HPE Community
Operating System - HP-UX
1829624 Members
1993 Online
109992 Solutions
New Discussion

NIS netgroup problem

 
SOLVED
Go to solution
jerry1
Super Advisor

‎12-10-2004 08:43 AM

‎12-10-2004 08:43 AM

NIS netgroup problem

We are transitioning to a new DNS domainname.

When changing the hp box to new DNS domain
the NIS netgroup map quits working for
that host even when netgroup entry has
been update with the new FQHN. This is
for accessing nfs dirs that are 750.

The fix is to put anon=0 and access=hostname
in exports.

Any other host in the same dns domain as the
nfs server and nis server can read/write
to the 750 dirctory without the anon=0 or
access=hostname. Only the netgroup hp9000
in exports access=hp9000 is needed.

What is the deal with separate domains and
nis/nfs access?


0 Kudos
Reply
7 REPLIES 7
A. Clay Stephenson
Acclaimed Contributor

‎12-10-2004 08:54 AM

‎12-10-2004 08:54 AM

Solution

Re: NIS netgroup problem

On one of the "bad" hosts, do a ypcat netgroup. If that fails then NIS is not working (in a different subnet and haven't done a ypset?) but more likely your netgroup is using short hostnames and now that the domain has changed the hostname lookup is failing.
If it ain't broke, I can fix that.
Reply
jerry1
Super Advisor

‎12-10-2004 09:00 AM

‎12-10-2004 09:00 AM

Re: NIS netgroup problem

Correction, only the hostname is needed
in the nfs exports not anon=0.

0 Kudos
Reply
jerry1
Super Advisor

‎12-10-2004 09:02 AM

‎12-10-2004 09:02 AM

Re: NIS netgroup problem

Clay, all systems are bound okay.
/etc/resolv.conf has new dns domainname
in search line. nslookup works okay.
0 Kudos
Reply
A. Clay Stephenson
Acclaimed Contributor

‎12-10-2004 09:15 AM

‎12-10-2004 09:15 AM

Re: NIS netgroup problem

Okay then what do your netgroup triples look like? (hostname,user,domainname). I am not asking what is the structure of the source file for the netgroup map but rather what does ypcat report since that is what really counts.

Don't assume that because nslookup works that NIS netgroup hostname expansion works the same way.
If it ain't broke, I can fix that.
Reply
jerry1
Super Advisor

‎12-10-2004 10:13 AM

‎12-10-2004 10:13 AM

Re: NIS netgroup problem

All checks out.

ypwhich shows bound to correct server.
ypcat netgroup shows netgroup and host as:

hp9000 (host.new.domain.com,,)


exports file on nfs server:

/exportdir -anon=65534,access=hp9000


Don't remember why 65534 was in there.
May have to do with HP Advanced Server software sharing out to PC's.

0 Kudos
Reply
A. Clay Stephenson
Acclaimed Contributor

‎12-10-2004 10:43 AM

‎12-10-2004 10:43 AM

Re: NIS netgroup problem

65534 (OxFFFE) is the twos-complement representation of -2 expressed as a 16-bit signed integer. You would know (and care about) two-complements had you ever done any assembly programming --- but you young whippersnappers is spoiled. -2 is the NFS convention for the UID of an anonymous user.

Without researching this, I think your netgroup problem is related to your domainname (as reported by the domainname command). Note: While there are DNS domains and NIS domains the two have nothing to do with each other.
If it ain't broke, I can fix that.
Reply
Peter Nikitka
Honored Contributor

‎12-12-2004 11:29 PM

‎12-12-2004 11:29 PM

Re: NIS netgroup problem

Hi,

the hostname in the netgroup-triple needs to be in the format in the nsswitch.conf is configured for 'host'-resolves. If you have configured just DNS, FQN-entries are ok

Since using switching of the name resolution in nsswitch.conf, I added every host, where this could occur in 'simple' AND 'FQN'-format.

mfG Peter
The Universe is a pretty big place, it's bigger than anything anyone has ever dreamed of before. So if it's just us, seems like an awful waste of space, right? Jodie Foster in "Contact"
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.