Applies to: All versions of Centrify DirectControl
When mounting an NFS v3 file system (e.g. on a Samba share) to a Centrified system with an AD user who is a member of more than 16 groups, it is observed that the user can sometimes get access to the mounted system, but not all the time. The behavior is inconsistent.
Is there any reason for this?
It is a NFS v3 client's limitation to send random 16 groups to NFS server for verification.
For users who belong to more than 16 groups, the NFS v3 client will randomly pick 16 groups to get shared file system access - this is why it sometimes works; but not all the time.
This is an OS-related issue and not a Centrify-issue. However here are a few possible workarounds:
- Reduce the number of user groups to which the user can belong to.
Note: Centrify provides an adsetgroup command to adjust the group membership and it is session-based.
- Switch to NFS v4 which does not have a limitation in user groups.
- Use CIFS export instead of NFS.
Links discussing the classic NFS 16-group limitation: (External links are provided as a courtesy)
Keywords: nfsv3 16-group limitation adsetgroup