[Samba] samba + ads / user and group update-probem

Anian Wurzenberger a.wurzenberger at transact-gmbh.de
Mon Aug 18 12:13:10 GMT 2008 

Hello subscribers,
we have a problem with keeping our group memberships up to date. If we e.g. remove a group membership from a user, we don´t see any change when trying "wbinfo -r j.doe" or "groups j.doe". Even after hours there ist no update. We also tried restarting smb, nmb, winbindd.

Anyone has an idea?


Some additional info:


|samba/winbind-version: 3.2.0-17.fc9


|Here our smb.conf
|
|[global]
|winbind cache time = 1m
|workgroup = xy-gmbh
|netbios name = smbtestfc9
|realm = TRANSACT-GMBH.DE
|idmap uid = 10000-15000
|idmap gid = 10000-15000
|winbind separator = /
|winbind use default domain = Yes
|security = ADS
|encrypt passwords = yes
|#Optional. Use only if Samba cannot determine the Kerberos server automatically.
|#password server = 192.168.2.50
|client use spnego = yes
|log level = 3
|winbind enum users = yes
|winbind enum groups = yes
|
|[test]
|        comment = test
|        path = /tmp
|        browseable = yes
|        read only = no
|        guest ok = no
|        valid users = XY-GMBH/a.someone, XY-GMBH/j.someoneelse, XY-GMBH/m.anotherguy
|        create mask = 0770
|        directory mask = 0770



|and our krb5.conf
|
|[logging]
| default = FILE:/var/log/krb5libs.log
| kdc = FILE:/var/log/krb5kdc.log
| admin_server = FILE:/var/log/kadmind.log
|
|[libdefaults]
| default_realm = XY-GMBH.DE
| dns_lookup_realm = false
| dns_lookup_kdc = false
| ticket_lifetime = 24h
| forwardable = yes
|
|[realms]
| XY-GMBH.DE = {
|  kdc = 192.168.1.11:88
|  default_domain = xy-gmbh.de
| }
|
|[domain_realm]
| .transact-gmbh.de = XY-GMBH.DE
| transact-gmbh.de = XY-GMBH.DE
|
|[appdefaults]
| pam = {
|   debug = false
|   ticket_lifetime = 36000
|   renew_lifetime = 36000
|   forwardable = true
|   krb4_convert = false
| }


|# wbinfo -p
|Ping to winbindd succeeded


|# net ads testjoin
|Join is OK


|# klist
|Ticket cache: FILE:/tmp/krb5cc_0
|Default principal: Administrator at XYZ-GMBH.DE
|
|Valid starting     Expires            Service principal
|08/14/08 15:37:03  08/15/08 01:37:05  krbtgt/XYZ-GMBH.DE at TRANSACT-GMBH.DE
|        renew until 08/15/08 15:37:03
|
|
|Kerberos 4 ticket cache: /tmp/tkt0
|klist: You have no tickets cached

More information about the samba mailing list