Hi,
Post by Sébastien Le RayWhere can I send you beer?
Is this some "known issue"? I'll try to see on #samba-technical if
some samba dev is interested in it. It seems that the
netsamlogon_cache gets in some state where it is not updated
anymore. But maybe I'm missing something on my side.
Is sssd more reliable since it relies on LDAP only and not AD internals?
Regards
Post by Hans-Kristian BakkeWhen I get issues like that (membership correctly displayed with
getent group, but not in groups <user>), I usually have to delete the
netsamlogon_cache.tdb (I could just delete the user in question to
force refresh to avoid restarting winbind, but that is more of an
hassle)
service winbind stop
rm /var/cache/samba/netsamlogon_cache.tdb
service winbind start
It doesn't really help to login again to refresh the users group
membership. It seems to be stuck, even for days, until I do this.
This is basically the hint that Volker gave a few mails above:
The login should refresh the cache entry in the netsamlogon-cache.tdb.
If it does not do so, this is a bug, and we need
to fix it.
In order to futher analyze, we need to have:
- smb.conf
- nsswitch.conf
- description of the domain setup
single domain? number of dcs? are there trusts?
- does the problem only occur with users from trusted domain
or also from primary?
- is this readily reproducible, e.g. by changing
group membership in the domain and then logging in
again to the samba server.
- we need a level10 log of samba (all log files) of
the login process that fails to update netsamlogon-cache.tdb.
I guess the best thing would be to add a bug report
for this to collect the relevant data.
Cheers - Michael
Post by Sébastien Le Ray--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20141009/f4590758/attachment.pgp>