as previously reported to samba-technical but not yet acted upon, seemingly: before patch (attached): [2004/01/23 11:18:18, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 40535 Primary group is 118 and contains 4 supplementary groups Group[ 0]: 118 Group[ 1]: 118 Group[ 2]: 18 Group[ 3]: 70 after: [2004/02/11 17:55:57, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 40535 Primary group is 118 and contains 3 supplementary groups Group[ 0]: 118 Group[ 1]: 18 Group[ 2]: 70 which is more than a cosmetic problem, if you're in 16 groups, 'cause then calls to setgroups() fail in set_sec_ctx(), pop_sec_ctx() etc. (and those functions don't report the error, leaving you scratching your head when permissions problems bite)
Created attachment 403 [details] patch to sys_getgrouplist_internals
*** Bug 945 has been marked as a duplicate of this bug. ***
Restating my inquiry in comment #3, bug #945 : would implementing an LDAP backend circumvent the OS magic number group membership limitation (16 on Solaris, 32 on RHEL) ? Thanks in advance for any hint whatsoever.
nope. those are OS limitations that you will have to tweak. They are outside the scope of Samba. I am planning on applying the "remove duplicate groups" patch however if that will help you.
*** Bug 1229 has been marked as a duplicate of this bug. ***
I have a variation that will remove all duplicate groups. Checking it in for 3.0.3rc1.
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.
database cleanup