Visit Our UNIX and Linux User Community

Operating Systems Linux Secondary groups not working with NFS (+LDAP) Post 302341683 by velmont on Thursday 6th of August 2009 11:04:29 AM
Old 08-06-2009
Secondary groups not working with NFS (+LDAP)

Im using LDAP for groups and NFS for home dirs. My problem is as follows:
I only have a few groups, so it's not the problem everyone else had. When I've mounted a disk over NFS, I need to have my primary group in order to read in the groups I'm a member of. Secondary groups is not working.


Code:
 root@machine:/home/user# smbldap-groupshow secret
...
gidNumber: 1504
displayName: secret
memberUid: user,anotheruser
 root@machine:/home/user# su - user
 user@machine:~$ groups
users secret
 user@machine:~$ ls -ald ../secret/
drwxr-x--- 12 anotheruser secret 4096 2009-07-27 15:39 ../secret/
 user@machine:~$ cd ../secret/
bash: cd: ../secret/: Permission denied
 user@machine:~$ ls ../secret/
ls: cannot open directory ../secret/: Permission denied

But it works if I change the group to primary by hand with newgrp:

Code:
user@machine:~$ newgrp secret
user@machine:~$ cd ../secret/
user@machine:/home/secret$ ls
Nice secrets.txt

But my users cannot be expected to do this!
It works on the server holding the user files. But not over NFS.



I've tested this on clients: Ubuntu: 9.10 Karmic, 9.04 Jaunty, 8.10 Intrepid
The NFS server is running: Ubuntu 9.04 Jaunty.
 
Test Your Knowledge in Computers #282
Difficulty: Easy
Time-sharing operating systems schedule tasks for efficient use of the system and may also include accounting software for cost allocation of processor time, mass storage, printing, and other resources.
True or False?

8 More Discussions You Might Find Interesting

1. HP-UX

Configure DNS,NFS,NIS,LDAP and LVM(mirror,sparing and multipathing)

Hello All, I am a newbee in HP UX wanted to know how to configure DNS,NFS,NIS,LDAP and LVM(mirror,sparing and multipathing) in HP UX 11iv2 and v3 and i did go through some of the docs on hp.com but i think those are for experience UX users and i am new to this so if some one could just mention... (1 Reply)
Discussion started by: coolsami
1 Replies

2. Solaris

sudoers file with groups in LDAP

Hello gurus, I've been working on a sudoers file to work with groups in LDAP. I've created the groups in LDAP and added the users to there respective groups. I've also setup my sudoers file to have the groups match what is in LDAP. And I've added ldap to nsswitch.conf in the group line. The... (6 Replies)
Discussion started by: em23
6 Replies

3. Red Hat

LDAP auth, secondary groups doesnt works

RedHat ELS 5.2 & Sun directory getent passwd: works toto:*:1000:100:toto:/home/toto:/bin/bash getent group: works mygroup:*:10001:1000,1001 but id toto doesnt works :( uid=1000(toto) gid=100(users) groupes=100(users) BTW in /etc/ldap.conf i use a different mapping for the posix... (4 Replies)
Discussion started by: sncr24
4 Replies

4. Programming

LDAP delete - seems not working

Hi all, I am very new to ldap and am facing the below difficulty. When I try to add something to ldap, I get this: server# /opt/iexpress/openldap/bin/ldapmodify -f almondabc.ldif -h 127.0.0.1 -xv -D cn=Manager,dc=almondabc,dc=com -w secret ldap_initialize( ldap://127.0.0.1 ) add o: ... (0 Replies)
Discussion started by: almond
0 Replies

5. Red Hat

Issues with LDAP user/group permissions on NFS share

I can't seem to make sense of this. $ cat /etc/redhat-release Red Hat Enterprise Linux Server release 5.2 Beta (Tikanga) $ $ mount /dev/sda2 on / type ext3 (rw) proc on /proc type proc (rw) sysfs on /sys type sysfs (rw) devpts on /dev/pts type devpts (rw,gid=5,mode=620) /dev/sda1 on... (6 Replies)
Discussion started by: dfinn
6 Replies

6. UNIX for Dummies Questions & Answers

Secondary DNS not working

hi guys I am doing some testing for DNS I got a master DNS(192.168.2.10) and I setup a slave DNS(192.168.2.11) but when I shutdown the Master DNS my linux client cannot resolve using the slave any idea way? This is the named.conf options { query-source port 53; directory... (9 Replies)
Discussion started by: kopper
9 Replies

7. UNIX for Dummies Questions & Answers

ldap , search groups that user belong

i want run query to identify witch groups that user A belong, CN=name,CN=Users,DC=mydomain ?? (1 Reply)
Discussion started by: prpkrk
1 Replies

8. Red Hat

NFS share and groups

I am having an issue with getting the proper group settings on NFS-shared directories. NFS server, NFServe, nfs-shares hundreds of project directories...running Solaris 10 latest patches/updates. SAS server, SAServe, statistical analysis server running on RedHat 7 with latest kernel/patches/etc.... (14 Replies)
Discussion started by: cjhilinski
14 Replies
AUTHKEYS(5)							Configuration Files						       AUTHKEYS(5)

NAME
authkeys - Authentication file for the Heartbeat cluster messaging layer DESCRIPTION
/etc/ha.d/authkeys is read by heartbeat(8). It enables Heartbeat to securely authenticate cluster nodes. This file must not be readable or writable by any users other than root. FILE FORMAT
Two lines are required in the authkeys file: 1. A line which says which key to use in signing outgoing packets 2. One or more lines defining how incoming packets might be being signed. The file must follow the following format: auth num num method secret num method secret num method secret ... num is a numerical identifier, between 1 and 15 inclusive. It must be unique within the file. method is one of the available authentication signature methods (see below for supported methods). secret is an alphanumerical shared secret used to identify cluster nodes to each other. auth num selects the currently active authentication method and secret. SUPPORTED SIGNATURE METHODS
The following signature methods are supported in authkeys (listed here in alphabetical order): md5 MD5 hash method. This method requires a shared secret. sha1 SHA-1 hash method. This method requires a shared secret. crc Cyclic Redundancy Check hash method. This method does not require a shared secret and is insecure; it's use is strongly discouraged. An absolutely up-to-date list of authentication methods supported may be retrieved by running ls /usr/lib/heartbeat/plugins/HBauth/*.so. AUTHORS
Alan Robertson <alanr@unix.sh> heartbeat, original Wiki page Florian Haas <florian.haas@linbit.com> man page Heartbeat 3.0.5 24 Nov 2009 AUTHKEYS(5)

Featured Tech Videos

All times are GMT -4. The time now is 01:35 PM.
Unix & Linux Forums Content Copyright 1993-2020. All Rights Reserved.
Privacy Policy