[Samba] Where is the limit on active groups?

Jeff Sadowski jeff.sadowski at gmail.com
Thu Dec 10 15:25:50 UTC 2015

# samba --version
Version 4.1.6-Ubuntu

# cat /proc/sys/kernel/ngroups_max
# sysctl kernel.ngroups_max
kernel.ngroups_max = 65536


   security = ads
   workgroup = MYDOMAIN
   idmap config * : backend = tdb
   idmap config * : range = 2000-7999
   idmap config MYDOMAIN:backend = ad
   idmap config MYDOMAIN:schema_mode = rfc2307
   idmap config MYDOMAIN:range = 8000-9999999
   winbind nss info = rfc2307
   winbind use default domain = yes
   winbind nested groups=yes
   # so that the users show up in getent
   winbind enum users = Yes
   # doesn't seem to do the same for groups :-/
   winbind enum groups = Yes
   restrict anonymous = 2

65536 is fine, more than enough for me

but something else is limiting my active groups

if I login as a user and run

> id|sed "s/,/\n/g"|grep -v 4294967295|wc -l

> id $USER|sed "s/,/\n/g"|grep -v 4294967295|wc -l

what is blocking my other 115 groups?

As Mattias Zhabinskiy pointed out to me I can use other groups but I have
to set them like so

> newgrp myothergroup

then I am in the other group, but I'd like for them to show in "id"

More information about the samba mailing list