[Samba] 10 minutes between primary group change and effect on Fedora 27
L.P.H. van Belle
belle at bazuin.nl
Tue Mar 27 15:05:48 UTC 2018
In addition.
I remove my test group.
Did run id username.
Resulted in some left overs:
uid=10002(username) gid=10000(domain users) groups=10000(domain users),10005(remote-webmail),10004(servers-ssh),10008(servers-www),10010
You see the 10010 that was my test group.
But more tomorrow, office is closing now.. And tomorrow is the new yesterday in too days.. :-)
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> L.P.H. van Belle via samba
> Verzonden: dinsdag 27 maart 2018 17:03
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] 10 minutes between primary group
> change and effect on Fedora 27
>
> Hai,
>
> Checked and confirmed also on Debian stretch with samba 4.7.6.
>
> Even restart winbind does not help.
> A net cache flush, same did not work.
>
> A reboot, as test, did help here.
>
> I suggest increase the debug level and report bug?
>
>
> Greetz,
>
> Louis
>
>
>
> > -----Oorspronkelijk bericht-----
> > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Jeff
> > Sadowski via samba
> > Verzonden: dinsdag 27 maart 2018 16:46
> > Aan: samba
> > Onderwerp: [Samba] 10 minutes between primary group change
> > and effect on Fedora 27
> >
> > My smb.conf looks like so.
> >
> > [global]
> > security = ads
> > realm = MIND.UNM.EDU
> > workgroup = MIND
> > idmap config * : backend = tdb
> > idmap config * : range = 2000-7999
> > idmap config MIND:backend = ad
> > idmap config MIND:schema_mode = rfc2307
> > idmap config MIND:range = 8000-9999999
> > idmap config MIND:unix_nss_info = yes
> > winbind use default domain = yes
> > restrict anonymous = 2
> >
> > I have a user jefftest.
> >
> > I found that to set the primary group that user needs to be
> > in that group.
> >
> > If I set the group of jefftest to a new group (both in the UNIX
> > attributes tab and in the Member Of tab) using Active
> Directory Users
> > and Computers.
> > Then I test the user using ldapsearch against each domain controller
> > and they all have the new values according to ldapsearch in
> gidNumber.
> >
> > Then I login with jefftest on my joined fedora 27 machine using
> > winbind 4.7.6 as jefftest and run id.
> > It still shows the old group.
> > So I log out as jefftest and in as root and run
> >
> > net cache flush
> >
> > and try and login again as jefftest and it still shows the old gid
> > number when running id.
> > After about 10 minutes it seems to work but that is a bit of time.
> >
> > Is there a way to speed this up?
> >
> > I think my ldapsearch using the uri of each domain controller shows
> > that each domain controller has the new value is that an incorrect
> > assumption?
> >
> > I'm using the following ldapsearch arguments
> >
> > (to check dc1)
> > ldapsearch -H ldap://dc1.mind.unm.edu.:389 -U jsadowski -Q -LLL \
> > -b dc=mind,dc=unm,dc=edu -o ldif-wrap=no
> > "(sAMAccountName=jefftest)" gidNumber
> >
> > (to check dc2)
> > ldapsearch -H ldap://dc2.mind.unm.edu.:389 -U jsadowski -Q -LLL \
> > -b dc=mind,dc=unm,dc=edu -o ldif-wrap=no
> > "(sAMAccountName=jefftest)" gidNumber
> >
> > "net cache flush" doesn't seem to be working.
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
> >
> >
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
More information about the samba
mailing list