[Samba] Adding user to group doesn't propagate?

Harald Hannelius harald+samba at arcada.fi
Mon Oct 16 12:21:41 UTC 2023 

On Wed, 7 Apr 2021, Harald Hannelius via samba wrote:

>
> On Thu, 24 Sep 2020, Rowland penny via samba wrote:
>
>> On 24/09/2020 12:30, L.P.H. van Belle via samba wrote:
>>> This test also needs the info on.. which backend? ..
>> I was using the 'ad' backend, but I think this doesn't make any difference
>>> 
>>> And, did you login/logout again after adding the user.
>> No, I didn't, but the only way I could get the user to show up as a member 
>> of the group was to run 'wbinfo -a username' which amounts to 
>> re-authenticating.
>
> I have been struggling with this for months, and this one user didn't ever 
> get their group-membership updated on one member-server for some reason.
>
> If I added this user to a group in AD, the user did show up in the group on 
> another member-server, verified by checking with 'id username'.
>
> The user must have re-authenticated since September 2020.
>
> I now set the password for the user to a password I know, used 'wbinfo -a 
> username' on the problematic member-server and the user membership finally 
> got updated. The resynched the password-hash from LDAP back to the original 
> one.
>
> Something fishy is going on, but I don't know where to look. And since this 
> isn't a bug I can't do anything more than try to describe how to circumvent 
> this non-bug :)

I got bitten by this again. I added uses to a newly created group, but the 
member server never sees the new membership. This time I googled and found 
this thread from 2014 on the first hit;

https://samba.samba.narkive.com/eqkNlbnm/new-group-membership-not-taken-into-account-on-member-servers

Exactly the same problem. So I tried this;

   service winbind stop
   rm /var/cache/samba/netsamlogon_cache.tdb
   service winbind start

Suggested by Hans-Kristian Bakke. And low and behold, the user immediately 
got the new membership. All of the users actually.

member server;
# smbd -V
Version 4.13.13-Debian

domain controller;
# smbd -V
Version 4.17.10-Debian



-- 

Harald Hannelius | harald.hannelius/a\arcada.fi | +358 50 594 1020

More information about the samba mailing list