[Samba] WINBIND on a VERY LARGE FOREST

tita.boba at libero.it tita.boba at libero.it
Fri Jul 28 17:09:42 GMT 2006 

Sorry, but i do not installed ncsd i already know the problem about enumerating users and group ... thanks anyway!

> Disable your nscd daemon and see if that helps.
> 
> On 7/28/06, tita.boba at libero.it <tita.boba at libero.it> wrote:
> >
> > Hi all!
> > I'm trying to setup a linux samba server as a domain member of a SINGLE
> > FOREST MULTI DOMAINS.
> > The forest is a 2 servers acting as a global catalog.
> > Other domains are child domain with implicit trust with forest. I setup a
> > linux server with samba as a domain member to work with squid,
> > authenticating users and verify user's groups membership. I need to allow
> > access to squid only to some users on different group.
> > So i setup samba with winbind, ads and kerberos support.
> > Configuing /etc/krb5.conf correctly to permit samba to join and query the
> > gc with net ads join. Configured samba and winbind correclty, all ok.
> > Now i need to use wbinfo_group.pl to verify user's groups.
> > But before that i tested the configuration with wbinfo -r DOMAIN\\user. If
> > i search a user on GC domain, the domain samba joined directly, i can see
> > all group belonging to a user correclty. If i add and remove users form AD,
> > i need to wait 5 second (i setup winbind cache = 5 second) to see the change
> > witn wbinfo -r.
> > Now the problem. If i search group to a children domain, winbind show me
> > correclty. If i add or remove a group, winbind show does not show me the
> > change for many hours!
> > I tried to restart samba and winbind, but nothing.
> > I disjoined and rejoined but nothing. Tracing the connections, i see that
> > winbind contact global catalog and domain for whom the query is, but i think
> > there is a strange cache tha does not permit me to see the changes with
> > winbind. I tried many configuration, i tried to disable GC on windows
> > forest, i tried to join a single domain, i tried to do an explicit trust two
> > way, but nothing!!! Please, someone can give me help about identifying the
> > problem and resolve this? It's important to understand that i have no
> > problem authenticating users everywhere the are, the problem was only this
> > strange cache that GC give to WINBIND. No universal group cache are enabled
> > on forest! Many thanks to all!
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/listinfo/samba
> >
>

More information about the samba mailing list