Regarding netsamlogon_cache_get.

Hemanth Thummala hemanth.thummala at
Thu Aug 25 03:25:39 UTC 2016

Hi All,

I see that the followed code has been ifdef’ed from day one in netsamlogon_cache_get().

#if 0 /* The netsamlogon cache needs to hang around.  Something about

     this feels wrong, but it is the only way we can get all of the

     groups.  The old universal groups cache didn't expire either.

     --jerry */


    time_t    now = time(NULL);

    uint32_t  time_diff;

    /* is the entry expired? */

    time_diff = now - t;

    if ( (time_diff < 0 ) || (time_diff > lp_winbind_cache_time()) ) {

      DEBUG(10,("netsamlogon_cache_get: cache entry expired \n"));

      tdb_delete( netsamlogon_tdb, key );

      TALLOC_FREE( user );




Comments suggest that it is intentional and currently we are overwriting this cache on every successful login irrespective of expiry status.

We are actually using “wbinfo" group membership queries. If there are any group membership changes without the user getting logged in, we always get the stale information until unless user logs in again.
In our use case, we can’t expect the users to be getting logged in after any membership changes.  I have enabled this code and tested. It works fine and solves our purpose.

This looks like a safe change. But I would like to know if there are any known issues if we enable this part. Please let me know.


More information about the samba-technical mailing list