HPE Community
Operating System - HP-UX
1834395 Members
1587 Online
110066 Solutions
New Discussion

Re: Using NetGroup on 11i

 
SOLVED
Go to solution
Philip Piotrowski_1
New Member

‎06-21-2005 11:23 PM

‎06-21-2005 11:23 PM

Using NetGroup on 11i

Hi,

Got some problems enabling netgroup on my test server. Here's what I've done so far:

On the NIS+ master, created a netgroup "servers_sap_test" with the following entries:
(hsapt2,xx1234, ), (hsapt2,xx5678, )

On the server, I've added the line +@servers_sap_test at the end of the passwd file.

On nsswitch.conf, this line is added:
netgroup: nisplus [NOTFOUND=continue] files

Now, the issue is that doesn't prevent other users from connecting (ssh) to this server.
I want to restrict the access using netgroup
so it would be easier to manage from a single
machine.

Any help would be greatly appreciated.

Thanks
0 Kudos
4 REPLIES 4
Steven E. Protter
Exalted Contributor

‎06-22-2005 12:22 AM

‎06-22-2005 12:22 AM

Solution

Re: Using NetGroup on 11i

NIS+ ... Shiver.

Complex.

It would appear that you have not completed the configuration process. I see nothing in the steps you posted that should prevent ssh users from connecting.

ssh/openssh uses pam and the /etc/passwd and related security files for authentication. If the users are still there, ssh/openssh connections should still be possible.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
RAC_1
Honored Contributor

‎06-22-2005 12:45 AM

‎06-22-2005 12:45 AM

Re: Using NetGroup on 11i

Looks like ssh logins are not looking at netgroup entries. Please check, if there is something in this regatd that can be configured in sshd_config/ssh_config??

Anil
There is no substitute to HARDWORK
0 Kudos
Philip Piotrowski_1
New Member

‎06-22-2005 02:41 AM

‎06-22-2005 02:41 AM

Re: Using NetGroup on 11i

Thanks for you help.

Then, is there a way to use "DenyGroups" in
sshd_config and put a netgroup ?

Thanks again
0 Kudos
Philip Piotrowski_1
New Member

‎06-22-2005 05:40 AM

‎06-22-2005 05:40 AM

Re: Using NetGroup on 11i

Better with "DenyUsers" & "DenyGroups"
with sshd_config.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.