- Community Home
- >
- Servers and Operating Systems
- >
- Legacy
- >
- Operating System - Tru64 Unix
- >
- Re: ldap netgroups doesn't work for NFS exports
Operating System - Tru64 Unix
1748202
Members
2944
Online
108759
Solutions
Forums
Categories
Company
Local Language
юдл
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
юдл
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Go to solution
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-28-2008 08:22 PM
тАО04-28-2008 08:22 PM
OK, my last question regarding netgroups and LDAP was confused. Now I looked into it further to verify what the problem actually is.
Our systems are Tru64 5.1B-4 / patchkit 6 set up with ldapcd working against an openldap server; it works fine for authentication.
I have "netgroup: ldap" set in /etc/nsswitch.conf and runnign some small test programs using getnetgrent demonstrates that the system is retrieving the netgroup info from ldap.
However NFS exports using netgroup names in /etc/exports are not honored.
Running truss against mountd shows that no netgroup lookups are being done (I won't paste the traces here, they're quite long).
However, running the same trace against mountd on a system running a NIS client for netgroup info shows interesting info - things like:
getdomainname("mynisdomain", 256) = 0
getpid() = 468 [ 1 ]
open("/var/yp/binding/mynisdomain.2", O_RDONLY, 01777777777760002762657) = 9
so it seems clear that mountd is trying to read the yp data directly rather than using the c library functions getnetgrent or innetgr.
This seems like a bug to me.
We do actually have support through HP, though I don't know how likely it is for anything to get fixed at this stage. But sometimes channels like this can be almost more useful than regular support, as we might hear something back indirectly from the engineers concerned. Would be great if anyone could find out more!
Thanks!
Our systems are Tru64 5.1B-4 / patchkit 6 set up with ldapcd working against an openldap server; it works fine for authentication.
I have "netgroup: ldap" set in /etc/nsswitch.conf and runnign some small test programs using getnetgrent demonstrates that the system is retrieving the netgroup info from ldap.
However NFS exports using netgroup names in /etc/exports are not honored.
Running truss against mountd shows that no netgroup lookups are being done (I won't paste the traces here, they're quite long).
However, running the same trace against mountd on a system running a NIS client for netgroup info shows interesting info - things like:
getdomainname("mynisdomain", 256) = 0
getpid() = 468 [ 1 ]
open("/var/yp/binding/mynisdomain.2", O_RDONLY, 01777777777760002762657) = 9
so it seems clear that mountd is trying to read the yp data directly rather than using the c library functions getnetgrent or innetgr.
This seems like a bug to me.
We do actually have support through HP, though I don't know how likely it is for anything to get fixed at this stage. But sometimes channels like this can be almost more useful than regular support, as we might hear something back indirectly from the engineers concerned. Would be great if anyone could find out more!
Thanks!
Solved! Go to Solution.
2 REPLIES 2
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-30-2008 11:28 AM
тАО04-30-2008 11:28 AM
Solution
I looked at the source code for Tru64 mountd and it does only look at NIS for netgroups. To me this feels like a bug. But, the man page for mountd specifically says "The identifiers listed beside the name of each filesystem or directory can be either host names, IP addresses, or NIS netgroups names." The man page specifically talks about "NIS netgroups" and not just "netgroups". This could be interpreted that only NIS netgroups supported or it could be interpreted as simply a clarification of what netgroups are (netgroups, like there are in NIS). The mountd man page was written when NIS was the only supported server for netgroups, so I tend towards the latter.
There are engineers working on support for Tru64 and problems are getting fixed. But, given the ambiguity here if you enter a problem report is it possible that you won't get a fix if the "official" interpretation of the man page is that "NIS" is meant as a restriction, not an explanation. I say go ahead and try it, what do you have to lose?
Just a FYI, in nsswitch.conf "ldap" is only a valid source for the netgroup database, it cannot be defined as a source for user or group databases. To use ldap for user and group information you have to use the SIA ldap mechanism.
Ann
There are engineers working on support for Tru64 and problems are getting fixed. But, given the ambiguity here if you enter a problem report is it possible that you won't get a fix if the "official" interpretation of the man page is that "NIS" is meant as a restriction, not an explanation. I say go ahead and try it, what do you have to lose?
Just a FYI, in nsswitch.conf "ldap" is only a valid source for the netgroup database, it cannot be defined as a source for user or group databases. To use ldap for user and group information you have to use the SIA ldap mechanism.
Ann
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-01-2008 04:25 PM
тАО05-01-2008 04:25 PM
Re: ldap netgroups doesn't work for NFS exports
Thanks very much, that's great to have my suspicions about the mountd operation confirmed. I opened a case with support so we can see if they want to do anything about it. I'm no real programmer by any means but looking at the netgroup-reading code in FreeBSD mountd source doesn't look terribly complicated (for whatever that's worth...)
I have just one more Tru64 LDAP-related query to ask about in a new thread :-)
I have just one more Tru64 LDAP-related query to ask about in a new thread :-)
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
News and Events
Support
© Copyright 2024 Hewlett Packard Enterprise Development LP