Login process hung due to wrong NIS authentication configuration

Solution Verified - Updated -

Environment

  • Red Hat Enterprise Linux Server 6

Issue

  • Unable to Login to the server

Root Cause

NIS domain server was removed from the user environment and the 'ypbind' service was stopped in clients. But the authentication configurations were not removed.

/etc/nsswitch.conf on the client machines still shows

passwd:     files nis
shadow:     files nis
group:      files nis
hosts:      files nis dns
bootparams: nisplus [NOTFOUND=return] files
netgroup:   files nis
publickey:  nisplus
automount:  files nis
aliases:    files nisplus

PAM will also have this nis authentication enabled in /etc/pam.d/system-auth

password    sufficient    pam_unix.so md5 shadow nis nullok try_first_pass use_authtok

If the ypbind service is started again, the NIS server will not be reachable and client will log the following messages in /var/log/messages

ypbind[10159]: broadcast: RPC: Timed out.
ypbind[10159]: broadcast: RPC: Timed out.

In this situation, the user login process will be delayed due to NIS lookup in the background and for the user the system looks like hung.

Diagnostic Steps

Remove the authentication information from the NIS client machines using the command:

#authconfig  --disablenis --update

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.