[Samba] Where is the limit on active groups?
Jeff Sadowski
jeff.sadowski at gmail.com
Thu Dec 10 15:25:50 UTC 2015
# samba --version
Version 4.1.6-Ubuntu
# cat /proc/sys/kernel/ngroups_max
65536
# sysctl kernel.ngroups_max
kernel.ngroups_max = 65536
/etc/samba/smb.conf
security = ads
realm = MYDOMAIN.LOCAL
workgroup = MYDOMAIN
idmap config * : backend = tdb
idmap config * : range = 2000-7999
idmap config MYDOMAIN:backend = ad
idmap config MYDOMAIN:schema_mode = rfc2307
idmap config MYDOMAIN:range = 8000-9999999
winbind nss info = rfc2307
winbind use default domain = yes
winbind nested groups=yes
# so that the users show up in getent
winbind enum users = Yes
# doesn't seem to do the same for groups :-/
winbind enum groups = Yes
restrict anonymous = 2
65536 is fine, more than enough for me
but something else is limiting my active groups
if I login as a user and run
> id|sed "s/,/\n/g"|grep -v 4294967295|wc -l
28
> id $USER|sed "s/,/\n/g"|grep -v 4294967295|wc -l
143
what is blocking my other 115 groups?
As Mattias Zhabinskiy pointed out to me I can use other groups but I have
to set them like so
> newgrp myothergroup
then I am in the other group, but I'd like for them to show in "id"
More information about the samba
mailing list