[Samba] Samba ads not refreshing domain controller group modifications

tita.boba at libero.it tita.boba at libero.it
Mon Jul 31 06:25:16 GMT 2006

> Helo  


> My problem can be described in the following way. 
> -         getent group and getent passwd work well , when I add or delete 
> a user from one group the modification is displayed with getent 
> -         I chown user:group over a file in samba the user from that group 
> can access it 
> -         BUT when I delete the user from the group in my DC ,he/she can 
> still acces the share even after 24hours until I restart samba and winbind
> -         after restart he/she is denied according to group to access the 
> share 
> Can anyone give me a tip ?
> Thanks in advance for any answer

I think it's winbind cache problem.
Try to set 
winbind cache time = 10
on your global conf and restart.
winbind cache reply from ad server for only 10 seconds.
If your ad is a forest with multidomain the situation is different, the gc cache reply from other domains and i don't know how to solve this. Is my problem.

Vuoi sapere cosa realmente succede a casa o ufficio quando non ci sei ? Ora puoi farlo ...e senza spendere un capitale!

More information about the samba mailing list