All, Thanks again to all of you who responded. The solution is the netgroup. For those interested, you will find below John Timon's explanation which was very useful (the man page for this didn't help me enough). ------------------------------------------------------------------------------------------------------------------ Essentially a netgroup is an ordered triplet. (hostname, username, domain) you create a netgroup map in your NIS maps directory structured like this group1 (server1,curly,) (server1,larry,) (server1,moe,) build this map then on server1 make sure that the nsswitch.conf file has compat set for passwd. this allows you to add NIS specific information to the bottom of the /etc/passwd file. then add +@group1:::::: to the bottom of the /etc/passwd file. run pwconv to build a new /etc/shadow file. now curly, larry, and moe should be allowed to log into server1. another option to provide selective logins on a given server is to put them each in the passwd file. set passwd to compat in /etc/nsswitch.conf and add each user to the /etc/passwd file like this say, bill and ted are users in nis that you want to allow access to server2. on server2 edit the /etc/nsswitch.conf file setting passwd to compat. then add these two lines to the bottom of /etc/passwd +bill:::::: +ted:::::: run pwconv and both bill and ted should be allowed to log into server2. I would strongly endorse the purchase of the O'reilly NFS and NIS book. ------------------------------------------------------------------------------------------------------------------ Regards, Sabrina Lautier Amadeus SAS DEV-IIS-OAU-SYS +33 (0)4 97 23 09 56 slautier@amadeus.net ----- Forwarded by Sabrina Lautier/NCE/AMADEUS on 04/05/2004 08:28 ----- From: Sabrina Lautier <slautier@amadeus.net>@sunmanagers.org on 23/04/2004 10:31 ZE2 Sent by: sunmanagers-bounces@sunmanagers.org To: sunmanagers@sunmanagers.org cc: Subjec How to restrict NIS users access t: to some servers Dear admins, We set up a Sol9 NIS server which works fine and we're looking for a way to restrict users to some NIS client machines. For example: There are 3 unix servers: server1, server2, server3 User users1 can connect to NIS client machine server1 but not to the 2 other ones User users1 can connect to NIS client machines server1 and server2 but not to server3 User users2 can connect to all NIS client machines Is this possible to do that and if yes how would you do it ? I would like as much as possible to keep the configuration centralized (ie, not to modify NIS client machines config files). Thanks a lot for your help. Regards, Sabrina Lautier Amadeus SAS DEV-IIS-OAU-SYS +33 (0)4 97 23 09 56 slautier@amadeus.net _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagersReceived on Tue May 4 04:40:36 2004
This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:43:32 EST