On Tue, 4 Mar 2003, Gopal Bhat wrote: > Hi, > I did more experiments with this problem and found that 'SMBD' fails to > authenticate when the Number of Groups an NT user belongs grows more > than 14 (i.e. 15 or more). > Thanks, > Gopal
I can't have a look until tomorrow, but I wonder, is it possible that Solaris 9 has a restriction that the user cannot be in more that 14 groups? I would think not, but will find it difficult to test tonight. Besides, I can probably only test on Solaris 8. If that is not the problem, then I would have to look at the code that does setgroups and test on our platform. > Gopal Bhat wrote: > > > I am facing a strange problem related to authentication of NT users > > accessing the SAMBA server. > > Here are the details: > > Server: Solaris 9, SUN Ultra 60, SAMBA 2.2.7a with PAM and WINBIND > > Client: Windows XP, NT4.0, 2000 > > > > Symptoms: > > Created a share \\server\test (UNIX: /export/SMB/test) with access to > > group 'TestGoup' where 'TestUser' is a member. > > 'TestUser' is a member of 14 more groups along with 'TestGroup' (Total > > number of TestUser's group = 15) > > > > With the above settings 'TestUser' can't access the share > > '\\server\test', and the following message shows up in the Client.log: > > > > [2003/03/04 13:31:52, 0] smbd/sec_ctx.c:initialise_groups(244) > > Unable to initgroups. Error was Not owner > > [2003/03/04 13:31:52, 0] smbd/sec_ctx.c:initialise_groups(247) > > This is probably a problem with the account domain\testuser > > [2003/03/04 13:31:52, 0] smbd/service.c:make_connection(599) > > client (10.81.105.121) Can't change directory to /export/SMB/test > > (Permission denied) > > > > If I change the number of groups the user 'TestUser' belongs from 15 > > to 8 ('TestGroup' + 7 other groups), the user can access the share > > '\\server\test' without any problems. > > > > It looks like there is some limitation on number of NT group > > memberships 'smbd' can handle. Note: 'wbinfo' returns all the right > > groups of the user without any problems. > > > > Is there anyone out there who is aware of this problem and knows a > > workaround/solution to this? > > I really appreciate any help from the prestigious SAMBA Team. > > > > Thanks, > > Gopal > > > > -- Regards ----- Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com