[Samba] Winbind 3.5.2 caching issues under SLES11???

Fri Apr 23 08:40:46 MDT 2010

Hi,

I don't know if this is a problem of SLES11 or winbind itself. I
recently installed the lastest samba winbind 3..5.2 on a SLES9 box and a
SLES11 box.

If I remove a user from a group in Active Directory the change is
visible immediately on the SLES9 box but not on the SLES11 box. Both are
running exactly the same version of winbind:

gedaiv64:~ # cat /etc/SuSE-release
SUSE Linux Enterprise Server 11 (x86_64)
VERSION = 11
PATCHLEVEL = 0
gedaiv64:~ # smbd -V
Version 3.5.2

gedaiv67:~ # cat /etc/SuSE-release
SUSE LINUX Enterprise Server 9 (i586)
VERSION = 9
PATCHLEVEL = 4
gedaiv67:~ # smbd -V
Version 3.5.2

Smb.conf is identical:

[global]
        netbios name = gedaiv67
        realm = SOMEDOMAIN.NET
        workgroup = SOMEDOMAIN
        security = ADS
        encrypt passwords = yes
        idmap backend = ad
        idmap config VEGA : backend = ad
        idmap config VEGA : schema_mode = sfu
        idmap config VEGA : range = 0-99999999
        winbind nss info = sfu
        winbind enum users = yes
        winbind enum groups = yes
        winbind offline logon = yes
        preferred master = no
        winbind nested groups = Yes
        winbind use default domain = Yes
        max log size = 50
        log file = /var/log/samba/log.%m
        log level = 3
        dns proxy = no
        wins server = 172.20.200.18 172.18.200.20
        allow trusted domains = No
        client use spnego = Yes
        kerberos method = secrets and keytab
        dedicated keytab file = /etc/krb5.keytab
        winbind refresh tickets = true
        idmap cache time = 300

Even after 10 minutes and more the change doesn't become effective on
the SLES11 box. NSCD is of course turned off on both machines.

Regards,

Oliver