[Samba] AD Group update lag / cache, firewall related?
mathias dufresne
infractory at gmail.com
Fri Aug 25 15:22:46 UTC 2017
It seems maximum groups per user was 32 until 2.6.3 kernel. Then it is not
clear for same limit on recent kernel.
https://askubuntu.com/questions/300049/is-there-a-maximum-number-of-groups
2017-08-25 16:58 GMT+02:00 A. James Lewis via samba <samba at lists.samba.org>:
> August 25, 2017 3:12 PM, "Rowland Penny via samba" <samba at lists.samba.org>
> wrote:
>
> > On Fri, 25 Aug 2017 13:54:21 +0000
> > "A. James Lewis" <james at fsck.co.uk> wrote:
> >
> >> It's not offline.... and groups do usually filter through...
> >> sometimes immediately, sometimes never... but usually with a
> >> significant delay...
> >>
> >> I originally put this down to the ancient version of Samba or Winbind
> >> that was shipped with the OS, but it seems I was wrong...
> >>
> >> Winbind can see the group, and even the group membership... and the
> >> group is passed on to the OS, but not the group membership.
> >>
> >> eg:-
> >>
> >> wbinfo -g user | grep group <-- successful
> >>
> >> getent group group <-- successful
> >>
> >> however
> >>
> >> groups user | grep group <-- fails
> >>
> >> I was wondering if there's a limit on the number of groups, since the
> >> new machine using "groups", shows that the user has 128 groups, while
> >> a machine that's been around for a while shows 156 groups... and
> >> another machine that's local to the AD controller shows 174 groups.
> >
> > Hmm, try reading this:
> >
> > https://wiki.samba.org/index.php/Samba_4.6_Features_added/changed
> >
> > Under 'Samba 4.6.0' --> winbind changes
> >
> > Does 'groups user' show any groups ?
> >
>
> Yes, however I have 4 servers and they each show a different number of
> groups, 128, 154, 169 and 174...
>
> # for i in `groups user`; do echo $i; done | wc -l
>
> The Samba 4.6 box shows 128, which makes me think perhaps there is a limit
> to the number of groups that are processed somewhere... 128 being a
> suspicious number!..... but that's a pure guess!.
>
> > Rowland
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
>
> --
> A. James Lewis (james at fsck.co.uk)
> "Engineering does not require science. Science helps a lot but people
> built perfectly good brick walls long before they knew why cement works."
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list