wader2
1 Copper

Netgroup File not working

I have a NAS and have moved a netgroup file into the ./etc folder of the DataMover. I am trying to NFS export the file system with the hosts in the netgroup. I put my group name in the Root Hosts and have a ESX server trying to mount and R/W into that file system. I do not have the group name in any other space (Read Only, Access Hosts, etc.), just Root Hosts. My netgroup file looks like the following:

nagrp1 (10.10.10.46,,) \
(10.10.44.46,,)

I do not get any syntax errors with this file.

However, even though I can mount the file system, I can not create or write to it. If I put the IP addresses directly in the Root Hosts export, it works just fine.

Other background - I am not using NIS, just the netgroup file. I am using DNS, but I am putting IP addresses in the netgroup file anyway (because the VM Kernel IP address of the hosts were never put in DNS). I tried putting in host names in the netgroup file and editing the hosts file (which resolves), but that did not work either. I am using 5.6.44-4 version.

So, based on everything working when I put the IP address in the Root Hosts export, I suspect a problem with reading from the netgroup file by the DM. Maybe I have the netgroup file in the wrong spot? I have it in the .etc folder of the DM I am using.

Anyone have any ideas?

Thanks,

Wade
Tags (2)
0 Kudos
9 Replies
bernd3
2 Bronze

Re: Netgroup File not working

Hi wader,

I don't know about the netgroup file but I'm surprised that you use only the root= option.

From the Configuring NFS on Celerra guide: "Setting root access does not grant access to the export by itself. Root access is added to the other permissions"

Can you test if the export works when you specify the groupname for both rw= and root= options?
0 Kudos
urle
2 Iron

Re: Netgroup File not working

As far as I know netgroup doesn't work with root= option. Another point: does the line continuation with \ really work? Try it without using longer lines or use a syntax like

group1 (...) (...)
group2 (...) (...)
group group1 group2

We had with several Unix variants problems with line continuation ...
0 Kudos
wader2
1 Copper

Re: Netgroup File not working

Still trying to get line continuations to work. However, just to let anyone else viewing this thread know what was found:

I am using Celerra version 5.6.44-4. The netgroup file, while it does not show any syntax errors in the log, has to match the following syntax to work - it can not use IP addresses, only hostnames. Have not confirmed, but it looks like you can not use capital letters in the host names. The format I have working is exactly this -

na.hosts1 (nadcnpmgt01,,),(host01d,,),(host01e,,),(host01f,,)

I have tried many, many other syntax, with IP addresses, hostname, line continuations, etc., and have not gotten any of them to work until now.

I exported the root access and the host access with na.hosts1, and that is all. When I added a host (when adding the host01f host), I just put a comma, open parenthesis, hostname, two commas and the close parenthesis. If I had spaces, it did not work. If I put a / for a line continuation, it did not work for the new line, but the original line worked. Since I don't want a single line that is 300 hosts long, I still want to use a continuation.

Not saying that I did not do something wrong on my initial testing, but this is what I have found so far. Not a lot of documentation on the netgroup format, and since it seems to be pretty picky, maybe there should be some.

Wade
0 Kudos
urle
2 Iron

Re: Netgroup File not working

I am using Celerra version 5.6.44-4. The netgroup
file, while it does not show any syntax errors in the
log, has to match the following syntax to work - it
can not use IP addresses, only hostnames. Have not
confirmed, but it looks like you can not use capital
letters in the host names. The format I have working
is exactly this -

na.hosts1

nadcnpmgt01,,),(host01d,,),(host01e,,),(host01f,,)

I have tried many, many other syntax, with IP
addresses, hostname, line continuations, etc., and
have not gotten any of them to work until now.


We're using folling format (with DNS as primary host resolution):

grp1 (h1.xxx.de) (h2.xxx.de) (h3.yyy.de)
grp2 (h4.xxx.de) (h5.xxx.de)
grp grp1 grp2

This is our form of line continuation and works with every NIS I layed my hands on in the last 20 years.

Hope this helps a little bit, urle
0 Kudos
IanSchorr
2 Iron

Re: Netgroup File not working

You're right that this should be better documented, but just wanted to confirm some things for you:

- Celerra does not support IP addresses in netgroup entries, only hostnames. As far as we can tell, though, no other OS supports this (you probably already heard about this or will through the support path).
- The names in netgroup entries are case sensitive. Partly this has nothing to do with Celerra. For example, many kinds of NIS servers are case sensitive. If we ask the NIS server what netgroups a host named "host1.com", "Host1.com", "HOST1.com" or "HOST1.COM", we'd get four different answers. It's possible that restriction could have been removed when using local netgroup files, but when people have complained about case sensitivity it's been when using NIS, where there's nothing practical we can do about it.
0 Kudos
punkybouy
1 Copper

Re: Netgroup File not working

Is it just enough to have a netgroup file in .etc with a group in it and then export the fs to the group with access= and some other option= ?

I have always had a server name followed by two commas and a parentheses at each end with only a space between entries.
0 Kudos
Rainer_EMC
5 Osmium

Re: Netgroup File not working

As far as I know netgroup doesn't work with root= option.


Hi Urle,

are you sure ?

The way I read the docs is that netgroups should work for root= as well

Rainer
0 Kudos
Rainer_EMC
5 Osmium

Re: Netgroup File not working

Hi Wade,

did you get that resolved ?

Rainer
0 Kudos
Highlighted
rajans
1 Copper

Re: Netgroup File not working

the netgroup on the DM does not support specifying IP address .

from the 7.1 Configuring VNX™ Naming Services

Create or edit a netgroup file

Each line of the netgroup file defines a group and has the format:

groupname member1 member2 ...

Each member is either the name of another group or indicates specific hosts, users,

and domains, referred to as a triple, as follows:

(hostname,username,domainname)

Any of the triple’s three fields can be blank, meaning all the values in that field are

included. A dash in any of the fields means there are no valid values. For

example, the following line defines a group called ouruniverse that consists of all

hosts and users in the NIS domain ourdomain.

ouruniverse (,,ourdomain)

The following lines define a group called ourhosts that includes all of the hosts but

none of the users in the domain, and a group called ourusers that includes all users

but no hosts.

ourhosts (,-,ourdomain)

ourusers (-,,ourdomain)

The following line defines a group called ouruniverse that consists of two hosts

hostatlanta and hostboston.

ouruniverse (hostatlanta,,),(hostboston,,)

Note: IP addresses are not allowed.

A netgroup file can include as many lines as required; however, each line must be

less than 1 KB in length. If necessary, a line can be continued on another line by

using the backslash (\) as a continuation character. A triple, however, cannot be

split across two lines.

Note: If you use a backslash (\) as a continuation character, it must be the last character on

the line. It cannot be followed by spaces.

0 Kudos