I did more experiments with this problem and found that 'SMBD' fails to authenticate when the Number of Groups an NT user belongs grows more than 14 (i.e. 15 or more).
Thanks,
Gopal
Gopal Bhat wrote:
I am facing a strange problem related to authentication of NT users accessing the SAMBA server.
Here are the details:
Server: Solaris 9, SUN Ultra 60, SAMBA 2.2.7a with PAM and WINBIND
Client: Windows XP, NT4.0, 2000
Symptoms:
Created a share \\server\test (UNIX: /export/SMB/test) with access to group 'TestGoup' where 'TestUser' is a member.
'TestUser' is a member of 14 more groups along with 'TestGroup' (Total number of TestUser's group = 15)
With the above settings 'TestUser' can't access the share '\\server\test', and the following message shows up in the Client.log:
[2003/03/04 13:31:52, 0] smbd/sec_ctx.c:initialise_groups(244)
Unable to initgroups. Error was Not owner
[2003/03/04 13:31:52, 0] smbd/sec_ctx.c:initialise_groups(247)
This is probably a problem with the account domain\testuser
[2003/03/04 13:31:52, 0] smbd/service.c:make_connection(599)
client (10.81.105.121) Can't change directory to /export/SMB/test (Permission denied)
If I change the number of groups the user 'TestUser' belongs from 15 to 8 ('TestGroup' + 7 other groups), the user can access the share '\\server\test' without any problems.
It looks like there is some limitation on number of NT group memberships 'smbd' can handle. Note: 'wbinfo' returns all the right groups of the user without any problems.
Is there anyone out there who is aware of this problem and knows a workaround/solution to this?
I really appreciate any help from the prestigious SAMBA Team.
Thanks, Gopal
