12 April,16 at 11:02 AM
Applies to: Centrify-Enabled Samba Version 3.3.9-4.3.1 on Solaris 10
Problem:
Trying to access a samba share with an AD user that belongs to more than 16 AD groups will get the following error:
Receiving SMB: Server stopped responding
tree connect failed: Call returned zero bytes (EOF)
And log.smbd will throw the following message:
[2009/08/04 15:06:28, 0] lib/util.c:smb_panic(1673)
PANIC (pid 22067): sys_setgroups failed
Cause:
Solaris has a limit to the number of groups that can be passed into the setgroups(). In order to avoid truncating the group, Samba.org hard coded to check the number of groups that user belongs to and drop the connection if number of groups exceed the max value.
When a user logs on to a samba server, it fails to set the user's groups if groups exceeds 16(NGROUP_MAX) limit. Usually on Linux platforms, NGROUP_MAX in linux supports at most 65535 groups(32 groups before linux-2.6.4), it should be enough for most cases. However for Solaris, this has a much more possibility to cause a panic, Solaris only supports at most 16 groups.
Resolution:
Set "ignore syssetgroups error = yes" to ignore the number of groups checking.