On Wed, Aug 19, 2009 at 09:58:39AM -0500, McGranahan, Jamen wrote: > Running Sun Solaris 9 sparc; trying to get Samba to interact with our Windows > Active Directory so we can create shares on our Sun server. Kerberos works > well. Wbinfo -u and Wbinfo -g both return results. Getent also returns > results, both getent passwd & getent group. I've created a test folder and > added it in the smb.conf file as a share: > > [test] > path = /test > writeable = yes > browseable = yes > guest ok = no > valid users = VANDERBILT\mcgranj > public = no > > This folder does exist on the server, but when I try to map, I get no > results. When I check the samba log, I see that samba crashes: > > lib240:/usr/local/samba/var#tail 129.59.149.157.log > [2009/06/22 10:26:12, 0] lib/util.c:log_stack_trace(1827) > unable to produce a stack trace on this platform > [2009/06/22 10:26:12, 0] lib/fault.c:dump_core(231) > dumping core in /usr/local/samba/var/cores/smbd > [2009/08/19 09:50:50, 0] lib/util.c:smb_panic(1673) > PANIC (pid 21681): sys_setgroups failed > [2009/08/19 09:50:50, 0] lib/util.c:log_stack_trace(1827) > unable to produce a stack trace on this platform > [2009/08/19 09:50:50, 0] lib/fault.c:dump_core(231) > dumping core in /usr/local/samba/var/cores/smbd
You're running into this bug : https://bugzilla.samba.org/show_bug.cgi?id=2496 Solaris limits the number of supplementary groups a user can be in to 32. This is too small for Windows, and in Sun's in-kernel CIFS server running on ZFS they have a kernel-only workaround which they currently have refused to make available to user-space processes. Please complain to Sun support about this situation, and ask them to fix this limitation in the solaris userspace support. Attached to this bug you'll find a workaround written by Dave Collier-Brown which uses an LB_PRELOAD library to use the Solaris group list as a cache. Jeremy. ----------------------------------------------------- From the code: /* * libgroups - a library for Samba on Solaris to allow * an arbitrarily large number of groups. * * * Problem Description: * Unix has a system-wide limit on the number of groups * a user may be in. Samba, which provides file service * to Windows clients, needs to support larger numbers * of groups per user. This is due to the Windows use of * groups, which typically results in more than 16 or * 32 groups for a user. At the moment, only Linux has * enoug groups for a medium to large Windows AD domain. * * I therefor wrote this interposer library (at home) * to remove this limitation on a per-process basis. * It keeps an unbounded list of groups and treats the * standard Solaris groups list as a cache. Before opening * a file, the interposer checks to see if the open would * fail because of a group not being in the cache, and if so * will move it to the head of the ache, shifting the * other entries down. * * Caveats: * This was written for Samba, which is setuid-root. * As the library requries root permissions for setgroups, * it will ONLY work if the program is setuid root or * otherwise has the ablity to call setgroups from the * middle of the open interposer function. The library will * try to abort immediately on startup if it does not * have sufficient privelege. * -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba