[Samba] Please Help with Secondary Groups

Craig White craigwhite at azapple.com
Fri Jan 9 21:56:57 GMT 2004

On Fri, 2004-01-09 at 14:42, MICHAEL BROWN wrote:
> Thanks for your reply Craig.
> Yes, getent DOES show the group and users correctly and yes, I have
> tried switching the nsswitch.conf file to:
> group: ldap files nis
> but that does not work either.
> What DOES work, I found this out a little while ago, is setting the
> directory to the GID within LDAP like:
> chown :5011 /home/test
> 5011 is the name of the group with the number of users above 60 or 70. 
> Samba will authenticate correctly like this.
> Any group with the total user count below that number, (60 or 70), will
> allow me to use the actual name of the group but
> if you go above that number in the secondary groups, it does not
> recognize the name on ANY Redhat machine that I have in production.
> As I stated earlier, I have no problem on Mandrake 8.2
OK - got it... nscd - Name Caching Server Daemon

According to the very famous Mr. Terpstra's How-to Guide, you must shut
this off if you use winbind

If you don't use winbind... service nscd restart 

Necessary sometimes after you adjust /etc/nsswitch.conf because the
caching remains in place.

and by the way, I think you will find life is easier if you set 

passwd: files ldap nisplus #only use nisplus if you use nisplus in
                           #your network otherwise, don't use
group: files ldap

(and of course, if you change this setup, best to restart the nscd
service to clear the existing cache.



More information about the samba mailing list