[Samba] Secondary, tertiary group problems in Samba LDAP

John H Terpstra jht at samba.org
Fri Jan 9 20:20:20 GMT 2004


On Fri, 9 Jan 2004, Kent L. Nasveschuk wrote:

> I don't, is it essential for this to work correctly?

As a matter of fact, it is!

Samba resolves group membership via NSS. If you do not configure NSS to
resolve group identies from LDAP then it will be be able to do so. But if
you check your /etc/nsswitch.conf file you will see either:

groups: compat

_or_

groups: files

both of which mean, lookup group information from /etc/group.

I am convinced that this is not a bug. However, a decision on your part
not to use LDAP for group lookups may well be a valid decision.

cheers,
John T.

>
>
> On Fri, 2004-01-09 at 10:52, Gerald (Jerry) Carter wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > On 7 Jan 2004, Kent L. Nasveschuk wrote:
> >
> > > Hello,
> > > I found an interesting thing that I don't know if it is a bug, by design
> > > or I need to be doing something that I'm not but here goes.
> > >
> > > My system
> > > RedHat 8.0 (1) PDC with LDAP 2.1.23 backend master,
> > > (3) BDC with LDAP slave backend. All are Samba 3.0.
> > >
> > > I had a probelem with secondary, tertiary etc groups that people belong
> > > to and Samba recognizing these groups if they were stored in LDAP. The
> > > primary group was no problem. When I created shares but used
> > > "@groupname"  for valid users or write list, Samba would fail to get
> > > that info from LDAP. They needed to be in /etc/group to work. As soon as
> > > I added users in secondary groups to /etc/group users were recognized
> > > and rights were assigned.
> >
> > do you have nss_ldap setup correctly?
> >
> >
> >
> >
> >
> >
> >
> > cheers, jerry
> >  ----------------------------------------------------------------------
> >  Hewlett-Packard            ------------------------- http://www.hp.com
> >  SAMBA Team                 ---------------------- http://www.samba.org
> >  GnuPG Key                  ---- http://www.plainjoe.org/gpg_public.asc
> >  "If we're adding to the noise, turn off this song" --Switchfoot (2003)
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.2.0 (GNU/Linux)
> > Comment: For info see http://quantumlab.net/pine_privacy_guard/
> >
> > iD8DBQE//s5YIR7qMdg1EfYRApHUAKDfecFReHBdV4XU8femIsKXkbdR5wCg6Rxa
> > 2DWV4KTXVLdyl22z1Tkcjzs=
> > =ptcK
> > -----END PGP SIGNATURE-----
>

-- 
John H Terpstra
Email: jht at samba.org


More information about the samba mailing list