[Samba] (no subject)

Jeremy Allison jra at samba.org
Wed Aug 19 11:25:36 MDT 2009 

On Wed, Aug 19, 2009 at 09:58:39AM -0500, McGranahan, Jamen wrote:
> Running Sun Solaris 9 sparc; trying to get Samba to interact with our Windows Active Directory so we can create shares on our Sun server. Kerberos works well. Wbinfo -u and Wbinfo -g both return results. Getent also returns results, both getent passwd & getent group.  I've created a test folder and added it in the smb.conf file as a share:
> 
> [test]
>         path = /test
>         writeable = yes
>         browseable = yes
>         guest ok = no
>         valid users = VANDERBILT\mcgranj
>         public = no
> 
> This folder does exist on the server, but when I try to map, I get no results. When I check the samba log, I see that samba crashes:
> 
> lib240:/usr/local/samba/var#tail 129.59.149.157.log
> [2009/06/22 10:26:12,  0] lib/util.c:log_stack_trace(1827)
>   unable to produce a stack trace on this platform
> [2009/06/22 10:26:12,  0] lib/fault.c:dump_core(231)
>   dumping core in /usr/local/samba/var/cores/smbd
> [2009/08/19 09:50:50,  0] lib/util.c:smb_panic(1673)
>   PANIC (pid 21681): sys_setgroups failed
> [2009/08/19 09:50:50,  0] lib/util.c:log_stack_trace(1827)
>   unable to produce a stack trace on this platform
> [2009/08/19 09:50:50,  0] lib/fault.c:dump_core(231)
>   dumping core in /usr/local/samba/var/cores/smbd

You're running into this bug :

https://bugzilla.samba.org/show_bug.cgi?id=2496

Solaris limits the number of supplementary groups
a user can be in to 32. This is too small for Windows,
and in Sun's in-kernel CIFS server running on ZFS
they have a kernel-only workaround which they currently
have refused to make available to user-space processes.

Please complain to Sun support about this situation,
and ask them to fix this limitation in the solaris
userspace support.

Attached to this bug you'll find a workaround
written by Dave Collier-Brown which uses an
LB_PRELOAD library to use the Solaris group
list as a cache.

Jeremy.

-----------------------------------------------------
 From the code:

/*
 * libgroups - a library for Samba on Solaris to allow
 *	an arbitrarily large number of groups.
 *
 *
 * Problem Description:
 *     Unix has a system-wide limit on the number of groups
 * a user may be in. Samba, which provides file service
 * to Windows clients, needs to support larger numbers
 * of groups per user. This is due to the Windows use of
 * groups, which typically results in more than 16 or
 * 32 groups for a user. At the moment, only Linux has
 * enoug groups for a medium to large Windows AD domain.
 * 
 *     I therefor wrote this interposer library (at home)
 * to remove this limitation on a per-process basis.
 * It keeps an unbounded list of groups and treats the 
 * standard Solaris groups list as a cache. Before opening 
 * a file, the interposer checks to see if the open would 
 * fail because of a group not being in the cache, and if so 
 * will  move it to the head of the ache, shifting the
 * other entries down.
 *
 * Caveats: 
 *     This was written for Samba, which is setuid-root.
 * As the library requries root permissions for setgroups, 
 * it will ONLY work if the program is setuid root or
 * otherwise has the ablity to call setgroups from the
 * middle of the open interposer function. The library will
 * try to abort immediately on startup if it does not
 * have sufficient privelege.
 *

More information about the samba mailing list