On Thu, Dec 10, 2015 at 10:58:11AM -0500, James Craig wrote: > > > Hey all! > > I am migrating some of our services to freeBSD, and in the process of this, > I have discovered something that seems odd to me; netgroups don't seem to work > as expected. > > I am trying to set up a machine that will eventually be a file server > (running 10.2-RELEASE) and getent netgroup <name> doesn't return anything, > even if it is a valid name. > > We have been using openldap, and on the old solaris server, I was able to > query netgroups for information, and use netgroups to limit some access to > NFS. > > getent passwd, and other lookups seem to work fine. > > > I had truss running on the ldap server, and when I try to > getent netgroup <name> there is no action. So I ran a truss on the getent on > the FreeBSD machine, and sifting through the system calls the system will > only > search the file /etc/netgroup (which is empty), despite that > my /etc/nsswitch.conf looks like this:
Unfortunately, the NSS documentation is wrong: the netgroup database isn't implemented. The netgroup NSS methods always read /etc/netgroup and ignore the sources configured in /etc/nsswitch.conf. I have a libc patch (missing man page updates) that fixes this: https://people.freebsd.org/~markj/patches/netgroup_nss.diff It also adds a getnetgrent_r() implementation. If you're able to rebuild libc in your environment, this patch should fix the problem you're encountering - please let me know if it doesn't! _______________________________________________ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
