From: Victor Engle (sunmanager@summerseas.com)
Date: Fri Oct 08 2004 - 14:20:48 EDT
Hello List,
I have a Sun Directory server v5.2 configured as a naming service for my
Sun workstation. It currently provides account info, authentication,
group info and auto_* map info. I have been trying to get netgroups to
work because my goal is to use LDAP as a naming service for servers and
I need to be able to allow only specific users access to the servers.
For example on an oracle server I would want to restrict access to
system and database admins by adding something like "+@sys_dba_admins"
The sus_dba_admins would be an ldap netgroup containing nis triples or
netgroups for the sys admins and dba's.
I configured nsswitch.conf for compatibility mode. Here is the relavent
part of my nsswitch.conf:
passwd: files compat
passwd_compat: ldap
group: files compat
group_compat: ldap
netgroup: ldap
Here is my ldap netgroup entry:
cn=skylab,ou=netgroup,dc=domain_central,dc=local
objectClass=nisNetgroup
objectClass=top
cn=skylab
nisNetgroupTriple=(,vengle,)
nisNetgroupTriple=(,fred,)
creatorsName=cn=directory manager
modifiersName=cn=directory manager
createTimestamp=20041008175127Z
modifyTimestamp=20041008175127Z
And here is the /etc/passwd file entry. (pwconv added the entry to
/etc/shadow)
+@skylab:x:::::
In this configuration, no ldap account can login. The user fred is an
ldap user and is listed in the skylab netgroup. If I add "+fred" to the
passwd file then fred can login so I know the 1 compatibility is
working, just not with the netgroup.
Do I have a configuration error or is this a bug?
Any assistance would be appreciated.
Thanks,
Vic
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:29:33 EDT