Kerberos/ADS and many groups
simo
idra at samba.org
Fri Dec 15 19:35:20 GMT 2006
On Fri, 2006-12-15 at 19:58 +0100, Volker Lendecke wrote:
> On Thu, Dec 14, 2006 at 12:02:38PM -0800, Matthew Geddes wrote:
> > It's a tiny capture, so I've attached it, rather than pointing you at a
> > URL. Hope that's OK.
>
> Ok, got it reproduced. Just had to put a user in a couple of
> hundred groups, and even smbd3 would not accept the session
> setup anymore. Funny. Maybe some krb5 gurus can also try
> this? gd?
It seem to be a problem with the maximum size of Kerberos ticket we
accept?
We should be able to receive up to 64K sized tickets (roughly around
3000 SIDs in the PAC). This is the limit that Windows have as well.
Simo.
--
Simo Sorce
Samba Team GPL Compliance Officer
email: idra at samba.org
http://samba.org
More information about the samba-technical
mailing list