09-14-2016 03:33 AM
has anyone have any experience with using NIS as authentication? We are having issue with using NIS on using sas studio. Though it works on logging in to servers in all server(mid tier/metadata/compute). it doesnt seem to work with logging in to SAS studio. a little hint of help would be appreciated. Thank you and more power!
09-14-2016 03:43 AM
SAS studio needs a workspace server instance; this workspace server instance (if it ain't a pooled workspace server) is started using the user's credentials. If that user does not have a "presence" on the host where SAS runs (userid, home directory etc), the instance cannot be started.
Basically, you need to try if you can log on with something like ssh to the SAS host (or at least do a "su username" from another ID there)
09-14-2016 05:16 AM
09-17-2016 04:25 AM
I think NIS has no particular role in this. We have NIS authentication and as long as metadata identities map to host accounts and hosts use NIS to authenticate SAS doesn't care what the mechanics are. AFAIK SAS metadata can't even authenticate against NIS. It only knows host, AD and LDAP authentication schemes.
If SAS Studio is the only SAS client you are using then make sure the metadata identities are mapped to real host accounts properly. If other SAS clients work (EG, DIS, ...) and only SAS Studio is not working then again NIS has nothing to do with it. The fault is in SAS Studio or metadata.
Hope this helps,
09-14-2016 05:34 AM
When you say it is not working, how is it not working? What error messages are users getting in the SAS Logon Manager web interface? What error messages are you getting in the SAS Object Spawner log files? Are there any interesting error or warning messages in the SAS Metadata Server log files or SAS Web Application Server logs files? By providing more specific details it usually helps to better identify the problem or provide clues on where to look next.
09-14-2016 05:38 AM
Perhaps a SAS Communities admin could move this from the Web Report Studio community into the SAS Studio community or the Administration and Deployment community? It might get better visibility there.
09-15-2016 03:08 AM
09-15-2016 08:50 AM - edited 09-15-2016 08:57 AM
We have some experience with NIS authentication on RHEL 5/6 servers. The following page describes at length the NIS protocol :
Strictly speaking, NIS/Yellow Page does not require PAM as far as I know. Implementation amongst Linux/Unix flavours may vary, of course. I only know Linux Red Hat in this respect. With RHEL, NIS works independenly of PAM which looks like a centralized identity provider :
NIS impersonates authentication requests to the local host (/etc/passwd, /etc/groups, shadow etc.) and thus enables to use transparently a central identity directory. Applications that need to launch authentication calls to Linux/Unix host stack don't have to be modified.
By default, SAS Unix/Linux authentication proxies (a SAS process remotely launched for a SAS Studio terminal rely on the so called SAS Object Spawner daemon, which in turn uses authentication proxies) use local host authentication, with the methods=pw as shown above.
If in your case, the server also uses PAM then you'll have to modify the sasauth.cfg file accordingly and restart all SAS services (even the Metadata Server) to take it into account.
Take care at the GROUP_NO_CASE parameter , if your NIS accounts have secondary group memberships, the authentication request made on behalf of SAS proxy could not retrieve the Primary group correctly sometimes.
This happens also when the cache is active (NSCD daemon running).
To go further with SAS authentication on Unix/Linux :