[Samba] Group membership not being honored

Eric Diven eric.diven at edsiohio.com
Tue Dec 9 16:46:38 GMT 2008

Well, the source of the problem appears to be that the AD users were
members of too many groups to map successfully, so none were being
mapped except for the primary group.  At least that was my best-gues
interpretation of the "sys_setgroups failed" message I was seeing in the

Since Solaris only supports membership in 16 groups, and the AD users
were in >100 each, I think that's the problem.  getent group returns the
correct list of users because it's going group->users instead of
user->groups, and so the limitation doesn't come into play.

Thankfully the group we had to set this up for was small enough to just
do the access individually.


> -----Original Message-----
> From: samba-bounces+eric.diven=edsiohio.com at lists.samba.org 
> [mailto:samba-bounces+eric.diven=edsiohio.com at lists.samba.org]
>  On Behalf Of Eric Diven
> Sent: Tuesday, December 02, 2008 10:28 AM
> To: samba at lists.samba.org
> Subject: RE: [Samba] Group membership not being honored
> This works if I assign the permissions to the primary group 
> that the user belongs to.  I seem to remember this working 
> for arbitrary groups in the past.  Can anybody clarify?
> Thanks,
> ~Eric 

More information about the samba mailing list