number of groups of NT account causes authentication problems
Gopal Bhat
gbhat at taos.com
Wed Mar 5 02:03:53 GMT 2003
Hi,
I did more experiments with this problem and found that 'SMBD' fails to
authenticate when the Number of Groups an NT user belongs grows more
than 14 (i.e. 15 or more).
Thanks,
Gopal
Gopal Bhat wrote:
> I am facing a strange problem related to authentication of NT users
> accessing the SAMBA server.
> Here are the details:
> Server: Solaris 9, SUN Ultra 60, SAMBA 2.2.7a with PAM and WINBIND
> Client: Windows XP, NT4.0, 2000
>
> Symptoms:
> Created a share \\server\test (UNIX: /export/SMB/test) with access to
> group 'TestGoup' where 'TestUser' is a member.
> 'TestUser' is a member of 14 more groups along with 'TestGroup' (Total
> number of TestUser's group = 15)
>
> With the above settings 'TestUser' can't access the share
> '\\server\test', and the following message shows up in the Client.log:
>
> [2003/03/04 13:31:52, 0] smbd/sec_ctx.c:initialise_groups(244)
> Unable to initgroups. Error was Not owner
> [2003/03/04 13:31:52, 0] smbd/sec_ctx.c:initialise_groups(247)
> This is probably a problem with the account domain\testuser
> [2003/03/04 13:31:52, 0] smbd/service.c:make_connection(599)
> client (10.81.105.121) Can't change directory to /export/SMB/test
> (Permission denied)
>
> If I change the number of groups the user 'TestUser' belongs from 15
> to 8 ('TestGroup' + 7 other groups), the user can access the share
> '\\server\test' without any problems.
>
> It looks like there is some limitation on number of NT group
> memberships 'smbd' can handle. Note: 'wbinfo' returns all the right
> groups of the user without any problems.
>
> Is there anyone out there who is aware of this problem and knows a
> workaround/solution to this?
> I really appreciate any help from the prestigious SAMBA Team.
>
> Thanks,
> Gopal
>
More information about the samba-technical
mailing list