Bug 7761 - No share access with NIS groups
Summary: No share access with NIS groups
Status: RESOLVED INVALID
Alias: None
Product: Samba 3.4
Classification: Unclassified
Component: User & Group Accounts (show other bugs)
Version: 3.4.2
Hardware: x86 Solaris
: P3 normal
Target Milestone: ---
Assignee: Björn Jacke
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2010-10-28 08:01 UTC by Richard de Vries
Modified: 2011-01-05 14:56 UTC (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Richard de Vries 2010-10-28 08:01:50 UTC 
It's not possible to get access to a share or a directory through Samba with a windows client if you have several NIS groups all with the same gid number.

We are using Samba in a real big NIS environment with several thounds of users. Due to some Unix limitations, maximum users per group. We created several groups all with the same gid number. 

For example: 
group;2200;user1,user2,user3,,,,,, etc
group_1;2200;user50,user51,,,,,, etc
...
group_100;2200;userXX,,,,

Since we try to open our Unix repositories as wel to windows clients, we are facing that user which are members of "group_1" or above can't get access to the shares or directories.

It sounds for me that the issue is caused internally in samba. I think you check only on the group name and not on the GID number of the group.

Thanks for helping me solving this issue.

Richard
Comment 1 Richard de Vries 2010-10-28 08:04:16 UTC 
Due to the fact that we are a big company with a lot of users. We would like to migrate NIS into AD, and we will do, but during the migration of 30 NIS domains we have to find a solution.

Best regards
Richard
Comment 2 Björn Jacke 2010-10-28 09:24:07 UTC 
no handling groups by name is not possible. You need to search for a solution outside of Samba if you have double UIDs/GIDs. If you are a big company you might want to get support from a commercial company here:

http://www.samba.org/samba/support/
Comment 3 Richard de Vries 2010-10-28 09:33:44 UTC 
(In reply to comment #2)
> no handling groups by name is not possible. You need to search for a solution
> outside of Samba if you have double UIDs/GIDs. If you are a big company you
> might want to get support from a commercial company here:
> http://www.samba.org/samba/support/

Hello,

the question is why is samba not working with several NIS groups all with the same groupnumber? If you create several groups in your local /etc/group all with the same gid then it's working !!! Can you give me an answer on this?
Comment 4 Richard de Vries 2010-10-29 07:16:13 UTC 
the question is why is samba not working with several NIS groups all with the
same groupnumber? If you create several groups in your local /etc/group all
with the same gid then it's working !!! Can you give me an answer on this?
Comment 5 Karolin Seeger 2011-01-05 10:27:15 UTC 
Björn, can you confirm that this is not a showstopper for 3.4.10?
Comment 6 Björn Jacke 2011-01-05 14:56:23 UTC 
ack, no show stopper, multiple groups with same uid number results in undefined behaviour and is not supported at all.