samba - Jan 2004 - Secondary, tertiary group problems in Samba LDAP

Hello,
I found an interesting thing that I don't know if it is a bug, by design
or I need to be doing something that I'm not but here goes.
                                                                                
My system
RedHat 8.0 (1) PDC with LDAP 2.1.23 backend master,
(3) BDC with LDAP slave backend. All are Samba 3.0.
                                                                                
I had a probelem with secondary, tertiary etc groups that people belong
to and Samba recognizing these groups if they were stored in LDAP. The
primary group was no problem. When I created shares but used
"@groupname"  for valid users or write list, Samba would fail to get
that info from LDAP. They needed to be in /etc/group to work. As soon as
I added users in secondary groups to /etc/group users were recognized
and rights were assigned.
                                                                                
As a side note each line of /etc/group is limited to 1024 bytes, so
there is a limit on how many users you can add to a group using
/etc/group. If you exceed that when the system scans the /etc/group
file, it will fail at the line >1024 bytes and any groups below will
fail to be recognized. I believe that this is a bug. If you do "ls" on
a
directory or "id <username>" where one of the entries in your
/etc/group
has exceeded the limit, the groups will show as numbers and not a group
name.

                                                                               
Can I use pam_winbindd to extract group membership from LDAP at this
time for secondary, tertiary etc groups?

-- 
Kent L. Nasveschuk <kent@wareham.k12.ma.us>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 7 Jan 2004, Kent L. Nasveschuk wrote:
> Hello,
> I found an interesting thing that I don't know if it is a bug, by
design
> or I need to be doing something that I'm not but here goes.
>
> My system
> RedHat 8.0 (1) PDC with LDAP 2.1.23 backend master,
> (3) BDC with LDAP slave backend. All are Samba 3.0.
>
> I had a probelem with secondary, tertiary etc groups that people belong
> to and Samba recognizing these groups if they were stored in LDAP. The
> primary group was no problem. When I created shares but used
> "@groupname"  for valid users or write list, Samba would fail to
get
> that info from LDAP. They needed to be in /etc/group to work. As soon as
> I added users in secondary groups to /etc/group users were recognized
> and rights were assigned.
do you have nss_ldap setup correctly?







cheers, jerry
 ----------------------------------------------------------------------
 Hewlett-Packard            ------------------------- http://www.hp.com
 SAMBA Team                 ---------------------- http://www.samba.org
 GnuPG Key                  ---- http://www.plainjoe.org/gpg_public.asc
 "If we're adding to the noise, turn off this song" --Switchfoot
(2003)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (GNU/Linux)
Comment: For info see http://quantumlab.net/pine_privacy_guard/

iD8DBQE//s5YIR7qMdg1EfYRApHUAKDfecFReHBdV4XU8femIsKXkbdR5wCg6Rxa
2DWV4KTXVLdyl22z1Tkcjzs=ptcK
-----END PGP SIGNATURE-----