NIS+ and Secure NFS

This problem with NIS+ and Secure was formely posted under comp.unix.solaris
I have a central NFS-server with all the user disks mounted. The other machines are mounting these disks through DES authenticated NFS. It works fine regarding to the users own files, but when i comes to group permissions something is wrong. Someone told me that it is the group information in passwd.org_dir and not the one in group.org_dir there's in use ?? (it sounds strange to me, only the primary group information should be in the password file).
Somehow i believe it's a problem with some other credentials.

I have a share on m1:
 - /export/projects   secure,rw=cs   ""
I mount it:
m2:/export/projects  - /projects nfs - yes  intr,bg,secure,soft
(m2 are in netgroup "cs" and have valid credentials)

The volume is mounted ok on m2, and it works fine regarding to the permissions for the user and everyone. Only group permissions fail.

Regards, Tom
Who is Participating?
keieConnect With a Mentor Commented:
The group information used by the Secure RPC (NFS) server is
in the cred.org_dir table. This table contains two types of
entries. The DES entry<hex>;<hex>
is used to authenticate the user "user" in the NIS+ domain "". NIS+ and DNS domain names are identical on most systems.
The LOCAL entry,252:
tells Secure RPC (NFS) that "" has uid 100 and
is member of the groups 10 and 252. Usually the first group number is the group number from the password table. The later
numbers are often the groups from the groups database that "user" is a member of.
Yes indeed, NIS+ has two copies of the same information.
We used the utility "nisaddent" to convert our ASCII information
to the NIS+ tables. Nisaddent uses the information from the groups database to adapt cred.org_dir.
In your case I would suggest to use "nisaddent -d group" to dump the group table to ASCII form, and then use
"nisaddent -m -f groups-table group" to re-insert the groups table into NIS+.

The utilities in AdminSuite (Solaris 2.5) can be used to maintain
the NIS+ table. We avoid them, because they backfired a few times
when we first used them. We have our own set of scripts to add users to the NIS+ database.
thelmerAuthor Commented:
Adjusted points to 100
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.