[Samba] number of groups of NT account causes authentication problems
Gopal Bhat
gbhat at taos.com
Tue Mar 4 21:35:40 GMT 2003
I am facing a strange problem related to authentication of NT users
accessing the SAMBA server.
Here are the details:
Server: Solaris 9, SUN Ultra 60, SAMBA 2.2.7a with PAM and WINBIND
Client: Windows XP, NT4.0, 2000
Symptoms:
Created a share \\server\test (UNIX: /export/SMB/test) with access to
group 'TestGoup' where 'TestUser' is a member.
'TestUser' is a member of 10 more groups along with 'TestGroup' (Total
number of TestUser's group = 11)
With the above settings 'TestUser' can't access the share
'\\server\test', and the following message shows up in the Client.log:
[2003/03/04 13:31:52, 0] smbd/sec_ctx.c:initialise_groups(244)
Unable to initgroups. Error was Not owner
[2003/03/04 13:31:52, 0] smbd/sec_ctx.c:initialise_groups(247)
This is probably a problem with the account domain\testuser
[2003/03/04 13:31:52, 0] smbd/service.c:make_connection(599)
client (10.81.105.121) Can't change directory to /export/SMB/test
(Permission denied)
If I change the number of groups the user 'TestUser' belongs from 11 to
8 ('TestGroup' + 7 other groups), the user can access the share
'\\server\test' without any problems.
It looks like there is some limitation on number of NT group memberships
'smbd' can handle.
Note: 'wbinfo' returns all the right groups of the user without any
problems.
Is there anyone out there who is aware of this problem and knows a
workaround/solution to this?
I really appreciate any help from the prestigious SAMBA Team.
Thanks,
Gopal
More information about the samba
mailing list