From: Marcis Lielturks on
I recompiled samba with modified /usr/include/limits.h, but it didn't
help. User cannot connect to share if he is member of more than 35
groups although share has permissions for one of users group. User can
access share only if there is permissions for user or users primary group.

I think "smbd -b" output says that sysconfig values for NGROUPS_MAX was used

# smbd -b | grep NGROUP
SYSCONF_SC_NGROUPS_MAX

But my test program in C suggests, that _SC_NGROUPS_MAX limit is 1024

$ cat sysconf.c ; ./sysconf
#include <unistd.h>
#include <stdio.h>

int main()
{
long ret;
ret=sysconf(_SC_NGROUPS_MAX);
printf("_SC_NGROUPS_MAX is '%d'\n",ret);
}
_SC_NGROUPS_MAX is '1024'


If user is member of more than 35 groups, logs say

smbd/service.c:163(set_conn_connectpath)
set_conn_connectpath: service SAMBA, connectpath = /SAMBA
- smbd/service.c:1031(make_connection_snum)
- '/SAMBA' does not exist or permission denied when connecting to
Error was Permission denied

If use is member of 35 groups or less, then they say
smbd/service.c:163(set_conn_connectpath)
set_conn_connectpath: service SAMBA, connectpath = /SAMBA
+ modules/vfs_default.c:152(vfswrap_fs_capabilities)
+ vfswrap_fs_capabilities: timestamp resolution of sec available on
share SAMBA, directory /SAMBA
+ smbd/service.c:1070(make_connection_snum)
+ w2k3r2target (192.168.0.120) connect to service SAMBA initially as
user PROSERVE+proact (uid=12459, gid=10513) (pid
18905)

Attached 2 compressed logs for machine user was connecting from - on
when user can connect and another when he cannot.

MMM

by the way, did you know, that mouse initially was invented
just for simplifying text selection in xterm?


On 07/23/10 12:57 PM, Marcis Lielturks wrote:
> Hi!
>
> I still have problems, now user can't access share if he's member of
> more than 35 groups! I think I forgot to do one thing - modify
> /usr/include/limits.h to reflect new NGROUPS_MAX value in kernel.
>
> Can I check what NGROUPS_MAX value was used when compiling binaries?
> Will /usr/include/limits.h modifications be enough?
>
> MMM
>
> by the way, did you know, that mouse initially was invented
> just for simplifying text selection in xterm?
>
>
> On 07/23/10 10:49 AM, Marcis Lielturks wrote:
>> Hi!
>>
>> Thanks, yes I was using "-i". Now everything seems to work OK. My
>> main reason, why I compiled samba - 16 group limitation, is solved too!
>>
>> Hopefully I'll later gather up few lines of instructions on how to
>> get 3.5.4 compiling on OpenSolaris (snv_134).
>>
>> Thanks everybody for help!
>>
>> MMM
>>
>> by the way, did you know, that mouse initially was invented
>> just for simplifying text selection in xterm?
>>
>>
>> On 07/22/10 10:27 PM, Volker Lendecke wrote:
>>> On Thu, Jul 22, 2010 at 09:51:40PM +0300, Mārcis Lielturks wrote:
>>>> Here's 6 files in compressed tar archive.
>>> That looks all perfectly fine. The client just disconnects
>>> again after it has done some querying.
>>>
>>> How are you starting smbd? It a bit looks like you're
>>> starting it with -i, which for normal server operations is
>>> unfortunately wrong. You should start it with -D and let it
>>> become a daemon.
>>>
>>> Volker
From: Marcis Lielturks on
I modified source3/lib/system.c to print max groups to debugging output
and log.smbd outputs.

[2010/07/23 15:13:37.690438, 0] lib/system.c:1032(groups_max)
_SC_NGROUPS_MAX returned '1024'


Where else to look? OS allows me to add user to up to 1024 groups, samba
now works with up to 35 (previously with up to 16). Where to look next?
What could cause such strange limitation?


+++ lib/system.c 2010-07-23 15:18:46.314156915 +0300
@@ -1028,10 +1028,12 @@
int groups_max(void)
{
#if defined(SYSCONF_SC_NGROUPS_MAX)
int ret = sysconf(_SC_NGROUPS_MAX);
+ DEBUG(0,("_SC_NGROUPS_MAX is '%u'\n",ret));
return (ret == -1) ? NGROUPS_MAX : ret;
#else
+ DEBUG(0,("NGROUPS_MAX is '%u'\n",NGROUPS_MAX));
return NGROUPS_MAX;
#endif
}



MMM

by the way, did you know, that mouse initially was invented
just for simplifying text selection in xterm?


On 07/23/10 02:25 PM, Marcis Lielturks wrote:
> I recompiled samba with modified /usr/include/limits.h, but it didn't
> help. User cannot connect to share if he is member of more than 35
> groups although share has permissions for one of users group. User can
> access share only if there is permissions for user or users primary
> group.
>
> I think "smbd -b" output says that sysconfig values for NGROUPS_MAX
> was used
>
> # smbd -b | grep NGROUP
> SYSCONF_SC_NGROUPS_MAX
>
> But my test program in C suggests, that _SC_NGROUPS_MAX limit is 1024
>
> $ cat sysconf.c ; ./sysconf
> #include <unistd.h>
> #include <stdio.h>
>
> int main()
> {
> long ret;
> ret=sysconf(_SC_NGROUPS_MAX);
> printf("_SC_NGROUPS_MAX is '%d'\n",ret);
> }
> _SC_NGROUPS_MAX is '1024'
>
>
> If user is member of more than 35 groups, logs say
>
> smbd/service.c:163(set_conn_connectpath)
> set_conn_connectpath: service SAMBA, connectpath = /SAMBA
> - smbd/service.c:1031(make_connection_snum)
> - '/SAMBA' does not exist or permission denied when connecting to
> Error was Permission denied
>
> If use is member of 35 groups or less, then they say
> smbd/service.c:163(set_conn_connectpath)
> set_conn_connectpath: service SAMBA, connectpath = /SAMBA
> + modules/vfs_default.c:152(vfswrap_fs_capabilities)
> + vfswrap_fs_capabilities: timestamp resolution of sec available on
> share SAMBA, directory /SAMBA
> + smbd/service.c:1070(make_connection_snum)
> + w2k3r2target (192.168.0.120) connect to service SAMBA initially as
> user PROSERVE+proact (uid=12459, gid=10513) (pid
> 18905)
>
> Attached 2 compressed logs for machine user was connecting from - on
> when user can connect and another when he cannot.
>
> MMM
>
> by the way, did you know, that mouse initially was invented
> just for simplifying text selection in xterm?
>
>
> On 07/23/10 12:57 PM, Marcis Lielturks wrote:
>> Hi!
>>
>> I still have problems, now user can't access share if he's member of
>> more than 35 groups! I think I forgot to do one thing - modify
>> /usr/include/limits.h to reflect new NGROUPS_MAX value in kernel.
>>
>> Can I check what NGROUPS_MAX value was used when compiling binaries?
>> Will /usr/include/limits.h modifications be enough?
>>
>> MMM
>>
>> by the way, did you know, that mouse initially was invented
>> just for simplifying text selection in xterm?
>>
>>
>> On 07/23/10 10:49 AM, Marcis Lielturks wrote:
>>> Hi!
>>>
>>> Thanks, yes I was using "-i". Now everything seems to work OK. My
>>> main reason, why I compiled samba - 16 group limitation, is solved too!
>>>
>>> Hopefully I'll later gather up few lines of instructions on how to
>>> get 3.5.4 compiling on OpenSolaris (snv_134).
>>>
>>> Thanks everybody for help!
>>>
>>> MMM
>>>
>>> by the way, did you know, that mouse initially was invented
>>> just for simplifying text selection in xterm?
>>>
>>>
>>> On 07/22/10 10:27 PM, Volker Lendecke wrote:
>>>> On Thu, Jul 22, 2010 at 09:51:40PM +0300, Mārcis Lielturks wrote:
>>>>> Here's 6 files in compressed tar archive.
>>>> That looks all perfectly fine. The client just disconnects
>>>> again after it has done some querying.
>>>>
>>>> How are you starting smbd? It a bit looks like you're
>>>> starting it with -i, which for normal server operations is
>>>> unfortunately wrong. You should start it with -D and let it
>>>> become a daemon.
>>>>
>>>> Volker
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba