HPE Community
Operating System - HP-UX
1834758 Members
3288 Online
110070 Solutions
New Discussion

Re: LDAP-UX Authentication and User Information

 
Greg Wojtak
Advisor

‎01-26-2005 05:17 AM

‎01-26-2005 05:17 AM

LDAP-UX Authentication and User Information

I have been working on getting our UNIX servers set up to authenticate and get user information from our NDS tree. So far it is working on our Solaris and Linux systems and is mostly working. The only thing that does not seem to work is secondary groups. Running 'groups user' only shows the primary group and secondary groups that the user belongs to via /etc/group. An LDAP user's primary group will show as well, and those groups are all in NDS. So primary groups via LDAP are working. A 'getent group groupname' using a groupname from LDAP also shows that the groups do exist. I'm just not sure why a groups or id do not seem to show this. I have verified that it is actually causing problems by trying to use groups in sudo and with file permissions.

Just wondering if anyone else has had this problem.
0 Kudos
Reply
5 REPLIES 5
RAC_1
Honored Contributor

‎01-26-2005 05:26 AM

‎01-26-2005 05:26 AM

Re: LDAP-UX Authentication and User Information

How your nsswitch.conf looks like??
There is no substitute to HARDWORK
0 Kudos
Reply
Greg Wojtak
Advisor

‎01-26-2005 05:42 AM

‎01-26-2005 05:42 AM

Re: LDAP-UX Authentication and User Information

passwd: files ldap
group: files ldap
hosts: files [NOTFOUND=continue] dns
services: files
networks: files
protocols: files
rpc: files
publickey: files
netgroup: files
automount: files
aliases: files

I don't think this is the problem. As I said in my original post, it appears to be getting the group information fine, it just looks like it is breaking down while assigning users their secondary groups that reside in LDAP.
0 Kudos
Reply
RAC_1
Honored Contributor

‎01-26-2005 05:56 AM

‎01-26-2005 05:56 AM

Re: LDAP-UX Authentication and User Information

Does the group file lists the secondary group for the user??

Anil
There is no substitute to HARDWORK
0 Kudos
Reply
Greg Wojtak
Advisor

‎01-26-2005 07:09 AM

‎01-26-2005 07:09 AM

Re: LDAP-UX Authentication and User Information

Local groups are resolved correctly, if that's what you mean. So if I have an LDAP user gwojtak who's primary group is sysadmin, and secondary local group is users. gwojtak also has a secondary LDAP group of gwojtak. groups output shows:

# groups gwojtak
sysadmin users

On our Solaris and Linux servers, it comes back:
gwojtak sysadmin users

0 Kudos
Reply
RAC_1
Honored Contributor

‎01-26-2005 07:19 AM

‎01-26-2005 07:19 AM

Re: LDAP-UX Authentication and User Information

Can you compare the group files of linux and solaris where it works. also there nsswitch.conf files.
There is no substitute to HARDWORK
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.