Hello, Has anyone got netgroups working with Samba 3.0.14a where the netgroups are stored in the LDAP directory? I'm using Solaris 9 and SUN's directory server v5.2. What I'm seeing is that samba goes through the motions of looking up a host in a netgroup, but no query is seen by the LDAP server or on the network and the host is never found in the netgroup. Any help would be appreciated. -- Tom. ---------------------------------------------------------------------------- Tom Crummey, Systems and Network Manager, EMAIL: tom@ee.ucl.ac.uk Department of Electronic and Electrical Engineering, University College London, TEL: +44 (0)20 7679 3898 Torrington Place, FAX: +44 (0)20 7388 9325 London, UK, WC1E 7JE. ----------------------------------------------------------------------------
Hello, One further piece of information that has come to light is that the following error messages are appearing in /var/adm/messages when smbd is configured to use a netgroup in the hosts allow statement: Aug 19 14:44:42 spock smbd[1006]: [ID 293258 user.error] libsldap: Status: 7 Mesg: LDAP ERROR (-7): Bad search filter. Aug 19 14:44:42 spock smbd[1006]: [ID 293258 user.error] libsldap: Status: 7 Mesg: LDAP ERROR (-7): Bad search filter. Aug 19 14:44:42 spock last message repeated 1 time Aug 19 14:44:42 spock last message repeated 1 time -- Tom. ---------------------------------------------------------------------------- Tom Crummey, Systems and Network Manager, EMAIL: tom@ee.ucl.ac.uk Department of Electronic and Electrical Engineering, University College London, TEL: +44 (0)20 7679 3898 Torrington Place, FAX: +44 (0)20 7388 9325 London, UK, WC1E 7JE. ----------------------------------------------------------------------------
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Tom Crummey wrote:> Hello, > > Has anyone got netgroups working with Samba 3.0.14a > where the netgroups are stored in the LDAP directory? I'm > using Solaris 9 and SUN's directory server v5.2. > > What I'm seeing is that samba goes through the motions > of looking up a host in a netgroup, but no query is seen > by the LDAP server or on the network and the host is > never found in the netgroup. > > Any help would be appreciated.That code really has been touched ina long while except some issues with case sensitivity IIRC. I have no idea if it still works or not. cheers, jerry -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDCz7aIR7qMdg1EfYRAi2dAJ4xeewngXbrEWxAGHo7kZ7cG2sOjACfXTcb u0YjvgtA4d9lbuJgOT6DL64=ScbA -----END PGP SIGNATURE-----
Hello, I've been having problems with netgroups and samba-3.0.20 where the netgroups are stored in a SUN ONE LDAP directory server v5.2. It seems there is an incompatibility between the OpenLDAP libraries which are used by samba to directly query the LDAP directory and the need for the nss_ldap functions to use the SUN LDAP libraries. When a netgroup is searched, samba uses the function innetgr which then uses the host nss_* infrastructure to direct the query to the correct name service. The symptoms are that the query produces errors in /var/adm/messages (syslog) as follows: Aug 25 14:23:12 spock smbd[6230]: [ID 293258 user.error] libsldap: Status: 7 Mesg: LDAP ERROR (-7): Bad search filter. The query is never sent to the LDAP server. I suppose the possible fixes are: 1) Get samba to compile with the SUN LDAP client libraries (I read soemwhere that someone is working on patches to achieve this?) 2) Forget about netgroups and hope that none of the other nss_ldap queries are affected. 3) Forget about SUN LDAP directory server and use OpenLDAP. 4) Track down the offending library call and decide how to reconcile the two libraries. Has anyone any other suggestions? -----Forwarded Message----- From: Tom Crummey <tom@ee.ucl.ac.uk> To: Gerald (Jerry) Carter <jerry@samba.org> Subject: Re: [Samba] Samba and netgroups in LDAP Date: Wed, 24 Aug 2005 15:12:48 +0100 Hello Jerry, Thanks for the reply. Since my original email I've upgraded to 3.0.20 and found the same problem. I've looked at the samba source and I've written a small C program which looks up a host in a netgroup in the same way. This works fine. The samba version produces an error in syslog: smbd[12485]: [ID 293258 user.error] libsldap: Status: 7 Mesg: LDAP ERROR (-7): Bad search filter. The problem is, I can't see where a search filter is set; both programs use the innetgr library call and as far as I can tell at the moment, both get the library from libc. I'll do some more digging to see if I can find where the difference between my program and samba lies. If you or anyone else has any inklings, please let me know. Thanks, -- Tom. ---------------------------------------------------------------------------- Tom Crummey, Systems and Network Manager, EMAIL: tom@ee.ucl.ac.uk Department of Electronic and Electrical Engineering, University College London, TEL: +44 (0)20 7679 3898 Torrington Place, FAX: +44 (0)20 7388 9325 London, UK, WC1E 7JE. ----------------------------------------------------------------------------