First, for clarification, Solaris CIFS service only supports two forms
of authentication:
1. In domain mode, it can only authenticate domain users against an
Active Directory domain, at this point only using pass-through
authentication. Kerberos authentication hopefully will be available
by the year's end.
2. In workgroup mode, only local users i.e. users with entries in
/etc/passwd of the system running the CIFS service will be authenticated
by the CIFS server itself. The same is true for local users in domain
mode.
Regarding group membership:
For a domain user, all user's Windows groups are used and there is no
limitation here. If the user is mapped to a valid Solaris user, all
his/her groups will be used as well, at this context CIFS server is
limited by any limitation imposed by Solaris i.e. 16, 32 or 1024 in
future.
For a local user, CIFS server is again limited to Solaris rules for
group membership whatever they happen to be.
Hope, this answers your question.
Afshin
David Bond wrote:
Hi,
Basically what the tite says, does the CIFS service have the limitation of 32 groups per user?
I noticed that some other people have commented on the limitations when using SAMBA and reported it to sun (not knowning the initial problem) and then found out that it was just the limitation of solaris (following the RFE)
Does CIFS have the same limitation?
Nothing to do with CIFS with this next question, but wondering if you would
know anyway.
Would LDAP authentication be affected by this limitation (local logins, using
active directory domain)?
As what I have read if you are in more then 32 groups, you just cant
authenticate anymore, so that would mean that most of the users in our domain
couldnt logon to the server (if needed) via SSH.
_______________________________________________
cifs-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
