7 Replies Latest reply on Aug 11, 2015 12:57 PM by Santosh Kothuru

    Linux Group Name Not Resolving Through NSH

      Note the 5039 in the below output. 8.2.01.273:

       

      [root@vxpit-cimgg001 apps]# ls -l

      total 32

      drwxrws---. 3 ad_as ad_as    4096 Jun  3 10:37 ad_as

      drwxr-xr-x. 3 adgguser adgguser 4096 Jun 29 19:13 adw

      drwxrws---. 4 eu_as eu_as    4096 Jul  1 06:06 eu_as

      drwxrws---. 4 gg_as gg_as    4096 Jun 23 10:04 gg_as

      drwxrwx---. 7 cigg cigg     4096 Jun  9 03:38 ggs

      drwxr-xr-x. 3 root root     4096 Jul  1 06:03 lmpras

      drwxrws---. 3 lmpr_as lmpr_as  4096 Jun  4 07:18 lmpr_as drwxrws---. 6 qtsc_as  qtsc_as 4096 Jul 13 13:56 qtsc_as

      [root@vxpit-cimgg001 apps]# exit

      exit

      vxpit-cimgg001% ls -l

      total 64

      drwxrws---   3 ad_as    ad_as        4096 Jun 03 10:37 ad_as

      drwxr-xr-x   3 adgguser adgguser     4096 Jun 29 19:13 adw

      drwxrws---   4 eu_as    eu_as        4096 Jul 01 06:06 eu_as

      drwxrws---   4 gg_as    gg_as        4096 Jun 23 10:04 gg_as

      drwxrwx---   7 cigg     cigg         4096 Jun 09 03:38 ggs

      drwxrws---   3 lmpr_as  lmpr_as      4096 Jun 04 07:18 lmpr_as

      drwxr-xr-x   3 root root         4096 Jul 01 06:03 lmpras

      drwxrws---   6 qtsc_as  5039        4096 Jul 13 13:56 qtsc_as

      vxpit-cimgg001%

       

      Anyone know why or how to fix?

       

      Thanks,

       

      Jason

        • 1. Re: Linux Group Name Not Resolving Through NSH
          Yanick Girouard

          Is this group local or remote (i.e. from ldap) to the server? Is it listed in /etc/group ?

          • 2. Re: Linux Group Name Not Resolving Through NSH

            Yanick Girouard thanks for the prompt response. I am not sure how to tell if its local or remote as I don't do system administration much. What commands? Centify is on this server.

             

            [root@vxpit-cimgg001 apps]# cat /etc/group | grep qtsc

            cigg:x:7313:eugguser,prgguser,nmgguser,qsgguser,adgguser,ad_as,gg_as,eu_as,lmpr_as,cmsas_ro,qtsc_as

            qsgguser:x:9556:qsgguser,cmsas_ro,qtsc_as

            qtsc_as:x:468:cmsas_ro,qtsc_as

            [root@vxpit-cimgg001 apps]# cat /etc/group | grep 5039

            [root@vxpit-cimgg001 apps]#

            • 3. Re: Linux Group Name Not Resolving Through NSH
              Yanick Girouard

              The gid 5039 is not listed in your local group file, so that means it's most likely remote, and is probably why BSA is unable to resolve it.

               

              Just for giggles, try this in NSH:

               

              cd //vxpit-cimgg001/path/to/apps

              nexec -e ls -l

               

              You can check if your system is configured for local or remote groups like this:

               

              grep group /etc/nsswitch.conf

               

              If it starts with files, it's local first, if not it's remote or using another directory (depending on the keyword).

              • 4. Re: Linux Group Name Not Resolving Through NSH
                Bill Robinson

                If the external system is pam enabled it should work w/ bsa.

                • 5. Re: Linux Group Name Not Resolving Through NSH

                  Thank you Yanick Girouard and Bill Robinson.

                   

                  The resolution works on some and fails on others. Is it because the group also exists locally with the same name but under a different GID?

                   

                  Failing Server (qtsc_as is Centrify AD group which resolves):

                   

                  [root@vxpit-cimgg001 apps]# grep group /etc/nsswitch.conf

                  #group:     db files nisplus nis

                  group: centrifydc       files

                  netgroup:   nisplus

                  [root@vxpit-cimgg001 apps]# cat /etc/group | grep qtsc_as
                  cigg:x:7313:eugguser,prgguser,nmgguser,qsgguser,adgguser,ad_as,gg_as,eu_as,lmpr_as,cmsas_ro,qtsc_as
                  qsgguser:x:9556:qsgguser,cmsas_ro,qtsc_as
                  qtsc_as:x:468:cmsas_ro,qtsc_as

                  [root@vxpit-cimgg001 apps]# getent group | grep qtsc_as
                  qtsc_as:x:5039:
                  cigg:x:7313:eugguser,prgguser,nmgguser,qsgguser,adgguser,ad_as,gg_as,eu_as,lmpr_as,cmsas_ro,qtsc_as
                  qsgguser:x:9556:qsgguser,cmsas_ro,qtsc_as
                  qtsc_as:x:468:cmsas_ro,qtsc_as

                  [root@vxpit-cimgg001 apps]# adquery group | grep qtsc_as
                  qtsc_as:x:5039:

                  [root@vxpit-cimgg001 apps]# adquery user | grep qtsc_as

                  [root@vxpit-cimgg001 apps]# cat /etc/passwd | grep qtsc_as qtsc_as:x:17341:468:System Software 04476:/usr/apps/qtsc_as:/bin/false

                   

                  Working server (bl_inst is Centrify AD group which resolves):

                   

                   

                  [root@vxpit-eblogc06 /]# grep group /etc/nsswitch.conf

                  #group:     db files nisplus nis

                  group: centrifydc       files

                  netgroup:   nisplus

                  root@vxpit-eblogc06 /]# cat /etc/group | grep bl_inst

                  [root@vxpit-eblogc06 /]# getent group | grep bl_inst
                  bl_inst:x:7057:a0065285,a0134801,a0157950,a0218343

                  [root@vxpit-eblogc06 /]# adquery group | grep bl_inst
                  bl_inst:x:7057:a0065285,a0134801,a0157950,a0218343

                  [root@vxpit-eblogc06 /]# adquery user | grep bl_inst

                  [root@vxpit-eblogc06 /]# cat /etc/passwd | grep bl_inst

                  • 6. Re: Linux Group Name Not Resolving Through NSH
                    Bill Robinson

                    Centrify should work w/ pam right ? …so in theory blade should be able to resolve the group… if getgrnam can return the AD group, then bsa should be able to as well.

                    • 7. Re: Linux Group Name Not Resolving Through NSH
                      Santosh Kothuru

                      Just try to restart the rscd service on target host and see the status.