pineda@ronis.chem.mcgill.ca (Andrew C. Pineda) (03/22/91)
We have two NIS/YP master servers (one a sun3-180 running SunOs 4.1.1, the
other a sun386i running SunOs 4.0.2, the NIS/YP domains chem2.mcgill.ca
and YP.chem.mcgill.ca, respectively) in our Internet sub-domain,
chem.mcgill.ca, and we are experiencing a minor problem configuring the
/etc/exports file using netgroups defined in the /etc/netgroup file. We
are trying to configure the sun386i so that it will export portions of its
file systems to selected machines or better yet selected users/machines on
our net (which include the sun3-180 and its diskfull/diskless clients).
The sun3-180 serves its clients without difficulty.
To this end we set up the following entry in /etc/netgroup:
ourmachines (sun386i,,YP.chem.mcgill.ca) (sun3-client,,YP.chem.mcgill.ca)
(this should work if the sun386i thinks sun3-client is part of it's YP
domain) and put the following line in /etc/exports:
/export/home/users/user1 -access=ourmachines
This does not work!!! Changing the entry in /etc/netgroup to any of
ourmachines (sun386i,,YP.chem.mcgill.ca) (sun3-client,,chem2.mcgill.ca)
(the line above should work if the sun386i thinks sun3-client is part of
the sun3-180's NIS domain)
or
ourmachines (sun386i,,YP.chem.mcgill.ca) (sun3-client,,chem.mcgill.ca)
(the line above should work if the sun386i thinks sun3-client is part of
the Internet domain)
or
ourmachines (sun386i,,YP.chem.mcgill.ca) (sun3-client,,)
(the line above should not care what domain sun3-client is in)
or finally
ourmachines (sun386i,,YP.chem.mcgill.ca) (,sun386-user,)
(the line above should only care about the user and not the domain or
host) also does not work. (We remade the NIS/YP netgroup maps on the
sun386i each time and re-exported everything when we made each change.)
The only thing that seems to work is changing the line in /etc/exports to
read:
/export/home/users/user1 -access=ourmachines:sun3-client
with
ourmachines (sun386i,,YP.chem.mcgill.ca)
or simply removing the access restrictions entirely.
By the way the machines are listed in each others /etc/hosts
files as:
IP# sun3-180 sun3-180.chem.mcgill.ca
IP# sun3-client sun3-client.chem.mcgill.ca
IP# sun386i sun386i.chem.mcgill.ca
Also both servers use are set up to use domain name resolver services from
a nameserver on our network for names not in their local NIS/YP databases.
What are we doing wrong? Or is this a bug? None of our local Unix gurus
have a clue. Should we turn the sun386i into a slave server or is there
another solution?
Sincerely,
Andy Pineda
<pineda@ronis.chem.McGill.CA> --- <(514) 398-7382>
PS - I just noticed another weird thing when automounting files on the
sun3-180 from the sun386i and a sun4-client (SunOS 4.1,diskful,NIS DOMAIN
chem2.mcgill.ca) of the sun3-180. I get access to one file system that I
to which I should not get access and don't get access to one that I should
be able to access.
The sun3-180 defines two netgroup domains as
domain (sun3-client1,,chem2.mcgill.ca) (sun3-client2,,chem2.mcgill.ca) ...
(note that "domain" does not include the sun386i or the sun4-client)
department (sun386i,,chem2.mcgill.ca) (sun4-client,,chem2.mcgill.ca) domain
or in another attempt
department (sun386i,,YP.chem.mcgill.ca) (sun4-client,,chem2.mcgill.ca) domain
and exports two of its filesystems as
/files1 -access=department
/files2 -access=domain
Guess what happens? The sun386i can access /files2 but not
/files1. This is WRONG!!! The sun4-client can access /files1 but
not /files2 which is the CORRECT behavior.
It's looking more and more like a bug to me.