[Samba] "winbind enum = yes" ... oreilly samba books says "turn
off" ... but things break. confused :-(
Volker Lendecke
Volker.Lendecke at SerNet.DE
Fri Aug 17 05:18:51 GMT 2007
On Fri, Aug 17, 2007 at 03:39:33AM +0200, Timur I. Bakeyev wrote:
> BUGS
> The getgrouplist() function uses the routines based on getgrent(3). If
> the invoking program uses any of these routines, the group structure will
> be overwritten in the call to getgrouplist().
If getgrouplist really finds group members by doing the
setgrent/getgrent/endgrent thing, then you're screwed. You
just can't use FreeBSD as a member of large domains. I've
seen a domain where "domain users" has more than 100.000
users, and doing getgrent on that one takes ages. This
domain has other huge groups.
> Another function, getgroups(2), seems, doesn't have such a comment in
> the man page, but I can't really imagine, where else it can get user
> group list information.
getgroups(2) at least under Linux that fetches the group
list from the kernel. Someone must have put them there with
setgroups(2) first, so this is no help.
> I thought, that Linux has similar approach, but from your question it
> seems it's not. Can you give more details, please?
Linux has an nss extension called initgroups that exactly
asks the right question: "What are the groups for this
user?". It does not delegate this to the login application
which just would have to fall back to getgrent.
Volker
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba/attachments/20070817/d94ac5e3/attachment.bin
More information about the samba
mailing list