[Samba] Re: Supplementary Group Issues
Dmitry Monakhov
monakhv at ot.ru
Thu Feb 26 16:18:09 GMT 2004
Hi, All!
I was using nss_ldap from PADL Software compiled with ldap_sdk 5.08.
So, as a result samba did not recognize supplementary group.
However when I put down nscd server samba become unable to recognize
both groups and users from LDAP. That means nss_ldap did not work from
samba completely.
The same nss_ldap compiled with openldap library work perfectly
correct, and samba can recognize both users, group and supplementary
group as well. So, the problem was nss_ldap(ldap_sdk 5.08) which worked
in unix shell but not within samba.
Sojka Reinhard wrote:
> Hi Dmitry, hi Jerome,
>
>
> as I am having the same problem with native Sun nss_client, I'd like to
> jump here in the thread.
>
>
>>>Last thing, I remember having seen some problems with Solaris 9
>>>nss_ldap client due to Sun patches on the list this or last month.
>>>The bug seems to be from Sun's fault.
>
> it was me
>
>
>
>>Ok. I knew it. So, I'm using nss_ldap-211 from padl.com and it is
>>definitely working good within Unix framework (id -a, ls -l... show
>>right information). However according to the LDAP SERVER log file
>>samba even do not request for supplementary groups. By the way samba
>>log file level 10 I sent you also do not show any requests to LDAP for
>>supplementary groups.
>
>
> This behaviour is identical to my experiences with native Solaris 9
> nss_ldap. In my understanding, Samba requests supplementary group
> information from Solaris, and Solaris has to request this information
> from the LDAP server (after checking nsswitch.conf). If you have a
> working und a non-working system, the difference can be seen easily in
> the LDAP server logs. Note that /etc/group works.
>
> We bypass this problem for the first time by using Patch-ID 112960-03.
> BTW, Patch-ID 112960-11 (Feb/23/2004) doesn't help either.
>
>
>>>http://marc.theaimsgroup.com/?l=samba&m=107636136823095&w=2
>>>and bug 395 (https://bugzilla.samba.org/show_bug.cgi?id=395).
>>>Please test the program in comment #19 and report.
>
>
> I would also be willing to test and report, but the program doesn't
> compile in Solaris. AFAIR the program was written for Linux. Anyway,
> Solaris doesn't provide getgrouplist(). Can anybody provide me with
> workarounds or hints?
>
> Cheers,
> Reinhard
>
>
--
Dmitry Monakhov System Administrator
Open Technologies, tel: +7(095)787-7027
e-mail: monakhv at ot.ru, http://www.ot.ru/
More information about the samba
mailing list