Azelton Sean (RBNA/CIT1)
2003-Aug-13 14:17 UTC
[Samba] group membership limitations and Linux
Hi all, I was hoping someone here would be willing to clear up some confusion we're having about group membership limits and linux. While trying to use a file server solution in an AD environment using OpenLDAP / sasl / Samba 2.2.x, we ran into the issue that when trying to import/re-create group membership, we reach a limit at 32 groups. It is my understanding that this is a limitation in the number of groups that a given user can be in because of some hard-coded values in the linux kernel. I'm wondering if we abandon the OpenLDAP idea and went to Samba 3 with direct AD authentication - would we run into this limitation again (on Linux)? If so - does this limitation exist on other platforms (FreeBSD for example) or even on other architectures (Solaris/SPARC)? If someone can point me to more information on this issue I'd greatly appreciate it, as we have the majority of our AD users (10s of thousands) with 150+ groups per user (we have a global AD forest). I'm not sure exactly how this limit would manifest itself using Samba 3 - if at all. Thanks, Sean
Azelton Sean (RBNA/CIT1)
2003-Aug-15 13:16 UTC
[Samba] Repost: group membership limitations and Linux kernel
Does anyone have any information with regard to this issue? Thank you, Sean On Wed, 2003-08-13 at 09:17, Azelton Sean (RBNA/CIT1) wrote:> Hi all, > > I was hoping someone here would be willing to clear up some confusion > we're having about group membership limits and linux. > > While trying to use a file server solution in an AD environment using > OpenLDAP / sasl / Samba 2.2.x, we ran into the issue that when trying > to import/re-create group membership, we reach a limit at 32 groups. > It is my understanding that this is a limitation in the number of > groups that a given user can be in because of some hard-coded values > in the linux kernel. > > I'm wondering if we abandon the OpenLDAP idea and went to Samba 3 with > direct AD authentication - would we run into this limitation again (on > Linux)? If so - does this limitation exist on other platforms > (FreeBSD for example) or even on other architectures (Solaris/SPARC)? > > If someone can point me to more information on this issue I'd greatly > appreciate it, as we have the majority of our AD users (10s of > thousands) with 150+ groups per user (we have a global AD forest). > I'm not sure exactly how this limit would manifest itself using Samba > 3 - if at all. > > > Thanks, > > Sean--- ###################### Sean Azelton, RHCE, MCSE Robert Bosch Corporation (RBNA/CIT1) ###################### Computer Information Technology Office 401 N. Bendix Drive - South Bend, IN 46628 Phone: 574-237-3837 Fax: 574-237-3105
Alexey Lobanov
2003-Aug-15 14:18 UTC
[Samba] Re: Repost: group membership limitations and Linux kernel
Hello. On 15 Aug 2003 at 8:14, Azelton Sean (RBNA/CIT1) wrote: From: "Azelton Sean (RBNA/CIT1)" <sean.azelton@us.bosch.com> To: samba@lists.samba.org Date sent: 15 Aug 2003 08:14:58 -0500 Subject: [Samba] Repost: group membership limitations and Linux kernel> Does anyone have any information with regard to this issue?aal@woody:~$ getent group | grep aal | wc -l 44 aal@woody:~$ cat /etc/group | grep aal | wc -l 9 aal@woody:~$ uname -a Linux woody 2.4.21 #2 SMP Sat Jul 26 12:05:26 MSD 2003 i686 unknown aal@woody:~$ less /etc/nsswitch.conf ... group: files [NOTFOUND=continue] ldap> > While trying to use a file server solution in an AD environment using > > OpenLDAP / sasl / Samba 2.2.x, we ran into the issue that when trying > > to import/re-create group membership, we reach a limit at 32 groups. > > It is my understanding that this is a limitation in the number of > > groups that a given user can be in because of some hard-coded values > > in the linux kernel.