[Samba] "id" and "id username" don't match up when using Winbind
groups
Gerald (Jerry) Carter
jerry at samba.org
Fri Jun 10 18:15:32 GMT 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Graeme Humphries wrote:
| On Fri, 2005-06-10 at 12:54 -0500, Gerald (Jerry) Carter wrote:
|>Try this as root: wbinfo -a 'domain\user%pw'
|>(filling in the approriate username and password.
|>Then su - 'domain\username' and run id.
|
| I'm using '+' as a delimiter, but in any case:
|
| # wbinfo -a 'DOMAIN+graemehu%password'
| plaintext password authentication succeeded
| challenge/response password authentication succeeded
| root at oberon:~ # su - 'DOMAIN+graemehu'
| graemehu at oberon:~$ id
| uid=10670(graemehu) gid=10047(maingroup)
| groups=10011(the_group_that_never_showed_up)
|
| Yay! And, connecting to the share controlled by that
| group, I can now get into it! HOORAY!
|
| So, my next question is, how do I force this to happen
| on a global level for all users, say, every 5 minutes. ;)
are you using security = domain or ads ? If the latter
then stop winbindd and remove $(lockdir)/netsamlogon_cache.tdb.
If the former, then the cache should be updated every time
the user's logs in.
In technical terms, the cache is a copy of the NET_USER_INFO_3
structure in the samlogin() reply (used for NTLM authenication).
You're not the first one to be bitten by this. It was more
useful in Samba 2.2.x installations. We'll definitely fix
this somehow before the next stable release.
cheers, jerry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCqdjEIR7qMdg1EfYRAn8kAKDvsoZmEZV42qdWc3jCgU/ybHlu7wCggr3p
K99hFwGihwhxau6SzEoBJo8=
=RnX8
-----END PGP SIGNATURE-----
More information about the samba
mailing list