[Samba] group membership limitations and Linux
Azelton Sean (RBNA/CIT1)
I was hoping someone here would be willing to clear up some confusion
we're having about group membership limits and linux.
While trying to use a file server solution in an AD environment using
OpenLDAP / sasl / Samba 2.2.x, we ran into the issue that when trying
to import/re-create group membership, we reach a limit at 32 groups.
It is my understanding that this is a limitation in the number of groups
that a given user can be in because of some hard-coded values in the
linux kernel.
I'm wondering if we abandon the OpenLDAP idea and went to Samba 3 with
direct AD authentication - would we run into this limitation again (on
Linux)? If so - does this limitation exist on other platforms
(FreeBSD for example) or even on other architectures (Solaris/SPARC)?
If someone can point me to more information on this issue I'd greatly
appreciate it, as we have the majority of our AD users (10s of
thousands) with 150+ groups per user (we have a global AD forest). I'm
not sure exactly how this limit would manifest itself using Samba 3 - if
at all.
Thanks,
Sean
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
Azelton Sean (RBNA/CIT1)
Thank you,
Sean
On Wed, 2003-08-13 at 09:17, Azelton Sean (RBNA/CIT1) wrote:
> Hi all,
>
> I was hoping someone here would be willing to clear up some confusion
> we're having about group membership limits and linux.
>
> While trying to use a file server solution in an AD environment using
> OpenLDAP / sasl / Samba 2.2.x, we ran into the issue that when trying
> to import/re-create group membership, we reach a limit at 32 groups.
> It is my understanding that this is a limitation in the number of
> groups that a given user can be in because of some hard-coded values
> in the linux kernel.
>
> I'm wondering if we abandon the OpenLDAP idea and went to Samba 3 with
> direct AD authentication - would we run into this limitation again (on
> Linux)? If so - does this limitation exist on other platforms
> (FreeBSD for example) or even on other architectures (Solaris/SPARC)?
>
> If someone can point me to more information on this issue I'd greatly
> appreciate it, as we have the majority of our AD users (10s of
> thousands) with 150+ groups per user (we have a global AD forest).
> I'm not sure exactly how this limit would manifest itself using Samba
> 3 - if at all.
>
>
> Thanks,
>
> Sean
---
######################
Sean Azelton, RHCE, MCSE
Robert Bosch Corporation (RBNA/CIT1)
######################
Computer Information Technology Office
401 N. Bendix Drive - South Bend, IN 46628
Phone: 574-237-3837
Fax: 574-237-3105
Alexey Lobanov
On 15 Aug 2003 at 8:14, Azelton Sean (RBNA/CIT1) wrote:
From: "Azelton Sean (RBNA/CIT1)" <sean.a...@us.bosch.com>
To: sa...@lists.samba.org
Date sent: 15 Aug 2003 08:14:58 -0500
Subject: [Samba] Repost: group membership limitations and Linux kernel
> Does anyone have any information with regard to this issue?
aal@woody:~$ getent group | grep aal | wc -l
44
aal@woody:~$ cat /etc/group | grep aal | wc -l
9
aal@woody:~$ uname -a
Linux woody 2.4.21 #2 SMP Sat Jul 26 12:05:26 MSD 2003 i686 unknown
aal@woody:~$ less /etc/nsswitch.conf
...
group: files [NOTFOUND=continue] ldap
> > While trying to use a file server solution in an AD environment using
> > OpenLDAP / sasl / Samba 2.2.x, we ran into the issue that when trying
> > to import/re-create group membership, we reach a limit at 32 groups.
> > It is my understanding that this is a limitation in the number of
> > groups that a given user can be in because of some hard-coded values
> > in the linux kernel.