From owner-freebsd-questions Sun Mar 21 11:18:29 1999 Delivered-To: freebsd-questions@freebsd.org Received: from quackerjack.cc.vt.edu (quackerjack.cc.vt.edu [198.82.160.250]) by hub.freebsd.org (Postfix) with ESMTP id B059D14E3A for ; Sun, 21 Mar 1999 11:18:26 -0800 (PST) (envelope-from jobaldwi@vt.edu) Received: from sable.cc.vt.edu (sable.cc.vt.edu [128.173.16.30]) by quackerjack.cc.vt.edu (8.8.8/8.8.8) with ESMTP id OAA00393 for ; Sun, 21 Mar 1999 14:18:06 -0500 (EST) Received: from john.baldwin.cx (jobaldwi.campus.vt.edu [198.82.67.63]) by sable.cc.vt.edu (8.8.8/8.8.8) with ESMTP id OAA08711 for ; Sun, 21 Mar 1999 14:18:05 -0500 (EST) Message-ID: X-Mailer: XFMail 1.3 [p0] on FreeBSD X-Priority: 3 (Normal) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit MIME-Version: 1.0 Date: Sun, 21 Mar 1999 14:18:05 -0500 (EST) From: John Baldwin To: freebsd-questions@freebsd.org Subject: Why are NIS netgroups ignored... Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I administrate a lab of about 80 machines running BSD and Digital UNIX. To make our lives easier, we run NIS. However, I can't get FreeBSD to acknowledge NIS netgroups in config files, specifically .rhosts or /etc/login.access. NIS does work in that people can login using their NIS accounts without any problem, thus /etc/passwd handles netgroups fine. I've also written a simple program that calls innetgr() to see if I am in the admins netgroup (which I am) and it works. However, the following lines in /etc/login.access don't work (the intention is for admins to be able to login from anywhere, consultants (lab workers in netgroup consult) to be able to login remotely only, and nobody else to be able to login) +:@admins:ALL +:@consult:ALL EXCEPT LOCAL -:ALL:ALL I also tried these two lines but they didn't work either: -:ALL EXCEPT @admins:LOCAL -:ALL EXCEPT @consult:ALL Is this a known problem? Is there any workaround (other than duplicating all of the netgroups in local groups in /etc/group, which rather defeats the purpose of netgroups)? We used to disable logins via the following lines in /etc/passwd (which DID work): +@consult:::::::: +::::::::/sbin/nlogin but that breaks some things (such as using pipelines like procmail in .forward files). Any help or advice appreciated. --- John Baldwin -- http://members.freedomnet.com/~jbaldwin/ PGP Key: http://members.freedomnet.com/~jbaldwin/pgpkey.asc To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message