There is an excellent tutorial on using LDAP for netgroup enumeration. Most of the changes are obvious, but one thing may trip you up. First you add a netgroup to your directory: # example, netgroup, narrabilis.com dn: cn=example,ou=netgroup,dc=narrabilis,dc=com description: Narrabilis Workstations nisNetgroupTriple: (nash,,) nisNetgroupTriple: (dreamhost,,) nisNetgroupTriple: {ramblings,,) cn: example objectClass: top objectClass: nisnetgroup
Next you add ldap to the netgroup line of nsswitch.conf netgroup: files ldap Now for optimization you should add nss_base_netgroup to your ldap.conf (optional) nss_base_netgroup ou=netgroup,dc=narrabilis,dc=com ok, you've done all that, it should work just fine right? But it doesn't. :-(
The quirky thing is that you must set a NISDOMAIN in /etc/sysconfig/network NISDOMAIN=huh It doesn't matter what you set it to either, but it must be set. Very lame. But, it should work now, go figure.

Comments

Add new comment

CAPTCHA
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.

About the Author...