[Samba] Manually authenticate single user?

[kris monstad]

Hi there,

Firt off, Im new to the word of samba and windbind (and AD for that 
matter)  so I apologise if my problem has had attention before.

Ill try to articulate whats happening as best I can. I beleive my issue 
is with winbind in particular. If Ive neglected anything that would be 
helpful in finding a solution please let me know.

Ive several linux machines using samba and winbind to share on an Active 
Directory domain. Recently I was asked to create two distinct new user 
groups specifically for two upcoming projects. Until these projects 
become active there are only two guys doing pre-production on them - one 
guy for each project. So I created the two security groups in active 
directory and placed the two workers in each's relevant group.

Over to the linux machines:

"getent group" shows the two new groups and their (lone) members.

However I tried to set group permissions on a directory and they only 
work for one of the groups (group1, user1, say) . [I should note here 
that directly applying permissions for each user works fine]

When I do "wbinfo -r user2" I see the groups user2 is a member of - 
EXCLUDING the new group I created with him in. "wbinfo -r user1" shows 
his new group fine. Also, doing "groups user1" works fine. "groups 
user2",  again,  excludes the new group I created.

When I do "wbinfo -a user2%user2passwd" on a machine it authenticates 
user2 and seems to update. Now "wbinfo -r" and "groups" show the new 
groups and the permissions work fine. And it seems that in the case of 
user2, I have to do this manually after every change I make, whereas 
user1 works fine.


These two accounts in active directory are identical - apart from the 
two new groups. I cannot see where one user account trips up whereas the 
other is OK.

Can anyone suggest what might be the culprit here? While the "wbinfo -a" 
route works, Id rather know more!

Thanks you for any help,
Kris Monstad