[Samba] Group memberships on Linux AD Member (syncing randomly)
Matthias Leopold
matthias.leopold at meduniwien.ac.at
Fri Jun 30 13:40:34 UTC 2023
Hi,
I'm running Samba Active Directory 4.16.9 with packages from Sernet.
Domain members are Linux servers (Ubuntu 20.04, RHEL 8) with Sernet
Samba 4.16.x.
I'm getting crazy with group memberships syncing from AD to Linux
members. It is completely random as when changes in AD group are visible
in Linux OS (or more precise: winbind), it might take minutes, hours or
days as when these changes will take place. I have tuned
winbind cache time
idmap cache time
idmap negative cache time
I tried to clear winbind cache as described here:
https://serverfault.com/questions/476086/samba-winbind-user-resolution
None of this helps, the only thing that works is "net cache samlogon
delete $USER", but I can't do this for every user on every server after
I change his group memberships. I'm using idmap_rid and problem is
visible directly with wbinfo (so no Linux name service cache involved).
Can someone explain what is happening or where I need to tune?
thank you
Matthias
More information about the samba
mailing list