[Samba] Compiling --with-ldap on Solaris 9
Hi David, as Paul has stated already you need the OpenLDAP libraries to compile Samba on a Solaris 9 machine with LDAP or ADS support. The LDAP libraries from Sun do not provide all necessary functions. The problem is that compiling with OpenLDAP libraries comes with a price if you are authenticating Solaris against LDAP using the native Sun LDAP-Client. Samba will not get any information about secondary groups from the LDAP server, while everything is OK whith information from /etc/group. This behaviour is known as bug #395, which is already closed because it is not a real bug, see https://bugzilla.samba.org/show_bug.cgi?id=395 . I would call it a compatibility problem between the LDAP libraries from Sun and OpenLDAP. (Many thanks to the people at the Sun Center in Berlin for helping me here) If you are affected from this problem, there are 3 workarounds known to me. Please note that I haven't tried all. * put all group information in /etc/group (don't like this idea) * use Patch-ID 112960-03 (rev. -04 and -05 should work too) with authentication method "simple". With "tls:simple" the problem seems to exists for all revisions of this patch. * avoid Sun's LDAP completely and shift to OpenLDAP and nss_ldap from Padl, see http://lists.samba.org/archive/samba/2004-February/081509.html cheers, Reinhard -- Reinhard Sojka <[EMAIL PROTECTED]> System- & Networkadmin Parlamentsdirektion +43 1 40110 2824 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Compiling --with-ldap on Solaris 9
Hi Andy, I am not from the Samba team, but I am fighting this problem since Jannuary. In the meanwhile I have a rough overview and hope I can provide you with some links to dig into this problem. In my understanding the most helpful statement is made here http://marc.theaimsgroup.com/?l=samba-technical&m=107051047631564&w=2 Bugzilla entry: https://bugzilla.samba.org/show_bug.cgi?id=395 To my knowledge the problem with Solaris 9 appeared on the List in December 2003 http://marc.theaimsgroup.com/?l=samba-technical&m=107026747906385&w=2 Tough it was Samba 2.2.8a, the problem with LDAP and Solaris 9 is the same as with Samba 3.0.x. This was solved by tweaking Samba 2.2.8a a bit to make it compile with Sun LDAP libraries. here are the results of my testing http://lists.samba.org/archive/samba/2004-February/080092.html and here is Jerry's answer http://lists.samba.org/archive/samba/2004-February/080160.html which leads, at the end, to first link in my mail http://marc.theaimsgroup.com/?l=samba-technical&m=107051047631564&w=2 cheers, Reinhard -- Reinhard Sojka <[EMAIL PROTECTED]> System- & Networkadmin Parlamentsdirektion +43 1 40110 2824 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] 3.0.2rc1, LDAP, Solaris 9 and secondary group problem - Bug 395?
Hi, we have tested Samba 3.0.0 and 3.0.1 with LDAP-Support (--with-ldap) on Solaris 8 and it worked fine. The machine authenticates against an OpenLDAP server. Patch 108993-23 is applied and we use native Sun LDAP client modules. On Solaris 9 we ran into problems with secondary groups. Users cannot access files if the rights are based on a secondary group and if this information is stored on the LDAP server. Note that everything is ok with information from /etc/group and Unix authentication is working (login, id, groups, getent, ...). We are using the Sun LDAP client, Patch 112960-10. It seems that Samba doesn't seach the secondary groups on the LDAP server. I'd like to ask if this is the same behaviour as described in https://bugzilla.samba.org/show_bug.cgi?id=395 . Or is this a different bug or some sort of misconfiguration? I am a bit confused by the bug report and the configuration of the server is a bit different: * no winbind * Sun LDAP client instead of nss_ldap from Padl * no problem on Solaris 8 but on Solaris 9 I have a second question regarding the test program from Hansjörg. The program compiles on Linux, but no succes on Solaris. Is getgrouplist() available under Solaris? And if not, what is the replacement. Thanks in advance, Reinhard -- Reinhard Sojka <[EMAIL PROTECTED]> System- & Networkadmin Parlamentsdirektion +43 1 40110 2824 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Solaris 9 and secondary group info from LDAP
Hi, we are running several test installations of Samba 3 on Solaris 8 and Solaris 9. On Solaris 9, there is a strange behaviour in terms of getting secondary group information from LDAP. With later revisions of patch 112960, only /etc/group is interpreted, but there is no query on the LDAP server for (Unix-) group information. Here is a short overview about our results: common configuration: * OpenLDAP-Server * native Sun LDAP-Client * Samba 3.0.x (last: 3.0.2rc1) with LDAP support * OpenLDAP Libraries result: * Solaris 8 with patch 108993-23 -> OK * Solaris 9 no patches (=very first version) -> OK * Solaris 9 with patch 112960-03 -> OK * Solaris 9 with patch 112960-08 or higher -> no info about secondary groups from LDAP server (no query in server logs, "truss" shows errors) This behaviour can be watched very nicely in the LDAP server logs, and if you do a truss on smbd with truss -u '*' smbd -i the result looks very similar to this one http://lists.samba.org/archive/samba-technical/2003-December/033482.html though he was using Samba 2.2.8a an the iPlanet Directory Server. ( I will provide logs and debug output if anybody is interested. ) Regarding the above test results, I have several questions * Is this a know problem or bug? * Or, at least, is it related to a know problem or bug (bug# 395) ? * Is it possible to link Samba 3.0.x with Sun/Netscape LDAP libraries? Had no luck with it, didn't find a workaround for the missing ldap_initialize() and ldap_domain2hostlist. * My impression is that there is something wrong with the interaction OpenLDAP libs <-> Solaris libs. Is this assumption correct? * Am I at the right place to ask for help? Is it better to ask the people at OpenLDAP.org or, maybe, even at Sun? Thanks, Reinhard -- Reinhard Sojka <[EMAIL PROTECTED]> System- & Networkadmin Parlamentsdirektion +43 1 40110 2824 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Solaris 9 and secondary group info from LDAP
Hi Jerry, I've read the bugzilla entry and the thread, but missed your statement, that the original reporter was not using winbind. That confused me a bit, sorry. We will have a look at the OpenLDAP code and maybe we can motivate Sun to correct the bug. Thank you, Reinhard On Fri, 2004-02-06 at 16:31, Gerald (Jerry) Carter wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Did you read comment #11 in > > ~ https://bugzilla.samba.org/show_bug.cgi?id=395 > > Looks like a bug in Solaris patch 112960 (>r03) > > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Supplementary Group Issues
Hi Dmitry, hi Jerome, as I am having the same problem with native Sun nss_client, I'd like to jump here in the thread. >> Last thing, I remember having seen some problems with Solaris 9 >> nss_ldap client due to Sun patches on the list this or last month. >> The bug seems to be from Sun's fault. it was me > Ok. I knew it. So, I'm using nss_ldap-211 from padl.com and it is > definitely working good within Unix framework (id -a, ls -l... show > right information). However according to the LDAP SERVER log file > samba even do not request for supplementary groups. By the way samba > log file level 10 I sent you also do not show any requests to LDAP for > supplementary groups. This behaviour is identical to my experiences with native Solaris 9 nss_ldap. In my understanding, Samba requests supplementary group information from Solaris, and Solaris has to request this information from the LDAP server (after checking nsswitch.conf). If you have a working und a non-working system, the difference can be seen easily in the LDAP server logs. Note that /etc/group works. We bypass this problem for the first time by using Patch-ID 112960-03. BTW, Patch-ID 112960-11 (Feb/23/2004) doesn't help either. >> http://marc.theaimsgroup.com/?l=samba&m=107636136823095&w=2 >> and bug 395 (https://bugzilla.samba.org/show_bug.cgi?id=395). >> Please test the program in comment #19 and report. I would also be willing to test and report, but the program doesn't compile in Solaris. AFAIR the program was written for Linux. Anyway, Solaris doesn't provide getgrouplist(). Can anybody provide me with workarounds or hints? Cheers, Reinhard -- Reinhard Sojka <[EMAIL PROTECTED]> System- & Networkadmin Parlamentsdirektion +43 1 40110 2824 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] [3.0.28,1/smb.conf] Can't hide dot files
hi Gilles, once upon a time I had a similar problem > I set up Samba 3.0.28,1 on a FreeBSD 6.3 host. I'd like users _not_ to > see > the hidden dot files in directories, but "hide dot files" doesn't work, no > matter whether I put it in [global] or [homes]: AFAIK Samba transfers dot files with a "hidden" attribute. If your users can see these "hidden" files or not depends, depends on the setup of the Windows client. If something like "show hidden files and directories" is enabled on the client's file browser, the client will display the hidden files ... I can't find the link to the documentation, but you can test this within a minute. kind regards, Reinhard Sojka -- Reinhard Sojka <[EMAIL PROTECTED]> Parlamentsdirektion A1.5 - EDV / System- & Networkadmin A-1017 Wien - Parlament Tel. +43 1 40110 2824 Fax +43 1 40110 2848 http://www.parlament.gv.at -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
