[Samba] SID history secondary group set bloat

Ralph Boehme slow at samba.org
Tue Jun 8 19:31:03 UTC 2021

Am 08.06.21 um 17:00 schrieb Weiser, Michael via samba:
> I am facing a problem where SIDs from SID history are not mapped
> through the domain-specific ID mapping configuration and fall back to
> the default backend tdb. This leads to a bloated UNIX secondary group
> set in samba sessions which becomes problematic e.g. when accessing
> NFSv3 mounts which have a limit of 16 secondary groups. With enough
> SID history in enough groups, other limits may be exceeded, including
> the fallback backend ID range itself.
> Is this known/expected behaviour? Can it be prevented by any config
> option?

I don't know if this setup with the choice of sssd in nsswitch and
idmapping with nss backend can be bent to will, but from a high level,
SID history will work when using winbind in nsswitch and an idmap
backend that supports id-type "both", like rid or autorid.


Ralph Boehme, Samba Team                https://samba.org/
Samba Developer, SerNet GmbH   https://sernet.de/en/samba/
GPG-Fingerprint   FAE2C6088A24252051C559E4AA1E9B7126399E46

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20210608/9886c376/OpenPGP_signature.sig>

More information about the samba mailing list