Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Secondary groups not working with NFS (+LDAP)
Operating Systems Linux Secondary groups not working with NFS (+LDAP) Post 302341683 by velmont on Thursday 6th of August 2009 11:04:29 AM
Old 08-06-2009
Secondary groups not working with NFS (+LDAP)
I´m using LDAP for groups and NFS for home dirs. My problem is as follows:
I only have a few groups, so it's not the problem everyone else had. When I've mounted a disk over NFS, I need to have my primary group in order to read in the groups I'm a member of. Secondary groups is not working.


Code:
 root@machine:/home/user# smbldap-groupshow secret
...
gidNumber: 1504
displayName: secret
memberUid: user,anotheruser
 root@machine:/home/user# su - user
 user@machine:~$ groups
users secret
 user@machine:~$ ls -ald ../secret/
drwxr-x--- 12 anotheruser secret 4096 2009-07-27 15:39 ../secret/
 user@machine:~$ cd ../secret/
bash: cd: ../secret/: Permission denied
 user@machine:~$ ls ../secret/
ls: cannot open directory ../secret/: Permission denied

But it works if I change the group to primary by hand with newgrp:

Code:
user@machine:~$ newgrp secret
user@machine:~$ cd ../secret/
user@machine:/home/secret$ ls
Nice secrets.txt

But my users cannot be expected to do this!
It works on the server holding the user files. But not over NFS.



I've tested this on clients: Ubuntu: 9.10 Karmic, 9.04 Jaunty, 8.10 Intrepid
The NFS server is running: Ubuntu 9.04 Jaunty.
 

8 More Discussions You Might Find Interesting

1. HP-UX

Configure DNS,NFS,NIS,LDAP and LVM(mirror,sparing and multipathing)

Hello All, I am a newbee in HP UX wanted to know how to configure DNS,NFS,NIS,LDAP and LVM(mirror,sparing and multipathing) in HP UX 11iv2 and v3 and i did go through some of the docs on hp.com but i think those are for experience UX users and i am new to this so if some one could just mention... (1 Reply)
Discussion started by: coolsami
1 Replies

2. Solaris

sudoers file with groups in LDAP

Hello gurus, I've been working on a sudoers file to work with groups in LDAP. I've created the groups in LDAP and added the users to there respective groups. I've also setup my sudoers file to have the groups match what is in LDAP. And I've added ldap to nsswitch.conf in the group line. The... (6 Replies)
Discussion started by: em23
6 Replies

3. Red Hat

LDAP auth, secondary groups doesnt works

RedHat ELS 5.2 & Sun directory getent passwd: works toto:*:1000:100:toto:/home/toto:/bin/bash getent group: works mygroup:*:10001:1000,1001 but id toto doesnt works :( uid=1000(toto) gid=100(users) groupes=100(users) BTW in /etc/ldap.conf i use a different mapping for the posix... (4 Replies)
Discussion started by: sncr24
4 Replies

4. Programming

LDAP delete - seems not working

Hi all, I am very new to ldap and am facing the below difficulty. When I try to add something to ldap, I get this: server# /opt/iexpress/openldap/bin/ldapmodify -f almondabc.ldif -h 127.0.0.1 -xv -D cn=Manager,dc=almondabc,dc=com -w secret ldap_initialize( ldap://127.0.0.1 ) add o: ... (0 Replies)
Discussion started by: almond
0 Replies

5. Red Hat

Issues with LDAP user/group permissions on NFS share

I can't seem to make sense of this. $ cat /etc/redhat-release Red Hat Enterprise Linux Server release 5.2 Beta (Tikanga) $ $ mount /dev/sda2 on / type ext3 (rw) proc on /proc type proc (rw) sysfs on /sys type sysfs (rw) devpts on /dev/pts type devpts (rw,gid=5,mode=620) /dev/sda1 on... (6 Replies)
Discussion started by: dfinn
6 Replies

6. UNIX for Dummies Questions & Answers

Secondary DNS not working

hi guys I am doing some testing for DNS I got a master DNS(192.168.2.10) and I setup a slave DNS(192.168.2.11) but when I shutdown the Master DNS my linux client cannot resolve using the slave any idea way? This is the named.conf options { query-source port 53; directory... (9 Replies)
Discussion started by: kopper
9 Replies

7. UNIX for Dummies Questions & Answers

ldap , search groups that user belong

i want run query to identify witch groups that user A belong, CN=name,CN=Users,DC=mydomain ?? (1 Reply)
Discussion started by: prpkrk
1 Replies

8. Red Hat

NFS share and groups

I am having an issue with getting the proper group settings on NFS-shared directories. NFS server, NFServe, nfs-shares hundreds of project directories...running Solaris 10 latest patches/updates. SAS server, SAServe, statistical analysis server running on RedHat 7 with latest kernel/patches/etc.... (14 Replies)
Discussion started by: cjhilinski
14 Replies

LEARN ABOUT HPUX

keylogin

keylogin(1)						      General Commands Manual						       keylogin(1)

NAME

       keylogin - decrypt and store secret key with keyserv

SYNOPSIS

       [ ]

DESCRIPTION

       The  command prompts for a password, and uses it to decrypt the user's secret key. The key may be found in the file (see publickey(4)), the
       NIS map or entries in the LDAP directory in the user's home domain.  The sources and their lookup order are specified in the file (see nss-
       witch.conf(4)).

       Once  decrypted,  the  user's  secret  key  is stored by the local key server process, This stored key is used when issuing requests to any
       secure RPC services, such as NFS.  The program can be used to delete the key stored by

       will fail if it cannot get the caller's key, or the password given is incorrect.  For a new user or host, a new key can be added using

   Options
       Update the
	      file.  This file holds the unencrypted secret key of the superuser.

	      Only the superuser may use this option.  It is used so that processes running as superuser can issue authenticated requests  without
	      requiring that the administrator explicitly run as superuser at system startup time (see keyserv(1M)).

	      The  option should be used by the administrator when the host's entry in the publickey database has changed, and the file has become
	      out-of-date with respect to the actual key pair stored in the publickey database.

	      The permissions on the file are such that it may be read and written by the superuser but by no other user on the system.

WARNINGS

       HP-UX 11i Version 2 is the last HP-UX release on which NIS+ is supported.  LDAP is the recommended replacement for NIS+.  HP fully supports
       the industry standard naming services based on LDAP.

AUTHOR

       was developed by Sun Microsystems, Inc.

FILES

       Superuser's secret key

SEE ALSO

       chkey(1), keylogout(1), login(1), keyserv(1M), newkey(1M), publickey(4), nsswitch.conf(4).

																       keylogin(1)
All times are GMT -4. The time now is 04:01 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy