[Samba] Secondary, tertiary group problems in Samba LDAP
Kent L. Nasveschuk
kent at wareham.k12.ma.us
Thu Jan 8 01:41:19 GMT 2004
I found an interesting thing that I don't know if it is a bug, by design
or I need to be doing something that I'm not but here goes.
RedHat 8.0 (1) PDC with LDAP 2.1.23 backend master,
(3) BDC with LDAP slave backend. All are Samba 3.0.
I had a probelem with secondary, tertiary etc groups that people belong
to and Samba recognizing these groups if they were stored in LDAP. The
primary group was no problem. When I created shares but used
"@groupname" for valid users or write list, Samba would fail to get
that info from LDAP. They needed to be in /etc/group to work. As soon as
I added users in secondary groups to /etc/group users were recognized
and rights were assigned.
As a side note each line of /etc/group is limited to 1024 bytes, so
there is a limit on how many users you can add to a group using
/etc/group. If you exceed that when the system scans the /etc/group
file, it will fail at the line >1024 bytes and any groups below will
fail to be recognized. I believe that this is a bug. If you do "ls" on a
directory or "id <username>" where one of the entries in your /etc/group
has exceeded the limit, the groups will show as numbers and not a group
Can I use pam_winbindd to extract group membership from LDAP at this
time for secondary, tertiary etc groups?
Kent L. Nasveschuk <kent at wareham.k12.ma.us>
More information about the samba