[Freeipa-users] netgroups not working for exports in freeipa
Jakub Hrozek
jhrozek at redhat.com
Wed Jan 28 10:57:55 UTC 2015
On Tue, Jan 27, 2015 at 10:03:37PM +0000, Roderick Johnstone wrote:
> Hi
>
> I'm migrating from a legacy NIS setup to ipa. I have a number of NIS
> netgroups (of hosts) that are being used to export (non-kerberos) nfs shares
> to which I would like to migrate to ipa.
>
> I've create a new netgroup in ipa (for testing) and added some hosts to it
> (using ipa netgroup-add and ipa netgroup-add-member). I'm hoping that when
> exporting an nfs share using the @netgroup syntax in /etc/exports that the
> netgroup will be looked up in ipa and the share will be exported to the
> hosts in the netgroup.
>
> /etc/nsswitch.conf has a line:
> netgroup: files nis sss
>
> /etc/exports has a line:
> /var/tmp/testexport @rmjnetgroup1(ro)
>
> I haven't, so far, been able to mount the exported share on a client so I'm
> wondering if this setup would be expected to work?
>
> What is confusing to me is that the section in the Redhat 6 Identity
> Management guide on netgroups also has information on running the NIS
> listener plugin so I'm wondering if perhaps this only works when running the
> nis listener. I'm trying to avoid that.
>
> I'd welcome any clarification on how to do non-kerberised nfs exports to
> groups of hosts.
Does getent netgroup rmjnetgroup1 show the hosts you'd expect?
More information about the Freeipa-users
mailing list