[Samba] ldap secondary/auxillary groups not available
Montenegro, Michael H (Michael)
mhm4 at alcatel-lucent.com
Tue Aug 12 16:29:39 GMT 2008
I have a samba 3.0.20 installation that authenticates users using ntlm
to a MS DC. The samba installation was correctly able authenticate users
and map them to their unix uids and gids without an issue. The solaris
box that samba was running on was also using NIS for its naming
services.
I have recently migrated this machine that was using NIS for its naming
services to LDAP which is running on a separate server and running SUN
DSEE 6.2 ldap software. I did not modify any lines in the smb.conf and
all is working fine except that only the uid and primary gid are
available to the samba server. Users can no longer rely on their
secondary unix assigned groups to access any shares that are restricted
to secondary groups via their unix group permissions. I expected the
samba software to be able to identify all of a user's groups since the
groups command accurately returns the correct listing of groups for a
user. I would like to maintain my authentication using ntlm to my MS DC
but have samba correctly identify all the groups a user belongs to. Is
there a sample smb.conf available for this?
I saw the post
http://lists.samba.org/archive/samba/2004-January/078106.html
It advised to make sure the nsswtich.conf uses ldap for groups and I
made sure mine is correct:
/etc/nsswitch.conf:
...
group: files ldap
...
Thanks,
Michael
More information about the samba
mailing list