Date: Fri, 11 Dec 2015 10:16:50 -0500 (EST) From: James Craig <jmc@cs.rit.edu> To: Mark Johnston <markj@FreeBSD.org> Cc: freebsd-net@freebsd.org Subject: Re: Netgroups in FreeBSD10 Message-ID: <alpine.DEB.2.10.1512110942340.5564@starfury.cs.rit.edu> In-Reply-To: <20151210201621.GC34692@wkstn-mjohnston.west.isilon.com> References: <alpine.DEB.2.10.1512101051380.30539@starfury.cs.rit.edu> <20151210201621.GC34692@wkstn-mjohnston.west.isilon.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 10 Dec 2015, Mark Johnston wrote: > On Thu, Dec 10, 2015 at 10:58:11AM -0500, James Craig wrote: >> >> >> Hey all! >> >> I am migrating some of our services to freeBSD, and in the process of this, >> I have discovered something that seems odd to me; netgroups don't seem to work >> as expected. >> >> I am trying to set up a machine that will eventually be a file server >> (running 10.2-RELEASE) and getent netgroup <name> doesn't return anything, >> even if it is a valid name. >> >> We have been using openldap, and on the old solaris server, I was able to >> query netgroups for information, and use netgroups to limit some access to NFS. >> >> getent passwd, and other lookups seem to work fine. >> >> >> I had truss running on the ldap server, and when I try to >> getent netgroup <name> there is no action. So I ran a truss on the getent on >> the FreeBSD machine, and sifting through the system calls the system will only >> search the file /etc/netgroup (which is empty), despite that >> my /etc/nsswitch.conf looks like this: > > Unfortunately, the NSS documentation is wrong: the netgroup database isn't > implemented. The netgroup NSS methods always read /etc/netgroup and > ignore the sources configured in /etc/nsswitch.conf. I am glad I wasn't screwing up; thanks for the insight. Since this note I have also discovered that trying to use netgroups in login.access fails because I am not using NIS -- regardless of the /etc/netgroup file being populated. Is this something that will get implemented? (where would I go to find out?) > I have a libc patch (missing man page updates) that fixes this: > https://people.freebsd.org/~markj/patches/netgroup_nss.diff > It also adds a getnetgrent_r() implementation. If you're able to rebuild > libc in your environment, this patch should fix the problem you're > encountering - please let me know if it doesn't! I'll be honest; I have never done that before, so I am not sure what it will take, or what the ramifications on the system would be. I can look into it. (pointers would be appreciated, if there are any) thank you! James Craig -- James Craig, Department of Computer Science, RIT 102 Lomb Memorial Drive, Rochester, NY 14623 mailto:jmc@cs.rit.edu, voice: (585) 475-5254 CONFIDENTIALITY NOTE: The information transmitted, including attachments, is intended only for the person(s) or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and destroy any copies of this information.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.DEB.2.10.1512110942340.5564>