System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

netgroups from LDAP on 5.1B-5

Graham Allan
Advisor

netgroups from LDAP on 5.1B-5

We've been using ldap authentication on tru64 5.1B for several years now, but have kept running a vestigal NIS server for netgroup info, since I could never get it to work from our LDAP source. But looking through these forums has hinted that it should be possible, for example http://forums11.itrc.hp.com/service/forums/questionanswer.do;HP-FORUMS-S-WPA-IDX=Hc2RKkpZx2TjnppgrMDySybd1Bfgx7JSlymVsnP2h6x34nQZ0T1p!-1568122448!1641486707?threadId=1138895

Testing it has had some odd results though; I'm not sure that I understand what's going on.

On my test server, I set in /etc/nsswitch.conf:

netgroup: ldap

I also set "netgroup=local" in /etc/svc.conf, though I don't believe this file should have any effect any more.

In /etc/exports we have a filesystem exported to a particular netgroup, so mounting this was my test for whether the netgroup source is working.

With *only* the above change, it didn't work. however, if I also configure the NIS subsystem, eg (in /etc/rc.config.common):

NIS_CONF="YES"
export NIS_CONF
NIS_TYPE="CLIENT"
export NIS_TYPE
NIS_DOMAIN="mynisdomain"
export NIS_DOMAIN
NIS_ARGS="-s -S mynisdomain,bogus.server.name"
export NIS_ARGS

then the netgroup lookup does work. Note that I set a bogus server name as the NIS server, so ypbind does in fact fail to start.

Wondering if there is any rational explanation for this, or if others have netgroup information sourced from LDAP without any such issues.

The OS is 5.1B with T64V51BB27AS0006-20061208 (PK 6) installed, btw.

Thanks for any ideas!