Hi Richard, et al; Can't speak for Solaris, but HP-UX has a 20 group membership limit for HP-UX users. From man setgroups: must be no more than NGROUPS_MAX, as defined in <limits.h>. Same applies to initgroups. So Solaris may have some limit as well.... Hope this helps, Don
> -----Original Message----- > From: Richard Sharpe [mailto:[EMAIL PROTECTED] > Sent: Tuesday, March 04, 2003 22:08 > To: Gopal Bhat > Cc: samba; samba-technical > Subject: Re: number of groups of NT account causes authentication > problems > > > On Tue, 4 Mar 2003, Gopal Bhat wrote: > > > Hi, > > I did more experiments with this problem and found that > 'SMBD' fails to > > authenticate when the Number of Groups an NT user belongs > grows more > > than 14 (i.e. 15 or more). > > Thanks, > > Gopal > > I can't have a look until tomorrow, but I wonder, is it possible that > Solaris 9 has a restriction that the user cannot be in more that 14 > groups? I would think not, but will find it difficult to test tonight. > > Besides, I can probably only test on Solaris 8. > > If that is not the problem, then I would have to look at the > code that > does setgroups and test on our platform. > > > Gopal Bhat wrote: > > > > > I am facing a strange problem related to authentication > of NT users > > > accessing the SAMBA server. > > > Here are the details: > > > Server: Solaris 9, SUN Ultra 60, SAMBA 2.2.7a with PAM > and WINBIND > > > Client: Windows XP, NT4.0, 2000 > > > > > > Symptoms: > > > Created a share \\server\test (UNIX: /export/SMB/test) > with access to > > > group 'TestGoup' where 'TestUser' is a member. > > > 'TestUser' is a member of 14 more groups along with > 'TestGroup' (Total > > > number of TestUser's group = 15) > > > > > > With the above settings 'TestUser' can't access the share > > > '\\server\test', and the following message shows up in > the Client.log: > > > > > > [2003/03/04 13:31:52, 0] smbd/sec_ctx.c:initialise_groups(244) > > > Unable to initgroups. Error was Not owner > > > [2003/03/04 13:31:52, 0] smbd/sec_ctx.c:initialise_groups(247) > > > This is probably a problem with the account domain\testuser > > > [2003/03/04 13:31:52, 0] smbd/service.c:make_connection(599) > > > client (10.81.105.121) Can't change directory to /export/SMB/test > > > (Permission denied) > > > > > > If I change the number of groups the user 'TestUser' > belongs from 15 > > > to 8 ('TestGroup' + 7 other groups), the user can access > the share > > > '\\server\test' without any problems. > > > > > > It looks like there is some limitation on number of NT group > > > memberships 'smbd' can handle. Note: 'wbinfo' returns > all the right > > > groups of the user without any problems. > > > > > > Is there anyone out there who is aware of this problem > and knows a > > > workaround/solution to this? > > > I really appreciate any help from the prestigious SAMBA Team. > > > > > > Thanks, > > > Gopal > > > > > > > > > -- > Regards > ----- > Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, > sharpe[at]ethereal.com, http://www.richardsharpe.com >
