[Samba] Re: Supplementary Group Issues

Dmitry Monakhov monakhv at ot.ru
Thu Feb 26 16:18:09 GMT 2004


Hi, All!

I was using nss_ldap from PADL Software compiled with ldap_sdk 5.08.
So, as a result samba did not recognize supplementary group.
However when I put down nscd server samba become unable to recognize 
both groups and users from LDAP. That means nss_ldap did not work from
samba completely.


The same nss_ldap  compiled with openldap library work perfectly 
correct, and samba can recognize both users, group and supplementary 
group as well. So, the problem was nss_ldap(ldap_sdk 5.08) which worked 
in unix shell but not within samba.

Sojka Reinhard wrote:
> Hi Dmitry, hi Jerome,
> 
> 
> as I am having the same problem with native Sun nss_client, I'd like to
> jump here in the thread.
> 
> 
>>>Last thing, I remember having seen some problems with Solaris 9
>>>nss_ldap client due to Sun patches on the list this or last month.
>>>The bug seems to be from Sun's fault. 
> 
> it was me 
> 
> 
> 
>>Ok. I knew it. So, I'm using nss_ldap-211 from padl.com and it is
>>definitely working good within Unix framework (id -a, ls -l...  show
>>right information). However according to the LDAP SERVER log file
>>samba even do not request for supplementary groups. By the way samba
>>log file level 10 I sent you also do not show any requests to LDAP for
>>supplementary groups.
> 
> 
> This behaviour is identical to my experiences with native Solaris 9
> nss_ldap. In my understanding, Samba requests supplementary group
> information from Solaris, and Solaris has to request this information
> from the LDAP server (after checking nsswitch.conf). If you have a
> working und a non-working system, the difference can be seen easily in
> the LDAP server logs. Note that /etc/group works.
> 
> We bypass this problem for the first time by using Patch-ID 112960-03.
> BTW, Patch-ID 112960-11 (Feb/23/2004) doesn't help either.
> 
> 
>>>http://marc.theaimsgroup.com/?l=samba&m=107636136823095&w=2
>>>and bug 395 (https://bugzilla.samba.org/show_bug.cgi?id=395).
>>>Please test the program in comment #19 and report.
> 
> 
> I would also be willing to test and report, but the program doesn't
> compile in Solaris. AFAIR the program was written for Linux. Anyway,
> Solaris doesn't provide getgrouplist(). Can anybody provide me with
> workarounds or hints?
> 
> Cheers,
> Reinhard
> 
> 

-- 
Dmitry Monakhov System Administrator
Open Technologies, tel: +7(095)787-7027
e-mail: monakhv at ot.ru, http://www.ot.ru/


More information about the samba mailing list