[Samba] LDAP Supplementary Groups not recognised
Malcolm Gibbs
malcolm.gibbs at sun.com
Fri Apr 4 02:53:25 GMT 2003
We are implementing the following:
Solaris 9
iPlanet Directory Server 5.1 (bundled with Solaris 9)
openldap 2.1.16
Only used for ldap libaries (samba will not compile
without. Is this other people's experience?)
samba 2.2.8
compiled with ./configure --with-ldapsam --with-acl-support
We have the samba server acting as a PDC with all user and machine
accounts in LDAP as sambaAccounts.
We are successfully adding Windows XP workstations to the PDC and
authenticating users.
However supplementary groups for users are not being recognised (i.e
posixGroup entries with the user as a memberUid attribute).
Only the primary group (from sambaAccount) is being recognised as shown
in the log. This results in a permission denied when accessing a
directory with only group permissions.
[2003/04/04 09:53:59, 3] smbd/sec_ctx.c:set_sec_ctx(334)
1 user groups:
1000
Interestingly supplementary groups from /etc/group are being recognised.
If the same user logs into Solaris (the users have posixAccount entries
as well) they can see and use all their supplementary groups (using
Solaris 9 nss built in support).
Is this a bug or something we are doing wrong. Any help would be
appreciated.
Thanks
--
Malcolm Gibbs, Sun Microsystems (NZ) Ltd
More information about the samba
mailing list