I modified source3/lib/system.c to print max groups to debugging output
and log.smbd outputs.
[2010/07/23 15:13:37.690438, 0] lib/system.c:1032(groups_max)
_SC_NGROUPS_MAX returned '1024'
Where else to look? OS allows me to add user to up to 1024 groups, samba
now works with up to 35 (previously with up to 16). Where to look next?
What could cause such strange limitation?
+++ lib/system.c 2010-07-23 15:18:46.314156915 +0300
@@ -1028,10 +1028,12 @@
int groups_max(void)
{
#if defined(SYSCONF_SC_NGROUPS_MAX)
int ret = sysconf(_SC_NGROUPS_MAX);
+ DEBUG(0,("_SC_NGROUPS_MAX is '%u'\n",ret));
return (ret == -1) ? NGROUPS_MAX : ret;
#else
+ DEBUG(0,("NGROUPS_MAX is '%u'\n",NGROUPS_MAX));
return NGROUPS_MAX;
#endif
}
MMM
by the way, did you know, that mouse initially was invented
just for simplifying text selection in xterm?
On 07/23/10 02:25 PM, Marcis Lielturks wrote:
I recompiled samba with modified /usr/include/limits.h, but it didn't
help. User cannot connect to share if he is member of more than 35
groups although share has permissions for one of users group. User can
access share only if there is permissions for user or users primary
group.
I think "smbd -b" output says that sysconfig values for NGROUPS_MAX
was used
# smbd -b | grep NGROUP
SYSCONF_SC_NGROUPS_MAX
But my test program in C suggests, that _SC_NGROUPS_MAX limit is 1024
$ cat sysconf.c ; ./sysconf
#include <unistd.h>
#include <stdio.h>
int main()
{
long ret;
ret=sysconf(_SC_NGROUPS_MAX);
printf("_SC_NGROUPS_MAX is '%d'\n",ret);
}
_SC_NGROUPS_MAX is '1024'
If user is member of more than 35 groups, logs say
smbd/service.c:163(set_conn_connectpath)
set_conn_connectpath: service SAMBA, connectpath = /SAMBA
- smbd/service.c:1031(make_connection_snum)
- '/SAMBA' does not exist or permission denied when connecting to
Error was Permission denied
If use is member of 35 groups or less, then they say
smbd/service.c:163(set_conn_connectpath)
set_conn_connectpath: service SAMBA, connectpath = /SAMBA
+ modules/vfs_default.c:152(vfswrap_fs_capabilities)
+ vfswrap_fs_capabilities: timestamp resolution of sec available on
share SAMBA, directory /SAMBA
+ smbd/service.c:1070(make_connection_snum)
+ w2k3r2target (192.168.0.120) connect to service SAMBA initially as
user PROSERVE+proact (uid=12459, gid=10513) (pid
18905)
Attached 2 compressed logs for machine user was connecting from - on
when user can connect and another when he cannot.
MMM
by the way, did you know, that mouse initially was invented
just for simplifying text selection in xterm?
On 07/23/10 12:57 PM, Marcis Lielturks wrote:
Hi!
I still have problems, now user can't access share if he's member of
more than 35 groups! I think I forgot to do one thing - modify
/usr/include/limits.h to reflect new NGROUPS_MAX value in kernel.
Can I check what NGROUPS_MAX value was used when compiling binaries?
Will /usr/include/limits.h modifications be enough?
MMM
by the way, did you know, that mouse initially was invented
just for simplifying text selection in xterm?
On 07/23/10 10:49 AM, Marcis Lielturks wrote:
Hi!
Thanks, yes I was using "-i". Now everything seems to work OK. My
main reason, why I compiled samba - 16 group limitation, is solved too!
Hopefully I'll later gather up few lines of instructions on how to
get 3.5.4 compiling on OpenSolaris (snv_134).
Thanks everybody for help!
MMM
by the way, did you know, that mouse initially was invented
just for simplifying text selection in xterm?
On 07/22/10 10:27 PM, Volker Lendecke wrote:
On Thu, Jul 22, 2010 at 09:51:40PM +0300, Mārcis Lielturks wrote:
Here's 6 files in compressed tar archive.
That looks all perfectly fine. The client just disconnects
again after it has done some querying.
How are you starting smbd? It a bit looks like you're
starting it with -i, which for normal server operations is
unfortunately wrong. You should start it with -D and let it
become a daemon.
Volker
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
