initgroups() system call in smbd child process doesn't get suppliementary group info from LDAP

Marco Zhang Marco.Zhang at Sun.COM
Thu Dec 4 03:45:19 GMT 2003


Hi Jerry,

Bug 395 looks close to my problem. Does winbind matter here because I am not using it at all.

Let me know if I can have any thing from you to try it out.

Thanks,
Marco

On Tue, Dec 02, 2003 at 08:56:00AM -0600, Gerald (Jerry) Carter wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Marco Zhang wrote:
> | Hi Experts,
> |
> | Here is my setup:
> | ================
> | * OS:
> | 	Solaris 9 with Native LDAP client enabled
> |
> | * Samba:
> | 	2.2.8a compiled with OpenLDAP 2.1.22:
> | 	# CPPFLAGS="-I/usr/local/openldap_22/include"
> |       LDFLAGS="-L/usr/local/openldap_22/lib" ./configure
> |       --prefix=/usr/local/samba_2.2.8_ldap22 --with-ldapsam
> |
> | * OpenLDAP 2.1.22
> |
> | * iPlanet Directory Server 5.1 is setup to as SAM
> |
> |
> | The problem is:
> | ===============
> | With patch 112960-03 and below, everything works fine. With patch
> | newer than 112960-03, Samba cann't get the supplementary
> | group information for a user from directory server.
> | Therefore, the user gets access denied when access to
> | those files with supplementary group permission.
> 
> This sounds a lot like https://bugzilla.samba.org/show_bug.cgi?id=395
> 
> 
> | Also tested by adding some debug codes in Samba source that initgroups()
> | system call works fine only in smdb parent process but not in child smbd
> | process.
> ....
> | Questions:
> | ==========
> | * Any ideal for above behavours?
> | * Is the problem of smbd or the Solaris patch?
> | * Any workarounds? (Of course don't tell me to downgrade the
> |   patch 112960-03 and below)
> | * If is the problem of Solaris patch, anyone can contribute a
> |   simple C code the produce the same problem or even the ideal
> |   of how this C code should be written?
> 
> I'll get something to you later today hopefully.  I'd like to
> close out that bug report anyways.
> 
> 
> 
> cheeers, jerry
> ~ ----------------------------------------------------------------------
> ~ Hewlett-Packard            ------------------------- http://www.hp.com
> ~ SAMBA Team                 ---------------------- http://www.samba.org
> ~ GnuPG Key                  ---- http://www.plainjoe.org/gpg_public.asc
> ~ "If we're adding to the noise, turn off this song" --Switchfoot (2003)
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.1 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> 
> iD8DBQE/zKgAIR7qMdg1EfYRAuYiAKCtAGeMStu7F+U7m8YpZHg3bwbh5ACfRt4X
> vdetpiGf6hJfyYVZfUACSJs=
> =suih
> -----END PGP SIGNATURE-----
> 

-- 

Marco Zhang             : Solution Center Engineer
Email                   : Marco.Zhang at Sun.Com
Customer Service Centre : 1800 339 2786 (in Singapore) +65 6339 2786
Online Service Centre   : http://www.sun.com/service/online/ 


More information about the samba-technical mailing list