I am having a problem with Samba still core dumping on AIX 6.1 when my AD user
has 13 groups I am a member of.
I have the following directives set
winbind nested groups = no
winbind expand groups = 0
With this configuration I thought that Samba wouldn't try to find all the
groups that my original 13 groups are also members of, however samba continues
to core dump on sys_setgroups. Am I missing something in the configuration or
my understanding of the directives listed above?
On AIX 7.1 changing the new tunable has shown to work flawlessly but IBM has
said there is no plans to back port this tunable into AIX 6.1.
I applied the following patch are recompiled with no help.
>From 1958f6034916746363fcbfa504c84dc6a13be495 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <[email protected]>
Date: Wed, 23 Feb 2011 17:09:58 +0100
Subject: [PATCH] s3: Respect "winbind nested groups" in wb_gettoken_gotgroups
---
source3/winbindd/wb_gettoken.c | 5 +++++
1 files changed, 5 insertions(+), 0 deletions(-)
diff --git a/source3/winbindd/wb_gettoken.c b/source3/winbindd/wb_gettoken.c
index f2fbe4c..27d8c9a 100644
--- a/source3/winbindd/wb_gettoken.c
+++ b/source3/winbindd/wb_gettoken.c
@@ -103,6 +103,11 @@ static void wb_gettoken_gotgroups(struct tevent_req
*subreq)
state->num_sids += 1;
state->sids = sids;
+ if (!lp_winbind_nested_groups()) {
+ tevent_req_done(req);
+ return;
+ }
+
/*
* Expand our domain's aliases
*/
--
1.7.0.4
I also recompiled commenting out the panic when the number of groups exceeds
NGROUPS_MAX (which is hard coded to 128 in AIX 6.1).
Thanks
-----Original Message-----
From: [email protected] [mailto:[email protected]] On
Behalf Of Peacock,Josh
Sent: Monday, October 03, 2011 11:55 AM
To: [email protected]
Subject: [Samba] samba always expanding nested groups
Volker was working with someone back in Feb on this issue and sent a patch to
him but was wondering if that worked and if there was an official fix in the
works.
What is happening is even after setting "winbind expand groups = 0" the 13
groups currently assigned to my user are expanding into 220 groups. This also
breaks smbd by causing a panic and throwing the sys_set_groups error. Running
on AIX 6.1 TL 6 SP 5. I have tried this on 3.5.8 and 3.6.0.
Also AIX has made maximum number of groups per user a system parameter tunable
between 128 and 2048 in AIX 7.1. If samba could find a way to accommodate this
new parameter it would be great.
Thanks,
Josh
Josh Peacock
UNIX Administrator
-----------------------------------------------------------------------
Confidentiality Notice: This e-mail message, including any attachments,
is for the sole use of the intended recipient(s) and may contain
privileged and confidential information. Any unauthorized review, use,
disclosure or distribution is prohibited. If you are not the intended
recipient, please contact the sender by reply e-mail and destroy
all copies of the original message.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
-----------------------------------------------------------------------
Confidentiality Notice: This e-mail message, including any attachments,
is for the sole use of the intended recipient(s) and may contain
privileged and confidential information. Any unauthorized review, use,
disclosure or distribution is prohibited. If you are not the intended
recipient, please contact the sender by reply e-mail and destroy
all copies of the original message.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
