On Wed, February 10, 2010 15:08, Joe Ammann wrote: > Sorry for the delay. I tried to reproduce this in a lab setup, but was > unable to. Even with a user that is a member of 1000 groups, accessing and > permission check works. So it's probably not an issue with the sheer > number of groups. > > So I investigated a bit more in the production environment
Some more testing revealed, that actually the group lookups seems to work: For the user that works # wbinfo --user-domgroups=S-1-5-21-1204043072-522325977-1734762113-122312 S-1-5-21-1204043072-522325977-1734762113-122312 .... and so on, total 97 sids For the user that does not work # wbinfo --user-domgroups=S-1-5-21-1204043072-522325977-1734762113-124446 S-1-5-21-1204043072-522325977-1734762113-124446 .... and so on, total 131 sids Also, wbinfo -r does work for both users: # wbinfo -r xxxxxx | wc -l 225 # wbinfo -r xxxxxxa | wc -l 313 It really looks like the "only" thing that does not work is the user information lookup. But I don't understand what could fail there?? Besides the name and the SID (to construct the UID/GID), I can't see what information is taken from AD?? I'm confused .. CU, Joe -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
