Samba and groups > 16
David Collier-Brown
David.Collier-Brown at Sun.COM
Tue Mar 1 15:11:58 GMT 2005
David Collier-Brown wrote:
> Actually we should have seen the case before of not being able
> to join AD domains with more than 16 domains, yet I don't see
> it in the archives... I see similar but not identical issues.
I've spoken with the customer, and I wasn't describing
it properly
The symptoms seen were
1) a user had more than NGROUPS_MAX groups
2) they are getting logged on to the AD domain
3) winbindd is getting the whole list of groups
but
4) the list of groups being used by Samba proper
has only the first NGROUPS_MAX groups in it
5) the user can't access files which have acls
on them which use the groups past NGROUPS_MAX
in the list.
> Have we not had this before with other systems with small
> limits on groups?
This would be noticed on systems with **large** numbers
of groups available, not small numbers.
So: is there a problem in Samba or in the name service
switch, or both, which limits the number of groups that Samba
gets?
--dave
--
David Collier-Brown, | Always do right. This will gratify
Sun Microsystems, Toronto | some people and astonish the rest
davecb at canada.sun.com | -- Mark Twain
More information about the samba-technical
mailing list