manuel.piessnegger@straumann.com
2003-Oct-30 13:05 UTC
[Samba] samba3 backend ldap max groups..
Hello, I'm testing samba3 with the backend ldap on Linux to replace our NT 4 Domain. OS: Linux UL1 Samba3 OpenLdap 2.1 Samba3 works as PDC with the backend ldapsam. There a problem I'm still hanging. If a user is member of more then 32 groups I just can work with my defaultGroup (atrribute: sambaPrimaryGroupSID), all other authorisation will be denied although the user is member of all others groups too. But if the user is member of less then 32 groups everything works perfect. This restriction comes from Linux (NGroup_Max : 32). Is this the only workaround, too recompile the kernel? Did samba support groupmember more then 32? Have someone a idee to manage this problem? Regards Manuel
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 manuel.piessnegger@straumann.com wrote: | | This restriction comes from Linux (NGroup_Max : 32). | Is this the only workaround, too recompile the kernel? | Did samba support groupmember more then 32? Have someone | a idee to manage this problem? There is a possiblity to take the first 32 groups and truncate the list for initgroups(). That's the call that is failing. Problem with this is that can provide some random behavior. Access works one times and fails another session. I think bumping the max groups up and recompiling is the best solution, but then you might have to recompile your entire system :-) (well maybe just glibc but that's enough). cheers, jerry ~ ---------------------------------------------------------------------- ~ Hewlett-Packard ------------------------- http://www.hp.com ~ SAMBA Team ---------------------- http://www.samba.org ~ GnuPG Key ---- http://www.plainjoe.org/gpg_public.asc ~ "You can never go home again, Oatman, but I guess you can shop there." ~ --John Cusack - "Grosse Point Blank" (1997) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/oYOcIR7qMdg1EfYRArL4AJ0XmRjS4ns2FleyQQmxbd2mvsisoACg7o91 w14KrWUFOnknqfqK1COcQA8=gWqL -----END PGP SIGNATURE-----