[Samba] Samba corruption of ADS authentication details?

[Jason Haar]

Hi there

Our environment: Samba (via winbind) as ADS members of a Windows 
2K3-based forest.

We've had long-term issues with Samba "losing" access to particular 
users details for as long as I can remember. Every once and a while a 
user will report they cannot connect to a Samba share, and looking into 
it we'd discover the user is showing up in the logs as "no such user", 
whereas everyone else appears to be working fine. We set 
/etc/nsswitch.conf to use winbind and we'd find "id domain\username" 
reporting "no such user" for the affected individual - whereas (again) 
it'd work fine for any other account we tried.

Rejoining ADS doesn't help, restarting winbind doesn't help. The only 
thing that does, is to delete the entire cache directory (maybe only one 
file would do - but I don't know which one) and then rejoin ADS and 
restart. That always fixes it. This just happened today under 3.0.30 - 
so it's still a problem with the current release.

Is there a tool or something to manipulate/delete individual entries 
from "the cache" so that we don't have to go through this whole exercise 
every time?

Thanks

-- 
Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1