The Samba-Bugzilla – Bug 4150
samba (ldap) don't allow login for users if he exists in many groups
Last modified: 2006-10-04 08:41:54 UTC
I create new user in domain "testing" with smbldap-tools. Successfuly.
Now I try to login to domain itvgroup.cxm from one of domain machine with user testing. Successfuly.
Now I add user testing to many groups. Now I try to login - and can't do it. :(
If I delete him from one or two groups - all start working fine.
I add user to other group (not used in first case) - error login again.
I think it does because search result too big or something like this
two logs in attachment:
debug.log - debug info of ldap accesses
g-marchenko.smb - log of samba client who tryes to login with test user (without success)
Created attachment 2172 [details]
debug 5 from win machine tryes to login with testing user
Created attachment 2173 [details]
LDAP searching log in this moment
How many groups do you have exactly where it stops working? And, you are aware that many Unixes (dunno about FreeBSD) have a hard limit of 16 or 32 groups per user?
And, to diagnose this we would need the debug level 10 log of the DC.
Ou! Thanks a lot!
It over 16een groups, and seem that it's hardcode of freebsd :(
But if I run id testing it returns users ok, with all of his groups.
Why? if it hardcode....
Now I try to make log on errlvl 10
debug level 10 does not help anymore, if the FreeBSD limit is 16 then your stuck.
Closing the bug as invalid, this is a system restriction, not a Samba one.