[Samba] Delay of group membership modifications
Henry Jensen
hjensen at gmx.de
Wed Aug 5 11:55:42 MDT 2009
Hello,
On Wed, 05 Aug 2009 12:29:38 -0400
Adam Tauno Williams <awilliam at whitemice.org> wrote:
> Is the host running nscd? If so, stop the nscd service.
Yes, that was it. It seems that nscd was installed as a dependency
along with libnss-ldap.
# apt-cache show libnss-ldap |grep ^Recommends
Recommends: nscd, libpam-ldap
After stopping nscd and restart of samba changing of group memberships
are recognized immediately by samba now.
What I still find curious is, that getent(1) was aware of the modification
and samba not.
Since it is recommended to use nscd when using LDAP (for performance reasons),
instead of stopping or even deinstalling nscd one should better call nscd
with the --invalidate option (e. g. "nscd --invalidate group") after making
modifications in the LDAP tree.
I don't believe, that I am the only who stumbled upon this problem. Perhaps
this should be mentioned somewhere in the documentation/Samba HOWTO collection?
(You know this cases: your boss is calling you and tells you, that Mr. Miller
needs access to this folder right now.)
Regards,
Henry
More information about the samba
mailing list