From owner-freebsd-net@freebsd.org Thu Dec 10 15:58:13 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id AF79D9D6103 for ; Thu, 10 Dec 2015 15:58:13 +0000 (UTC) (envelope-from jmc@cs.rit.edu) Received: from pony-express.cs.rit.edu (pony-express.cs.rit.edu [129.21.30.24]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 538CD1135 for ; Thu, 10 Dec 2015 15:58:13 +0000 (UTC) (envelope-from jmc@cs.rit.edu) Received: (qmail 23611 invoked by uid 56003); 10 Dec 2015 15:58:12 -0000 Received: from 129.21.36.151 by pony-express (envelope-from , uid 20003) with qmail-scanner-1.25st (spamassassin: 3.3.2. perlscan: 1.25st. Clear:RC:1(129.21.36.151):SA:0(-1.0/4.5):. Processed in 0.517875 secs); 10 Dec 2015 15:58:12 -0000 X-Spam-Status: No, hits=-1.0 required=4.5 X-Spam-Report: SA TESTS -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP Received: from starfury.cs.rit.edu (HELO starfury) (129.21.36.151) by mailhost.cs.rit.edu with ESMTPS (DHE-RSA-AES256-SHA encrypted); 10 Dec 2015 15:58:11 -0000 Date: Thu, 10 Dec 2015 10:58:11 -0500 (EST) From: James Craig To: freebsd-net@freebsd.org Subject: Netgroups in FreeBSD10 Message-ID: User-Agent: Alpine 2.10 (DEB 1266 2009-07-14) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; format=flowed; charset=US-ASCII X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Dec 2015 15:58:13 -0000 Hey all! I am migrating some of our services to freeBSD, and in the process of this, I have discovered something that seems odd to me; netgroups don't seem to work as expected. I am trying to set up a machine that will eventually be a file server (running 10.2-RELEASE) and getent netgroup doesn't return anything, even if it is a valid name. We have been using openldap, and on the old solaris server, I was able to query netgroups for information, and use netgroups to limit some access to NFS. getent passwd, and other lookups seem to work fine. I had truss running on the ldap server, and when I try to getent netgroup there is no action. So I ran a truss on the getent on the FreeBSD machine, and sifting through the system calls the system will only search the file /etc/netgroup (which is empty), despite that my /etc/nsswitch.conf looks like this: group: files ldap hosts: files dns networks: files ldap netgroup: ldap passwd: files ldap shells: files services: compat services_compat: files protocols: files rpc: files If I put a netgroup into /etc/netgroup, it will find that one group. My only work-arround is to run a cronjob that does an ldapsearch (which works) for my netgroups and compiles it into the netgroup file every hour or so. This seems like something is missing. From what I have been able to read, it might be that netgroups are not really well supported at all. Is that true? Help will be greatly appreciated, as this could impact other ways I have always used netgroups... Thank you! james craig -- James Craig, Department of Computer Science, RIT 102 Lomb Memorial Drive, Rochester, NY 14623 mailto:jmc@cs.rit.edu, voice: (585) 475-5254 CONFIDENTIALITY NOTE: The information transmitted, including attachments, is intended only for the person(s) or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and destroy any copies of this information.