[Samba] LDAP Supplementary Groups not recognised

philipp mayrhofer philipp.mayrhofer at lisec.com
Wed Apr 9 08:13:01 GMT 2003

hi jerry,

i have a similary problem.

since i upgraded to 2.2.8 and 2.2.8a supplementary groups do not work.

os is linux (not solaris)
kernel 2.4.18 SMP

ldap server is a different box

we use samba compiled w/o special configure options.


we use ldap for the PAM user information (only PAM - no ldapsam)
and we use a historical winnt4 pdc as password server.

at the shell i can see that the other groups are known by the system.
id -a username
getent passwd
getent group

but it does not work in samba and that since the upgrade.
the upgrade to 2.2.8 was important to me, because of
problems with printing and lpq cache time.


philipp mayrhofer

Gerald (Jerry) Carter wrote:

>Hash: SHA1
>On Sat, 5 Apr 2003, Malcolm Gibbs wrote:
>>Yes what is fustrating is that supplementary LDAP groups are working
>>fine from the Solaris shell, it is only SAMBA that appears to be
>>ignoring them.
>>Do posixGroup entries have to have any additional attributes or be in a 
>>particular base to be recognised by SAMBA, Solaris 9 by default puts 
>>them in ou=group,dc=xx,dc=com.
>I don't think this is related to LDAP.  Can you test using a standard 
>/etc/passwd file and see if you get the same behavior.   I've got 
>unconfirmed reports of a possible generic bug in this area.
>cheers, jerry
> ----------------------------------------------------------------------
> Hewlett-Packard            ------------------------- http://www.hp.com
> SAMBA Team                 ---------------------- http://www.samba.org
> GnuPG Key                  ---- http://www.plainjoe.org/gpg_public.asc
> "You can never go home again, Oatman, but I guess you can shop there."  
>                            --John Cusack - "Grosse Point Blank" (1997)
>Version: GnuPG v1.2.0 (GNU/Linux)
>Comment: For info see http://quantumlab.net/pine_privacy_guard/

More information about the samba mailing list