Re: [nssldap] nss netgroup host support in linux

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: Julie Ashworth <julie [at] ls.berkeley.edu>
To: Klaus Steinberger <Klaus.Steinberger [at] Physik.Uni-Muenchen.DE>
Subject: Re: [nssldap] nss netgroup host support in linux
Date: Thu, 13 Sep 2007 14:45:37 -0700

hi,
Thanks for your reply.

On 13-09-2007 10.31 +0200, Klaus Steinberger wrote:
> Hi Julie,
> 
> > bdb_dn2entry("nisMapName=auto.misc,dc=berkeley,dc=edu")
> 
> Are you sure, that you're problem is related to netgroup? The slapd trace 
> sounds more like problems with the automounter maps. I had some hassle with 
> automounter Maps under LDAP (also to find a working configuration with both 
> RHEL 4/5). Try to mount per "hand" with the mount command to verify that.

It don't believe its an automount problem, because automount works 
well if I either 
1) don't use netgroups, but explicity allow the filesystem to be 
shared to the client's IP address, or
2) use netgroups with nss using files or nis (not ldap).

In any case, I removed autofs from the equation.
I stopped autofs, and configured the mount points directly in 
/etc/fstab.

I configured two nfs shares from the server, one using the client's
IP address (not using nss) and the other using nss netgroup w/ ldap.

The /etc/export entries are:

/oakdisk  @test(rw,sync)
/oakdisk1  169.229.58.xxx(rw,sync)

(protecting whatever anonymity is left :P)

I run exportfs -r, and try to mount the filesystems from the
client.

There is no traffic to the port 389 (slapd using tls), apparent from
slapd running in debug mode, and from running a tcpdump.

The first (using nss netgroup w/ ldap) mount fails, w/ a permission 
denied error, and the second (using the IP - not nss) succeeds.

It seems that the nss ldap functionality is broken, since I can use 
nss netgroups with files or nis.

> My experiences with SL4/5 (free clone of RHEL): 
> 
> Don't use NISMapName objectClass, instead use automount and automountMap 
> ObjectClasses. Also don't use the updated autofs from  4.5, it is complete 
> scrap! The 4.4 version and the RHEL 5 version work both well.

heh.
I'm using the nisMap and nisObject. It seems to work ok, but I'll
keep this in mind.

-- 
Julie Ashworth (julie@ls.berkeley.edu, 510-643-8747)
Letters & Sciences Computer Resources, University of CA, Berkeley 
<http://LS.berkeley.edu/lscr/>
PGP Key ID: 0x17F013D2

[nssldap] nss netgroup host support in linux, Julie Ashworth
- Re: [nssldap] nss netgroup host support in linux, Julie Ashworth
- Re: [nssldap] nss netgroup host support in linux, Klaus Steinberger
  - Re: [nssldap] nss netgroup host support in linux, Julie Ashworth

Prev by Date: Re: [nssldap] nss netgroup host support in linux
Next by Date: [nssldap] Kerberos enhancement patch
Previous by thread: Re: [nssldap] nss netgroup host support in linux
Next by thread: Re: [nssldap] nss netgroup host support in linux