[Samba] Can a user belong to two groups in Samba ???

Gerald (Jerry) Carter jerry at samba.org
Sat Aug 9 22:46:12 GMT 2003 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Fri, 8 Aug 2003, Ganael LAPLANCHE wrote:

> Hi,
> 
> I'm using samba 3b3 (+ldapsam) and have created a user belonging to two
> groups :
> 
> - his primary group is mapped to the "Domain Users" Windows group,
> - his secondary one is mapped to the "Domain Admins" Windows group.

It should be fine.  Can you send me a level 10 debug log showing the 
session setup portion where the user's groups are initialized?

> Unfortunately, only the first group seems to be known by Samba, since the
> user doesn't become a "Domain Admin" at all (but he is a "Domain User")...

You could have this problem if libc is not returning the secondary groups
for a user via NSS.

> I've googled a lot and haven't been able to find much info about
> multiple-groups-per-user handling in Samba ; some users seem to get the
> same problem without getting a solution ; Redhat did record this as a bug
> in bugzilla...

Do you know that bug #id offhand ?

> So : Is it a bug ? Is it related to LDAP ? Finally, Is it possible to have
> a user belonging to two (or more) Windows domain groups ?

It would be a bug.  Whether it is our bug or not is unknown right now.
That log file would help me to determine what is going on.  All my tests
are turning up correct results.




cheers, jerry
 ----------------------------------------------------------------------
 Hewlett-Packard            ------------------------- http://www.hp.com
 SAMBA Team                 ---------------------- http://www.samba.org
 GnuPG Key                  ---- http://www.plainjoe.org/gpg_public.asc
 "You can never go home again, Oatman, but I guess you can shop there."  
                            --John Cusack - "Grosse Point Blank" (1997)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: For info see http://quantumlab.net/pine_privacy_guard/

iD8DBQE/NXm1IR7qMdg1EfYRAjF1AJ4sOFvOMU2jnG/DH4H3CeGYEY+H9wCg7ac1
IszQGlOyDatDso1tkLo8nGA=
=R55j
-----END PGP SIGNATURE-----

More information about the samba mailing list