SUMMARY: netgroups under NIS+

From: Stuart Kendrick (sbk@fhcrc.org)
Date: Fri Feb 14 1997 - 14:40:02 CST


I have netgroups working now. My two key errors were:

Syntax in /etc/nsswitch.conf should be:
passwd: compat
passwd_compat: nisplus

not
passwd: compat
passwd_compat: files nisplus

per p.339 in the Solaris 2.5 NIS+ and FNS Administration Guide

And an unwanted ":" in the definition of the netgroup, should be
test (,bob,) (,susan,) (,eli,)

not

test: (,bob,) (,susan,) (,eli,)

(otherwise, the name of the netgroup becomes "test:" rather than "test".)

Thanks to:
David Montgomery <david@cs.newcastle.edu.au>
Christian Masopust <Christian.Masopust@tmn.sie.siemens.at>
Willi Burmeister <wib@cs.uni-kiel.de>
Casper Dik <casper@holland.Sun.COM>
Cecil Pang <cecilp@adonis.westel.com>
and Radar at SunService

--sk

Stuart Kendrick
Network Services
FHCRC

Original post attached:

Per numerous helpful suggestions, my netgroup set-up now looks as follows:

/etc/nsswitch.conf
passwd: compat
passwd_compat: nisplus

ASCII form of netgroup
test: (,bob,) (,susan,) (,eli,)

imported into the NIS+ space with: nisaddent -mvf netgroup netgroup
where "netgroup" is the name of the ASCII file.

niscat netgroup.org_dir
test: bob
test: susan
test: eli

I run nisping -C and use nislog to prove that the NIS+ logs on the master
are checkpointed.

/etc/passwd looks like:
....
noaccess:x:60002:60002:No Access User:/:
nobody4:x:65534:65534:SunOS 4.x Nobody:/:
+@test:x:::::

/etc/shadow looks like:
....
noaccess:NP:6445::::::
nobody4:NP:6445::::::
+@test::::::::

Still, I cannot log in (via any account in the NIS+ space, member of "test" or
not). I am trying both console access and telnet access. I kill and restart
nscd. I reboot. UIDs defined in /etc/passwd still function fine, of
course.

I have also tried modding the netgroup to look as follows, where
"fhcrc.org." is the name of my NIS+ domain:

test: (,bob,fhcrc.org.) (,susan,fhcrc.org.) (,eli,fhcrc.org.)

and

test: (-,bob,fhcrc.org.) (,susan,fhcrc.org.) (-,eli,fhcrc.org.)

And followed the same procedure (e.g. imported into the NIS+ space using
the nisaddent command above, nisping -C, kill -HUP nscd, reboot). At no
point does the situation improve.

I've stared at the traffic between my test box and the master server using
my favorite packet analysis tool, a Network General Sniffer.
Unfortunately, Sun RPC traffic is not my strong point, and there sure is a
lot of it. I could, however, spend more time on packet analysis if anyone
had a direction to suggest.

Any other suggestions?

--sk

Stuart Kendrick
Network Services
FHCRC



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:11:46 CDT