Hi Jerome, thank you for your quick answer. Hope you can forgive me my not so quick response.
>Sojka Reinhard wrote: >> Hi, >> >> we have tested Samba 3.0.0 and 3.0.1 with LDAP-Support (--with-ldap) on >> Solaris 8 and it worked fine. >> The machine authenticates against an OpenLDAP server. Patch 108993-23 is >> applied and we use native Sun LDAP client modules. >> >> On Solaris 9 we ran into problems with secondary groups. Users cannot >> access files if the rights are based on a secondary group and if this >> information is stored on the LDAP server. >> Note that everything is ok with information from /etc/group and Unix >> authentication is working (login, id, groups, getent, ...). We are using >> the Sun LDAP client, Patch 112960-10. >I had the same problem with Solaris 9 and Samba 3.0.?. >Only W2K and WXP clients would have their secondary groups honoured, >Win98 would not. >This was in relation with login name case (i.e. Win98 would give it in >UPPERCASE, no shouting here), and Win2K/XP in lowercase. And secondary >groups would not be seen by Unix if unix login is lowercase, and tested >login (from Samba) was uppercase. >Have a test right now, and tell us if it is the problem encountered (and >give us the type of clients you have, and have tests on both W9x and WNT). We use W2K clients at the moment. >Simply test : ># id jerome >uid=1000(jerome) gid=513(domusers) >groups=513(domusers),550(prtadmin),103(dsvi),102(susers),1000(ntadmin) ># id JEROME >uid=1000(jerome) gid=513(domusers) groups=513(domusers) # /usr/xpg4/bin/id edvtest uid=1520(edvtest) gid=150(edv) groups=10(staff),157(et),136(eppo_apl),100(dba),5831(caddy), # /usr/xpg4/bin/id EDVTEST uid=1520(edvtest) gid=150(edv) Same result in Solaris 8 and Solaris 9, but as you have mentioned above, this should be no problem with W2K clients. The problem is that Samba (and Windows) can see the secondary groups on a PDC with Solaris 8, but these groups can`t be seen on a PDC with Solaris 9. For testing purpose, we switched back to the Solaris 8 machine and everything is fine. Same smb.conf, same user, same LDAP server and database, etc. and it worked. I think my problem is more like this one http://lists.samba.org/archive/samba-technical/2003-December/033162.html same thread but more interesting http://lists.samba.org/archive/samba-technical/2003-December/033482.html The only difference I see to my configuration is Samba 2.2.8a instead of 3.0.x >> >> It seems that Samba doesn't seach the secondary groups on the LDAP server. >Was not Samba for me, it was Solaris. Posix in fact, as Linux shows the >same behaviour. You are right and I was unclear. Let's try it this way: It seems to me that Samba can't motivate Solaris 9 to search for secondary groups on the LDAP server. >Have a look at https://bugzilla.samba.org/show_bug.cgi?id=882. >It's supposed to be corrected, but I could not have my customer to test it. I will give it a try with my Laptop as soon as I have a working installation :) >[snip] : can't help on getgrouplist >HTH, >J�r�me Thank you, Reinhard -- mailto:[EMAIL PROTECTED]@parlinkom.gv.at -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
