On Wed, Dec 12, 2007 at 02:21:43PM -0600, Nathan VanHoudnos wrote: > Hi, > > I'm running Samba Version 3.0.25c on Solaris 10 8/07 on X86 hardware. > It's successfully joined to AD. > > But, and there always is a but, if : > * A user is a member of SomeGroup > * and the share alllows SomeGroup to access it > * and SomeGroup is NOT what the user has set as their Primary Group in > Active Directory > then > * Samba will recognize that the user can access the share > * but, vfs_ChDir will fail > > Consider a user, "vanhoudn", whose primary group is "WSG Staff". > If the share config is set to: > [arrakis] > path = "/export/arrakis" > comment = "Arraken Test share" > writeable = yes > valid users = @"UIUC+domain users" > vfs objects = zfsacl > nfs4: mode = special > > The logs will spit out: > [2007/12/12 10:09:17, 10] smbd/share_access.c:(232) > user_ok_token: share arrakis is ok for unix user UIUC+vanhoudn > [2007/12/12 10:09:17, 10] smbd/share_access.c:(274) > is_share_read_only_for_user: share arrakis is read-write for unix user > UIUC+vanhoudn > > Which is good. And, we can see that samba is correctly finding all of > the groups that this user is a member of... > > [2007/12/12 10:09:17, 5] auth/auth_util.c:(474) > UNIX token of user 10000 > Primary group is 10031 and contains 58 supplementary groups > Group[ 0]: 10007 > Group[ 1]: 10008 > <etc>
Doesn't Solaris still have a limit of 16 UNIX groups per process token ? Or did that get fixed ? That would explain this. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
