[Samba] 10 minutes between primary group change and effect on Fedora 27
L.P.H. van Belle
belle at bazuin.nl
Tue Mar 27 15:10:35 UTC 2018
Start with this in smb.conf 0-10 are the values.
Put it in smb.conf (global)
log level = 3 winbind:5
A reboot did not remove my 10010 gid, so i'll go checking more tomorrow..
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: Jeff Sadowski [mailto:jeff.sadowski at gmail.com]
> Verzonden: dinsdag 27 maart 2018 17:06
> Aan: L.P.H. van Belle
> CC: samba at lists.samba.org
> Onderwerp: Re: [Samba] 10 minutes between primary group
> change and effect on Fedora 27
>
> On Tue, Mar 27, 2018 at 9:02 AM, L.P.H. van Belle via samba
> <samba at lists.samba.org> wrote:
> > Hai,
> >
> > Checked and confirmed also on Debian stretch with samba 4.7.6.
> >
> > Even restart winbind does not help.
> > A net cache flush, same did not work.
> >
> > A reboot, as test, did help here.
> >
> > I suggest increase the debug level and report bug?
> Where can I set the debug levels?
> Would that be in the smb.conf file?
> >
> >
> > Greetz,
> >
> > Louis
> >
> >
> >
> >> -----Oorspronkelijk bericht-----
> >> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Jeff
> >> Sadowski via samba
> >> Verzonden: dinsdag 27 maart 2018 16:46
> >> Aan: samba
> >> Onderwerp: [Samba] 10 minutes between primary group change
> >> and effect on Fedora 27
> >>
> >> My smb.conf looks like so.
> >>
> >> [global]
> >> security = ads
> >> realm = MIND.UNM.EDU
> >> workgroup = MIND
> >> idmap config * : backend = tdb
> >> idmap config * : range = 2000-7999
> >> idmap config MIND:backend = ad
> >> idmap config MIND:schema_mode = rfc2307
> >> idmap config MIND:range = 8000-9999999
> >> idmap config MIND:unix_nss_info = yes
> >> winbind use default domain = yes
> >> restrict anonymous = 2
> >>
> >> I have a user jefftest.
> >>
> >> I found that to set the primary group that user needs to be
> >> in that group.
> >>
> >> If I set the group of jefftest to a new group (both in the UNIX
> >> attributes tab and in the Member Of tab) using Active
> Directory Users
> >> and Computers.
> >> Then I test the user using ldapsearch against each domain
> controller
> >> and they all have the new values according to ldapsearch
> in gidNumber.
> >>
> >> Then I login with jefftest on my joined fedora 27 machine using
> >> winbind 4.7.6 as jefftest and run id.
> >> It still shows the old group.
> >> So I log out as jefftest and in as root and run
> >>
> >> net cache flush
> >>
> >> and try and login again as jefftest and it still shows the old gid
> >> number when running id.
> >> After about 10 minutes it seems to work but that is a bit of time.
> >>
> >> Is there a way to speed this up?
> >>
> >> I think my ldapsearch using the uri of each domain controller shows
> >> that each domain controller has the new value is that an incorrect
> >> assumption?
> >>
> >> I'm using the following ldapsearch arguments
> >>
> >> (to check dc1)
> >> ldapsearch -H ldap://dc1.mind.unm.edu.:389 -U jsadowski -Q -LLL \
> >> -b dc=mind,dc=unm,dc=edu -o ldif-wrap=no
> >> "(sAMAccountName=jefftest)" gidNumber
> >>
> >> (to check dc2)
> >> ldapsearch -H ldap://dc2.mind.unm.edu.:389 -U jsadowski -Q -LLL \
> >> -b dc=mind,dc=unm,dc=edu -o ldif-wrap=no
> >> "(sAMAccountName=jefftest)" gidNumber
> >>
> >> "net cache flush" doesn't seem to be working.
> >>
> >> --
> >> To unsubscribe from this list go to the following URL and read the
> >> instructions: https://lists.samba.org/mailman/options/samba
> >>
> >>
> >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
>
>
More information about the samba
mailing list