question about netsamlogon_cache_get
Herb Lewis
hlewis at panasas.com
Mon Apr 30 20:54:11 GMT 2007
we have the following code in this function ifdef'ed out. I don't know
if it is this or something else causing my problem. If you login as a
user that is a member of several groups and then have a file that is
accessable through only one of those groups, access is granted as
expected. If you now remove the user from that group and logout and
log back in, access is still granted because of the entry in
netsamlogon_cache.tdb. It seems that access will get denied about
20 minutes later so something else is refreshing the group membership
but I'm not sure what. Any ideas where we need to fix this?
#if 0 /* The netsamlogon cache needs to hang around. Something about
this feels wrong, but it is the only way we can get all of the
groups. The old universal groups cache didn't expire either.
--jerry */
{
time_t now = time(NULL);
uint32 time_diff;
/* is the entry expired? */
time_diff = now - t;
if ( (time_diff < 0 ) || (time_diff >
lp_winbind_cache_time()) ) {
DEBUG(10,("netsamlogon_cache_get: cache entry
expired \n"));
tdb_delete( netsamlogon_tdb, key );
SAFE_FREE( user );
}
#endif
More information about the samba-technical
mailing list