Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!munnari.OZ.AU!news.mel.connect.com.au!news.mira.net.au!inquo!nebo.vii.com!vyzynz!nielsen!news.dacom.co.kr!arclight.uoregon.edu!news.bc.net!news.mindlink.net!sol.ctr.columbia.edu!startide.ctr.columbia.edu!wpaul From: wpaul@ctr.columbia.edu (Bill Paul) Newsgroups: comp.unix.bsd.freebsd.misc Subject: Re: NIS Netgroup map doesn't work Date: 23 Jul 1996 15:21:15 GMT Organization: Columbia University Center for Telecommunications Research Lines: 107 Message-ID: <4t2qlb$pc8@sol.ctr.columbia.edu> References: <4t0n0g$669@dobie.loop.net> NNTP-Posting-Host: startide.ctr.columbia.edu X-Newsreader: TIN [version 1.2 PL2] Daring to challenge the will of the almighty Leviam00se, Greg Wiley (greg@loop.com) had the courage to say: : Is anyone successfully using netgroup NIS maps under FreeBSD? What _version_ of FreeBSD? FreeBSD 2.1.0 and 2.1.5 should grok netgroups just fine, though 2.1.0 is a little less efficient about it. I think 2.0.5 will work too, though it had some bugs. : I've : had yp working for about 8 months but have only recently tried to use the : netgroup features. My problem is that while I can use password entries like: : +::::::::: : and : +user::::::::: : which work as expected, entries like : +@ngroup::::::::: : do not. : I have uncommented the netgroup entry from the Makefile which causes : a netgroup map to be built and pushed. However, there is no provision : for creating a .byname and .byhost map as described in the general ref- : erences as well and the FreeBSD netgroup man page. I don't know if that's : the problem or if the page is obsolete. : Is there some additional reference I need to read? : Thank You, : -greg Unfortunately, FreeBSD 2.1.x does not yet have a 'revnetgroup' program in it. FreeBSD 2.2 does, and /var/yp/Makefile knows how to build the netgroup.byuser and netgroup.byhosts maps. (If you want, you can steal the revnetgroup sources from the 2.2-current tree and install them on 2.1.x; revnetgroup is not system-dependent. You can also steal the bits from /usr/src/usr.sbin/ypserv/Makefile.yp that build the other maps. You may not however use ypserv itself; the new ypserv will not compile in 2.1.x.) That aside, both 2.1.x and 2.2 should be able to get by with just the netgroup map if you cheat a little. Create an /etc/netgroup file that looks like this: dummy (-,foo,) + The getnetgrent(3) code is set up such that it defaults to needing the netgroup.byuser and netgroup.byhost maps in the following cases: - /etc/netgroup doesn't exist - /etc/netgroup exists but is empty - /etc/netgroup exists and contains only a + If /etc/netgroup exists and contains only local entries (no +), then only the info in the /etc/netgroup file will be used (i.e. NIS netgroups are turned off). If /etc/netgroup exists and contains local entries _and_ a +, both the local info and the NIS netgroup map will be merged together -- this operation uses _only_ the netgroup map, no netgroup.byuser or netgroup.byhost, so everything will work without the other maps. The sample netgroup file shown above should fool the getnetgrent(3) code into assuming the latter condition. This should be sufficient if your netgroup map is not too large. -Bill PS: 2.1.5 is the end of the road for the GNU-based NIS server support in FreeBSD. FreeBSD 2.2 has an completely new set of server tools (ypserv, yppush, ypxfr, rpc.yppasswdd, rpc.ypxfrd, revnetgroup, mknetid, yp_mkdb) all written from scratch explicitly for FreeBSD. I did this mostly to clean things up, but there are also some new features (ypserv has some NIS v1 support and does database handle caching, yppush handles multiple parallel jobs (without fork()ing), rpc.yppasswdd allows the superuser on the NIS master server to make with passwd(1) and chpass(1) without knowing a user's password, rpc.yppasswdd also handles multiple domains and can do additions and in-place updates, you no longer have to configure NIS servers to also be NIS clients in order for all tools to work), plus there are some new utilities (rpc.ypxfrd, mknetid, revnetgroup). The performace of the client library has also been improved a little. One thing which will not make it into 2.2 (not at the pace I'm going anyway) is NIS+. I have been working on it but I doubt I'll have it completed in time for the release. I'm only just now starting to make progress with the database backend for rpc.nisd. (I'm not what you'd call a database expert.) When I do finally finish it, there will be both client and server support. Hopefully, we'll even have Secure RPC by then. -- ============================================================================= -Bill Paul (212) 854-6020 | System Manager, Master of Unix-Fu Work: wpaul@ctr.columbia.edu | Center for Telecommunications Research Home: wpaul@skynet.ctr.columbia.edu | Columbia University, New York City ============================================================================= "If you're ever in trouble, go to the CTR. Ask for Bill. He will help you." =============================================================================