initgroups() system call in smbd child process doesn't get suppliementary group info from LDAP

Gerald (Jerry) Carter jerry at samba.org
Tue Dec 2 14:56:00 GMT 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Marco Zhang wrote:
| Hi Experts,
|
| Here is my setup:
| ================
| * OS:
| 	Solaris 9 with Native LDAP client enabled
|
| * Samba:
| 	2.2.8a compiled with OpenLDAP 2.1.22:
| 	# CPPFLAGS="-I/usr/local/openldap_22/include"
|       LDFLAGS="-L/usr/local/openldap_22/lib" ./configure
|       --prefix=/usr/local/samba_2.2.8_ldap22 --with-ldapsam
|
| * OpenLDAP 2.1.22
|
| * iPlanet Directory Server 5.1 is setup to as SAM
|
|
| The problem is:
| ===============
| With patch 112960-03 and below, everything works fine. With patch
| newer than 112960-03, Samba cann't get the supplementary
| group information for a user from directory server.
| Therefore, the user gets access denied when access to
| those files with supplementary group permission.

This sounds a lot like https://bugzilla.samba.org/show_bug.cgi?id=395


| Also tested by adding some debug codes in Samba source that initgroups()
| system call works fine only in smdb parent process but not in child smbd
| process.
....
| Questions:
| ==========
| * Any ideal for above behavours?
| * Is the problem of smbd or the Solaris patch?
| * Any workarounds? (Of course don't tell me to downgrade the
|   patch 112960-03 and below)
| * If is the problem of Solaris patch, anyone can contribute a
|   simple C code the produce the same problem or even the ideal
|   of how this C code should be written?

I'll get something to you later today hopefully.  I'd like to
close out that bug report anyways.



cheeers, jerry
~ ----------------------------------------------------------------------
~ Hewlett-Packard            ------------------------- http://www.hp.com
~ SAMBA Team                 ---------------------- http://www.samba.org
~ GnuPG Key                  ---- http://www.plainjoe.org/gpg_public.asc
~ "If we're adding to the noise, turn off this song" --Switchfoot (2003)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE/zKgAIR7qMdg1EfYRAuYiAKCtAGeMStu7F+U7m8YpZHg3bwbh5ACfRt4X
vdetpiGf6hJfyYVZfUACSJs=
=suih
-----END PGP SIGNATURE-----



More information about the samba-technical mailing list