[Samba] Secondary, tertiary group problems in Samba LDAP

Kent L. Nasveschuk kent at wareham.k12.ma.us
Thu Jan 8 01:41:19 GMT 2004

I found an interesting thing that I don't know if it is a bug, by design
or I need to be doing something that I'm not but here goes.
My system
RedHat 8.0 (1) PDC with LDAP 2.1.23 backend master,
(3) BDC with LDAP slave backend. All are Samba 3.0.
I had a probelem with secondary, tertiary etc groups that people belong
to and Samba recognizing these groups if they were stored in LDAP. The
primary group was no problem. When I created shares but used
"@groupname"  for valid users or write list, Samba would fail to get
that info from LDAP. They needed to be in /etc/group to work. As soon as
I added users in secondary groups to /etc/group users were recognized
and rights were assigned.
As a side note each line of /etc/group is limited to 1024 bytes, so
there is a limit on how many users you can add to a group using
/etc/group. If you exceed that when the system scans the /etc/group
file, it will fail at the line >1024 bytes and any groups below will
fail to be recognized. I believe that this is a bug. If you do "ls" on a
directory or "id <username>" where one of the entries in your /etc/group
has exceeded the limit, the groups will show as numbers and not a group

Can I use pam_winbindd to extract group membership from LDAP at this
time for secondary, tertiary etc groups?

Kent L. Nasveschuk <kent at wareham.k12.ma.us>

More information about the samba mailing list