[Samba] winbind, nsswitch, AD and group membership caching?

kawazu428 at gmail.com kawazu428 at gmail.com
Fri Jun 1 09:53:55 UTC 2018


using samba+winbindd+pam+nsswitch to make several Linux servers
authenticate against an AD domain, I do have my setup mostly working

- AD users are able to ssh into the machine.
- wbinfo -g / -u does list all domain users.
- getent group / getent passwd does list Unix and AD users.

However, after changing some users group memberships in AD, I didn't
manage to propagate this change to the Linux servers; even after
waiting for several hours, "groups" for this user still doesn't "see"
the new group memberships. 

Already looked at my smb.conf and stumbled across "winbind cache time"
which is set to the default (and should have expired all relevant user
information long ago).

Can anyone point me where to look to get this right?
Thanks in advance and all best,

More information about the samba mailing list