[Samba] Group membership updates
Luis Marqueta
luis at marqueta.org
Thu Feb 16 02:38:05 MST 2012
Hi, list.
I'm running samba-3.5.4 + winbind on a RHEL 5 server. I'm trying to
allow ssh logins to users in a particular Active Directory group in the
TESTDOMAIN domain.
My problem is that group membership seems to be updated when the user
logs in. So, if a remove a user from the allowed group, the first login
attempt is successful.
This is my samba/winbind configuration:
[global]
workgroup = TESTDOMAIN
password server = server1.testdomain server2.testdomain
realm = test.domain
encrypt passwords = yes
netbios name = TESTSERVER
security = ads
; idmap uid = 10000 - 20000
; idmap gid = 10000 - 20000
idmap backend = tdb
idmap uid = 1000000-1999999
idmap gid = 1000000-1999999
idmap config TESTDOMAIN : backend = rid
idmap config TESTDOMAIN : range = 10000 - 49999
idmap config TRUSTED : backend = rid
idmap config TRUSTED : range = 50000 - 99999
idmap config TRUSTED : base_rid = 1000
winbind separator = +
template homedir = /home/%D/%U
template shell = /bin/bash
winbind use default domain = false
winbind offline logon = false
auth methods = winbind
log level = 3
allow trusted domains = no
winbind enum users = yes
winbind enum groups = yes
idmap cache time = 30
winbind cache time = 10
nscd is not running, just in case it matters.
Any hint?
--
Luis Marqueta <luis at marqueta.org>
More information about the samba
mailing list