[LDAP-interop] netgroup using OpenLDAP on HP-UX 11iv1 platfrom

Collins, Kevin (MindWorks) KCollins at chevron.com
Thu Aug 25 14:52:13 EDT 2005 

Sorry its such a late response (I was out for a week), but there are
some otehr things to setup besides nsswitch. You need to have the
pam_authz module configured, I believe. Check 'man pam_authz' for more
details. The 1st paragraph is:

      The pam_authz service module for PAM,
      /usr/lib/security/libpam_authz.1, provides functionality which
allows
      the administrator to control who can login to the system based on
      netgroup information found in the /etc/passwd file.  pam_authz has
      been created to provide access control similar to the netgroup
      filtering feature that is performed by NIS.  pam_authz is intended
to
      be used when NIS is not used, such as when the pam_ldap or
      pam_kerberos authentication modules are used.  Because pam_authz
      doesn't provide authentication, it doesn't verify if a user
account
      exists.

Hope this helps,

Kevin

-----Original Message-----
From: ldap-interop-bounces at fini.net
[mailto:ldap-interop-bounces at fini.net] On Behalf Of Ran Li
Sent: Monday, August 15, 2005 2:01 PM
To: ldap-interop at fini.net
Subject: [LDAP-interop] netgroup using OpenLDAP on HP-UX 11iv1 platfrom

Hello List,

I ran into a problem that making netgroup from OpenLDAP working on HP-UX
11iv1 platform, (installed LDAP-UX Client Services B.04.00)

my configuration are as following,

1. /etc/nsswitch.conf
passwd: compat
passwd_compat: ldap
netgroup: ldap

2. /etc/passwd
...
+ at sysadmin
+ran

3. defined netgroup triple in OpenLDAP it works fine for Solaris and
Linux platforms

I m able to login as user "ran" but not able to login as any other
logins in sysadmin netgroup. 

Anybody has this experience? Thanks.

Regards,

-ran

I modified nis.schema accroding to the link below, but not sure if that
would affect netgroup on HP-UX platform.
http://lists.fini.net/pipermail/ldap-interop/2005-January/000211.html

_______________________________________________
LDAP-interop mailing list
LDAP-interop at fini.net
http://lists.fini.net/mailman/listinfo/ldap-interop



_______________________________________________
LDAP-interop mailing list
LDAP-interop at fini.net
http://lists.fini.net/mailman/listinfo/ldap-interop

More information about the LDAP-interop mailing list