Hi, All!
I was using nss_ldap from PADL Software compiled with ldap_sdk 5.08.
So, as a result samba did not recognize supplementary group.
However when I put down nscd server samba become unable to recognize both groups and users from LDAP. That means nss_ldap did not work from
samba completely.
The same nss_ldap compiled with openldap library work perfectly correct, and samba can recognize both users, group and supplementary group as well. So, the problem was nss_ldap(ldap_sdk 5.08) which worked in unix shell but not within samba.
Sojka Reinhard wrote:
Hi Dmitry, hi Jerome,
as I am having the same problem with native Sun nss_client, I'd like to jump here in the thread.
Last thing, I remember having seen some problems with Solaris 9
nss_ldap client due to Sun patches on the list this or last month.
The bug seems to be from Sun's fault.
it was me
Ok. I knew it. So, I'm using nss_ldap-211 from padl.com and it is definitely working good within Unix framework (id -a, ls -l... show right information). However according to the LDAP SERVER log file samba even do not request for supplementary groups. By the way samba log file level 10 I sent you also do not show any requests to LDAP for supplementary groups.
This behaviour is identical to my experiences with native Solaris 9 nss_ldap. In my understanding, Samba requests supplementary group information from Solaris, and Solaris has to request this information from the LDAP server (after checking nsswitch.conf). If you have a working und a non-working system, the difference can be seen easily in the LDAP server logs. Note that /etc/group works.
We bypass this problem for the first time by using Patch-ID 112960-03. BTW, Patch-ID 112960-11 (Feb/23/2004) doesn't help either.
http://marc.theaimsgroup.com/?l=samba&m=107636136823095&w=2 and bug 395 (https://bugzilla.samba.org/show_bug.cgi?id=395). Please test the program in comment #19 and report.
I would also be willing to test and report, but the program doesn't compile in Solaris. AFAIR the program was written for Linux. Anyway, Solaris doesn't provide getgrouplist(). Can anybody provide me with workarounds or hints?
Cheers, Reinhard
-- Dmitry Monakhov System Administrator Open Technologies, tel: +7(095)787-7027 e-mail: [EMAIL PROTECTED], http://www.ot.ru/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba