[Samba] Please Help with Secondary Groups
MBROWN at mesainc.com
Fri Jan 9 22:06:30 GMT 2004
That is not it either Craig. I have tried it with nscd and without in
the past and neither worked =(
By the way, my nsswitch.conf is set to:
group: files ldap
I just tried putting ldap in front to see if it had any bearing on the
Any other ideas?
Do you have a secondary group with 70-80 users in it? Oh yea, the
PRIMARY groups with over 70 and up ARE recognized. It is
just the secondary groups.
>>> Craig White <craigwhite at azapple.com> Friday, January 09, 2004 >>>
On Fri, 2004-01-09 at 14:42, MICHAEL BROWN wrote:
> Thanks for your reply Craig.
> Yes, getent DOES show the group and users correctly and yes, I have
> tried switching the nsswitch.conf file to:
> group: ldap files nis
> but that does not work either.
> What DOES work, I found this out a little while ago, is setting the
> directory to the GID within LDAP like:
> chown :5011 /home/test
> 5011 is the name of the group with the number of users above 60 or
> Samba will authenticate correctly like this.
> Any group with the total user count below that number, (60 or 70),
> allow me to use the actual name of the group but
> if you go above that number in the secondary groups, it does not
> recognize the name on ANY Redhat machine that I have in production.
> As I stated earlier, I have no problem on Mandrake 8.2
OK - got it... nscd - Name Caching Server Daemon
According to the very famous Mr. Terpstra's How-to Guide, you must
this off if you use winbind
If you don't use winbind... service nscd restart
Necessary sometimes after you adjust /etc/nsswitch.conf because the
caching remains in place.
and by the way, I think you will find life is easier if you set
passwd: files ldap nisplus #only use nisplus if you use nisplus in
#your network otherwise, don't use
group: files ldap
(and of course, if you change this setup, best to restart the nscd
service to clear the existing cache.
More information about the samba