From owner-freebsd-current@FreeBSD.ORG Fri Apr 25 08:55:50 2003 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F2E0E37B401; Fri, 25 Apr 2003 08:55:49 -0700 (PDT) Received: from symbion.srrc.usda.gov (symbion.srrc.usda.gov [199.133.86.40]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0740443F3F; Fri, 25 Apr 2003 08:55:48 -0700 (PDT) (envelope-from gjohnson@srrc.ars.usda.gov) Received: from node1.cluster.srrc.usda.gov (localhost [127.0.0.1]) by symbion.srrc.usda.gov (8.12.9/8.12.9) with ESMTP id h3PFtVub018540; Fri, 25 Apr 2003 10:55:31 -0500 (CDT) (envelope-from glenn@node1.cluster.srrc.usda.gov) Received: (from glenn@localhost)h3PFtUTY018539; Fri, 25 Apr 2003 10:55:30 -0500 (CDT) (envelope-from glenn) Date: Fri, 25 Apr 2003 10:55:30 -0500 From: Glenn Johnson To: "Jacques A. Vidrine" , freebsd-current@FreeBSD.org Message-ID: <20030425155530.GA17160@node1.cluster.srrc.usda.gov> Mail-Followup-To: "Jacques A. Vidrine" , freebsd-current@FreeBSD.org References: <20030423210539.GA1348@node1.cluster.srrc.usda.gov> <20030423215038.GB22152@madman.celabo.org> <20030423220754.GA16387@node1.cluster.srrc.usda.gov> <20030423221120.GA22798@madman.celabo.org> <20030423221915.GA17543@node1.cluster.srrc.usda.gov> <20030424020829.GA73546@madman.celabo.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030424020829.GA73546@madman.celabo.org> User-Agent: Mutt/1.5.4i Subject: Re: groups wrong on NIS clients X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 25 Apr 2003 15:55:50 -0000 On Wed, Apr 23, 2003 at 09:08:29PM -0500, Jacques A. Vidrine wrote: > On Wed, Apr 23, 2003 at 05:19:15PM -0500, Glenn Johnson wrote: > > > > How are you logging in? > > > > I was using ssh. After reading your message, I went down the hall > > and logged in via the console. The groups are set correctly when > > logging in via the console. > > > > Whatever login process you are using is responsible for setting > > > your group list correctly. It has not done so. > > > > As a note, the groups were set correctly via ssh before I updated to > > the latest sources today. My previous -current was from April 15, > > 2003. > > Do you have UsePrivilegeSeperation turned on? (Not that this should > make a difference ... `works here'.) Do you have anything different > from the default configuration? > > The only thing I can think of that might give you different results > when logging in via the console versus via sshd is if the latter > cannot contact the NIS server for some reason. Do you see (e.g. with > tcpdump) any NIS queries when you attempt to login via ssh? > > If you want to dig deeper, you should arrange for sshd to spit out the > group list. I applied your patch and here are the results. An ssh connection to the master node with a complete group list: debug1: XXX group[0]=1001,glenn debug1: XXX group[1]=1001,glenn debug1: XXX group[2]=0,wheel debug1: XXX group[3]=2,kmem debug1: XXX group[4]=5,operator debug1: XXX group[5]=1000,cluster An ssh connection to a backend node with an NIS served group list: debug1: XXX group[0]=1001,glenn debug1: XXX group[1]=1001,glenn After I ssh into the NIS client node I ran ypcat group and it shows the correct information for the groups. -- Glenn Johnson USDA, ARS, SRRC Phone: (504) 286-4252 New Orleans, LA 70124 e-mail: gjohnson@srrc.ars.usda.gov