Simpler Navigation for Servers and Operating Systems - Please Update Your Bookmarks
Completed: a much simpler Servers and Operating Systems section of the Community. We combined many of the older boards, so you won't have to click through so many levels to get at the information you need. Check the consolidated boards here as many sub-forums are now single boards.
If you have bookmarked forums or discussion boards in Servers and Operating Systems, we suggest you check and update them as needed.
Operating System - Tru64 Unix
cancel
Showing results for 
Search instead for 
Did you mean: 

netgroups from LDAP on 5.1B-5

Graham Allan
Advisor

netgroups from LDAP on 5.1B-5

We've been using ldap authentication on tru64 5.1B for several years now, but have kept running a vestigal NIS server for netgroup info, since I could never get it to work from our LDAP source. But looking through these forums has hinted that it should be possible, for example http://forums11.itrc.hp.com/service/forums/questionanswer.do;HP-FORUMS-S-WPA-IDX=Hc2RKkpZx2TjnppgrMDySybd1Bfgx7JSlymVsnP2h6x34nQZ0T1p!-1568122448!1641486707?threadId=1138895

Testing it has had some odd results though; I'm not sure that I understand what's going on.

On my test server, I set in /etc/nsswitch.conf:

netgroup: ldap

I also set "netgroup=local" in /etc/svc.conf, though I don't believe this file should have any effect any more.

In /etc/exports we have a filesystem exported to a particular netgroup, so mounting this was my test for whether the netgroup source is working.

With *only* the above change, it didn't work. however, if I also configure the NIS subsystem, eg (in /etc/rc.config.common):

NIS_CONF="YES"
export NIS_CONF
NIS_TYPE="CLIENT"
export NIS_TYPE
NIS_DOMAIN="mynisdomain"
export NIS_DOMAIN
NIS_ARGS="-s -S mynisdomain,bogus.server.name"
export NIS_ARGS

then the netgroup lookup does work. Note that I set a bogus server name as the NIS server, so ypbind does in fact fail to start.

Wondering if there is any rational explanation for this, or if others have netgroup information sourced from LDAP without any such issues.

The OS is 5.1B with T64V51BB27AS0006-20061208 (PK 6) installed, btw.

Thanks for any ideas!