We are facing upgrade Redhat 6 to Redhat 9. There are many NIS user in Redhat 6, but Redhat 9 doesn’t support NIS .
I saw a post :Nis on Rocky/RHEL 9 , it says the ypbind tool could be installed in Redhat 9 .
But when i try to install ypbind , it showed the error log like below:
[root@rocky9 ~]# yum install /root/ypbind-2.7.2-8.fc36.x86_64.rpm
Last metadata expiration check: 0:00:30 ago on Wed 27 Mar 2024 05:02:23 PM CST.
Error:
Problem: conflicting requests
- nothing provides nss_nis needed by ypbind-3:2.7.2-8.fc36.x86_64
- nothing provides yp-tools >= 4.2.2-2 needed by ypbind-3:2.7.2-8.fc36.x86_64
(try to add ‘–skip-broken’ to skip uninstallable packages or ‘–nobest’ to use not only best candidate packages)
[root@rocky9 ~]# yum install /root/yp-tools-4.2.3-12.fc36.x86_64.rpm
Last metadata expiration check: 0:00:18 ago on Wed 27 Mar 2024 05:03:11 PM CST.
Error:
Problem: conflicting requests
- nothing provides ypbind >= 3:2.4-2 needed by yp-tools-4.2.3-12.fc36.x86_64
(try to add ‘–skip-broken’ to skip uninstallable packages or ‘–nobest’ to use not only best candidate packages)
How to solve this ? Anyone could give me some help?
Thx in advance.
EL9 has Identity Management (IdM). There is a section of docs for it in Product Documentation for Red Hat Enterprise Linux 9 | Red Hat Customer Portal
There is a bit about migrating from non-RHEL FreeIPA to RHEL IdM.
FreeIPA has “migrate from NIS”: NIS_accounts_migration_preserving_Passwords — FreeIPA documentation
Could it be possible to install IdM and migrate NIS accounts to it?
You need to install these three packages at the same time:
dnf install /root/ypbind-2.7.2-8.fc36.x86_64.rpm /root/yp-tools-4.2.3-12.fc36.x86_64.rpm /root/nss_nis-3.1-11.fc36.x86_64.rpm
2 Likes
Yes, we are considering about this in future.
Thx a lot. It really worked .
The NIS user could login via SHELL tools without any problem, but i try to use the NIS login the desktop, it fails with error:
Mar 28 10:49:06 rocky9 systemd[1]: Started Fingerprint Authentication Daemon.
Mar 28 10:49:23 rocky9 /usr/libexec/gdm-wayland-session[40111]: dbus-daemon[40111]: [session uid=501 pid=40111] Activating service name=‘org.freedesktop.systemd1’ requested by ‘:1.0’ (uid=501 pid=40109 comm=“/usr/libexec/gdm-wayland-session --register-sessio” label=“kernel”)
Mar 28 10:49:23 rocky9 /usr/libexec/gdm-wayland-session[40111]: dbus-daemon[40111]: [session uid=501 pid=40111] Activated service ‘org.freedesktop.systemd1’ failed: Process org.freedesktop.systemd1 exited with status 1
Mar 28 10:49:23 rocky9 /usr/libexec/gdm-wayland-session[40109]: Unable to register display with display manager
Mar 28 10:49:23 rocky9 gdm[872]: Gdm: GdmDisplay: Session never registered, failing
Mar 28 10:49:23 rocky9 journal[38637]: unable to get EDID for xrandr-Virtual-1: unable to get EDID for output
Mar 28 10:49:23 rocky9 journal[38637]: unable to get EDID for xrandr-Virtual-1: unable to get EDID for output
Mar 28 10:49:23 rocky9 journal[38637]: unable to get EDID for xrandr-Virtual-1: unable to get EDID for output
Mar 28 10:49:23 rocky9 org.gnome.Shell.desktop[40135]: The XKEYBOARD keymap compiler (xkbcomp) reports:
Mar 28 10:49:23 rocky9 org.gnome.Shell.desktop[40135]: > Warning: Unsupported maximum keycode 708, clipping.
Mar 28 10:49:23 rocky9 org.gnome.Shell.desktop[40135]: > X11 cannot support keycodes above 255.
Mar 28 10:49:23 rocky9 org.gnome.Shell.desktop[40135]: Errors from xkbcomp are not fatal to the X server
Have you got this issue in Rocky desktop login ?
First, that is a separate issue than the OP “how to install packages from files” that is already resolved. So should be on new thread for clarity.
I would test two things:
- Can non-NIS accounts log in, i.e. is this only for NIS-accounts
- Use Gnome, rather than Wayland. (There is a cog-wheel on right bottom corner where you can select type of session, when you have given/selected username and about to type password.)
Only non-NIS accounts could log in. NIS account after type password , it returned to the login screen .
The real solution is to move on from NIS to a more modern authentication and authorization stack. NIS has serious limitations and security issues. Consider moving to FreeIPA. Or, if you don’t want all of what it comes with, openldap-server (from epel and the plus repo we provide) or 389-ds-base all by itself.
1 Like
ok. Thank you for your kindly suggestion.
You could also look at zentyal that way you get support as well. I use it for authentication on my rocky 8.8 and 9.3 systems and now it also supports automounts. Works for Linux and windows clients .
1 Like
When you say a ‘NIS user could login via SHELL tools’ - what exactly do you mean? (i.e. what are the ‘SHELL’ tools ?)
When NIS users log in this way, are they prompted for a password ?
What is the ‘passwd’ entry in /etc/nsswitch.conf ?
Thx for your reply. I mean NIS user could use the linux terminal like MobaXterm using ssh connection , they could execute the linux command without any problem , but when they try to use the graphical Desktop , it fails.
They login with Redhat 9 logon screen, they type user and password, then nothing happened. It returns to the logon screen again. The detail log i have post above.
The ‘passwd’ entry in /etc/nsswitch.conf :
passwd: files nis
group: files nis
netgroup: files nis sss
automount: files nis sss
services: sss files
The nsswitch.conf tells where to look for passwords (and other user info) from. The files in /etc/pam.d/ tell when passwords are looked for, and sshd and gdm do probably have a bit different requirements.
The journalctl shows system logs, but there are probably still a partial copy in files /var/log/messages and /var/log/secure too. The logs might show whether issue is with password, or with creation of user session.
When using MobaXterm, are NIS users prompted for their password ? - or do you use ssh keys etc ?
i.e. if using ssh keys, then no password authentication will be done - whereas the graphical login will require password authentication - which may mean you will have to make changes in your PAM config files ?
I haven’t used NIS for authentication for years (and never with Rocky 9) - so not sure what you will need to change to get it working …