OS : SunOS 5.8
I am trying to add a user ad3059 to the following groups,
A B C D ( four groups A,B,C,D)
When i use usermod command and add the user to the above groups,
and go to
> groups ad3059
other C D
It doesnt show A and B groups and shows it as other.Please advice on how can we fix the issue
Exactly what usermod command or commands did you use to add that user to those four groups?
How many other users are in groups A and B ?
How many groups include user ad3059 ?
What output do you get from the command:
grep 'ad3059' /etc/group
and from the command:
grep '^A:' /etc/group
(where A is the name of one of the groups that you have added user ad3059 to that is not showing up after you have added that user to the group, that user has logged out, that user has logged back in, and that user runs the command:
groups
)?
Hello Don,
Thank you for the quick reply,
I created the user using the below command,
useradd -G A,B,C,D -d /msdhome/ad3059 -m ad3059
its only these four groups that is with this particular user.
Output:
grep 'ad3059' /etc/group
D::2098:ad3059
C:*:2015:ad3059
Kindle help me the procedure to add user ad3059 to group A and B as well,
---------- Post updated at 03:25 AM ---------- Previous update was at 03:20 AM ----------
# grep '^A:' /etc/group
Is not showing any result
root@bnesrv # grep '^A:' /etc/group
root@bnesrv # grep '^A:' /etc/group
If grep '^A:' /etc/group is showing no output, group A must not exist. I see nothing in the usermod man page saying that it will create new groups.
Try using /usr/sbin/groupadd to add the new groups to /etc/group and then rerun the usermod command to add that user to the newly created groups.
Hello Don,
Group A exists ,meaning if i do the following command,
root@bnesrv50 # getent group | grep -i A
A:*:2560:a9ad3059,a9an2462,a9ap2447,a9cb2519,a9dm3678,a9es5342,a9jc2364,a9jd3062,a9jl1987,a9lz6481,a9nh4814,a9nm2713,a9rs2507,a9wa2556,ah1901,alastair,at2tha,bryans,c9dg2497,c9fl6347,c9pm2994,c9rc2865,cw2659,dennism,dr2551,eliza,fg2287,ge1700,gkelly,ja2406,jdowling,jkennedy,mf3525,mw2955,petewil,philob,pv2571,rakesh,rg4365,rj2619,rv3526,sl3353,sorcha,t9ar4510,t9ds4473,t9ga4650,t9jg2677,t9kk4511,t9km3147,t9lp4607,t9mt4512,t9ng4556,t9ns4681,t9ra4517,t9rb4551,t9rk4550,t9rs4518,t9rs4519,t9rs4687,t9rv4688,t9sk4509,t9sn4558,t9tk5064,t9tl2850
root@bnesrv50 # getent group | grep -i B
B:*:2560:a9ad3059,a9an2462,a9ap2447,a9cb2519,a9dm3678,a9es5342,a9jc2364,a9jd3062,a9jl1987,a9lz6481,a9nh4814,a9nm2713,a9rs2507,a9wa2556,ah1901,alastair,at2tha,bryans,c9dg2497,c9fl6347,c9pm2994,c9rc2865,cw2659,dennism,dr2551,eliza,fg2287,ge1700,gkelly,ja2406,jdowling,jkennedy,mf3525,mw2955,petewil,philob,pv2571,rakesh,rg4365,rj2619,rv3526,sl3353,sorcha,t9ar4510,t9ds4473,t9ga4650,t9jg2677,t9kk4511,t9km3147,t9lp4607,t9mt4512,t9ng4556,t9ns4681,t9ra4517,t9rb4551,t9rk4550,t9rs4518,t9rs4519,t9rs4687,t9rv4688,t9sk4509,t9sn4558,t9tk5064,t9tl2850
The output shows that the group A and B exists,
Also when i check for other user,
#groups inf7
A B mincom
Looks like the above user inf7 has been added to the A,B group.
So the groups actually exists.Please guide me on what can be done.Thanks in advance.
So what other database is holding the groups information for your system. Note that user inf7 is not in group A or B (which do not exist in /etc/group ) and is not in group A or B in the getent group group A or B shown in the list you provided in post #3 in this thread. It is also interesting to note that there is no need to add someone to both groups; both groups have the same group ID (2560).
Note also that you have also shown us that user ad3059 does not exist in the getent group output for groups C or D either, so it appears that user ad3059 only appears in the local /etc/group file; not in the network's group database. (I say this because the grep -i a would show all occurrences of ad3059 in the network's group database.)
So, it appears that user ad3059 is not in the network's group database and only appears in the system's local files ( /etc/passwd and /etc/group ) where there is no group A and there is no group B.
It has been a couple of decades since I worked on a Solaris 8 system, and I don't remember how it determined who would be found in local user and group databases and who would be found in network user and group databases. I also seem to remember limits on the length's of lines in the user and group databases (both local and networked) which is probably why you have group A and B in the remote group database with the same group ID. Maybe you can't add any more users to those groups because you have reached that limit. But, I am surprised that you didn't get any error messages from usermod if that was the reason for failing to add ad3059 to those remote groups.
Thanks Don,
I am not sure why i am able to add the user to group CD but not AB.
when i give
#grep 'ad3059' /etc/group D::2098:ad3059 C:*:2015:ad3059
But not A and B not sure
Do getent group | grep -i A and grep A /etc/group really match?
What does /etc/nsswitch.conf say?
Hello RudiC,
I did getent group | grep -i A
root@bnesrv50 # getent group | grep -i A
A5:*:2560:a9ad3059,a9an2462,a9ap2447,a9cb2519,a9dm3678,a9es5342,a9jc2364,a9jd3062,a9jl1987,a9lz6481,a9nh4814,a9nm2713,a9rs2507,a9wa2556,ah1901,alastair,at2tha,bryans,c9dg2497,c9fl6347,c9pm2994,c9rc2865,cw2659,dennism,dr2551,eliza,fg2287,ge1700,gkelly,ja2406,jdowling,jkennedy,mf3525,mw2955,petewil,philob,pv2571,rakesh,rg4365,rj2619,rv3526,sl3353,sorcha,t9ar4510,t9ds4473,t9ga4650,t9jg2677,t9kk4511,t9km3147,t9lp4607,t9mt4512,t9ng4556,t9ns4681,t9ra4517,t9rb4551,t9rk4550,t9rs4518,t9rs4519,t9rs4687,t9rv4688,t9sk4509,t9sn4558,t9tk5064,t9tl2850
A:*:2560:a9aa6284,a9ay6972,a9dd3230,a9ek6520,a9is6175,a9mf6529,a9nl6176,a9pw5264,aaronj,alastair,am1603,andreas,andrewhe,angelag,as6984,at2362,at6036,audanoa1,aumaval,awearne,barbara,barryq,billb,bw3825,c9ds5118,c9et2845,c9jk3742,c9lh5683,c9pr9roe,c9rr2844,c9sa4102,c9vt5175,carl,carmeld,chrisw,cm_adm,craigd,danielh,davidh,db5333,dc4340,deborahb,dh7had,dl6218,dt2499,eliza,fa6309,garyg,ggomez,gm5764,gs4912,hw5765,ibligh,ivylee,ja7arj,jasons,jb5706,jennyr,jf1755,jj3191,jl5399,johnmcc,js5694,julianne,jw5241,kassulke,kateoc,kaylee,lc2492,legaultm,lindaw,ls2379,lucy,markh,mc1lis,mehranp,michaelc,mincom,mm4614,mo3756,mp3871,mr4760,mr5705,ms5202,murrayst,na1ain,neilh,norac,otoniel,paul,pd1309,pm2978,pp1609,ps4615,rb4brr,rh5858,rmckenzi,rudi,sc6091,sg3755,sg6200,shonaj,simonam,sl2440,smangrai,speedway,sr4187,ss2125,sscott,t9aa5302,t9ir5065,t9rn6094,tk4638,vasum,wl6264,ws3549
A:*:2560:a9ab4984,a9ad2127,a9ad2789,a9ag1777,a9an3086,a9cd1167,a9dd3185,a9dm1117,a9dm8mcc,a9fb6574,a9ff2276,a9fs1620,a9gd4619,a9gk8kel,a9gp3184,a9hk2804,a9ht5627,a9is6175,a9jr5626,a9kw4985,a9mc1cam,a9nb8bea,a9nl6176,a9rg3061,a9rj2193,a9sc1116,a9sr1765,a9ss4987,a9tl3060,a9ym2814,aa1990,alisonk,bhawson,bradm,brandon,brianm,c9bs4321,c9ew1631,cc8don,ce1925,chansell,ck1971,cmedina,colmo,dt4804,eliza,gm1746,henry,jd1738,jk4176,joe,kathleen,ks1smh,ku2296,lisam,lk1992,maevek,maggiek,marie,mfinney,mlacey,neila,paul1621,paulja,pcaffrey,peterfl,pkeane,pkirk,rossv,rtovar,smythr,sr4943,thayabam,thomasm,tonyha,victor,vu2241,yzarur,z9af3083
But when i give grep A /etc/group,i dont get any output,
root@bnesrv50 # grep cmelusr /etc/group
root@bnesrv50 #
root@bnesrv50 # cat /etc/nsswitch.conf
#
# /etc/nsswitch.dns:
#
# An example file that could be copied over to /etc/nsswitch.conf; it uses
# DNS for hosts lookups, otherwise it does not use any other naming service.
#
# "hosts:" and "services:" in this file are used only if the
# /etc/netconfig file has a "-" for nametoaddr_libs of "inet" transports.
passwd: files nis
group: files nis
# You must also set up the /etc/resolv.conf file for DNS name
# server lookup. See resolv.conf(4).
hosts: files dns
ipnodes: files
# Uncomment the following line and comment out the above to resolve
# both IPv4 and IPv6 addresses from the ipnodes databases. Note that
# IPv4 addresses are searched in all of the ipnodes databases before
# searching the hosts databases. Before turning this option on, consult
# the Network Administration Guide for more details on using IPv6.
#ipnodes: files dns
networks: files nis
protocols: files nis
rpc: files nis
ethers: files nis
netmasks: files nis
bootparams: files
publickey: files
# At present there isn't a 'files' backend for netgroup; the system will
# figure it out pretty quickly, and won't use netgroups at all.
netgroup: files nis
automount: files nis
aliases: files
services: files nis
sendmailvars: files
printers: user files
auth_attr: files
prof_attr: files
project: files
the above is /etc/nsswitch.conf , can you please help on what can be done.
Thanks for yur help
---------- Post updated at 07:29 AM ---------- Previous update was at 07:17 AM ----------
But when i give grep A /etc/group,i dont get any output,
root@bnesrv50 # grep A /etc/group
root@bnesrv50 #
Well it is clear that you cannot add the user to the group A or B, since these group names exist only in the NIS directory and do not exist locally (/etc/group). The NIS administrator should be able to add users to one of these groups. This typically cannot be done from an ordinary host from the command line...
As Don noted, group A and B have the same gid (group id 2560), so the user needs to be added to one group with gid 2560, so only one of those groups. Due to line length limitations there are probably many of them, so far we have seen two groups A, one B, one A5. You will be able to see all of them using:
getent group | nawk -F: '$3==2560'
Hello All,
Thanks a lot for your reply Scrutinizer.Totally right.The groups were in our AD servers .I discussed with our windows admin today and he said that the users must be added to groups in AD which must be done by him.I gained good knowledge from this discussion.Thanks a lot to everyone who helped me with the issue.
Thanks heaps Scrutinizer,RudiC and Don.Really appreciate your help.
Your nswitch.conf proves that group comes from /etc/group (files) and NIS (nis). I wonder if/how AD is involved.
The direkt lookup in NIS group is done with
ypmatch A group
analogue to the general lookup
getent group A
It could be that AD is synced to an LDAP server that uses a Nis plug-in.