[Samba] Winbind cache

[Samuel Partida]

Hi all, we are having some troubles with the integration of some Solaris 9 
Sparc servers on a Windows 2003 Server Active Directory domain.

When we made the tests on a Solaris 9 Intel server, everything run 
successfully. After that we run some group membership tests, just changing 
users from one to another group on the W2K3 Server.

We've seen on those tests that winbind was caching the group membership for 
some users (sometimes just for one user).

The tests we have done from a local user on Solaris 9 server:

1 Run 'groups aduser', the group membership for aduser is shown.
2 Change 'aduser' membership on the AD server.
3 Run 'groups aduser', the group membership for aduser is shown but is not 
reflecting the changes made.
4 Restart winbind setting cache time to zero.
5 Repeat steps 1,2,3 and now it reflects all changes made on AD server.

We have read the documentation and found two options:

· Setting the cache time:
winbind cache time = 0 (We don't know if zero is zero or it is unlimited time)

· Running winbindd:
winbindd -n (it is no caching mode)

We still don't know really if the problem is from Winbind but the tests seem 
that setting out the winbind cache, the group membership resolution is more 
effective.

The questions are, 
does someone know how the winbind cache works and how it could be effectively 
shut down to be sure it won't cache anything anymore?
 
should we set the cache time to zero, another value, run winbindd with -n, do 
both things (cache time = 0 & winbindd -n)?

is there another site/doc where we should rtfm for winbind?

did someone had similar troubles?

By the way, the nscd is not running on the Solaris 9 server.

Thanks!
-- 
---
Samuel Partida Amores
ISOTROL. Área de Seguridad.
samuel.partida at isotrol.com
Tfno. 955 036 836
---