Ok, so how are you supposed to control membership of the wheel group
via ldap? Ok, you COULD remove the local wheel entry in /etc/group,
but this would probably be a bad idea if the ldap server were
unavailable.
I've had a similar problem to this where group names are duplicated
across different operating systems (i use gentoo, freebsd and ubuntu
on my network) but the gid's are different. For instance the 'audio'
group on gentoo has a different gid to the 'audio' group on ubuntu.
This would appear to have something to do with nss_base_group
configuration option in the ldap.conf file used by nss_ldap and
pam_ldap - something to do with the "search scope" - whereby i can
configure the ldap.conf file for one os to look a sub-tree of my
"groups" ou for additional groups specific to that OS - but
documentation on the PADL site on this topic is almost non-existant!
Can anyone help?
On 21 Aug 2007, at 21:24, Chuck Swiger wrote:
On Aug 21, 2007, at 12:50 PM, Ulrich Spoerlein wrote:
I found this while trying to migrate groups into LDAP, but you don't
need LDAP to reproduce this, simply place the following in /etc/group
wheel:*:0:root
wheel:*:0:us
That's a misconfiguration. From "man 5 group":
The group field is the group name used for granting file access
to users
who are members of the group. The gid field is the number
associated
with the group name. They should both be unique across the
system (and
^^^^^^^^^^^^^^^^^^^^^
often across a group of systems) since they control file access.
--
-Chuck
_______________________________________________
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-
[EMAIL PROTECTED]"
_______________________________________________
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
