Number of groups limitation on OpenIndiana (Solaris) w/ 3.6.11

[abelletti]

I have run into a strange problem trying to run Samba 3.6.11 on OpenIndiana
(think OpenSolaris) 151a7.  I acquired 3.6.11 using the OpenCSW package but
have also compiled 3.6.12 from source and experienced the identical issue. 
This seems to be an issue with Winbind.

I appear to be encountering yet another variant of the old "16 groups"
limit.  OpenIndiana has this by default, but I've included "set ngroups_max
= 128" in /etc/system and rebooted for this to take effect.  It clearly
works, per the following tests:

1.  I created a local user with memberships in ~30 groups.  "id -a" lists
all of them, and I am able to access directories which require those group
permissions.

2.  I have a user in our Active Directory domain that belongs to many
groups.  I can "su domain\\user" on the Unix side successfully.  "id -a"
once again shows every single group.  If I have Samba running and use
"pcred" to examine the credentials associated with this user's smbd, I am
shown that every single group is accounted for.

3.  The problem is that most of the groups from my AD user aren't functional
when changing directory.  If I attempt to "cd" into a directory to which the
AD account has group permissions, it is generally denied.  What I've found
is that only a very few of the groups seem to work, the rest are rejected. 
"cd" fails from the command line, and in smbd a message is logged about
"vfs_chdir" failing.  Looking at the code, this appears to ultimately
translate back to a simple "chdir()" call.

I will file a bug on this but wondered if anyone was aware of this issue and
a workaround.

Thanks,
Allen




--
View this message in context: http://samba.2283325.n4.nabble.com/Number-of-groups-limitation-on-OpenIndiana-Solaris-w-3-6-11-tp4644136.html
Sent from the Samba - samba-technical mailing list archive at Nabble.com.