NIS+ and Secure NFS

This problem with NIS+ and Secure was formely posted under comp.unix.solaris
I have a central NFS-server with all the user disks mounted. The other machines are mounting these disks through DES authenticated NFS. It works fine regarding to the users own files, but when i comes to group permissions something is wrong. Someone told me that it is the group information in passwd.org_dir and not the one in group.org_dir there's in use ?? (it sounds strange to me, only the primary group information should be in the password file).
Somehow i believe it's a problem with some other credentials.

Setup:
I have a share on m1:
 - /export/projects   secure,rw=cs   ""
I mount it:
m2:/export/projects  - /projects nfs - yes  intr,bg,secure,soft
(m2 are in netgroup "cs" and have valid credentials)

The volume is mounted ok on m2, and it works fine regarding to the permissions for the user and everyone. Only group permissions fail.

Regards, Tom
thelmerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

thelmerAuthor Commented:
Adjusted points to 100
0
keieCommented:
The group information used by the Secure RPC (NFS) server is
in the cred.org_dir table. This table contains two types of
entries. The DES entry
user.company.com.:DES:unix.100@company.com:<hex>;<hex>
is used to authenticate the user "user" in the NIS+ domain "company.com". NIS+ and DNS domain names are identical on most systems.
The LOCAL entry
user.company.com.:LOCAL:100:10,252:
tells Secure RPC (NFS) that "user.company.com." has uid 100 and
is member of the groups 10 and 252. Usually the first group number is the group number from the password table. The later
numbers are often the groups from the groups database that "user" is a member of.
Yes indeed, NIS+ has two copies of the same information.
We used the utility "nisaddent" to convert our ASCII information
to the NIS+ tables. Nisaddent uses the information from the groups database to adapt cred.org_dir.
In your case I would suggest to use "nisaddent -d group" to dump the group table to ASCII form, and then use
"nisaddent -m -f groups-table group" to re-insert the groups table into NIS+.

The utilities in AdminSuite (Solaris 2.5) can be used to maintain
the NIS+ table. We avoid them, because they backfired a few times
when we first used them. We have our own set of scripts to add users to the NIS+ database.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Unix OS

From novice to tech pro — start learning today.