[Samba] AD maximum user token size

Pierre Leduc pleduc at oricom.ca
Tue Jan 15 05:37:34 GMT 2008


We're running Samba 3.0.26a on AIX 5.3 using security=ads.  Users get access denied when ADS user token size gets over an unknow limit even though the ACL in place should give them access.

For instance, my ADS user token size is over 9k in size since I belong to about 400 AD groups.  Setting the ACL to any of these groups (often nested) will not give me access.  Setting the owner to my id does work but this is not a viable solution. When the AD user token size limit is reached, Samba appears to determine that the user belong only to its primary group, "domain users" in my case.  

Now, when mapping a share using an account with a much smaller user token size (less than 1K), ACLs work fine including nested groups.

There must be an upper limit for a AD W2K3 user token size when using "security = ads" on AIX 5.3.  Does anyone know what that limit would be?

Pierre Leduc
Systems Analyst, Technical Support
Revenu Quebec
(418) 652-6058

More information about the samba mailing list