[Samba] Please Help with Secondary Groups
craigwhite at azapple.com
Fri Jan 9 21:56:57 GMT 2004
On Fri, 2004-01-09 at 14:42, MICHAEL BROWN wrote:
> Thanks for your reply Craig.
> Yes, getent DOES show the group and users correctly and yes, I have
> tried switching the nsswitch.conf file to:
> group: ldap files nis
> but that does not work either.
> What DOES work, I found this out a little while ago, is setting the
> directory to the GID within LDAP like:
> chown :5011 /home/test
> 5011 is the name of the group with the number of users above 60 or 70.
> Samba will authenticate correctly like this.
> Any group with the total user count below that number, (60 or 70), will
> allow me to use the actual name of the group but
> if you go above that number in the secondary groups, it does not
> recognize the name on ANY Redhat machine that I have in production.
> As I stated earlier, I have no problem on Mandrake 8.2
OK - got it... nscd - Name Caching Server Daemon
According to the very famous Mr. Terpstra's How-to Guide, you must shut
this off if you use winbind
If you don't use winbind... service nscd restart
Necessary sometimes after you adjust /etc/nsswitch.conf because the
caching remains in place.
and by the way, I think you will find life is easier if you set
passwd: files ldap nisplus #only use nisplus if you use nisplus in
#your network otherwise, don't use
group: files ldap
(and of course, if you change this setup, best to restart the nscd
service to clear the existing cache.
More information about the samba