[Samba] Problems using netgroups
Ulrich Hochholdinger
hochhold at fzi.de
Mon Sep 9 19:59:00 GMT 2002
Hi,
I have some problems using netgroups with samba, at the moment I'm using
the debian-package with Version samba-2.2.3a-6 on a debian testing
system.
The problem is that samba checks for wrong host-name in the nis-database
here is my snippet of the smb.conf to have a exchange partition:
--------smb.conf
[export]
path = /Mirror/export
writeable = Yes
guest only = Yes
hosts allow = @hosts-ids
fstype = samba
create mask = 0775
directory mask = 0775
-------
When samba tries to lookup the client in the nis-database it tries to
lookup the full hostname or ip-address but there is only an entry for
the short hostname in my nis-database.
Example of the smb log-file:
--------/var/log/smb
[2002/09/09 20:11:01, 3] lib/access.c:check_access(313)
check_access: hostnames in host allow/deny list.
[2002/09/09 20:11:01, 5] lib/access.c:string_match(87)
looking for 141.21.7.54 of domain fzi in netgroup hosts-ids gave No
[2002/09/09 20:11:01, 5] lib/access.c:string_match(87)
looking for horch.fzi.de of domain fzi in netgroup hosts-ids gave No
[2002/09/09 20:11:01, 5] lib/access.c:string_match(87)
looking for 141.21.7.54 of domain fzi in netgroup hosts-secure-ids
gave No
[2002/09/09 20:11:01, 5] lib/access.c:string_match(87)
looking for horch.fzi.de of domain fzi in netgroup hosts-secure-ids
gave No
[2002/09/09 20:11:01, 0] lib/access.c:check_access(325)
Denied connection from horch.fzi.de (141.21.7.54)
--------
So it looks for the ip-address and then for the fqdn of the client in
the nis-map but in this map the entry for this host is
ypmatch -k hosts-ids netgroup
hosts-ids (horch,,fzi)
Since every other service using NIS runs fine, I think the problem lies
on samba, (possibly I have to set any flag so that samba tries to lookup
the short host-name, but I have found none)
Gruss
Ulli
--
\ Ulli Hochholdinger E-Mail: hochhold at fzi.de \
/ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ /
\ Sometimes I think the surest sign that intelligent life exists elsewhere \
/ in the universe is that none of it has tried to contact us. (Calvin) /
More information about the samba
mailing list