Re: [Samba] LDAP Supplementary Groups not recognised
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sat, 5 Apr 2003, Malcolm Gibbs wrote: Yes what is fustrating is that supplementary LDAP groups are working fine from the Solaris shell, it is only SAMBA that appears to be ignoring them. Do posixGroup entries have to have any additional attributes or be in a particular base to be recognised by SAMBA, Solaris 9 by default puts them in ou=group,dc=xx,dc=com. I don't think this is related to LDAP. Can you test using a standard /etc/passwd file and see if you get the same behavior. I've got unconfirmed reports of a possible generic bug in this area. cheers, jerry -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc You can never go home again, Oatman, but I guess you can shop there. --John Cusack - Grosse Point Blank (1997) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE+juOvIR7qMdg1EfYRAi3MAKCozIM5aQMrWx0L6wfFJZDe0/PXvQCgzwiH /FeyoIcmzqGj78WgdQ8rybY= =yMVB -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] LDAP Supplementary Groups not recognised
We are implementing the following: Solaris 9 iPlanet Directory Server 5.1 (bundled with Solaris 9) openldap 2.1.16 Only used for ldap libaries (samba will not compile without. Is this other people's experience?) samba 2.2.8 compiled with ./configure --with-ldapsam --with-acl-support We have the samba server acting as a PDC with all user and machine accounts in LDAP as sambaAccounts. We are successfully adding Windows XP workstations to the PDC and authenticating users. However supplementary groups for users are not being recognised (i.e posixGroup entries with the user as a memberUid attribute). Only the primary group (from sambaAccount) is being recognised as shown in the log. This results in a permission denied when accessing a directory with only group permissions. [2003/04/04 09:53:59, 3] smbd/sec_ctx.c:set_sec_ctx(334) 1 user groups: 1000 Interestingly supplementary groups from /etc/group are being recognised. If the same user logs into Solaris (the users have posixAccount entries as well) they can see and use all their supplementary groups (using Solaris 9 nss built in support). Is this a bug or something we are doing wrong. Any help would be appreciated. Thanks -- Malcolm Gibbs, Sun Microsystems (NZ) Ltd -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba