[Samba] samba 3.4.8 / solaris / unix secondary groups

Joe Cammisa jcammisa at haverford.edu
Mon Aug 23 13:39:49 MDT 2010 

thanks, reinhard, apparently you are quite right--the development server
on which i performed the initial testing had a much more recent level of
operating system patches than did the deployent system.  in our case, the
sun machines are ldap clients (specifically, of a sun 1 ldap server); it
is from this source that the secondary group information comes.

interestingly, while i was plunking around with this over the weekend i
noticed that by doing a "getent group > /var/tmp/groups_all" followed by
"cp /var/tmp/groups_all /etc/group" (ie, putting all of the unix group
information in the local /etc/group file), suddenly samba could see and
honor 2ndry groups as expected.  admittedly, no substitute for a properly
patched o.s., but perhaps a suitable interim workaround for some other
desperate soul down the road.

-joe


> hi,
>
> some years ago I had a similar problem with Solaris 9 and Samba 3.0.x.
> The reason was some sort of incompatibility between OpenLDAP's libldap
> and Sun's libsldap, can't remember the exact details. Anyway the
> behavior of Solaris 9 in honoring secondary groups was dependent on the
> patch level, and the whole issue was resolved with a patch from Sun.
> Are you sure that both servers are on the same patch level? Check
> /etc/release and the patches for LDAP on both systems, maybe you can
> find a difference that explains this behavior.
>
> kind regards,
> Reinhard
>
> Joe Cammisa wrote:
>> samba-3.4.8 built under solaris_10 (--with-krb5=/sr/local/lib --with-ads
>> --with-ldap); on my test server it runs flawlessly; however on the
>> production server, there is a big exception:  users' secondary group
>> memberships are not honored.
>>
>> >
>> >
>>
>> again, same samba version, built against the same libraries in the same
>> way with the same config file in both cases.  any one with an idea how i
>> might make this work?  many thanks in advance!!
>>
>> -joe
>>
>>
>>
>


-- 

  Joe Cammisa
  Networking & Systems
  College Information Resources
  Haverford College

  phone:  1-610-896-4239
  email:  jcammisa at haverford.edu

More information about the samba mailing list