Samba and netgroups in LDAP

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Samba and netgroups in LDAP

Tom Crummey
Hello,

Has anyone got netgroups working with Samba 3.0.14a where the netgroups
are stored in the LDAP directory? I'm using Solaris 9 and SUN's
directory server v5.2.

What I'm seeing is that samba goes through the motions of looking up a
host in a netgroup, but no query is seen by the LDAP server or on the
network and the host is never found in the netgroup.

Any help would be appreciated.

--
Tom.

----------------------------------------------------------------------------
 Tom Crummey, Systems and Network Manager,   EMAIL: [hidden email]
 Department of Electronic and Electrical Engineering,                  
 University College London,                  TEL: +44 (0)20 7679 3898  
 Torrington Place,                           FAX: +44 (0)20 7388 9325
 London, UK, WC1E 7JE.                        
----------------------------------------------------------------------------
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba
Reply | Threaded
Open this post in threaded view
|

Re: Samba and netgroups in LDAP

Tom Crummey
Hello,

One further piece of information that has come to light is that the
following error messages are appearing in /var/adm/messages when smbd is
configured to use a netgroup in the hosts allow statement:

Aug 19 14:44:42 spock smbd[1006]: [ID 293258 user.error] libsldap:
Status: 7  Mesg: LDAP ERROR (-7): Bad search filter.
Aug 19 14:44:42 spock smbd[1006]: [ID 293258 user.error] libsldap:
Status: 7  Mesg: LDAP ERROR (-7): Bad search filter.
Aug 19 14:44:42 spock last message repeated 1 time
Aug 19 14:44:42 spock last message repeated 1 time


--
Tom.

----------------------------------------------------------------------------
 Tom Crummey, Systems and Network Manager,   EMAIL: [hidden email]
 Department of Electronic and Electrical Engineering,                  
 University College London,                  TEL: +44 (0)20 7679 3898  
 Torrington Place,                           FAX: +44 (0)20 7388 9325
 London, UK, WC1E 7JE.                        
----------------------------------------------------------------------------
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba
Reply | Threaded
Open this post in threaded view
|

Re: Samba and netgroups in LDAP

Gerald Carter-4
In reply to this post by Tom Crummey
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Tom Crummey wrote:

> Hello,
>
> Has anyone got netgroups working with Samba 3.0.14a
> where the netgroups are stored in the LDAP directory? I'm
> using Solaris 9 and SUN's directory server v5.2.
>
> What I'm seeing is that samba goes through the motions
> of looking up a host in a netgroup, but no query is seen
> by the LDAP server or on the network and the host is
> never found in the netgroup.
>
> Any help would be appreciated.

That code really has been touched ina long while except
some issues with case sensitivity IIRC.  I have no idea
if it still works or not.




cheers, jerry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDCz7aIR7qMdg1EfYRAi2dAJ4xeewngXbrEWxAGHo7kZ7cG2sOjACfXTcb
u0YjvgtA4d9lbuJgOT6DL64=
=ScbA
-----END PGP SIGNATURE-----
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba
Reply | Threaded
Open this post in threaded view
|

Re: Samba and netgroups in LDAP

Tom Crummey
In reply to this post by Tom Crummey
Hello,

I've been having problems with netgroups and samba-3.0.20 where the
netgroups are stored in a SUN ONE LDAP directory server v5.2. It seems
there is an incompatibility between the OpenLDAP libraries which are
used by samba to directly query the LDAP directory and the need for the
nss_ldap functions to use the SUN LDAP libraries. When a netgroup is
searched, samba uses the function innetgr which then uses the host nss_*
infrastructure to direct the query to the correct name service.

The symptoms are that the query produces errors in /var/adm/messages
(syslog) as follows:

Aug 25 14:23:12 spock smbd[6230]: [ID 293258 user.error] libsldap:
Status: 7  Mesg: LDAP ERROR (-7): Bad search filter.

The query is never sent to the LDAP server.

I suppose the possible fixes are:

1) Get samba to compile with the SUN LDAP client libraries (I read
soemwhere that someone is working on patches to achieve this?)

2) Forget about netgroups and hope that none of the other nss_ldap
queries are affected.

3) Forget about SUN LDAP directory server and use OpenLDAP.

4) Track down the offending library call and decide how to reconcile the
two libraries.

Has anyone any other suggestions?




-----Forwarded Message-----
From: Tom Crummey <[hidden email]>
To: Gerald (Jerry) Carter <[hidden email]>
Subject: Re: [Samba] Samba and netgroups in LDAP
Date: Wed, 24 Aug 2005 15:12:48 +0100

Hello Jerry,

Thanks for the reply. Since my original email I've upgraded to 3.0.20
and found the same problem. I've looked at the samba source and I've
written a small C program which looks up a host in a netgroup in the
same way. This works fine. The samba version produces an error in
syslog:

smbd[12485]: [ID 293258 user.error] libsldap: Status: 7  Mesg: LDAP
ERROR (-7): Bad search filter.

The problem is, I can't see where a search filter is set; both programs
use the innetgr library call and as far as I can tell at the moment,
both get the library from libc.

I'll do some more digging to see if I can find where the difference
between my program and samba lies. If you or anyone else has any
inklings, please let me know.

Thanks,
--
Tom.

----------------------------------------------------------------------------
 Tom Crummey, Systems and Network Manager,   EMAIL: [hidden email]
 Department of Electronic and Electrical Engineering,                  
 University College London,                  TEL: +44 (0)20 7679 3898  
 Torrington Place,                           FAX: +44 (0)20 7388 9325
 London, UK, WC1E 7JE.                        
----------------------------------------------------------------------------
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba