[Samba] RE: number of groups of NT account causes authentication
problems
MCCALL,DON (HP-USA,ex1)
don_mccall at hp.com
Wed Mar 5 13:22:42 GMT 2003
Hi Richard, et al;
Can't speak for Solaris, but HP-UX has a 20 group membership limit
for HP-UX users. From man setgroups: must be no more than NGROUPS_MAX,
as defined in <limits.h>. Same applies to initgroups.
So Solaris may have some limit as well....
Hope this helps,
Don
> -----Original Message-----
> From: Richard Sharpe [mailto:rsharpe at richardsharpe.com]
> Sent: Tuesday, March 04, 2003 22:08
> To: Gopal Bhat
> Cc: samba; samba-technical
> Subject: Re: number of groups of NT account causes authentication
> problems
>
>
> On Tue, 4 Mar 2003, Gopal Bhat wrote:
>
> > Hi,
> > I did more experiments with this problem and found that
> 'SMBD' fails to
> > authenticate when the Number of Groups an NT user belongs
> grows more
> > than 14 (i.e. 15 or more).
> > Thanks,
> > Gopal
>
> I can't have a look until tomorrow, but I wonder, is it possible that
> Solaris 9 has a restriction that the user cannot be in more that 14
> groups? I would think not, but will find it difficult to test tonight.
>
> Besides, I can probably only test on Solaris 8.
>
> If that is not the problem, then I would have to look at the
> code that
> does setgroups and test on our platform.
>
> > Gopal Bhat wrote:
> >
> > > I am facing a strange problem related to authentication
> of NT users
> > > accessing the SAMBA server.
> > > Here are the details:
> > > Server: Solaris 9, SUN Ultra 60, SAMBA 2.2.7a with PAM
> and WINBIND
> > > Client: Windows XP, NT4.0, 2000
> > >
> > > Symptoms:
> > > Created a share \\server\test (UNIX: /export/SMB/test)
> with access to
> > > group 'TestGoup' where 'TestUser' is a member.
> > > 'TestUser' is a member of 14 more groups along with
> 'TestGroup' (Total
> > > number of TestUser's group = 15)
> > >
> > > With the above settings 'TestUser' can't access the share
> > > '\\server\test', and the following message shows up in
> the Client.log:
> > >
> > > [2003/03/04 13:31:52, 0] smbd/sec_ctx.c:initialise_groups(244)
> > > Unable to initgroups. Error was Not owner
> > > [2003/03/04 13:31:52, 0] smbd/sec_ctx.c:initialise_groups(247)
> > > This is probably a problem with the account domain\testuser
> > > [2003/03/04 13:31:52, 0] smbd/service.c:make_connection(599)
> > > client (10.81.105.121) Can't change directory to /export/SMB/test
> > > (Permission denied)
> > >
> > > If I change the number of groups the user 'TestUser'
> belongs from 15
> > > to 8 ('TestGroup' + 7 other groups), the user can access
> the share
> > > '\\server\test' without any problems.
> > >
> > > It looks like there is some limitation on number of NT group
> > > memberships 'smbd' can handle. Note: 'wbinfo' returns
> all the right
> > > groups of the user without any problems.
> > >
> > > Is there anyone out there who is aware of this problem
> and knows a
> > > workaround/solution to this?
> > > I really appreciate any help from the prestigious SAMBA Team.
> > >
> > > Thanks,
> > > Gopal
> > >
> >
> >
>
> --
> Regards
> -----
> Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org,
> sharpe[at]ethereal.com, http://www.richardsharpe.com
>
More information about the samba
mailing list