Visit Our UNIX and Linux User Community

Operating Systems Linux Secondary groups not working with NFS (+LDAP) Post 302341683 by velmont on Thursday 6th of August 2009 11:04:29 AM
Old 08-06-2009
Secondary groups not working with NFS (+LDAP)

Im using LDAP for groups and NFS for home dirs. My problem is as follows:
I only have a few groups, so it's not the problem everyone else had. When I've mounted a disk over NFS, I need to have my primary group in order to read in the groups I'm a member of. Secondary groups is not working.


Code:
 root@machine:/home/user# smbldap-groupshow secret
...
gidNumber: 1504
displayName: secret
memberUid: user,anotheruser
 root@machine:/home/user# su - user
 user@machine:~$ groups
users secret
 user@machine:~$ ls -ald ../secret/
drwxr-x--- 12 anotheruser secret 4096 2009-07-27 15:39 ../secret/
 user@machine:~$ cd ../secret/
bash: cd: ../secret/: Permission denied
 user@machine:~$ ls ../secret/
ls: cannot open directory ../secret/: Permission denied

But it works if I change the group to primary by hand with newgrp:

Code:
user@machine:~$ newgrp secret
user@machine:~$ cd ../secret/
user@machine:/home/secret$ ls
Nice secrets.txt

But my users cannot be expected to do this!
It works on the server holding the user files. But not over NFS.



I've tested this on clients: Ubuntu: 9.10 Karmic, 9.04 Jaunty, 8.10 Intrepid
The NFS server is running: Ubuntu 9.04 Jaunty.
 
Test Your Knowledge in Computers #536
Difficulty: Medium
The "null" keyword is only used to refer to uninitialized or missing data.
True or False?

8 More Discussions You Might Find Interesting

1. HP-UX

Configure DNS,NFS,NIS,LDAP and LVM(mirror,sparing and multipathing)

Hello All, I am a newbee in HP UX wanted to know how to configure DNS,NFS,NIS,LDAP and LVM(mirror,sparing and multipathing) in HP UX 11iv2 and v3 and i did go through some of the docs on hp.com but i think those are for experience UX users and i am new to this so if some one could just mention... (1 Reply)
Discussion started by: coolsami
1 Replies

2. Solaris

sudoers file with groups in LDAP

Hello gurus, I've been working on a sudoers file to work with groups in LDAP. I've created the groups in LDAP and added the users to there respective groups. I've also setup my sudoers file to have the groups match what is in LDAP. And I've added ldap to nsswitch.conf in the group line. The... (6 Replies)
Discussion started by: em23
6 Replies

3. Red Hat

LDAP auth, secondary groups doesnt works

RedHat ELS 5.2 & Sun directory getent passwd: works toto:*:1000:100:toto:/home/toto:/bin/bash getent group: works mygroup:*:10001:1000,1001 but id toto doesnt works :( uid=1000(toto) gid=100(users) groupes=100(users) BTW in /etc/ldap.conf i use a different mapping for the posix... (4 Replies)
Discussion started by: sncr24
4 Replies

4. Programming

LDAP delete - seems not working

Hi all, I am very new to ldap and am facing the below difficulty. When I try to add something to ldap, I get this: server# /opt/iexpress/openldap/bin/ldapmodify -f almondabc.ldif -h 127.0.0.1 -xv -D cn=Manager,dc=almondabc,dc=com -w secret ldap_initialize( ldap://127.0.0.1 ) add o: ... (0 Replies)
Discussion started by: almond
0 Replies

5. Red Hat

Issues with LDAP user/group permissions on NFS share

I can't seem to make sense of this. $ cat /etc/redhat-release Red Hat Enterprise Linux Server release 5.2 Beta (Tikanga) $ $ mount /dev/sda2 on / type ext3 (rw) proc on /proc type proc (rw) sysfs on /sys type sysfs (rw) devpts on /dev/pts type devpts (rw,gid=5,mode=620) /dev/sda1 on... (6 Replies)
Discussion started by: dfinn
6 Replies

6. UNIX for Dummies Questions & Answers

Secondary DNS not working

hi guys I am doing some testing for DNS I got a master DNS(192.168.2.10) and I setup a slave DNS(192.168.2.11) but when I shutdown the Master DNS my linux client cannot resolve using the slave any idea way? This is the named.conf options { query-source port 53; directory... (9 Replies)
Discussion started by: kopper
9 Replies

7. UNIX for Dummies Questions & Answers

ldap , search groups that user belong

i want run query to identify witch groups that user A belong, CN=name,CN=Users,DC=mydomain ?? (1 Reply)
Discussion started by: prpkrk
1 Replies

8. Red Hat

NFS share and groups

I am having an issue with getting the proper group settings on NFS-shared directories. NFS server, NFServe, nfs-shares hundreds of project directories...running Solaris 10 latest patches/updates. SAS server, SAServe, statistical analysis server running on RedHat 7 with latest kernel/patches/etc.... (14 Replies)
Discussion started by: cjhilinski
14 Replies
dot-spop3d(5)							   User's Manual						     dot-spop3d(5)

NAME
dot-spop3d - user configuration data for The Solid POP3 Server. DESCRIPTION
A user can specify their maildrop location, type and associated APOP secret in the configuration file ~/.spop3d. The file must be set to mode 0600 (-rw-------) or the server will not honour its content. Maildrop specification consists of three parts, separated by white space characters: MailDrop path type Path should be specified in the same format as the -n option in solid-pop3d(8). Type should be mailbox or maildir. APOP secret specification consists of the word APOPSecret followed by an encrypted secret. You shouldn't change this secret manually. Use pop_auth(1) to do this. Both maildrop and APOP secret specifications may optionally be followed by a mailbox name. This allows, for instance, user+boxA and user+boxB to be used as login names to access different mailboxes, where + means value of UserMailDropDelimiter server setting (see spop3d.conf(5)). The APOP secret associated with a particular maildrop should be followed with the same mailbox name (or lack thereof). If no secret is specified for a maildrop then the user's standard POP password should be used to authenticate instead. EXAMPLE
MailDrop Mail/default mailbox APOPSecret 2345678901 MailDrop Mail/bugtraq mailbox bugtraq APOPSecret 0123456789 bugtraq MailDrop Mail/private mailbox private APOPSecret 9876543210 private To set the APOP secret for the above maildrops use the following pop_auth(1) commands: pop_auth pop_auth bugtraq pop_auth private FILES
~/.spop3d User configuration file. SEE ALSO
solid-pop3d(8), pop_auth(1), spop3d.conf(5), AUTHOR
Jerzy Balamut <jurekb@dione.ids.pl> Unix OCTOBER 1999 dot-spop3d(5)

Featured Tech Videos

All times are GMT -4. The time now is 11:38 AM.
Unix & Linux Forums Content Copyright 1993-2020. All Rights Reserved.
Privacy Policy