Hi All,
Any thoughts on why, while everything seems ok at the OS level
(getent , id -a ) Samba
doesn't pickup any supplementary groups when Solaris is configured with
'group: files ldap' in
nsswitch.conf and using it's own native nss_ldap.so.1 but does when
using PADL's nss_ldap?
Everything else is equal.
Do they use/accept different calls or could it be an openldap vs native
ldap incompatibility,
Samba being compiled against the openldap libraries.
Samba seems not to compile against the native libraries due to a lack of
ldap_start_tls_s
Solaris 10 and Samba 3.2.2
Cheers,
Duncan
--
The University of St Andrews is a charity registered in Scotland : No SC013532
Duncan Brannen wrote:> > > Hi All, > Any thoughts on why, while everything seems ok at the OS level > (getent , id -a ) Samba > doesn't pickup any supplementary groups when Solaris is configured with > 'group: files ldap' in > nsswitch.conf and using it's own native nss_ldap.so.1 but does when > using PADL's nss_ldap? > Everything else is equal.Have you tried using Solaris version withthis in the nsswitch.conf: group: compat group_compat ldap and adding the + in the /etc/group file. This appears to work as expected, getting groups info from both local and ldap. Or (I have not tried this): group: files [SUCCESS=continue] ldap> > Do they use/accept different calls or could it be an openldap vs native > ldap incompatibility, > Samba being compiled against the openldap libraries. > > Samba seems not to compile against the native libraries due to a lack of > ldap_start_tls_s > > Solaris 10 and Samba 3.2.2 > > Cheers, > Duncan >-- Douglas E. Engert <DEEngert@anl.gov> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444
albanperso-zatoo@yahoo.com
2008-Sep-12 07:57 UTC
[Samba] Solaris nss_ldap vs PADL nss_ldap
Hi Duncan, I have the same issue on Solaris and Samba (3.028a and 3.31) that is OK for primary groups but not for secondaries. can you describe how do you get / configurePADL's nss_ldap? Thanks in advance Regards Alban ----- Message d'origine ----> De : Duncan Brannen <dbb@st-andrews.ac.uk> > ? : samba@lists.samba.org > Envoy? le : Mercredi, 27 Ao?t 2008, 18h09mn 55s > Objet : [Samba] Solaris nss_ldap vs PADL nss_ldap > > > > Hi All, > Any thoughts on why, while everything seems ok at the OS level > (getent , id -a ) Samba > doesn't pickup any supplementary groups when Solaris is configured with > 'group: files ldap' in > nsswitch.conf and using it's own native nss_ldap.so.1 but does when > using PADL's nss_ldap? > Everything else is equal. > > Do they use/accept different calls or could it be an openldap vs native > ldap incompatibility, > Samba being compiled against the openldap libraries. > > Samba seems not to compile against the native libraries due to a lack of > ldap_start_tls_s > > Solaris 10 and Samba 3.2.2 > > Cheers, > Duncan > > -- > The University of St Andrews is a charity registered in Scotland : No SC013532 > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba
albanperso-zatoo@yahoo.com
2008-Sep-12 13:41 UTC
[Samba] Solaris nss_ldap vs PADL nss_ldap
Thanks Duncan. Before going to get the nss_ldap, I just create fresh user accounts in my AD and it works fine! I recreate the existing ones everything is OK. There is no difference detected with the former accounts. so it's an unexplained working tips So, as an advice from the filed, for future readres of this message, check the entire line of responsablity, starting from the infra to the data (ALL kind of involved data) Best regards Alban ----- Message d'origine ----> De : Duncan Brannen <dbb@st-andrews.ac.uk> > ? : albanperso-zatoo@yahoo.com > Cc : samba@lists.samba.org > Envoy? le : Vendredi, 12 Septembre 2008, 13h20mn 30s > Objet : Re: Re : [Samba] Solaris nss_ldap vs PADL nss_ldap > > > Hi Alban, > You can download padl's nss_ldap library from > http://www.padl.com/Contents/OpenSourceSoftware.html > > If you've already configured solaris for groups and password in LDAP, it > should just work once you replace the Solaris > nss_ldap with the padl one ( back it up first ;) and add / configure > /etc/ldap.conf > > mine looks like > > > TLS_CACERT /etc/certs/cacert.pem > > TLSCIPHERSUITE TLSv1 > > host ldap.st-andrews.ac.uk > > rootbinddn > > base ou=People,dc=st-andrews,dc=ac,dc=uk > > ldap_version 3 > > nss_base_passwd ou=People,dc=st-andrews,dc=ac,dc=uk?one > > nss_base_shadow ou=People,dc=st-andrews,dc=ac,dc=uk?one > > nss_base_group ou=Groups,dc=st-andrews,dc=ac,dc=uk?one > > ssl start_tls > > tls_cacertfile /etc/certs/ > > certificate? > > tls_cacertdir /etc/certs > > tls_ciphers TLSv1 > With the admin user password in /etc/ldap.secret permission 600. > > > You could also try group: compat as suggested by Douglas Engert, I've > not managed to get back to trying this yet. > > > Have you tried using Solaris version withthis in the nsswitch.conf: > > > > group: compat > > group_compat ldap > > > > and adding the + in the /etc/group file. > > > > This appears to work as expected, getting groups info from both > > local and ldap. > > > > Or (I have not tried this): > > > > group: files [SUCCESS=continue] ldap > > Cheers, > Duncan > > > > albanperso-zatoo@yahoo.com wrote: > > Hi Duncan, > > > > I have the same issue on Solaris and Samba (3.028a and 3.31) that is OK for > primary groups but not for secondaries. > > > > can you describe how do you get / configurePADL's nss_ldap? > > > > Thanks in advance > > > > Regards > > > > Alban > > > > > > ----- Message d'origine ---- > > > >> De : Duncan Brannen > >> ? : samba@lists.samba.org > >> Envoy? le : Mercredi, 27 Ao?t 2008, 18h09mn 55s > >> Objet : [Samba] Solaris nss_ldap vs PADL nss_ldap > >> > >> > >> > >> Hi All, > >> Any thoughts on why, while everything seems ok at the OS level > >> (getent , id -a ) Samba > >> doesn't pickup any supplementary groups when Solaris is configured with > >> 'group: files ldap' in > >> nsswitch.conf and using it's own native nss_ldap.so.1 but does when > >> using PADL's nss_ldap? > >> Everything else is equal. > >> > >> Do they use/accept different calls or could it be an openldap vs native > >> ldap incompatibility, > >> Samba being compiled against the openldap libraries. > >> > >> Samba seems not to compile against the native libraries due to a lack of > >> ldap_start_tls_s > >> > >> Solaris 10 and Samba 3.2.2 > >> > >> Cheers, > >> Duncan > >> > >> -- > >> The University of St Andrews is a charity registered in Scotland : No > SC013532 > >> > >> -- > >> To unsubscribe from this list go to the following URL and read the > >> instructions: https://lists.samba.org/mailman/listinfo/samba > >> > > > > > > > > > > > > > -- > The University of St Andrews is a charity registered in Scotland : No SC013532