On Wed, Aug 19, 2009 at 09:58:39AM -0500, McGranahan, Jamen
wrote:> Running Sun Solaris 9 sparc; trying to get Samba to interact with our
Windows Active Directory so we can create shares on our Sun server. Kerberos
works well. Wbinfo -u and Wbinfo -g both return results. Getent also returns
results, both getent passwd & getent group. I've created a test folder
and added it in the smb.conf file as a share:
>
> [test]
> path = /test
> writeable = yes
> browseable = yes
> guest ok = no
> valid users = VANDERBILT\mcgranj
> public = no
>
> This folder does exist on the server, but when I try to map, I get no
results. When I check the samba log, I see that samba crashes:
>
> lib240:/usr/local/samba/var#tail 129.59.149.157.log
> [2009/06/22 10:26:12, 0] lib/util.c:log_stack_trace(1827)
> unable to produce a stack trace on this platform
> [2009/06/22 10:26:12, 0] lib/fault.c:dump_core(231)
> dumping core in /usr/local/samba/var/cores/smbd
> [2009/08/19 09:50:50, 0] lib/util.c:smb_panic(1673)
> PANIC (pid 21681): sys_setgroups failed
> [2009/08/19 09:50:50, 0] lib/util.c:log_stack_trace(1827)
> unable to produce a stack trace on this platform
> [2009/08/19 09:50:50, 0] lib/fault.c:dump_core(231)
> dumping core in /usr/local/samba/var/cores/smbd
You're running into this bug :
https://bugzilla.samba.org/show_bug.cgi?id=2496
Solaris limits the number of supplementary groups
a user can be in to 32. This is too small for Windows,
and in Sun's in-kernel CIFS server running on ZFS
they have a kernel-only workaround which they currently
have refused to make available to user-space processes.
Please complain to Sun support about this situation,
and ask them to fix this limitation in the solaris
userspace support.
Attached to this bug you'll find a workaround
written by Dave Collier-Brown which uses an
LB_PRELOAD library to use the Solaris group
list as a cache.
Jeremy.
-----------------------------------------------------
From the code:
/*
* libgroups - a library for Samba on Solaris to allow
* an arbitrarily large number of groups.
*
*
* Problem Description:
* Unix has a system-wide limit on the number of groups
* a user may be in. Samba, which provides file service
* to Windows clients, needs to support larger numbers
* of groups per user. This is due to the Windows use of
* groups, which typically results in more than 16 or
* 32 groups for a user. At the moment, only Linux has
* enoug groups for a medium to large Windows AD domain.
*
* I therefor wrote this interposer library (at home)
* to remove this limitation on a per-process basis.
* It keeps an unbounded list of groups and treats the
* standard Solaris groups list as a cache. Before opening
* a file, the interposer checks to see if the open would
* fail because of a group not being in the cache, and if so
* will move it to the head of the ache, shifting the
* other entries down.
*
* Caveats:
* This was written for Samba, which is setuid-root.
* As the library requries root permissions for setgroups,
* it will ONLY work if the program is setuid root or
* otherwise has the ablity to call setgroups from the
* middle of the open interposer function. The library will
* try to abort immediately on startup if it does not
* have sufficient privelege.
*