Be careful. Just rebuilding the kernel with an increased NGROUPS_MAX probably won't be sufficient.
To accommodate Windows users with lots (40-50) of group memberships, we had to rebuild NetBSD with NGROUPS_MAX set to 128. But we also had to rebuild userland, because anything that used NGROUPS_MAX statically would break. That meant almost everything in /sbin /usr/sbin and a lot of /bin and /usr/bin, not to mention libc. It's a pretty Big Deal. Ken ________________________________ Ken Cross Network Storage Solutions Phone 865.675.4070 ext 31 [EMAIL PROTECTED] > -----Original Message----- > From: > [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] > amba.org] On Behalf Of Gopal Bhat > Sent: Wednesday, March 05, 2003 9:25 PM > To: Michael G. Noble; [EMAIL PROTECTED] > Cc: samba; samba-technical > Subject: Re: [Samba] number of groups of NT account causes > authentication problems > > > Finally, I found that this problem is due to limitation of > Solaris OS. > By default, the kernel parameter NGROUPS_MAX ( # getconf > NGROUPS_MAX) is > set to 16 (/usr/include/limits.h), which can be changed to a > maximum of > 32 by putting a line: > set ngroups_max=32 > in /etc/system file and rebooting the server. If you do this, > the server > complains about some NFS problems: > # dmesg | grep -i ngroups > Mar 5 17:50:25 chevette unix: [ID 953839 kern.warning] WARNING: > ngroups_max of 32 > 16, NFS AUTH_SYS will not work properly > > But again, the cap is raised to 32 from 16. > To increase the parameter 'ngroups_max' beyond 32, one needs > to modify > the files '/usr/include/limits.h, /usr/include/sys/param.h', > and rebuild > the kernel. But there is no way to compile the new kernel on > solaris by > using this modified files. The 'boot -r' from the boot prom > level will > not recompile the kernel, it just loads the existing kernel using > '/etc/system' parameters which are limited by the parameters set by > '/usr/include/sys/param.h' during the original compilation. > > -Gopal > > Michael G. Noble wrote: > > >Solaris has a 15 member limit to groups. Since you are under that > >limit, it should not be a problem. I have Samba running on an Ultra > >60 with Solaris8, samba version 2.2.5. I have users who are members > >of at least 14 groups and not having any problems accessing shared > >folders. > > > >Mike > > > >On Tue, 2003-03-04 at 13:35, Gopal Bhat wrote: > > > > > >>I am facing a strange problem related to authentication of NT users > >>accessing the SAMBA server. > >>Here are the details: > >>Server: Solaris 9, SUN Ultra 60, SAMBA 2.2.7a with PAM and WINBIND > >>Client: Windows XP, NT4.0, 2000 > >> > >>Symptoms: > >>Created a share \\server\test (UNIX: /export/SMB/test) > with access to > >>group 'TestGoup' where 'TestUser' is a member. > >>'TestUser' is a member of 10 more groups along with > 'TestGroup' (Total > >>number of TestUser's group = 11) > >> > >>With the above settings 'TestUser' can't access the share > >>'\\server\test', and the following message shows up in the > Client.log: > >> > >>[2003/03/04 13:31:52, 0] smbd/sec_ctx.c:initialise_groups(244) > >> Unable to initgroups. Error was Not owner > >>[2003/03/04 13:31:52, 0] smbd/sec_ctx.c:initialise_groups(247) > >> This is probably a problem with the account domain\testuser > >>[2003/03/04 13:31:52, 0] smbd/service.c:make_connection(599) > >> client (10.81.105.121) Can't change directory to /export/SMB/test > >>(Permission denied) > >> > >>If I change the number of groups the user 'TestUser' > belongs from 11 > >>to > >>8 ('TestGroup' + 7 other groups), the user can access the share > >>'\\server\test' without any problems. > >> > >>It looks like there is some limitation on number of NT group > >>memberships > >>'smbd' can handle. > >>Note: 'wbinfo' returns all the right groups of the user without any > >>problems. > >> > >>Is there anyone out there who is aware of this problem and knows a > >>workaround/solution to this? > >>I really appreciate any help from the prestigious SAMBA Team. > >> > >>Thanks, > >>Gopal > >> > >>-- > >>To unsubscribe from this list go to the following URL and read the > >>instructions: http://lists.samba.org/mailman/listinfo/samba > >> > >> > > > > > > > > >