[Samba] LDAP Group Mapping Problem w/ Samba 2.2.5

Philip Poten philip.poten at bluebull.com
Tue Sep 24 17:58:00 GMT 2002

Hi there.

I have set up a Samba 2.2.5 Server with LDAP support. I don't wont local 
system users, so i also set up PAM authentication against ldap. This 
works fine, Machine Trusts and Users are not needed to be local (in 
/etc/passwd or /etc/group). The same with Groups. Now here is my Problem.


Assume two users, alice and bob, and two groups, alice-group and 
bob-group which are all represented in ldap.
alice has primary group alice-group
bob has bob-group
bob has no secondary group membership
alice is group member in bob-group

Assume two directories, like:

drwxr-x---    2 alice   alice-group   4096 Sep 24 07:43 alice-dir
drwxr-x---    2 bob   bob-group   4096 Sep 24 07:43 bob-dir

Remember, both, users and groups only exist in ldap, not in /etc/passwd 
or /etc/group.

When alice logs in on the linux box, everything works as it should, that 
means, alice can cd into alice-dir as well into bob-dir. bob can only cd 
into bob-dir.

When alice tries to access these files over a smb share (the same user, 
the same files!), she can only cd into alice-dir, not into bob-dir - 
That means, groups and users are well recognized by samba (and, of 
course, by the system itself) but the group-membership mapping only 
works in the shell, not with samba.

Can anybody give me a hint what this problem is about? Or how i can fix 
it? Or at least, who i can ask? Is this a bug or did i forget something?

Thank you all in advance,
kind regards,
Philip Poten

More information about the samba mailing list