question about netsamlogon_cache_get

Herb Lewis hlewis at
Mon Apr 30 20:54:11 GMT 2007

we have the following code in this function ifdef'ed out.  I don't know
if it is this or something else causing my problem. If you login as a
user that is a member of several groups and then have a file that is
accessable through only one of those groups, access is granted as
expected. If you now remove the user from that group and logout and
log back in, access is still granted because of the entry in
netsamlogon_cache.tdb. It seems that access will get denied about
20 minutes later so something else is refreshing the group membership
but I'm not sure what. Any ideas where we need to fix this?

#if 0   /* The netsamlogon cache needs to hang around.  Something about
            this feels wrong, but it is the only way we can get all of the
            groups.  The old universal groups cache didn't expire either.
            --jerry */
                 time_t          now = time(NULL);
                 uint32          time_diff;

                 /* is the entry expired? */
                 time_diff = now - t;

                 if ( (time_diff < 0 ) || (time_diff > 
lp_winbind_cache_time()) ) {
                         DEBUG(10,("netsamlogon_cache_get: cache entry 
expired \n"));
                         tdb_delete( netsamlogon_tdb, key );
                         SAFE_FREE( user );

More information about the samba-technical mailing list