[Samba] AD Group update lag / cache, firewall related?
Rowland Penny
rpenny at samba.org
Fri Aug 25 14:08:05 UTC 2017
On Fri, 25 Aug 2017 13:54:21 +0000
"A. James Lewis" <james at fsck.co.uk> wrote:
> It's not offline.... and groups do usually filter through...
> sometimes immediately, sometimes never... but usually with a
> significant delay...
>
> I originally put this down to the ancient version of Samba or Winbind
> that was shipped with the OS, but it seems I was wrong...
>
> Winbind can see the group, and even the group membership... and the
> group is passed on to the OS, but not the group membership.
>
> eg:-
>
> wbinfo -g user | grep group <-- successful
>
> getent group group <-- successful
>
> however
>
> groups user | grep group <-- fails
>
> I was wondering if there's a limit on the number of groups, since the
> new machine using "groups", shows that the user has 128 groups, while
> a machine that's been around for a while shows 156 groups... and
> another machine that's local to the AD controller shows 174 groups.
>
Hmm, try reading this:
https://wiki.samba.org/index.php/Samba_4.6_Features_added/changed
Under 'Samba 4.6.0' --> winbind changes
Does 'groups user' show any groups ?
Rowland
More information about the samba
mailing list