Bug 279 - if >32 groups is returned in the net_user_info3 struct, the nt_user_token and unix_token can differ
if >32 groups is returned in the net_user_info3 struct, the nt_user_token and...
Status: RESOLVED WONTFIX
Product: Samba 3.0
Classification: Unclassified
Component: winbind
3.0.0preX
Other other
: P2 enhancement
: none
Assigned To: Gerald (Jerry) Carter
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2003-08-07 21:45 UTC by Gerald (Jerry) Carter
Modified: 2005-02-07 08:41 UTC (History)
2 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Gerald (Jerry) Carter 2003-08-07 21:45:59 UTC
smbd calls initgroups() to set the unix group members 
of the existing process and then getgroups() to get the 
list back.  This is truncated to the OS limit (NGROUPS_MAX).  
So the NT_USER_TOKEN (built by the net_sam_logon reply) can 
have more groups than those listed in unix_user token.

2.2. solved this by calling add_supplementary_nt_login_groups()
in register_vuid()
Comment 1 Gerald (Jerry) Carter 2003-08-07 21:46:48 UTC
See also bug 267
Comment 2 Gerald (Jerry) Carter 2004-03-01 09:29:48 UTC
this is an OS limitation and not much we can do about it.  Closing it.
Comment 3 Gerald (Jerry) Carter 2005-02-07 08:41:26 UTC
originally reported against 3.0.0beta3.  CLeaning out 
non-production release versions.