|
|
I have run into a strange problem trying to run Samba 3.6.11 on OpenIndiana (think OpenSolaris) 151a7. I acquired 3.6.11 using the OpenCSW package but have also compiled 3.6.12 from source and experienced the identical issue. This seems to be an issue with Winbind.
I appear to be encountering yet another variant of the old "16 groups" limit. OpenIndiana has this by default, but I've included "set ngroups_max = 128" in /etc/system and rebooted for this to take effect. It clearly works, per the following tests:
1. I created a local user with memberships in ~30 groups. "id -a" lists all of them, and I am able to access directories which require those group permissions.
2. I have a user in our Active Directory domain that belongs to many groups. I can "su domain\\user" on the Unix side successfully. "id -a" once again shows every single group. If I have Samba running and use "pcred" to examine the credentials associated with this user's smbd, I am shown that every single group is accounted for.
3. The problem is that most of the groups from my AD user aren't functional when changing directory. If I attempt to "cd" into a directory to which the AD account has group permissions, it is generally denied. What I've found is that only a very few of the groups seem to work, the rest are rejected. "cd" fails from the command line, and in smbd a message is logged about "vfs_chdir" failing. Looking at the code, this appears to ultimately translate back to a simple "chdir()" call.
I will file a bug on this but wondered if anyone was aware of this issue and a workaround.
Thanks,
Allen
|
Locked
