[Samba] smbldap-usermod timeout for Terminal Server
roland at roland-jarry.fr
roland at roland-jarry.fr
Mon Jul 15 06:56:34 MDT 2013
Hello,
Following to this old post (Tue Jul 6 02:22:22 MDT 2010), here is the
solution I found :
- stop nscd : /etc/init.d/nscd stop
- restart samb : /etc/init.d/samba restart
- start nscd : /etc/init.d/nscd start
...in this order !
Roland.
> Hello,
> When I modify a user account adding him to a customized group, there
> is a delay which can be up to 2 hours to take effect.
> - the user account is already created with smbldap-useradd.
> - the user account is modified later (with smbldap-usermod), adding
> him to a group which has the right "allow log on through terminal
> services properties" on the local security policy
> The samba server act as a PDC.
> I've tried a lot of things to bypass the delay :
> - restart of samba
> - restart of openldap
> - gpupdate /force on windows server
> - modify the delay in GPO : group policy refresh interval for users
> and for computers
> - purge of samba cache in /var/cache/samba
> - purge of nscd cache in /var/cache nscd
> If I give the right directly to the user on windows server, it take
> effect immediatly and I can log on Terminal Server.
> The error message I have when the policy hasn't take yet effect is
> "to log on this remote computer, you must be granted the allow log on
> through terminal services right. By default, members of the Remote
> Desktop Users group have this right. If you are not a member of remote
> desktop users group ot another group that has this right, or if the
> remote desktop user group does not have this right, you must be granted
> this right manually".
> It seem that there is a cache for groups.
> What service can be responsible of this delay ? Terminal server, GPO,
> samba, ldap, some cache,... ?
> Thank you for your help or advice
> ---
> Roland JARRY
More information about the samba
mailing list