Netgroups in FreeBSD10

James Craig jmc at cs.rit.edu
Thu Dec 10 15:58:13 UTC 2015 


Hey all!

I am migrating some of our services to freeBSD, and in the process of this,
I have discovered something that seems odd to me; netgroups don't seem to work
as expected.

I am trying to set up a machine that will eventually be a file server 
(running 10.2-RELEASE) and getent netgroup <name> doesn't return anything, 
even if it is a valid name.

We have been using openldap, and on the old solaris server, I was able to 
query netgroups for information, and use netgroups to limit some access to NFS.

getent passwd, and other lookups seem to work fine.


I had truss running on the ldap server, and when I try to 
getent netgroup <name> there is no action. So I ran a truss on the getent on 
the FreeBSD machine, and sifting through the system calls the system will only 
search the file /etc/netgroup (which is empty), despite that 
my /etc/nsswitch.conf looks like this:

group: files ldap
hosts: files dns
networks: files ldap
netgroup: ldap
passwd: files ldap
shells: files
services: compat
services_compat: files
protocols: files
rpc: files


If I put a netgroup into /etc/netgroup, it will find that one group.

My only work-arround is to run a cronjob that does an ldapsearch (which works)
for my netgroups and compiles it into the netgroup file every hour or so.

This seems like something is missing. From what I have been able to read,
it might be that netgroups are not really well supported at all. Is that true?

Help will be greatly appreciated, as this could impact other ways I have always
used netgroups...


Thank you!

james craig

--
James Craig, Department of Computer Science, RIT
102 Lomb Memorial Drive, Rochester, NY 14623
mailto:jmc at cs.rit.edu, voice: (585) 475-5254

CONFIDENTIALITY NOTE: The information transmitted, including attachments, is
intended only for the person(s) or entity to which it is addressed and may
contain confidential and/or privileged material. Any review, retransmission,
dissemination or other use of, or taking of any action in reliance upon this
information by persons or entities other than the intended recipient is
prohibited. If you received this in error, please contact the sender and
destroy any copies of this information.

More information about the freebsd-net mailing list