Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >

KB-1732: groups command isn't returning all the groups the user belongs to

Auditing and Monitoring Service ,   Authentication Service ,   Mac & PC Management Service ,  

12 April,16 at 11:02 AM

Applies to:  All versions of DirectControl on Solaris

Why isn't the groups command returning all the groups that the user belongs to?

In the example below the getent command shows that the user tvo belongs to group testgrp but the groups command doesn't shows this:

# getent group testgrp

# groups tvo
database test12 test15 test17 test13 test14 test11 test18 test19 sys adm localgrp

Please check the maxgroups setting in the kernel configuration. By default, Solaris only supports a user being a member of 16 groups. This number can be increased to 32, but this may break other applications, in particular NFS. Please see the following blog for an explaination:

DirectControl 4.x does provide a utility to help manage this problem. Please see the man page for adsetgroups which will allow a user to chose which 16 groups they wish to be a member of at any given time.

Centrify Corporation does not take any responsibility for the content or availability of this link and it was provided as a courtesy.  Customers should contact the vendor if there are any further questions