[Samba] Share permission problem if user is member in more than 16 groups on AD

[Mārcis Lielturks]

On 15 July 2010 00:28, Jeremy Allison <jra at samba.org> wrote:

> On Thu, Jul 15, 2010 at 12:26:05AM +0300, Mārcis Lielturks wrote:
> > Thanks, machine wont provide NFS or ssh login services, so fiddling with
> max
> > groups should do no harm!
> >
> > I googled a bit at found that samba should be recompiled to take
> advantage
> > of new NGROUPS_MAX. "./configure" logs also suggested that NGROUPS_MAX is
> > evaluated only at compile time.
>
> Yep. Recompilation should do the trick once the kernel understands
> large numbers of groups.
>
> > Can anybody share experience on compiling samba on OpenSolaris? What's
> the
> > most painless way? I'm considering to use latest 3.5.5 but maybe I should
> > use same version Sun (Oracle) is using - 3.0.37? I have to set up Samba
> on 2
> > servers, which already replicate storage, so ID mapping must be
> consistent
> > between both Samba servers. Servers have to provide shares also to
> trusted
> > domains, but 3.0.37 doesn't have idmap_hash and seems that idmap_rid is
> not
> > supported to provide mappings for more than one domain, so anything newer
> > than 3.0.37 sounds like the right choice.
>
> The only reason they use 3.0.x is they're still unable to cope
> with the GPLv3 in (Open?)Solaris. Which is ironic as Oracle
> Linux has been shipping GPLv3 Samba for a while. But it's a big
> company, you can't expect one part to know what another part is
> up to :-).
>

Yeah, I read about that, but still, I was thinking that as they ship 3.0.37,
it should also be easier to compile because OS has all that's necessary for
3.0.37. Newer Samba versions may have some dependencies (new libs or newer
version of libs), that might be harder to satisfy. I have never compiled
samba so far and all I know at the moment (from documentation) is that AD
support requires krb5 and openldap development libraries and files.

>
> Jeremy.
>



-- 
ML