initgroups() system call in smbd child process doesn't get
suppliementary group info from LDAP
Gerald (Jerry) Carter
jerry at samba.org
Tue Dec 2 14:56:00 GMT 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Marco Zhang wrote:
| Hi Experts,
|
| Here is my setup:
| ================
| * OS:
| Solaris 9 with Native LDAP client enabled
|
| * Samba:
| 2.2.8a compiled with OpenLDAP 2.1.22:
| # CPPFLAGS="-I/usr/local/openldap_22/include"
| LDFLAGS="-L/usr/local/openldap_22/lib" ./configure
| --prefix=/usr/local/samba_2.2.8_ldap22 --with-ldapsam
|
| * OpenLDAP 2.1.22
|
| * iPlanet Directory Server 5.1 is setup to as SAM
|
|
| The problem is:
| ===============
| With patch 112960-03 and below, everything works fine. With patch
| newer than 112960-03, Samba cann't get the supplementary
| group information for a user from directory server.
| Therefore, the user gets access denied when access to
| those files with supplementary group permission.
This sounds a lot like https://bugzilla.samba.org/show_bug.cgi?id=395
| Also tested by adding some debug codes in Samba source that initgroups()
| system call works fine only in smdb parent process but not in child smbd
| process.
....
| Questions:
| ==========
| * Any ideal for above behavours?
| * Is the problem of smbd or the Solaris patch?
| * Any workarounds? (Of course don't tell me to downgrade the
| patch 112960-03 and below)
| * If is the problem of Solaris patch, anyone can contribute a
| simple C code the produce the same problem or even the ideal
| of how this C code should be written?
I'll get something to you later today hopefully. I'd like to
close out that bug report anyways.
cheeers, jerry
~ ----------------------------------------------------------------------
~ Hewlett-Packard ------------------------- http://www.hp.com
~ SAMBA Team ---------------------- http://www.samba.org
~ GnuPG Key ---- http://www.plainjoe.org/gpg_public.asc
~ "If we're adding to the noise, turn off this song" --Switchfoot (2003)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQE/zKgAIR7qMdg1EfYRAuYiAKCtAGeMStu7F+U7m8YpZHg3bwbh5ACfRt4X
vdetpiGf6hJfyYVZfUACSJs=
=suih
-----END PGP SIGNATURE-----
More information about the samba-technical
mailing list