[Samba] sys_setgroups failed on Solaris 11
Jean-Christophe Delaye
Jean-Christophe.Delaye at eurecom.fr
Thu Jun 7 15:28:43 UTC 2018
On 06/07/2018 04:04 PM, Teddy Brown via samba wrote:
> Hi,
> I'm trying to create a new Samba server to share files. We currently have an instance of Samba 3.6 on another server which we are using but need to retire that server.
>
> I recently set up a new AD domain on Samba 4.3.11 on Ubuntu 16.04. There are two domain controllers. Most of the PCs are joined to this AD domain.
>
> Our user accounts and group memberships are maintained in an LDAP directory. On our Linux servers SSSD is used to authenticate and authorize and Solaris servers use nsswitch ldap directly.
>
> I've followed the instructions here to join the new Samba server (Samba 4.4.14 on Solaris 11.3) to the AD domain.
> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
>
> My hope is to use AD for authentication, but for the users & groups to be read by the Samba server OS as if our users were on Unix/Linux directly. Our current Samba 3.6 works this way. We assign permissions in Unix. We don't assign permissions using Windows.
>
> Anyways, when I connect it seems work when I authenticate but then it bails on sys_setgroups.
>
> Not sure what to look for now. What information should I provide for help?
Samba may panic when user is a member of more then NGROUPS_MAX Active
Directory groups.
set ngroups_max to at least the maximum number of groups a Active
Directory user belongs to.
As an example, the following line in /etc/system will set ngroups_max to
128:
set ngroups_max = 128
(a reboot is required after changing /etc/system).
>
> #
> # smb.conf
> #======================= Global Settings =====================================
> [global]
> security = ADS
> workgroup = MYDOMAIN-AD
> server string = Samba Server on LEX
> server role = standalone server
> log file = /var/samba/log/log.%m
> max log size = 50
> realm = MYDOMAIN-AD.CTG.QUEENSU.CA
> passdb backend = tdbsam
>
> interfaces = 10.1.21.220/16
> bind interfaces only = yes
> wins support = no
>
> idmap config * : backend = tdb
> idmap config * : range = 3000-7999
>
> idmap config MYDOMAIN-AD : backend = nss
> idmap config MYDOMAIn-AD : range = 100000-999999
>
> #
> #
> # some output from: smbd -i -d3
> ....snip...
> ldb_wrap open of secrets.ldb
> check_ntlm_password: winbind authentication for user [teddy] succeeded
> check_ntlm_password: authentication for user [teddy] -> [teddy] -> [teddy] succeeded
> NTLMSSP Sign/Seal - Initialising with flags:
> Got NTLMSSP neg_flags=0xe2088215
> NTLMSSP Sign/Seal - Initialising with flags:
> Got NTLMSSP neg_flags=0xe2088215
> Adding homes service for user 'teddy' using home directory: '/home/teddy'
> adding home's share [teddy] for user 'teddy' at '/home/teddy'
> Allowed connection from 10.0.61.1 (10.0.61.1)
> Connect path is '/tmp' for service [IPC$]
> Initialising default vfs hooks
> Initialising custom vfs hooks from [/[Default VFS]/]
> PANIC (pid 23738): sys_setgroups failed
> BACKTRACE: 22 stack frames:
> ....snip....
>
More information about the samba
mailing list