SUMMARY: user's secondary groups are not showing up

From: Brett Lymn <blymn_at_baesystems.com.au>
Date: Fri Mar 15 2002 - 04:33:22 EST
Last Tuesday I posted the following plea:

>
>      This really has me stumped.  I have a NIS+ domain, the master is
>a Solaris 2.4 machine.  I have various clients of this NIS+ master
>which seem to be working ok.  I have a couple of client machines that
>I recently upgraded from Solaris 2.6 to Solaris 8.  On the Solaris 8
>machines things seem to work ok APART from the fact that the secondary
>groups memberships of the users simply does not work.  If I type the
>groups command for a user on the Solaris 8 machine I only get the
>user's primary login group.  If I do the same on one of the other
>machines on the network I get the full list of groups the user is a
>member of.  Things I HAVE checked (please read carefully :-)
>
>1) The group entry in /etc/nsswitch.conf has both files and nisplus
>   listed.  I tried just making this nisplus.... no go.
>
>2) The NIS+ group table is accessible on the Solaris 8 client and the
>   contents look ok.
>
>3) Checked both /etc/group and the NIS+ table for any funny
>   characters, bad group names and other sorts of illegal entries.  It
>   all seems to be clear.
>
>4) did a niscat -p on group.org_dir and checked the objects.  The
>   _seem_ ok to me but I am not a NIS+ expert.
>
>I am unsure if this is a clue or not but when a "r" command is run I
>get this in the /var/adm/messages file:
>
>Mar 12 23:40:03 ibis rsh[19050]: [ID 527529 daemon.warning] nis_list: NIS+ error Missing or malformed attribute encountered on name group.org_dir.mhc.gecms.com.au. in table group.org_dir.mhc.gecms.com.au.'s path.
>
>which may be pointing at the problem but I cannot work out what
>attribute is missing/malformed.  Can someone please whack me with a
>four by clue?  I am going nuts here...
>


Big thanks go to Casper Dik for getting me out of a tight spot here.
I really don't have a good fix for this but Casper pointed me at the
/etc/default/nss file that has an option for making the netid
information authoritative.  By setting this option the secondary group
information works for me - though there are some caveats mentioned in
the files so beware.  Further digging shows a bug id 4152002 just
about describes what I am seeing (except 2.6 worked ok for me here), I
tried the work around mentioned by just setting the members column for
all groups that did not have any members but my problem persists.  I
am going to stick with the hack to the nss file until I can migrate my
NIS+ master off the 2.4 machine - this should be happening soon.

-- 
===============================================================================
Brett Lymn, Computer Systems Administrator, BAE SYSTEMS
===============================================================================
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
Received on Fri Mar 15 03:34:16 2002

This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:42:37 EST