[Samba] RE: number of groups of NT account causes authenticationproblems
Hi Richard, et al;
Can't speak for Solaris, but HP-UX has a 20 group membership limit
for HP-UX users. From man setgroups: must be no more than NGROUPS_MAX,
as defined in limits.h. Same applies to initgroups.
So Solaris may have some limit as well
Hope this helps,
Don
-Original Message-
From: Richard Sharpe [mailto:[EMAIL PROTECTED]
Sent: Tuesday, March 04, 2003 22:08
To: Gopal Bhat
Cc: samba; samba-technical
Subject: Re: number of groups of NT account causes authentication
problems
On Tue, 4 Mar 2003, Gopal Bhat wrote:
Hi,
I did more experiments with this problem and found that
'SMBD' fails to
authenticate when the Number of Groups an NT user belongs
grows more
than 14 (i.e. 15 or more).
Thanks,
Gopal
I can't have a look until tomorrow, but I wonder, is it possible that
Solaris 9 has a restriction that the user cannot be in more that 14
groups? I would think not, but will find it difficult to test tonight.
Besides, I can probably only test on Solaris 8.
If that is not the problem, then I would have to look at the
code that
does setgroups and test on our platform.
Gopal Bhat wrote:
I am facing a strange problem related to authentication
of NT users
accessing the SAMBA server.
Here are the details:
Server: Solaris 9, SUN Ultra 60, SAMBA 2.2.7a with PAM
and WINBIND
Client: Windows XP, NT4.0, 2000
Symptoms:
Created a share \\server\test (UNIX: /export/SMB/test)
with access to
group 'TestGoup' where 'TestUser' is a member.
'TestUser' is a member of 14 more groups along with
'TestGroup' (Total
number of TestUser's group = 15)
With the above settings 'TestUser' can't access the share
'\\server\test', and the following message shows up in
the Client.log:
[2003/03/04 13:31:52, 0] smbd/sec_ctx.c:initialise_groups(244)
Unable to initgroups. Error was Not owner
[2003/03/04 13:31:52, 0] smbd/sec_ctx.c:initialise_groups(247)
This is probably a problem with the account domain\testuser
[2003/03/04 13:31:52, 0] smbd/service.c:make_connection(599)
client (10.81.105.121) Can't change directory to /export/SMB/test
(Permission denied)
If I change the number of groups the user 'TestUser'
belongs from 15
to 8 ('TestGroup' + 7 other groups), the user can access
the share
'\\server\test' without any problems.
It looks like there is some limitation on number of NT group
memberships 'smbd' can handle. Note: 'wbinfo' returns
all the right
groups of the user without any problems.
Is there anyone out there who is aware of this problem
and knows a
workaround/solution to this?
I really appreciate any help from the prestigious SAMBA Team.
Thanks,
Gopal
--
Regards
-
Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org,
sharpe[at]ethereal.com, http://www.richardsharpe.com
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: number of groups of NT account causes authenticationproblems
On Tue, 4 Mar 2003, Gopal Bhat wrote:
Hi,
I did more experiments with this problem and found that 'SMBD' fails to
authenticate when the Number of Groups an NT user belongs grows more
than 14 (i.e. 15 or more).
In my experience this is VERY much a platform issue and not a Samba
specific issue. Some Unix platforms allow no more than membership in 8
groups.
- John T.
Thanks,
Gopal
Gopal Bhat wrote:
I am facing a strange problem related to authentication of NT users
accessing the SAMBA server.
Here are the details:
Server: Solaris 9, SUN Ultra 60, SAMBA 2.2.7a with PAM and WINBIND
Client: Windows XP, NT4.0, 2000
Symptoms:
Created a share \\server\test (UNIX: /export/SMB/test) with access to
group 'TestGoup' where 'TestUser' is a member.
'TestUser' is a member of 14 more groups along with 'TestGroup' (Total
number of TestUser's group = 15)
With the above settings 'TestUser' can't access the share
'\\server\test', and the following message shows up in the Client.log:
[2003/03/04 13:31:52, 0] smbd/sec_ctx.c:initialise_groups(244)
Unable to initgroups. Error was Not owner
[2003/03/04 13:31:52, 0] smbd/sec_ctx.c:initialise_groups(247)
This is probably a problem with the account domain\testuser
[2003/03/04 13:31:52, 0] smbd/service.c:make_connection(599)
client (10.81.105.121) Can't change directory to /export/SMB/test
(Permission denied)
If I change the number of groups the user 'TestUser' belongs from 15
to 8 ('TestGroup' + 7 other groups), the user can access the share
'\\server\test' without any problems.
It looks like there is some limitation on number of NT group
memberships 'smbd' can handle. Note: 'wbinfo' returns all the right
groups of the user without any problems.
Is there anyone out there who is aware of this problem and knows a
workaround/solution to this?
I really appreciate any help from the prestigious SAMBA Team.
Thanks,
Gopal
--
John H Terpstra
Email: [EMAIL PROTECTED]
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: number of groups of NT account causes authenticationproblems
On Tue, 4 Mar 2003, Gopal Bhat wrote:
Hi,
I did more experiments with this problem and found that 'SMBD' fails to
authenticate when the Number of Groups an NT user belongs grows more
than 14 (i.e. 15 or more).
Thanks,
Gopal
I can't have a look until tomorrow, but I wonder, is it possible that
Solaris 9 has a restriction that the user cannot be in more that 14
groups? I would think not, but will find it difficult to test tonight.
Besides, I can probably only test on Solaris 8.
If that is not the problem, then I would have to look at the code that
does setgroups and test on our platform.
Gopal Bhat wrote:
I am facing a strange problem related to authentication of NT users
accessing the SAMBA server.
Here are the details:
Server: Solaris 9, SUN Ultra 60, SAMBA 2.2.7a with PAM and WINBIND
Client: Windows XP, NT4.0, 2000
Symptoms:
Created a share \\server\test (UNIX: /export/SMB/test) with access to
group 'TestGoup' where 'TestUser' is a member.
'TestUser' is a member of 14 more groups along with 'TestGroup' (Total
number of TestUser's group = 15)
With the above settings 'TestUser' can't access the share
'\\server\test', and the following message shows up in the Client.log:
[2003/03/04 13:31:52, 0] smbd/sec_ctx.c:initialise_groups(244)
Unable to initgroups. Error was Not owner
[2003/03/04 13:31:52, 0] smbd/sec_ctx.c:initialise_groups(247)
This is probably a problem with the account domain\testuser
[2003/03/04 13:31:52, 0] smbd/service.c:make_connection(599)
client (10.81.105.121) Can't change directory to /export/SMB/test
(Permission denied)
If I change the number of groups the user 'TestUser' belongs from 15
to 8 ('TestGroup' + 7 other groups), the user can access the share
'\\server\test' without any problems.
It looks like there is some limitation on number of NT group
memberships 'smbd' can handle. Note: 'wbinfo' returns all the right
groups of the user without any problems.
Is there anyone out there who is aware of this problem and knows a
workaround/solution to this?
I really appreciate any help from the prestigious SAMBA Team.
Thanks,
Gopal
--
Regards
-
Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org,
sharpe[at]ethereal.com, http://www.richardsharpe.com
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: number of groups of NT account causes authenticationproblems
Hi,
I did more experiments with this problem and found that 'SMBD' fails to
authenticate when the Number of Groups an NT user belongs grows more
than 14 (i.e. 15 or more).
Thanks,
Gopal
Gopal Bhat wrote:
I am facing a strange problem related to authentication of NT users
accessing the SAMBA server.
Here are the details:
Server: Solaris 9, SUN Ultra 60, SAMBA 2.2.7a with PAM and WINBIND
Client: Windows XP, NT4.0, 2000
Symptoms:
Created a share \\server\test (UNIX: /export/SMB/test) with access to
group 'TestGoup' where 'TestUser' is a member.
'TestUser' is a member of 14 more groups along with 'TestGroup' (Total
number of TestUser's group = 15)
With the above settings 'TestUser' can't access the share
'\\server\test', and the following message shows up in the Client.log:
[2003/03/04 13:31:52, 0] smbd/sec_ctx.c:initialise_groups(244)
Unable to initgroups. Error was Not owner
[2003/03/04 13:31:52, 0] smbd/sec_ctx.c:initialise_groups(247)
This is probably a problem with the account domain\testuser
[2003/03/04 13:31:52, 0] smbd/service.c:make_connection(599)
client (10.81.105.121) Can't change directory to /export/SMB/test
(Permission denied)
If I change the number of groups the user 'TestUser' belongs from 15
to 8 ('TestGroup' + 7 other groups), the user can access the share
'\\server\test' without any problems.
It looks like there is some limitation on number of NT group
memberships 'smbd' can handle. Note: 'wbinfo' returns all the right
groups of the user without any problems.
Is there anyone out there who is aware of this problem and knows a
workaround/solution to this?
I really appreciate any help from the prestigious SAMBA Team.
Thanks,
Gopal
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
