[Samba] AD Group update lag / cache, firewall related?

Rowland Penny rpenny at samba.org
Fri Aug 25 14:08:05 UTC 2017


On Fri, 25 Aug 2017 13:54:21 +0000
"A. James Lewis" <james at fsck.co.uk> wrote:

> It's not offline.... and groups do usually filter through...
> sometimes immediately, sometimes never... but usually with a
> significant delay... 
> 
> I originally put this down to the ancient version of Samba or Winbind
> that was shipped with the OS, but it seems I was wrong... 
> 
> Winbind can see the group, and even the group membership... and the
> group is passed on to the OS, but not the group membership.
> 
> eg:-
> 
> wbinfo -g user | grep group  <-- successful
> 
> getent group group  <-- successful
> 
> however
> 
> groups user | grep group <-- fails
> 
> I was wondering if there's a limit on the number of groups, since the
> new machine using "groups", shows that the user has 128 groups, while
> a machine that's been around for a while shows 156 groups... and
> another machine that's local to the AD controller shows 174 groups.
> 

Hmm, try reading this:

https://wiki.samba.org/index.php/Samba_4.6_Features_added/changed

Under 'Samba 4.6.0' --> winbind changes

Does 'groups user' show any groups ?

Rowland



More information about the samba mailing list