[Samba] Samba + LDAP: Changing user's group

Gaiseric Vandal gaiseric.vandal at gmail.com
Thu Nov 19 07:37:32 MST 2009

There are various TDB that cache info (maybe under /var/samba/locks)

If you run "testparm -v" there may be some timeout or cache variables you
could adjust.

Does it matter if you have mapped the unix group to a Windows group?  In my
environment we set up group mappings for the key groups (like Domain
Administrators) but we have a lot of unix groups that we don't explicitly
map to Windows groups.  

-----Original Message-----
From: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org]
On Behalf Of davefu
Sent: Thursday, November 19, 2009 7:29 AM
To: samba at lists.samba.org
Subject: [Samba] Samba + LDAP: Changing user's group

Hello fellas. I'm facing this problem today:

My Samba PDC is using LDAP as a backend, and its working really good. The
problem comes when I change the groups on one of the users. System shows the
change correctly by using 'getent group' and if I log as that user the
behavior correct when trying the new group permissions.

Samba, however, doesn't seem to get those changes immediately (it syncs
hours later, totally random amount of time). I've tried disabling NSCD but
no luck. I've read somewhere that restarting Samba service forces Samba to
refresh the users credentials, but thats not possible to do everytime a user
needs a change in his groups. I'm wondering if there is some way to refresh
Samba cached credentials.

Has anyone experienced this before?

P.D: Where is Samba caching the users information/credentials/password/etc

View this message in context:
Sent from the Samba - General mailing list archive at Nabble.com.

To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list