Secondary groups not working with NFS (+LDAP) Post: 302341683

Sponsored Content

Operating Systems Linux Secondary groups not working with NFS (+LDAP) Post 302341683 by velmont on Thursday 6th of August 2009 11:04:29 AM

08-06-2009

Registered User

Secondary groups not working with NFS (+LDAP)

I�m using LDAP for groups and NFS for home dirs. My problem is as follows:
I only have a few groups, so it's not the problem everyone else had. When I've mounted a disk over NFS, I need to have my primary group in order to read in the groups I'm a member of. Secondary groups is not working.

Code:

 root@machine:/home/user# smbldap-groupshow secret
...
gidNumber: 1504
displayName: secret
memberUid: user,anotheruser
 root@machine:/home/user# su - user
 user@machine:~$ groups
users secret
 user@machine:~$ ls -ald ../secret/
drwxr-x--- 12 anotheruser secret 4096 2009-07-27 15:39 ../secret/
 user@machine:~$ cd ../secret/
bash: cd: ../secret/: Permission denied
 user@machine:~$ ls ../secret/
ls: cannot open directory ../secret/: Permission denied

But it works if I change the group to primary by hand with newgrp:

Code:

user@machine:~$ newgrp secret
user@machine:~$ cd ../secret/
user@machine:/home/secret$ ls
Nice secrets.txt

But my users cannot be expected to do this!
It works on the server holding the user files. But not over NFS.

I've tested this on clients: Ubuntu: 9.10 Karmic, 9.04 Jaunty, 8.10 Intrepid
The NFS server is running: Ubuntu 9.04 Jaunty.

velmont

View Public Profile for velmont

Find all posts by velmont

8 More Discussions You Might Find Interesting

1. HP-UX

Configure DNS,NFS,NIS,LDAP and LVM(mirror,sparing and multipathing)

Hello All, I am a newbee in HP UX wanted to know how to configure DNS,NFS,NIS,LDAP and LVM(mirror,sparing and multipathing) in HP UX 11iv2 and v3 and i did go through some of the docs on hp.com but i think those are for experience UX users and i am new to this so if some one could just mention...

2. Solaris

sudoers file with groups in LDAP

Hello gurus, I've been working on a sudoers file to work with groups in LDAP. I've created the groups in LDAP and added the users to there respective groups. I've also setup my sudoers file to have the groups match what is in LDAP. And I've added ldap to nsswitch.conf in the group line. The...

3. Red Hat

LDAP auth, secondary groups doesnt works

RedHat ELS 5.2 & Sun directory getent passwd: works toto:*:1000:100:toto:/home/toto:/bin/bash getent group: works mygroup:*:10001:1000,1001 but id toto doesnt works :( uid=1000(toto) gid=100(users) groupes=100(users) BTW in /etc/ldap.conf i use a different mapping for the posix...

4. Programming

LDAP delete - seems not working

Hi all, I am very new to ldap and am facing the below difficulty. When I try to add something to ldap, I get this: server# /opt/iexpress/openldap/bin/ldapmodify -f almondabc.ldif -h 127.0.0.1 -xv -D cn=Manager,dc=almondabc,dc=com -w secret ldap_initialize( ldap://127.0.0.1 ) add o: ...

5. Red Hat

Issues with LDAP user/group permissions on NFS share

I can't seem to make sense of this. $ cat /etc/redhat-release Red Hat Enterprise Linux Server release 5.2 Beta (Tikanga) $ $ mount /dev/sda2 on / type ext3 (rw) proc on /proc type proc (rw) sysfs on /sys type sysfs (rw) devpts on /dev/pts type devpts (rw,gid=5,mode=620) /dev/sda1 on...

6. UNIX for Dummies Questions & Answers

Secondary DNS not working

hi guys I am doing some testing for DNS I got a master DNS(192.168.2.10) and I setup a slave DNS(192.168.2.11) but when I shutdown the Master DNS my linux client cannot resolve using the slave any idea way? This is the named.conf options { query-source port 53; directory...

7. UNIX for Dummies Questions & Answers

ldap , search groups that user belong

i want run query to identify witch groups that user A belong, CN=name,CN=Users,DC=mydomain ??

8. Red Hat

NFS share and groups

I am having an issue with getting the proper group settings on NFS-shared directories. NFS server, NFServe, nfs-shares hundreds of project directories...running Solaris 10 latest patches/updates. SAS server, SAServe, statistical analysis server running on RedHat 7 with latest kernel/patches/etc....

LEARN ABOUT DEBIAN

authkeys

AUTHKEYS(5)							Configuration Files						       AUTHKEYS(5)

NAME

       authkeys - Authentication file for the Heartbeat cluster messaging layer

DESCRIPTION

       /etc/ha.d/authkeys is read by heartbeat(8). It enables Heartbeat to securely authenticate cluster nodes.

       This file must not be readable or writable by any users other than root.

FILE FORMAT

       Two lines are required in the authkeys file:

	1. A line which says which key to use in signing outgoing packets

	2. One or more lines defining how incoming packets might be being signed.

       The file must follow the following format:

	   auth num
	   num method secret
	   num method secret
	   num method secret
	   ...

       num is a numerical identifier, between 1 and 15 inclusive. It must be unique within the file.

       method is one of the available authentication signature methods (see below for supported methods).

       secret is an alphanumerical shared secret used to identify cluster nodes to each other.

       auth num selects the currently active authentication method and secret.

SUPPORTED SIGNATURE METHODS

       The following signature methods are supported in authkeys (listed here in alphabetical order):

       md5
	   MD5 hash method. This method requires a shared secret.

       sha1
	   SHA-1 hash method. This method requires a shared secret.

       crc
	   Cyclic Redundancy Check hash method. This method does not require a shared secret and is insecure; it's use is strongly discouraged.

       An absolutely up-to-date list of authentication methods supported may be retrieved by running ls /usr/lib/heartbeat/plugins/HBauth/*.so.

AUTHORS

       Alan Robertson <alanr@unix.sh>
	   heartbeat, original Wiki page

       Florian Haas <florian.haas@linbit.com>
	   man page

Heartbeat 3.0.5 						    24 Nov 2009 						       AUTHKEYS(5)