[Samba] RE: number of groups of NT account causes authenticationproblems
Hi Richard, et al; Can't speak for Solaris, but HP-UX has a 20 group membership limit for HP-UX users. From man setgroups: must be no more than NGROUPS_MAX, as defined in limits.h. Same applies to initgroups. So Solaris may have some limit as well Hope this helps, Don -Original Message- From: Richard Sharpe [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 04, 2003 22:08 To: Gopal Bhat Cc: samba; samba-technical Subject: Re: number of groups of NT account causes authentication problems On Tue, 4 Mar 2003, Gopal Bhat wrote: Hi, I did more experiments with this problem and found that 'SMBD' fails to authenticate when the Number of Groups an NT user belongs grows more than 14 (i.e. 15 or more). Thanks, Gopal I can't have a look until tomorrow, but I wonder, is it possible that Solaris 9 has a restriction that the user cannot be in more that 14 groups? I would think not, but will find it difficult to test tonight. Besides, I can probably only test on Solaris 8. If that is not the problem, then I would have to look at the code that does setgroups and test on our platform. Gopal Bhat wrote: I am facing a strange problem related to authentication of NT users accessing the SAMBA server. Here are the details: Server: Solaris 9, SUN Ultra 60, SAMBA 2.2.7a with PAM and WINBIND Client: Windows XP, NT4.0, 2000 Symptoms: Created a share \\server\test (UNIX: /export/SMB/test) with access to group 'TestGoup' where 'TestUser' is a member. 'TestUser' is a member of 14 more groups along with 'TestGroup' (Total number of TestUser's group = 15) With the above settings 'TestUser' can't access the share '\\server\test', and the following message shows up in the Client.log: [2003/03/04 13:31:52, 0] smbd/sec_ctx.c:initialise_groups(244) Unable to initgroups. Error was Not owner [2003/03/04 13:31:52, 0] smbd/sec_ctx.c:initialise_groups(247) This is probably a problem with the account domain\testuser [2003/03/04 13:31:52, 0] smbd/service.c:make_connection(599) client (10.81.105.121) Can't change directory to /export/SMB/test (Permission denied) If I change the number of groups the user 'TestUser' belongs from 15 to 8 ('TestGroup' + 7 other groups), the user can access the share '\\server\test' without any problems. It looks like there is some limitation on number of NT group memberships 'smbd' can handle. Note: 'wbinfo' returns all the right groups of the user without any problems. Is there anyone out there who is aware of this problem and knows a workaround/solution to this? I really appreciate any help from the prestigious SAMBA Team. Thanks, Gopal -- Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: number of groups of NT account causes authenticationproblems
On Tue, 4 Mar 2003, Gopal Bhat wrote: Hi, I did more experiments with this problem and found that 'SMBD' fails to authenticate when the Number of Groups an NT user belongs grows more than 14 (i.e. 15 or more). In my experience this is VERY much a platform issue and not a Samba specific issue. Some Unix platforms allow no more than membership in 8 groups. - John T. Thanks, Gopal Gopal Bhat wrote: I am facing a strange problem related to authentication of NT users accessing the SAMBA server. Here are the details: Server: Solaris 9, SUN Ultra 60, SAMBA 2.2.7a with PAM and WINBIND Client: Windows XP, NT4.0, 2000 Symptoms: Created a share \\server\test (UNIX: /export/SMB/test) with access to group 'TestGoup' where 'TestUser' is a member. 'TestUser' is a member of 14 more groups along with 'TestGroup' (Total number of TestUser's group = 15) With the above settings 'TestUser' can't access the share '\\server\test', and the following message shows up in the Client.log: [2003/03/04 13:31:52, 0] smbd/sec_ctx.c:initialise_groups(244) Unable to initgroups. Error was Not owner [2003/03/04 13:31:52, 0] smbd/sec_ctx.c:initialise_groups(247) This is probably a problem with the account domain\testuser [2003/03/04 13:31:52, 0] smbd/service.c:make_connection(599) client (10.81.105.121) Can't change directory to /export/SMB/test (Permission denied) If I change the number of groups the user 'TestUser' belongs from 15 to 8 ('TestGroup' + 7 other groups), the user can access the share '\\server\test' without any problems. It looks like there is some limitation on number of NT group memberships 'smbd' can handle. Note: 'wbinfo' returns all the right groups of the user without any problems. Is there anyone out there who is aware of this problem and knows a workaround/solution to this? I really appreciate any help from the prestigious SAMBA Team. Thanks, Gopal -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: number of groups of NT account causes authenticationproblems
On Tue, 4 Mar 2003, Gopal Bhat wrote: Hi, I did more experiments with this problem and found that 'SMBD' fails to authenticate when the Number of Groups an NT user belongs grows more than 14 (i.e. 15 or more). Thanks, Gopal I can't have a look until tomorrow, but I wonder, is it possible that Solaris 9 has a restriction that the user cannot be in more that 14 groups? I would think not, but will find it difficult to test tonight. Besides, I can probably only test on Solaris 8. If that is not the problem, then I would have to look at the code that does setgroups and test on our platform. Gopal Bhat wrote: I am facing a strange problem related to authentication of NT users accessing the SAMBA server. Here are the details: Server: Solaris 9, SUN Ultra 60, SAMBA 2.2.7a with PAM and WINBIND Client: Windows XP, NT4.0, 2000 Symptoms: Created a share \\server\test (UNIX: /export/SMB/test) with access to group 'TestGoup' where 'TestUser' is a member. 'TestUser' is a member of 14 more groups along with 'TestGroup' (Total number of TestUser's group = 15) With the above settings 'TestUser' can't access the share '\\server\test', and the following message shows up in the Client.log: [2003/03/04 13:31:52, 0] smbd/sec_ctx.c:initialise_groups(244) Unable to initgroups. Error was Not owner [2003/03/04 13:31:52, 0] smbd/sec_ctx.c:initialise_groups(247) This is probably a problem with the account domain\testuser [2003/03/04 13:31:52, 0] smbd/service.c:make_connection(599) client (10.81.105.121) Can't change directory to /export/SMB/test (Permission denied) If I change the number of groups the user 'TestUser' belongs from 15 to 8 ('TestGroup' + 7 other groups), the user can access the share '\\server\test' without any problems. It looks like there is some limitation on number of NT group memberships 'smbd' can handle. Note: 'wbinfo' returns all the right groups of the user without any problems. Is there anyone out there who is aware of this problem and knows a workaround/solution to this? I really appreciate any help from the prestigious SAMBA Team. Thanks, Gopal -- Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: number of groups of NT account causes authenticationproblems
Hi, I did more experiments with this problem and found that 'SMBD' fails to authenticate when the Number of Groups an NT user belongs grows more than 14 (i.e. 15 or more). Thanks, Gopal Gopal Bhat wrote: I am facing a strange problem related to authentication of NT users accessing the SAMBA server. Here are the details: Server: Solaris 9, SUN Ultra 60, SAMBA 2.2.7a with PAM and WINBIND Client: Windows XP, NT4.0, 2000 Symptoms: Created a share \\server\test (UNIX: /export/SMB/test) with access to group 'TestGoup' where 'TestUser' is a member. 'TestUser' is a member of 14 more groups along with 'TestGroup' (Total number of TestUser's group = 15) With the above settings 'TestUser' can't access the share '\\server\test', and the following message shows up in the Client.log: [2003/03/04 13:31:52, 0] smbd/sec_ctx.c:initialise_groups(244) Unable to initgroups. Error was Not owner [2003/03/04 13:31:52, 0] smbd/sec_ctx.c:initialise_groups(247) This is probably a problem with the account domain\testuser [2003/03/04 13:31:52, 0] smbd/service.c:make_connection(599) client (10.81.105.121) Can't change directory to /export/SMB/test (Permission denied) If I change the number of groups the user 'TestUser' belongs from 15 to 8 ('TestGroup' + 7 other groups), the user can access the share '\\server\test' without any problems. It looks like there is some limitation on number of NT group memberships 'smbd' can handle. Note: 'wbinfo' returns all the right groups of the user without any problems. Is there anyone out there who is aware of this problem and knows a workaround/solution to this? I really appreciate any help from the prestigious SAMBA Team. Thanks, Gopal -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba