[Samba] LDAP Supplementary Groups not recognised

philipp mayrhofer philipp.mayrhofer at lisec.com
Wed Apr 9 08:13:01 GMT 2003


hi jerry,

i have a similary problem.

since i upgraded to 2.2.8 and 2.2.8a supplementary groups do not work.

os is linux (not solaris)
kernel 2.4.18 SMP
openldap2-client-2.0.12-28
nss_ldap-167-21
openldap2-2.0.12-28
pam_ldap-122-29

ldap server is a different box
openldap-1.2.11-16


we use samba compiled w/o special configure options.

./configure

we use ldap for the PAM user information (only PAM - no ldapsam)
and we use a historical winnt4 pdc as password server.

at the shell i can see that the other groups are known by the system.
id -a username
getent passwd
getent group

but it does not work in samba and that since the upgrade.
the upgrade to 2.2.8 was important to me, because of
problems with printing and lpq cache time.

thanks

philipp mayrhofer



Gerald (Jerry) Carter wrote:

>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>On Sat, 5 Apr 2003, Malcolm Gibbs wrote:
>
>  
>
>>Yes what is fustrating is that supplementary LDAP groups are working
>>fine from the Solaris shell, it is only SAMBA that appears to be
>>ignoring them.
>>
>>Do posixGroup entries have to have any additional attributes or be in a 
>>particular base to be recognised by SAMBA, Solaris 9 by default puts 
>>them in ou=group,dc=xx,dc=com.
>>    
>>
>
>I don't think this is related to LDAP.  Can you test using a standard 
>/etc/passwd file and see if you get the same behavior.   I've got 
>unconfirmed reports of a possible generic bug in this area.
>
>
>
>
>cheers, jerry
> ----------------------------------------------------------------------
> Hewlett-Packard            ------------------------- http://www.hp.com
> SAMBA Team                 ---------------------- http://www.samba.org
> GnuPG Key                  ---- http://www.plainjoe.org/gpg_public.asc
> "You can never go home again, Oatman, but I guess you can shop there."  
>                            --John Cusack - "Grosse Point Blank" (1997)
>
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.2.0 (GNU/Linux)
>Comment: For info see http://quantumlab.net/pine_privacy_guard/
>
>iD8DBQE+juOvIR7qMdg1EfYRAi3MAKCozIM5aQMrWx0L6wfFJZDe0/PXvQCgzwiH
>/FeyoIcmzqGj78WgdQ8rybY=
>=yMVB
>-----END PGP SIGNATURE-----
>
>  
>




More information about the samba mailing list