[Samba] ldap group authentication refresh

Arthur Odekerken odekerken at gmail.com
Mon Mar 9 18:32:42 GMT 2009 

Hi,
I have succesfully setup a Samba server with OpenLDAP authentication.
I also managed to authenticate against groups in my LDAP tree, so far so
good.

The only problem is that whenever I add or remove an entry from the LDAP
group, samba doesn't see that immediately. When I restart the samba daemon,
it does pick up the change in the LDAP group.
Can anybody tell me how I can refresh the authentication, without restarting
the daemon?

I am using samba version 3.0.28-1.el5_2.1 on CentOS release 5.2 (Final) and
OpenLDAP version 2.3.27.

My samba config:
[global]
netbios name = SAMBA
server string = %h
workgroup = DOMAIN.TLD
security = user
encrypt passwords = true
ldap passwd sync = yes
passdb backend = ldapsam:ldap://ldap.domain.tld
ldap admin dn = cn=root,ou=hasselt.be,o=hasselt,c=be
ldap suffix = o=hasselt,c=be
ldap group suffix = ou=groups
ldap user suffix = ou=hasselt.be
enable privileges = yes
domain logons = yes
domain master = yes
local master = yes
preferred master = yes
os level = 65
socket options = TCP_NODELAY
case sensitive = no
default case = lower
preserve case = yes
short preserve case = yes
dns proxy = no
printcap name = /etc/printcap
log level = 2
log file = /var/log/samba/%m.log
max log size = 50
nt acl support = Yes
create mask = 0644
directory mask = 0755
level2 oplocks = True
...

My slapd.conf:
include         /etc/openldap/schema/core.schema
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/inetorgperson.schema
include         /etc/openldap/schema/nis.schema
include         /etc/openldap/schema/qmail.schema
include         /etc/openldap/schema/samba.schema

allow bind_v2
pidfile         /var/run/openldap/slapd.pid
argsfile        /var/run/openldap/slapd.args

TLSCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
TLSCertificateFile /etc/pki/tls/certs/slapd.pem
TLSCertificateKeyFile /etc/pki/tls/certs/slapd.pem

database        bdb
...
directory       /var/lib/ldap

index objectClass               eq
index uid                       eq
index cn                        eq,pres
index sn                        eq,pres,sub
index mail                      eq,pres
index mailAlternateAddress      eq,pres
index memberUid                 eq,pres
index displayName               eq,pres

lastmod on
...
sizelimit 2000
timelimit 2000


my DB_CONFIG:
set_cachesize 0 268435456 1
set_lg_regionmax 262144
set_lg_bsize 2097152



Thanks
Arthur

More information about the samba mailing list