[Samba] unix group membership -- broken in 3.0.23c?

Dmitry Karasik dmitry at karasik.eu.org
Tue Nov 14 13:43:52 GMT 2006


I've just upgraded to 3.0.23c and noticed that unix group membership
validation doesn't work anymore. For example,

valid users = +mygroup

doesn't check whether a user trying to login is member of mygroup in
/etc/groups. I noticed in WHATSNEW.txt that there are some changes, but there's
no explanation of what to do with the existing smbpasswd database after the
upgrade (if it is indeed the case).

I tried to track down what might've happened by myself, but got lost in the
logic. The best I could figure out that lookup_name() does only return the
desired SID_NAME_DOM_GRP if the requested domain is "Unix Group", but
user_in_group() calls lookup_name() with the parameter set to NULL.

OTOH this all could be very much valid, and a change I supposed to make 
in my smbd.conf is not present or deeply hidden. So, it this a bug? And if not,
what I need to do to enable unix groups lookups?

	Dmitry Karasik

More information about the samba mailing list