[Samba] LDAP Supplementary Groups not recognised

Malcolm Gibbs malcolm.gibbs at sun.com
Fri Apr 4 02:53:25 GMT 2003

We are implementing the following:

Solaris 9
iPlanet Directory Server 5.1 (bundled with Solaris 9)
openldap 2.1.16
    Only used for ldap libaries (samba will not compile
    without. Is this other people's experience?)
samba 2.2.8
    compiled with ./configure --with-ldapsam --with-acl-support

We have the samba server acting as a PDC with all user and machine 
accounts in LDAP as sambaAccounts.

We are successfully adding Windows XP workstations to the PDC and 
authenticating users.

However supplementary groups for users are not being recognised (i.e 
posixGroup entries with the user as a memberUid attribute).

Only the primary group (from sambaAccount) is being recognised as shown 
in the log. This results in a permission denied when accessing a 
directory with only group permissions.

[2003/04/04 09:53:59, 3] smbd/sec_ctx.c:set_sec_ctx(334)
   1 user groups:

Interestingly supplementary groups from /etc/group are being recognised.

If the same user logs into Solaris (the users have posixAccount entries 
as well) they can see and use all their supplementary groups (using 
Solaris 9 nss built in support).

Is this a bug or something we are doing wrong. Any help would be 


Malcolm Gibbs, Sun Microsystems (NZ) Ltd

More information about the samba mailing list