[Samba] number of groups of NT account causes authentication problems

Gopal Bhat gbhat at taos.com
Tue Mar 4 21:35:40 GMT 2003


I am facing a strange problem related to authentication of NT users 
accessing the SAMBA server.
Here are the details:
Server:  Solaris 9, SUN Ultra 60,  SAMBA 2.2.7a with PAM and WINBIND
Client: Windows XP, NT4.0, 2000

Symptoms:
Created a share \\server\test (UNIX: /export/SMB/test)  with access to 
group 'TestGoup' where 'TestUser' is a member.
'TestUser' is a member of 10 more groups along with 'TestGroup' (Total 
number of TestUser's group = 11)

With the above settings 'TestUser' can't access the share 
'\\server\test', and the following message shows up in the Client.log:

[2003/03/04 13:31:52, 0] smbd/sec_ctx.c:initialise_groups(244)
  Unable to initgroups. Error was Not owner
[2003/03/04 13:31:52, 0] smbd/sec_ctx.c:initialise_groups(247)
  This is probably a problem with the account domain\testuser
[2003/03/04 13:31:52, 0] smbd/service.c:make_connection(599)
 client (10.81.105.121) Can't change directory to /export/SMB/test 
(Permission denied)

If I change the number of groups the user 'TestUser' belongs from 11 to 
8 ('TestGroup'  + 7 other groups), the user can access the share 
'\\server\test' without any problems.

It looks like there is some limitation on number of NT group memberships 
'smbd' can handle.  
Note: 'wbinfo' returns all the right groups of the user without any 
problems.

Is there anyone out there who is aware of this problem and knows a 
workaround/solution to this?
I really appreciate any help from the prestigious SAMBA Team.

Thanks,
Gopal



More information about the samba mailing list