samba-3.4.8 built under solaris_10 (--with-krb5=/usr/local/lib --with-ads --with-ldap); on my test server it runs flawlessly; however on the production server, there is a big exception: users' secondary group memberships are not honored. relevant portions of smb.conf (the same on both servers, save for the ip addys) are as follows: [global] workgroup = WORKGROUP netbios name = BLABLA server string = SAMBA bind interfaces only = True interfaces = bge0 199.99.99.99 deadtime = 20 debug level = 2 security = user password level = 8 encrypt passwords = yes socket options = TCP_NODELAY follow symlinks = yes wide links = yes unix extensions = no [stuff] comment = stuff... path = /vol1/stuff read only = No create mask = 0777 directory mask = 0777 inherit permissions = Yes inherit acls = Yes map acl inherit = Yes map archive = No map readonly = permissions again, same samba version, built against the same libraries in the same way with the same config file in both cases. any one with an idea how i might make this work? many thanks in advance!! -joe
Gaiseric Vandal
2010-Aug-20 18:19 UTC
[Samba] samba 3.4.8 / solaris / unix secondary groups
Are they both using the same backend? Is the group mapping set up correctly #net groupmap list Also you can use samba "net" command to verify user's group list, and a group's user list. # net rpc group members some group -S yourserver -U Administrator # net rpc user info someuser -S yourserver -U Administrator Those commands might indicate if group mapping is not working. On 08/20/2010 12:40 PM, Joe Cammisa wrote:> samba-3.4.8 built under solaris_10 (--with-krb5=/usr/local/lib --with-ads > --with-ldap); on my test server it runs flawlessly; however on the > production server, there is a big exception: users' secondary group > memberships are not honored. > > relevant portions of smb.conf (the same on both servers, save for the ip > addys) are as follows: > > [global] > workgroup = WORKGROUP > netbios name = BLABLA > server string = SAMBA > bind interfaces only = True > interfaces = bge0 199.99.99.99 > deadtime = 20 > debug level = 2 > security = user > password level = 8 > encrypt passwords = yes > socket options = TCP_NODELAY > follow symlinks = yes > wide links = yes > unix extensions = no > [stuff] > comment = stuff... > path = /vol1/stuff > read only = No > create mask = 0777 > directory mask = 0777 > inherit permissions = Yes > inherit acls = Yes > map acl inherit = Yes > map archive = No > map readonly = permissions > > again, same samba version, built against the same libraries in the same > way with the same config file in both cases. any one with an idea how i > might make this work? many thanks in advance!! > > -joe > >
Reinhard Sojka
2010-Aug-23 10:58 UTC
[Samba] samba 3.4.8 / solaris / unix secondary groups
hi, some years ago I had a similar problem with Solaris 9 and Samba 3.0.x. The reason was some sort of incompatibility between OpenLDAP's libldap and Sun's libsldap, can't remember the exact details. Anyway the behavior of Solaris 9 in honoring secondary groups was dependent on the patch level, and the whole issue was resolved with a patch from Sun. Are you sure that both servers are on the same patch level? Check /etc/release and the patches for LDAP on both systems, maybe you can find a difference that explains this behavior. kind regards, Reinhard Joe Cammisa wrote:> samba-3.4.8 built under solaris_10 (--with-krb5=/sr/local/lib --with-ads > --with-ldap); on my test server it runs flawlessly; however on the > production server, there is a big exception: users' secondary group > memberships are not honored. > > > > > > > again, same samba version, built against the same libraries in the same > way with the same config file in both cases. any one with an idea how i > might make this work? many thanks in advance!! > > -joe > > >
Seemingly Similar Threads
- Invalid key 0 given to dptr_close
- setup_new_vc_session error message on samba-3.4.8/solaris10
- [Bug 774] banner is displaying twice (/etc/issue)
- AW: AW: final question: how many mountpoints can icecast handle ?
- [Bug 990] OpenSSH cannot connect to an IBM RSA (Remote Supervisor Adaptor) II