HPE Community
Operating System - HP-UX
1822895 Members
3398 Online
109645 Solutions
New Discussion юеВ

nis and netgroup

 
Don Beethe
Occasional Advisor

тАО05-24-2006 03:05 AM

тАО05-24-2006 03:05 AM

nis and netgroup

Trying to get netgroups to work on HPUX 11.11 and failing. I have a netgroup:
admins (,lo392787,) (,db55621,)

I added +@admins::::::::: to both passwd and shadow and changed nsswitch.conf to:
passwd: compat
group: compat

If I try to telnet localhost and login as either a user in the admins netgroup or root, it fails.
Once I change nsswitch.conf back to passwd: files nis, then it allows me to login as root as well as any NIS user.
What am I missing here?
0 Kudos
Reply
9 REPLIES 9
Peter Nikitka
Honored Contributor

тАО05-24-2006 04:37 AM

тАО05-24-2006 04:37 AM

Re: nis and netgroup

Hi,

I think there are many things missing...

- you cannot use netgroups in conjunction with /etc/shadow.
- you have to use NIS to use passwd in compatibility mode

So you would have to convert your system to untrusted.

To see netgroups working, you can try to use host authentification via netgroups.
Add host entries to the netgroup
okhosts (ho1,,) (ho2,,)
and add okhosts to /etc/exports like
/home -access=okhosts
to test NFS access via netgroup entries. Do not forget to update NIS maps!


If you have an untrusted system

- check /etc/nsswitch.conf for entry
netgroup: nis files
- add usernames to netgroup NOT in local /etc/passwd but in NIS map passwd
- update NIS-Maps

then your compat-mode entry should work.

mfG Peter
The Universe is a pretty big place, it's bigger than anything anyone has ever dreamed of before. So if it's just us, seems like an awful waste of space, right? Jodie Foster in "Contact"
0 Kudos
Reply
Don Beethe
Occasional Advisor

тАО05-24-2006 06:17 AM

тАО05-24-2006 06:17 AM

Re: nis and netgroup

My first problem was trying to use /etc/shadow.
I have converted back to old password file and still can't get the netgroup to work.
I am still unable to login as a NIS user in the netgroup.

0 Kudos
Reply
Kevin Wright
Honored Contributor

тАО05-24-2006 09:06 AM

тАО05-24-2006 09:06 AM

Re: nis and netgroup

Please make sure your password map is correct, with the hashed passwd, as you were using /etc/shadow, don't use passwd.adjunct map.

ypcat netgroup, make sure that is correct.. add a +::::::: to /etc/passwd, test that, then restrict it down to a netgroup. Basically login as any nis user, then restrict it down to netgroups in /etc/passwd.
0 Kudos
Reply
Don Beethe
Occasional Advisor

тАО05-24-2006 09:11 AM

тАО05-24-2006 09:11 AM

Re: nis and netgroup

I tested with just + in the passwd file and it worked, but when I change to +@admins, it won't let me login. Says login incorrect. I am using the same user when just + in the passwd and +@admins.
0 Kudos
Reply
Peter Nikitka
Honored Contributor

тАО05-25-2006 12:04 AM

тАО05-25-2006 12:04 AM

Re: nis and netgroup

Hi Don,

what ist the result of
ypcat netgroup | grep admins

mfG Peter
The Universe is a pretty big place, it's bigger than anything anyone has ever dreamed of before. So if it's just us, seems like an awful waste of space, right? Jodie Foster in "Contact"
0 Kudos
Reply
Don Beethe
Occasional Advisor

тАО05-25-2006 12:35 AM

тАО05-25-2006 12:35 AM

Re: nis and netgroup

[belford](/)# ypcat -k netgroup |grep admins
admins (,lo392787,) (,db55621,) (,hw151282,) (,jg438011,) (,ee341740,) (,bs11425
,) (,tc324570,)

I am trying to use user db55621. When I just have + at the end of passwd, I am able to login. If I change it to +@admins, I get login failed.

0 Kudos
Reply
Peter Nikitka
Honored Contributor

тАО05-25-2006 09:54 PM

тАО05-25-2006 09:54 PM

Re: nis and netgroup

Hi,

try to use the netgroup 'admins' in another context to check wether they work there:
- Your host ist thost
- Leave +:: entry in /etc/passwd
- Setup a testuser; create/modify file ~testusr/.rhosts (permission 600, owner testusr) at host thost containing

somehost +@admins

and try as a member of admins (e.g. db55621) at host 'somehost' to get a passwordless request:

remsh thost -l testusr date


mfG Peter
The Universe is a pretty big place, it's bigger than anything anyone has ever dreamed of before. So if it's just us, seems like an awful waste of space, right? Jodie Foster in "Contact"
0 Kudos
Reply
Don Beethe
Occasional Advisor

тАО06-01-2006 07:57 AM

тАО06-01-2006 07:57 AM

Re: nis and netgroup

Finally got this working by doing /sbin/init.d/pwmgr stop;/sbin/init.d/pwmgr start.
0 Kudos
Reply
Peter Nikitka
Honored Contributor

тАО06-02-2006 12:45 AM

тАО06-02-2006 12:45 AM

Re: nis and netgroup

Hi,

it would be nice, if you put attention to the point system of this forum:

http://forums1.itrc.hp.com/service/forums/helptips.do?#28

mfG Peter
The Universe is a pretty big place, it's bigger than anything anyone has ever dreamed of before. So if it's just us, seems like an awful waste of space, right? Jodie Foster in "Contact"
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.