I have netgroups working now. My two key errors were:
Syntax in /etc/nsswitch.conf should be:
passwd: compat
passwd_compat: nisplus
not
passwd: compat
passwd_compat: files nisplus
per p.339 in the Solaris 2.5 NIS+ and FNS Administration Guide
And an unwanted ":" in the definition of the netgroup, should be
test (,bob,) (,susan,) (,eli,)
not
test: (,bob,) (,susan,) (,eli,)
(otherwise, the name of the netgroup becomes "test:" rather than "test".)
Thanks to:
David Montgomery <david@cs.newcastle.edu.au>
Christian Masopust <Christian.Masopust@tmn.sie.siemens.at>
Willi Burmeister <wib@cs.uni-kiel.de>
Casper Dik <casper@holland.Sun.COM>
Cecil Pang <cecilp@adonis.westel.com>
and Radar at SunService
--sk
Stuart Kendrick
Network Services
FHCRC
Original post attached:
Per numerous helpful suggestions, my netgroup set-up now looks as follows:
/etc/nsswitch.conf
passwd: compat
passwd_compat: nisplus
ASCII form of netgroup
test: (,bob,) (,susan,) (,eli,)
imported into the NIS+ space with: nisaddent -mvf netgroup netgroup
where "netgroup" is the name of the ASCII file.
niscat netgroup.org_dir
test: bob
test: susan
test: eli
I run nisping -C and use nislog to prove that the NIS+ logs on the master
are checkpointed.
/etc/passwd looks like:
....
noaccess:x:60002:60002:No Access User:/:
nobody4:x:65534:65534:SunOS 4.x Nobody:/:
+@test:x:::::
/etc/shadow looks like:
....
noaccess:NP:6445::::::
nobody4:NP:6445::::::
+@test::::::::
Still, I cannot log in (via any account in the NIS+ space, member of "test" or
not). I am trying both console access and telnet access. I kill and restart
nscd. I reboot. UIDs defined in /etc/passwd still function fine, of
course.
I have also tried modding the netgroup to look as follows, where
"fhcrc.org." is the name of my NIS+ domain:
test: (,bob,fhcrc.org.) (,susan,fhcrc.org.) (,eli,fhcrc.org.)
and
test: (-,bob,fhcrc.org.) (,susan,fhcrc.org.) (-,eli,fhcrc.org.)
And followed the same procedure (e.g. imported into the NIS+ space using
the nisaddent command above, nisping -C, kill -HUP nscd, reboot). At no
point does the situation improve.
I've stared at the traffic between my test box and the master server using
my favorite packet analysis tool, a Network General Sniffer.
Unfortunately, Sun RPC traffic is not my strong point, and there sure is a
lot of it. I could, however, spend more time on packet analysis if anyone
had a direction to suggest.
Any other suggestions?
--sk
Stuart Kendrick
Network Services
FHCRC
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:11:46 CDT