[Samba] Problems using netgroups

Ulrich Hochholdinger hochhold at fzi.de
Mon Sep 9 19:59:00 GMT 2002


Hi,
I have some problems using netgroups with samba, at the moment I'm using
the debian-package with Version samba-2.2.3a-6 on a debian testing
system.
The problem is that samba checks for wrong host-name in the nis-database
here is my snippet of the smb.conf to have a exchange partition:

--------smb.conf
[export]
        path = /Mirror/export
        writeable = Yes
        guest only = Yes
        hosts allow = @hosts-ids
        fstype = samba
        create mask = 0775
        directory mask = 0775
-------
When samba tries to lookup the client in the nis-database it tries to
lookup the full hostname or ip-address but there is only an entry for
the short hostname in my nis-database.
Example of the smb log-file:

--------/var/log/smb
[2002/09/09 20:11:01, 3] lib/access.c:check_access(313)
  check_access: hostnames in host allow/deny list.
[2002/09/09 20:11:01, 5] lib/access.c:string_match(87)
  looking for 141.21.7.54 of domain fzi in netgroup hosts-ids gave No
[2002/09/09 20:11:01, 5] lib/access.c:string_match(87)
  looking for horch.fzi.de of domain fzi in netgroup hosts-ids gave No
[2002/09/09 20:11:01, 5] lib/access.c:string_match(87)
  looking for 141.21.7.54 of domain fzi in netgroup hosts-secure-ids
gave No
[2002/09/09 20:11:01, 5] lib/access.c:string_match(87)
  looking for horch.fzi.de of domain fzi in netgroup hosts-secure-ids
gave No
[2002/09/09 20:11:01, 0] lib/access.c:check_access(325)
  Denied connection from horch.fzi.de (141.21.7.54)
--------
So it looks for the ip-address and then for the fqdn of the client in
the nis-map but in this map the entry for this host is

ypmatch -k hosts-ids netgroup
hosts-ids  (horch,,fzi)

Since every other service using NIS runs fine, I think the problem lies
on samba, (possibly I have to set any flag so that samba tries to lookup
the short host-name, but I have found none)

Gruss
	Ulli

-- 
\ Ulli Hochholdinger                               E-Mail: hochhold at fzi.de \
/ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ /
\ Sometimes I think the surest sign that intelligent life exists elsewhere \
/ in the universe is that none of it has tried to contact us. (Calvin)     /



More information about the samba mailing list