Brooks Davis wrote: >On Mon, Apr 16, 2018 at 06:37:53PM +0800, Julian Elischer wrote: >> Windows users seem to have an almost unlimited number of groups and=20 >> soem places seem to use them a LOT. >> This gives Posix systems problems with deciding how to handle them=20 >> all. Especially when getting >> user credentials from winbindd (samba). >>=20 >> Does anyone know of any work done to either bypass this limit or to at=20 >> least expand it? > >I fixed this in 2009 for everything but NFS AUTH_SYS. NGROUPS_MAX is >1023. IIRC the usual hack employed in storage systems is to ignore the >groups provided by AUTH_SYS and get them from winbindd. I don't know of >a public implementation of that. If winbindd gets the information from LDAP, then you can get the same effect from "nfsuserd -manage-gids" for AUTH_SYS (or as Toomas Soome noted, the gssd does the same thing for Kerberized mounts). Both of these utilities use getgrouplist() on the NFS server to acquire the list of groups for the user. As such, anything configured for the library call, such as LDAP, will provide the list of groups. rickReceived on Mon Apr 16 2018 - 22:11:53 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:15 UTC