Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-1732: groups command isn't returning all the groups the user belongs to

Centrify DirectAudit ,   Centrify DirectControl ,   Centrify Identity Service, Mac Edition ,  

12 April,16 at 11:02 AM

Applies to:  All versions of DirectControl on Solaris

Question:
Why isn't the groups command returning all the groups that the user belongs to?


In the example below the getent command shows that the user tvo belongs to group testgrp but the groups command doesn't shows this:


# getent group testgrp
testgrp::10005:tvo

# groups tvo
database test12 test15 test17 test13 test14 test11 test18 test19 sys adm localgrp


Answer:
Please check the maxgroups setting in the kernel configuration. By default, Solaris only supports a user being a member of 16 groups. This number can be increased to 32, but this may break other applications, in particular NFS. Please see the following blog for an explaination:

http://nfsworld.blogspot.com/2005/03/whats-deal-on-16-group-id-limitation.html

DirectControl 4.x does provide a utility to help manage this problem. Please see the man page for adsetgroups which will allow a user to chose which 16 groups they wish to be a member of at any given time.


Centrify Corporation does not take any responsibility for the content or availability of this link and it was provided as a courtesy.  Customers should contact the vendor if there are any further questions

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.