pineda@ronis.chem.mcgill.ca (Andrew C. Pineda) (03/22/91)
We have two NIS/YP master servers (one a sun3-180 running SunOs 4.1.1, the other a sun386i running SunOs 4.0.2, the NIS/YP domains chem2.mcgill.ca and YP.chem.mcgill.ca, respectively) in our Internet sub-domain, chem.mcgill.ca, and we are experiencing a minor problem configuring the /etc/exports file using netgroups defined in the /etc/netgroup file. We are trying to configure the sun386i so that it will export portions of its file systems to selected machines or better yet selected users/machines on our net (which include the sun3-180 and its diskfull/diskless clients). The sun3-180 serves its clients without difficulty. To this end we set up the following entry in /etc/netgroup: ourmachines (sun386i,,YP.chem.mcgill.ca) (sun3-client,,YP.chem.mcgill.ca) (this should work if the sun386i thinks sun3-client is part of it's YP domain) and put the following line in /etc/exports: /export/home/users/user1 -access=ourmachines This does not work!!! Changing the entry in /etc/netgroup to any of ourmachines (sun386i,,YP.chem.mcgill.ca) (sun3-client,,chem2.mcgill.ca) (the line above should work if the sun386i thinks sun3-client is part of the sun3-180's NIS domain) or ourmachines (sun386i,,YP.chem.mcgill.ca) (sun3-client,,chem.mcgill.ca) (the line above should work if the sun386i thinks sun3-client is part of the Internet domain) or ourmachines (sun386i,,YP.chem.mcgill.ca) (sun3-client,,) (the line above should not care what domain sun3-client is in) or finally ourmachines (sun386i,,YP.chem.mcgill.ca) (,sun386-user,) (the line above should only care about the user and not the domain or host) also does not work. (We remade the NIS/YP netgroup maps on the sun386i each time and re-exported everything when we made each change.) The only thing that seems to work is changing the line in /etc/exports to read: /export/home/users/user1 -access=ourmachines:sun3-client with ourmachines (sun386i,,YP.chem.mcgill.ca) or simply removing the access restrictions entirely. By the way the machines are listed in each others /etc/hosts files as: IP# sun3-180 sun3-180.chem.mcgill.ca IP# sun3-client sun3-client.chem.mcgill.ca IP# sun386i sun386i.chem.mcgill.ca Also both servers use are set up to use domain name resolver services from a nameserver on our network for names not in their local NIS/YP databases. What are we doing wrong? Or is this a bug? None of our local Unix gurus have a clue. Should we turn the sun386i into a slave server or is there another solution? Sincerely, Andy Pineda <pineda@ronis.chem.McGill.CA> --- <(514) 398-7382> PS - I just noticed another weird thing when automounting files on the sun3-180 from the sun386i and a sun4-client (SunOS 4.1,diskful,NIS DOMAIN chem2.mcgill.ca) of the sun3-180. I get access to one file system that I to which I should not get access and don't get access to one that I should be able to access. The sun3-180 defines two netgroup domains as domain (sun3-client1,,chem2.mcgill.ca) (sun3-client2,,chem2.mcgill.ca) ... (note that "domain" does not include the sun386i or the sun4-client) department (sun386i,,chem2.mcgill.ca) (sun4-client,,chem2.mcgill.ca) domain or in another attempt department (sun386i,,YP.chem.mcgill.ca) (sun4-client,,chem2.mcgill.ca) domain and exports two of its filesystems as /files1 -access=department /files2 -access=domain Guess what happens? The sun386i can access /files2 but not /files1. This is WRONG!!! The sun4-client can access /files1 but not /files2 which is the CORRECT behavior. It's looking more and more like a bug to me.