KB-0740: groups command is not working on Solaris 10

Centrify DirectAudit ,   Centrify DirectControl ,   Centrify Identity Service, Mac Edition ,  

12 April,16 at 11:45 AM

Applies To: 

All Sun's Solaris running Update3 with patch 120011-14 on Sol 10 sparc (120012-14 on Sol 10 x86) or Update4


Groups command is not reporting secondary groups for local users as well as AD users when
nscd is on.

bash-3.00# ps -ef | grep -i nscd
    root  2264  2261   0 17:00:36 pts/2       0:00 grep -i nscd

bash-3.00# /etc/init.d/nscd start
bash-3.00# ps -ef | grep -i nscd
    root  2279  2261   0 17:01:11 pts/2       0:00 grep -i nscd
    root  2277     1   0 17:01:08 ?           0:00 /usr/sbin/nscd

bash-3.00# groupadd localgr1
bash-3.00# groupadd localgr2

bash-3.00# useradd -g localgr1 -G localgr2 louser1
bash-3.00# id louser1
uid=101(louser1) gid=10002(localgr1)
bash-3.00# id -a louser1
uid=101(louser1) gid=10002(localgr1) groups=10003(localgr2)
bash-3.00# groups louser1
bash-3.00# /etc/init.d/nscd stop
bash-3.00# groups louser1
localgr1 localgr2


Sun has identified this as bug 6636228.  The bug was introduced with the new implementation of nscd. This new code was included in Solaris 10 Update 4 (8/07).   Previous Solaris releases (Solaris 10 Update 3 or earlier) are only affected if they install the patch 120011-14 on sparc (120012-14 on x86) which will bring this new nscd implementation to those systems (note that 120011-14 is now obsoleted by 127111-xx which however requires 120011-14). An unpatched Solaris 10 Update 3 system is not affected by this bug.


Disable nscd or backout out of patch 120011-14 on Sol 10 sparc or 120012-14 on Sol 10 x86


Sun have actually now fixed this with a new patch 138046-02 for  Sol 10 Sparc or 138047 for Sol 10 x86.

