Kerberos authentication from vista to samba fails when security blob size is greater than 16 kB

Solution Unverified - Updated -

Issue

  • Samba 3.5.4 fails to verify Kerberos authentication of a SMB Session Setup from Vista or Server 2008 CIFS clients, if the Kerberos ticket size is greater
    then 16KB. This may happen, if the connecting account is member of lots of security groups (> 500) and the windows domain is configured to create tickets > 12Kb

  • Do not see all groups for users when using winbind for authentication

    • Using winbind for authentication and samba to share directories, there are users that are members of over 130 groups it appears that not all group memberships are being honored. For Instance: I am a member of 137 group on group is called uit if I add this group to the sudoers or as a valid user in samba then I can not access the samba share or perform any sudo commands. This version has NGROUPS_MAX 65536

Environment

  • samba3x-3.5.4-0.70.el5_6.1
  • Red Hat Enterprise Linux 5

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.