[Samba] User's groups issue

Ephi Dror Ephi.Dror at datadomain.com
Tue Aug 26 18:35:37 GMT 2008

Hello again,

I looked at the code and found out that really the only way to have accurate group membership info is if one of the following functions are called:

In winbindd_pam.c:

1. winbindd_dual_pam_auth()
2. winbindd_dual_pam_auth_crap()

I would recommend to think about ways to call netsamlogon_clear_cached_user() in other places to allow none authentication pam functions such as "id" to work well.


-----Original Message-----
From: Ephi Dror
Sent: Tuesday, August 26, 2008 10:27 AM
To: 'Gerald (Jerry) Carter'
Cc: samba at lists.samba.org
Subject: RE: [Samba] User's groups issue

Hello Jerry,

Thank you for your quick reply.

Actually, for us, the user does not login but we need to know all the groups that a given user belongs to so we use "id username"

So my question is, if the user doesn't login again, how long we cache what we already know and how do I change this cache length if needed.

Thanks so much,

-----Original Message-----
From: Gerald (Jerry) Carter [mailto:jerry at samba.org]
Sent: Tuesday, August 26, 2008 10:16 AM
To: Ephi Dror
Cc: samba at lists.samba.org
Subject: Re: [Samba] User's groups issue

Hash: SHA1

Ephi Dror wrote:
> Hello,
> I'm using samba 3.0.31 and seems to have an issue
> with getting user's groups info.
> It works like a Swiss Watch when I start winbindd and
> do "id username" for a given user however, if I add that
> user to one more group on the domain and issue
> "id username" I don't get the up to date info.

User group information is cached at login.  Login the
user in again and you should see the new groups.
The specific cache file is netsamlogon_cache.tdb
(login token) and winbindd_cache.tdb (general L1 caching
in Winbindd).

cheers, jerry
- --
Samba                                    ------- http://www.samba.org
Likewise Software          ---------  http://www.likewisesoftware.com
"What man is a man who does not make the world better?"      --Balian
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


More information about the samba mailing list