21" value="+13024120821" target="_blank">30.241.208.21</a> port 4469 ssh2 Mar 1 12:54:08 MYHOST sshd[3928]: [ID 224148 auth.debug] PAM[3928]: pam_set_item(80c8b18:conv) Mar 1 12:54:08 MYHOST sshd[3928]: [ID 185624 auth.debug] PAM[3928]: pam_end(80c8b18): status = Authentication failed Mar 1 12:54:08 MYHOST sshd[3928]: [ID 228857 auth.debug] PAM[3928]: pam_start(sshd-kbdint,testuser,80a98a8:80c8b18) - debug = 1 Mar 1 12:54:08 MYHOST sshd[3928]: [ID 224148 auth.debug] PAM[3928]: pam_set_item(80c8b18:service) Mar 1 12:54:08 MYHOST sshd[3928]: [ID 224148 auth.debug] PAM[3928]: pam_set_item(80c8b18:user) Mar 1 12:54:08 MYHOST sshd[3928]: [ID 224148 auth.debug] PAM[3928]: pam_set_item(80c8b18:conv) Mar 1 12:54:08 MYHOST sshd[3928]: [ID 224148 auth.debug] PAM[3928]: pam_set_item(80c8b18:rhost) Mar 1 12:54:08 MYHOST sshd[3928]: [ID 224148 auth.debug] PAM[3928]: pam_set_item(80c8b18:tty) Mar 1 12:54:08 MYHOST sshd[3928]: [ID 122435 auth.debug] PAM[3928]: pam_authenticate(80c8b18, 1) Mar 1 12:54:08 MYHOST sshd[3928]: [ID 746646 auth.debug] PAM[3928]: load_modules(80c8b18, pam_sm_authenticate)=/usr/lib/security/pam_authtok_get.so.1 Mar 1 12:54:08 MYHOST sshd[3928]: [ID 586621 auth.debug] PAM[3928]: load_function: successful load of pam_sm_authenticate Mar 1 12:54:08 MYHOST sshd[3928]: [ID 746646 auth.debug] PAM[3928]: load_modules(80c8b18, pam_sm_authenticate)=/usr/lib/security/pam_dhkeys.so.1 Mar 1 12:54:08 MYHOST sshd[3928]: [ID 586621 auth.debug] PAM[3928]: load_function: successful load of pam_sm_authenticate Mar 1 12:54:08 MYHOST sshd[3928]: [ID 746646 auth.debug] PAM[3928]: load_modules(80c8b18, pam_sm_authenticate)=/usr/lib/security/pam_unix_cred.so.1 Mar 1 12:54:08 MYHOST sshd[3928]: [ID 586621 auth.debug] PAM[3928]: load_function: successful load of pam_sm_authenticate Mar 1 12:54:08 MYHOST sshd[3928]: [ID 746646 auth.debug] PAM[3928]: load_modules(80c8b18, pam_sm_authenticate)=/usr/lib/security/pam_unix_auth.so.1 Mar 1 12:54:08 MYHOST sshd[3928]: [ID 586621 auth.debug] PAM[3928]: load_function: successful load of pam_sm_authenticate Mar 1 12:54:08 MYHOST sshd[3928]: [ID 746646 auth.debug] PAM[3928]: load_modules(80c8b18, pam_sm_authenticate)=/usr/lib/security/pam_ldap.so.1 Mar 1 12:54:08 MYHOST sshd[3928]: [ID 586621 auth.debug] PAM[3928]: load_function: successful load of pam_sm_authenticate Mar 1 12:54:08 MYHOST sshd[3928]: [ID 425581 auth.debug] PAM[3928]: pam_get_user(80c8b18, 80c8b18, NULL) Mar 1 12:54:09 MYHOST sshd[3928]: [ID 800047 <a href="http://auth.info" target="_blank">auth.info</a>] Received disconnect from <a href="tel:30.241.208.21" value="+13024120821" target="_blank">30.241.208.21</a>: 13: Unable to authenticate Mar 1 12:54:09 MYHOST sshd[3928]: [ID 224148 auth.debug] PAM[3928]: pam_set_item(80c8b18:conv) Mar 1 12:54:09 MYHOST sshd[3928]: [ID 185624 auth.debug] PAM[3928]: pam_end(80c8b18): status = General PAM failure Mar 1 12:54:11 MYHOST sshd[3906]: [ID 800047 <a href="http://auth.info" target="_blank">auth.info</a>] Received disconnect from <a href="tel:30.241.208.21" value="+13024120821" target="_blank">30.241.208.21</a>: 13: Unable to authenticate Mar 1 12:54:11 MYHOST sshd[3906]: [ID 583457 auth.debug] PAM[3906]: pam_set_item(80c8b18:conv) Mar 1 12:54:11 MYHOST sshd[3906]: [ID 278145 auth.debug] PAM[3906]: pam_end(80c8b18): status = General PAM failure I'm at a loss at this point. I can't seem to determine how simply adding a netgroup causes authentication to fail. Every other aspect of the netgroup works and the system without the netgroup works. Any ideas?-Eli</div></div> </div>