*BSD News Article 74527


Return to BSD News archive

Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!munnari.OZ.AU!news.mel.connect.com.au!news.mira.net.au!inquo!nebo.vii.com!vyzynz!nielsen!news.dacom.co.kr!arclight.uoregon.edu!news.bc.net!news.mindlink.net!sol.ctr.columbia.edu!startide.ctr.columbia.edu!wpaul
From: wpaul@ctr.columbia.edu (Bill Paul)
Newsgroups: comp.unix.bsd.freebsd.misc
Subject: Re: NIS Netgroup map doesn't work
Date: 23 Jul 1996 15:21:15 GMT
Organization: Columbia University Center for Telecommunications Research
Lines: 107
Message-ID: <4t2qlb$pc8@sol.ctr.columbia.edu>
References: <4t0n0g$669@dobie.loop.net>
NNTP-Posting-Host: startide.ctr.columbia.edu
X-Newsreader: TIN [version 1.2 PL2]

Daring to challenge the will of the almighty Leviam00se, Greg Wiley
(greg@loop.com) had the courage to say:

: Is anyone successfully using netgroup NIS maps under FreeBSD?

What _version_ of FreeBSD?

FreeBSD 2.1.0 and 2.1.5 should grok netgroups just fine, though 2.1.0
is a little less efficient about it. I think 2.0.5 will work too, though
it had some bugs.

: I've
: had yp working for about 8 months but have only recently tried to use the
: netgroup features.  My problem is that while I can use password entries like:

:    +:::::::::

: and 

:    +user:::::::::

: which work as expected, entries like

:   +@ngroup:::::::::

: do not.

: I have uncommented the netgroup entry from the Makefile which causes
: a netgroup map to be built and pushed.  However, there is no provision
: for creating a .byname and .byhost map as described in the general ref-
: erences as well and the FreeBSD netgroup man page.  I don't know if that's
: the problem or if the page is obsolete.

: Is there some additional reference I need to read?  

: Thank You,

:   -greg

Unfortunately, FreeBSD 2.1.x does not yet have a 'revnetgroup' program
in it. FreeBSD 2.2 does, and /var/yp/Makefile knows how to build the
netgroup.byuser and netgroup.byhosts maps. (If you want, you can steal the
revnetgroup sources from the 2.2-current tree and install them on 2.1.x;
revnetgroup is not system-dependent. You can also steal the bits from
/usr/src/usr.sbin/ypserv/Makefile.yp that build the other maps. You may
not however use ypserv itself; the new ypserv will not compile in 2.1.x.)

That aside, both 2.1.x and 2.2 should be able to get by with just the
netgroup map if you cheat a little. Create an /etc/netgroup file that
looks like this:

dummy (-,foo,)
+

The getnetgrent(3) code is set up such that it defaults to needing
the netgroup.byuser and netgroup.byhost maps in the following cases:

- /etc/netgroup doesn't exist
- /etc/netgroup exists but is empty
- /etc/netgroup exists and contains only a +

If /etc/netgroup exists and contains only local entries (no +), then
only the info in the /etc/netgroup file will be used (i.e. NIS netgroups
are turned off).

If /etc/netgroup exists and contains local entries _and_ a +, both
the local info and the NIS netgroup map will be merged together -- this
operation uses _only_ the netgroup map, no netgroup.byuser or netgroup.byhost,
so everything will work without the other maps.

The sample netgroup file shown above should fool the getnetgrent(3)
code into assuming the latter condition. This should be sufficient if
your netgroup map is not too large.

-Bill

PS: 2.1.5 is the end of the road for the GNU-based NIS server support
    in FreeBSD. FreeBSD 2.2 has an completely new set of server tools
    (ypserv, yppush, ypxfr, rpc.yppasswdd, rpc.ypxfrd, revnetgroup,
    mknetid, yp_mkdb) all written from scratch explicitly for FreeBSD.
    I did this mostly to clean things up, but there are also some new
    features (ypserv has some NIS v1 support and does database handle
    caching, yppush handles multiple parallel jobs (without fork()ing),
    rpc.yppasswdd allows the superuser on the NIS master server to make
    with passwd(1) and chpass(1) without knowing a user's password,
    rpc.yppasswdd also handles multiple domains and can do additions and
    in-place updates, you no longer have to configure NIS servers to also
    be NIS clients in order for all tools to work), plus there are some
    new utilities (rpc.ypxfrd, mknetid, revnetgroup). The performace
    of the client library has also been improved a little.

    One thing which will not make it into 2.2 (not at the pace I'm going
    anyway) is NIS+. I have been working on it but I doubt I'll have it
    completed in time for the release. I'm only just now starting to
    make progress with the database backend for rpc.nisd. (I'm not what
    you'd call a database expert.) When I do finally finish it, there
    will be both client and server support. Hopefully, we'll even have
    Secure RPC by then.

--
=============================================================================
-Bill Paul            (212) 854-6020 | System Manager, Master of Unix-Fu
Work:         wpaul@ctr.columbia.edu | Center for Telecommunications Research
Home:  wpaul@skynet.ctr.columbia.edu | Columbia University, New York City
=============================================================================
 "If you're ever in trouble, go to the CTR. Ask for Bill. He will help you."
=============================================================================